gui: Regenerate certificate if it's invalid or the key is too small
This commit is contained in:
Povilas Kanapickas
parent
7210bfa615
commit
345bb4b62b
|
|
@ -22,7 +22,7 @@ add_executable (barrier WIN32
|
|||
|
||||
include_directories (./src)
|
||||
|
||||
target_link_libraries (barrier Qt5::Core Qt5::Widgets Qt5::Network)
|
||||
target_link_libraries (barrier Qt5::Core Qt5::Widgets Qt5::Network ${OPENSSL_LIBS})
|
||||
target_compile_definitions (barrier PRIVATE -DBARRIER_VERSION_STAGE="${BARRIER_VERSION_STAGE}")
|
||||
target_compile_definitions (barrier PRIVATE -DBARRIER_REVISION="${BARRIER_REVISION}")
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,12 @@
|
|||
#include <QDir>
|
||||
#include <QCoreApplication>
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
static const char kCertificateLifetime[] = "365";
|
||||
static const char kCertificateSubjectInfo[] = "/CN=Barrier";
|
||||
static const char kCertificateFilename[] = "Barrier.pem";
|
||||
|
|
@ -94,7 +100,7 @@ void SslCertificate::generateCertificate()
|
|||
auto filename = QString::fromStdString(getCertificatePath());
|
||||
|
||||
QFile file(filename);
|
||||
if (!file.exists()) {
|
||||
if (!file.exists() || !isCertificateValid(filename)) {
|
||||
QStringList arguments;
|
||||
|
||||
// self signed certificate
|
||||
|
|
@ -183,3 +189,58 @@ std::string SslCertificate::getCertificateDirectory()
|
|||
{
|
||||
return m_ProfileDir + QDir::separator().toLatin1() + kSslDir;
|
||||
}
|
||||
|
||||
bool SslCertificate::isCertificateValid(const QString& path)
|
||||
{
|
||||
OpenSSL_add_all_algorithms();
|
||||
ERR_load_BIO_strings();
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
BIO* bio = BIO_new(BIO_s_file());
|
||||
|
||||
auto ret = BIO_read_filename(bio, path.toStdString().c_str());
|
||||
if (!ret) {
|
||||
emit info(tr("Could not read from default certificate file."));
|
||||
BIO_free_all(bio);
|
||||
return false;
|
||||
}
|
||||
|
||||
X509* cert = PEM_read_bio_X509(bio, NULL, 0, NULL);
|
||||
if (!cert) {
|
||||
emit info(tr("Error loading default certificate file to memory."));
|
||||
BIO_free_all(bio);
|
||||
return false;
|
||||
}
|
||||
|
||||
EVP_PKEY* pubkey = X509_get_pubkey(cert);
|
||||
if (!pubkey) {
|
||||
emit info(tr("Default certificate key file does not contain valid public key"));
|
||||
X509_free(cert);
|
||||
BIO_free_all(bio);
|
||||
return false;
|
||||
}
|
||||
|
||||
auto type = EVP_PKEY_type(EVP_PKEY_id(pubkey));
|
||||
if (type != EVP_PKEY_RSA && type != EVP_PKEY_DSA) {
|
||||
emit info(tr("Public key in default certificate key file is not RSA or DSA"));
|
||||
EVP_PKEY_free(pubkey);
|
||||
X509_free(cert);
|
||||
BIO_free_all(bio);
|
||||
return false;
|
||||
}
|
||||
|
||||
auto bits = EVP_PKEY_bits(pubkey);
|
||||
if (bits < 2048) {
|
||||
// We could have small keys in old barrier installations
|
||||
emit info(tr("Public key in default certificate key file is too small."));
|
||||
EVP_PKEY_free(pubkey);
|
||||
X509_free(cert);
|
||||
BIO_free_all(bio);
|
||||
return false;
|
||||
}
|
||||
|
||||
EVP_PKEY_free(pubkey);
|
||||
X509_free(cert);
|
||||
BIO_free_all(bio);
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ private:
|
|||
std::string getCertificatePath();
|
||||
std::string getCertificateDirectory();
|
||||
|
||||
bool isCertificateValid(const QString& path);
|
||||
private:
|
||||
std::string m_ProfileDir;
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in New Issue