lib/net: Use FingerprintData to represent fingerprints

This commit is contained in:
Povilas Kanapickas 2021-11-01 02:52:47 +02:00
parent 50534ecb43
commit 7cced74119
8 changed files with 70 additions and 42 deletions

View File

@ -76,7 +76,7 @@ void SslCertificate::generateFingerprint(const std::string& cert_path)
auto local_path = DataDirectories::local_ssl_fingerprints_path(); auto local_path = DataDirectories::local_ssl_fingerprints_path();
barrier::FingerprintDatabase db; barrier::FingerprintDatabase db;
db.add_trusted(barrier::FingerprintData{"sha1", fingerprint}); db.add_trusted(fingerprint);
db.write(local_path); db.write(local_path);
emit info(tr("SSL fingerprint generated.")); emit info(tr("SSL fingerprint generated."));

View File

@ -15,20 +15,20 @@
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#ifndef BARRIER_LIB_NET_FINGERPRINT_TYPE_H #include "base/String.h"
#define BARRIER_LIB_NET_FINGERPRINT_TYPE_H #include "FingerprintDatabase.h"
#include "io/fstream.h"
#include <string> #include <algorithm>
#include <fstream>
namespace barrier { namespace barrier {
enum FingerprintType { bool FingerprintData::operator==(const FingerprintData& other) const
INVALID, {
SHA1, // deprecated return algorithm == other.algorithm && data == other.data;
SHA256, }
};
inline const char* fingerprint_type_to_string(FingerprintType type) const char* fingerprint_type_to_string(FingerprintType type)
{ {
switch (type) { switch (type) {
case FingerprintType::INVALID: return "invalid"; case FingerprintType::INVALID: return "invalid";
@ -38,7 +38,7 @@ inline const char* fingerprint_type_to_string(FingerprintType type)
return "invalid"; return "invalid";
} }
inline FingerprintType fingerprint_type_from_string(const std::string& type) FingerprintType fingerprint_type_from_string(const std::string& type)
{ {
if (type == "sha1") { if (type == "sha1") {
return FingerprintType::SHA1; return FingerprintType::SHA1;
@ -50,5 +50,3 @@ inline FingerprintType fingerprint_type_from_string(const std::string& type)
} }
} // namespace barrier } // namespace barrier
#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H

View File

@ -0,0 +1,46 @@
/*
barrier -- mouse and keyboard sharing utility
Copyright (C) Barrier contributors
This package is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
found in the file LICENSE that should have accompanied this file.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef BARRIER_LIB_NET_FINGERPRINT_DATA_H
#define BARRIER_LIB_NET_FINGERPRINT_DATA_H
#include <string>
#include <vector>
namespace barrier {
enum FingerprintType {
INVALID,
SHA1, // deprecated
SHA256,
};
struct FingerprintData {
std::string algorithm;
std::vector<std::uint8_t> data;
bool valid() const { return !algorithm.empty(); }
bool operator==(const FingerprintData& other) const;
};
const char* fingerprint_type_to_string(FingerprintType type);
FingerprintType fingerprint_type_from_string(const std::string& type);
} // namespace barrier
#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H

View File

@ -23,11 +23,6 @@
namespace barrier { namespace barrier {
bool FingerprintData::operator==(const FingerprintData& other) const
{
return algorithm == other.algorithm && data == other.data;
}
void FingerprintDatabase::read(const std::string& path) void FingerprintDatabase::read(const std::string& path)
{ {
std::ifstream file; std::ifstream file;

View File

@ -18,22 +18,13 @@
#ifndef BARRIER_LIB_NET_FINGERPRINT_DATABASE_H #ifndef BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
#define BARRIER_LIB_NET_FINGERPRINT_DATABASE_H #define BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
#include "FingerprintType.h" #include "FingerprintData.h"
#include <iosfwd> #include <iosfwd>
#include <string> #include <string>
#include <vector> #include <vector>
namespace barrier { namespace barrier {
struct FingerprintData {
std::string algorithm;
std::vector<std::uint8_t> data;
bool valid() const { return !algorithm.empty(); }
bool operator==(const FingerprintData& other) const;
};
class FingerprintDatabase { class FingerprintDatabase {
public: public:
void read(const std::string& path); void read(const std::string& path);

View File

@ -657,17 +657,17 @@ bool
SecureSocket::verifyCertFingerprint() SecureSocket::verifyCertFingerprint()
{ {
// calculate received certificate fingerprint // calculate received certificate fingerprint
std::vector<std::uint8_t> fingerprint_raw; barrier::FingerprintData fingerprint;
try { try {
fingerprint_raw = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl), fingerprint = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
barrier::FingerprintType::SHA1); barrier::FingerprintType::SHA1);
} catch (const std::exception& e) { } catch (const std::exception& e) {
LOG((CLOG_ERR "%s", e.what())); LOG((CLOG_ERR "%s", e.what()));
return false; return false;
} }
LOG((CLOG_NOTE "server fingerprint: %s", LOG((CLOG_NOTE "server fingerprint: %s",
barrier::format_ssl_fingerprint(fingerprint_raw).c_str())); barrier::format_ssl_fingerprint(fingerprint.data).c_str()));
auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path(); auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path();
@ -685,7 +685,6 @@ SecureSocket::verifyCertFingerprint()
fingerprint_db_path.c_str())); fingerprint_db_path.c_str()));
} }
barrier::FingerprintData fingerprint{"sha1", fingerprint_raw};
if (db.is_trusted(fingerprint)) { if (db.is_trusted(fingerprint)) {
LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint")); LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint"));
return true; return true;

View File

@ -15,6 +15,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "FingerprintDatabase.h"
#include "SecureUtils.h" #include "SecureUtils.h"
#include "base/String.h" #include "base/String.h"
#include "base/finally.h" #include "base/finally.h"
@ -59,7 +60,7 @@ std::string format_ssl_fingerprint(const std::vector<uint8_t>& fingerprint, bool
return result; return result;
} }
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type) FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type)
{ {
if (!cert) { if (!cert) {
throw std::runtime_error("certificate is null"); throw std::runtime_error("certificate is null");
@ -77,11 +78,10 @@ std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType t
std::vector<std::uint8_t> digest_vec; std::vector<std::uint8_t> digest_vec;
digest_vec.assign(reinterpret_cast<std::uint8_t*>(digest), digest_vec.assign(reinterpret_cast<std::uint8_t*>(digest),
reinterpret_cast<std::uint8_t*>(digest) + digest_length); reinterpret_cast<std::uint8_t*>(digest) + digest_length);
return digest_vec; return {fingerprint_type_to_string(type), digest_vec};
} }
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path, FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type)
FingerprintType type)
{ {
auto fp = fopen_utf8_path(path, "r"); auto fp = fopen_utf8_path(path, "r");
if (!fp) { if (!fp) {

View File

@ -18,7 +18,7 @@
#ifndef BARRIER_LIB_NET_SECUREUTILS_H #ifndef BARRIER_LIB_NET_SECUREUTILS_H
#define BARRIER_LIB_NET_SECUREUTILS_H #define BARRIER_LIB_NET_SECUREUTILS_H
#include "FingerprintType.h" #include "FingerprintData.h"
#include <openssl/ossl_typ.h> #include <openssl/ossl_typ.h>
#include <cstdint> #include <cstdint>
#include <string> #include <string>
@ -29,10 +29,9 @@ namespace barrier {
std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint, std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint,
bool separator = true); bool separator = true);
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type); FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path, FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type);
FingerprintType type);
void generate_pem_self_signed_cert(const std::string& path); void generate_pem_self_signed_cert(const std::string& path);