lib/net: Use FingerprintData to represent fingerprints
This commit is contained in:
parent
50534ecb43
commit
7cced74119
|
@ -76,7 +76,7 @@ void SslCertificate::generateFingerprint(const std::string& cert_path)
|
||||||
|
|
||||||
auto local_path = DataDirectories::local_ssl_fingerprints_path();
|
auto local_path = DataDirectories::local_ssl_fingerprints_path();
|
||||||
barrier::FingerprintDatabase db;
|
barrier::FingerprintDatabase db;
|
||||||
db.add_trusted(barrier::FingerprintData{"sha1", fingerprint});
|
db.add_trusted(fingerprint);
|
||||||
db.write(local_path);
|
db.write(local_path);
|
||||||
|
|
||||||
emit info(tr("SSL fingerprint generated."));
|
emit info(tr("SSL fingerprint generated."));
|
||||||
|
|
|
@ -15,20 +15,20 @@
|
||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef BARRIER_LIB_NET_FINGERPRINT_TYPE_H
|
#include "base/String.h"
|
||||||
#define BARRIER_LIB_NET_FINGERPRINT_TYPE_H
|
#include "FingerprintDatabase.h"
|
||||||
|
#include "io/fstream.h"
|
||||||
#include <string>
|
#include <algorithm>
|
||||||
|
#include <fstream>
|
||||||
|
|
||||||
namespace barrier {
|
namespace barrier {
|
||||||
|
|
||||||
enum FingerprintType {
|
bool FingerprintData::operator==(const FingerprintData& other) const
|
||||||
INVALID,
|
{
|
||||||
SHA1, // deprecated
|
return algorithm == other.algorithm && data == other.data;
|
||||||
SHA256,
|
}
|
||||||
};
|
|
||||||
|
|
||||||
inline const char* fingerprint_type_to_string(FingerprintType type)
|
const char* fingerprint_type_to_string(FingerprintType type)
|
||||||
{
|
{
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case FingerprintType::INVALID: return "invalid";
|
case FingerprintType::INVALID: return "invalid";
|
||||||
|
@ -38,7 +38,7 @@ inline const char* fingerprint_type_to_string(FingerprintType type)
|
||||||
return "invalid";
|
return "invalid";
|
||||||
}
|
}
|
||||||
|
|
||||||
inline FingerprintType fingerprint_type_from_string(const std::string& type)
|
FingerprintType fingerprint_type_from_string(const std::string& type)
|
||||||
{
|
{
|
||||||
if (type == "sha1") {
|
if (type == "sha1") {
|
||||||
return FingerprintType::SHA1;
|
return FingerprintType::SHA1;
|
||||||
|
@ -50,5 +50,3 @@ inline FingerprintType fingerprint_type_from_string(const std::string& type)
|
||||||
}
|
}
|
||||||
|
|
||||||
} // namespace barrier
|
} // namespace barrier
|
||||||
|
|
||||||
#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
/*
|
||||||
|
barrier -- mouse and keyboard sharing utility
|
||||||
|
Copyright (C) Barrier contributors
|
||||||
|
|
||||||
|
This package is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public License
|
||||||
|
found in the file LICENSE that should have accompanied this file.
|
||||||
|
|
||||||
|
This package is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef BARRIER_LIB_NET_FINGERPRINT_DATA_H
|
||||||
|
#define BARRIER_LIB_NET_FINGERPRINT_DATA_H
|
||||||
|
|
||||||
|
#include <string>
|
||||||
|
#include <vector>
|
||||||
|
|
||||||
|
namespace barrier {
|
||||||
|
|
||||||
|
enum FingerprintType {
|
||||||
|
INVALID,
|
||||||
|
SHA1, // deprecated
|
||||||
|
SHA256,
|
||||||
|
};
|
||||||
|
|
||||||
|
struct FingerprintData {
|
||||||
|
std::string algorithm;
|
||||||
|
std::vector<std::uint8_t> data;
|
||||||
|
|
||||||
|
bool valid() const { return !algorithm.empty(); }
|
||||||
|
|
||||||
|
bool operator==(const FingerprintData& other) const;
|
||||||
|
};
|
||||||
|
|
||||||
|
const char* fingerprint_type_to_string(FingerprintType type);
|
||||||
|
FingerprintType fingerprint_type_from_string(const std::string& type);
|
||||||
|
|
||||||
|
} // namespace barrier
|
||||||
|
|
||||||
|
#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H
|
|
@ -23,11 +23,6 @@
|
||||||
|
|
||||||
namespace barrier {
|
namespace barrier {
|
||||||
|
|
||||||
bool FingerprintData::operator==(const FingerprintData& other) const
|
|
||||||
{
|
|
||||||
return algorithm == other.algorithm && data == other.data;
|
|
||||||
}
|
|
||||||
|
|
||||||
void FingerprintDatabase::read(const std::string& path)
|
void FingerprintDatabase::read(const std::string& path)
|
||||||
{
|
{
|
||||||
std::ifstream file;
|
std::ifstream file;
|
||||||
|
|
|
@ -18,22 +18,13 @@
|
||||||
#ifndef BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
|
#ifndef BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
|
||||||
#define BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
|
#define BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
|
||||||
|
|
||||||
#include "FingerprintType.h"
|
#include "FingerprintData.h"
|
||||||
#include <iosfwd>
|
#include <iosfwd>
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
namespace barrier {
|
namespace barrier {
|
||||||
|
|
||||||
struct FingerprintData {
|
|
||||||
std::string algorithm;
|
|
||||||
std::vector<std::uint8_t> data;
|
|
||||||
|
|
||||||
bool valid() const { return !algorithm.empty(); }
|
|
||||||
|
|
||||||
bool operator==(const FingerprintData& other) const;
|
|
||||||
};
|
|
||||||
|
|
||||||
class FingerprintDatabase {
|
class FingerprintDatabase {
|
||||||
public:
|
public:
|
||||||
void read(const std::string& path);
|
void read(const std::string& path);
|
||||||
|
|
|
@ -657,17 +657,17 @@ bool
|
||||||
SecureSocket::verifyCertFingerprint()
|
SecureSocket::verifyCertFingerprint()
|
||||||
{
|
{
|
||||||
// calculate received certificate fingerprint
|
// calculate received certificate fingerprint
|
||||||
std::vector<std::uint8_t> fingerprint_raw;
|
barrier::FingerprintData fingerprint;
|
||||||
try {
|
try {
|
||||||
fingerprint_raw = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
|
fingerprint = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
|
||||||
barrier::FingerprintType::SHA1);
|
barrier::FingerprintType::SHA1);
|
||||||
} catch (const std::exception& e) {
|
} catch (const std::exception& e) {
|
||||||
LOG((CLOG_ERR "%s", e.what()));
|
LOG((CLOG_ERR "%s", e.what()));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG((CLOG_NOTE "server fingerprint: %s",
|
LOG((CLOG_NOTE "server fingerprint: %s",
|
||||||
barrier::format_ssl_fingerprint(fingerprint_raw).c_str()));
|
barrier::format_ssl_fingerprint(fingerprint.data).c_str()));
|
||||||
|
|
||||||
auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path();
|
auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path();
|
||||||
|
|
||||||
|
@ -685,7 +685,6 @@ SecureSocket::verifyCertFingerprint()
|
||||||
fingerprint_db_path.c_str()));
|
fingerprint_db_path.c_str()));
|
||||||
}
|
}
|
||||||
|
|
||||||
barrier::FingerprintData fingerprint{"sha1", fingerprint_raw};
|
|
||||||
if (db.is_trusted(fingerprint)) {
|
if (db.is_trusted(fingerprint)) {
|
||||||
LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint"));
|
LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint"));
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include "FingerprintDatabase.h"
|
||||||
#include "SecureUtils.h"
|
#include "SecureUtils.h"
|
||||||
#include "base/String.h"
|
#include "base/String.h"
|
||||||
#include "base/finally.h"
|
#include "base/finally.h"
|
||||||
|
@ -59,7 +60,7 @@ std::string format_ssl_fingerprint(const std::vector<uint8_t>& fingerprint, bool
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type)
|
FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type)
|
||||||
{
|
{
|
||||||
if (!cert) {
|
if (!cert) {
|
||||||
throw std::runtime_error("certificate is null");
|
throw std::runtime_error("certificate is null");
|
||||||
|
@ -77,11 +78,10 @@ std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType t
|
||||||
std::vector<std::uint8_t> digest_vec;
|
std::vector<std::uint8_t> digest_vec;
|
||||||
digest_vec.assign(reinterpret_cast<std::uint8_t*>(digest),
|
digest_vec.assign(reinterpret_cast<std::uint8_t*>(digest),
|
||||||
reinterpret_cast<std::uint8_t*>(digest) + digest_length);
|
reinterpret_cast<std::uint8_t*>(digest) + digest_length);
|
||||||
return digest_vec;
|
return {fingerprint_type_to_string(type), digest_vec};
|
||||||
}
|
}
|
||||||
|
|
||||||
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
|
FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type)
|
||||||
FingerprintType type)
|
|
||||||
{
|
{
|
||||||
auto fp = fopen_utf8_path(path, "r");
|
auto fp = fopen_utf8_path(path, "r");
|
||||||
if (!fp) {
|
if (!fp) {
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
#ifndef BARRIER_LIB_NET_SECUREUTILS_H
|
#ifndef BARRIER_LIB_NET_SECUREUTILS_H
|
||||||
#define BARRIER_LIB_NET_SECUREUTILS_H
|
#define BARRIER_LIB_NET_SECUREUTILS_H
|
||||||
|
|
||||||
#include "FingerprintType.h"
|
#include "FingerprintData.h"
|
||||||
#include <openssl/ossl_typ.h>
|
#include <openssl/ossl_typ.h>
|
||||||
#include <cstdint>
|
#include <cstdint>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
@ -29,10 +29,9 @@ namespace barrier {
|
||||||
std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint,
|
std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint,
|
||||||
bool separator = true);
|
bool separator = true);
|
||||||
|
|
||||||
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
|
FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
|
||||||
|
|
||||||
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
|
FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type);
|
||||||
FingerprintType type);
|
|
||||||
|
|
||||||
void generate_pem_self_signed_cert(const std::string& path);
|
void generate_pem_self_signed_cert(const std::string& path);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue