lib/net: Use FingerprintData to represent fingerprints

This commit is contained in:
Povilas Kanapickas 2021-11-01 02:52:47 +02:00
parent 50534ecb43
commit 7cced74119
8 changed files with 70 additions and 42 deletions

View File

@ -76,7 +76,7 @@ void SslCertificate::generateFingerprint(const std::string& cert_path)
auto local_path = DataDirectories::local_ssl_fingerprints_path();
barrier::FingerprintDatabase db;
db.add_trusted(barrier::FingerprintData{"sha1", fingerprint});
db.add_trusted(fingerprint);
db.write(local_path);
emit info(tr("SSL fingerprint generated."));

View File

@ -15,20 +15,20 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef BARRIER_LIB_NET_FINGERPRINT_TYPE_H
#define BARRIER_LIB_NET_FINGERPRINT_TYPE_H
#include <string>
#include "base/String.h"
#include "FingerprintDatabase.h"
#include "io/fstream.h"
#include <algorithm>
#include <fstream>
namespace barrier {
enum FingerprintType {
INVALID,
SHA1, // deprecated
SHA256,
};
bool FingerprintData::operator==(const FingerprintData& other) const
{
return algorithm == other.algorithm && data == other.data;
}
inline const char* fingerprint_type_to_string(FingerprintType type)
const char* fingerprint_type_to_string(FingerprintType type)
{
switch (type) {
case FingerprintType::INVALID: return "invalid";
@ -38,7 +38,7 @@ inline const char* fingerprint_type_to_string(FingerprintType type)
return "invalid";
}
inline FingerprintType fingerprint_type_from_string(const std::string& type)
FingerprintType fingerprint_type_from_string(const std::string& type)
{
if (type == "sha1") {
return FingerprintType::SHA1;
@ -50,5 +50,3 @@ inline FingerprintType fingerprint_type_from_string(const std::string& type)
}
} // namespace barrier
#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H

View File

@ -0,0 +1,46 @@
/*
barrier -- mouse and keyboard sharing utility
Copyright (C) Barrier contributors
This package is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
found in the file LICENSE that should have accompanied this file.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef BARRIER_LIB_NET_FINGERPRINT_DATA_H
#define BARRIER_LIB_NET_FINGERPRINT_DATA_H
#include <string>
#include <vector>
namespace barrier {
enum FingerprintType {
INVALID,
SHA1, // deprecated
SHA256,
};
struct FingerprintData {
std::string algorithm;
std::vector<std::uint8_t> data;
bool valid() const { return !algorithm.empty(); }
bool operator==(const FingerprintData& other) const;
};
const char* fingerprint_type_to_string(FingerprintType type);
FingerprintType fingerprint_type_from_string(const std::string& type);
} // namespace barrier
#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H

View File

@ -23,11 +23,6 @@
namespace barrier {
bool FingerprintData::operator==(const FingerprintData& other) const
{
return algorithm == other.algorithm && data == other.data;
}
void FingerprintDatabase::read(const std::string& path)
{
std::ifstream file;

View File

@ -18,22 +18,13 @@
#ifndef BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
#define BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
#include "FingerprintType.h"
#include "FingerprintData.h"
#include <iosfwd>
#include <string>
#include <vector>
namespace barrier {
struct FingerprintData {
std::string algorithm;
std::vector<std::uint8_t> data;
bool valid() const { return !algorithm.empty(); }
bool operator==(const FingerprintData& other) const;
};
class FingerprintDatabase {
public:
void read(const std::string& path);

View File

@ -657,9 +657,9 @@ bool
SecureSocket::verifyCertFingerprint()
{
// calculate received certificate fingerprint
std::vector<std::uint8_t> fingerprint_raw;
barrier::FingerprintData fingerprint;
try {
fingerprint_raw = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
fingerprint = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
barrier::FingerprintType::SHA1);
} catch (const std::exception& e) {
LOG((CLOG_ERR "%s", e.what()));
@ -667,7 +667,7 @@ SecureSocket::verifyCertFingerprint()
}
LOG((CLOG_NOTE "server fingerprint: %s",
barrier::format_ssl_fingerprint(fingerprint_raw).c_str()));
barrier::format_ssl_fingerprint(fingerprint.data).c_str()));
auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path();
@ -685,7 +685,6 @@ SecureSocket::verifyCertFingerprint()
fingerprint_db_path.c_str()));
}
barrier::FingerprintData fingerprint{"sha1", fingerprint_raw};
if (db.is_trusted(fingerprint)) {
LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint"));
return true;

View File

@ -15,6 +15,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "FingerprintDatabase.h"
#include "SecureUtils.h"
#include "base/String.h"
#include "base/finally.h"
@ -59,7 +60,7 @@ std::string format_ssl_fingerprint(const std::vector<uint8_t>& fingerprint, bool
return result;
}
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type)
FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type)
{
if (!cert) {
throw std::runtime_error("certificate is null");
@ -77,11 +78,10 @@ std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType t
std::vector<std::uint8_t> digest_vec;
digest_vec.assign(reinterpret_cast<std::uint8_t*>(digest),
reinterpret_cast<std::uint8_t*>(digest) + digest_length);
return digest_vec;
return {fingerprint_type_to_string(type), digest_vec};
}
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
FingerprintType type)
FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type)
{
auto fp = fopen_utf8_path(path, "r");
if (!fp) {

View File

@ -18,7 +18,7 @@
#ifndef BARRIER_LIB_NET_SECUREUTILS_H
#define BARRIER_LIB_NET_SECUREUTILS_H
#include "FingerprintType.h"
#include "FingerprintData.h"
#include <openssl/ossl_typ.h>
#include <cstdint>
#include <string>
@ -29,10 +29,9 @@ namespace barrier {
std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint,
bool separator = true);
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
FingerprintType type);
FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type);
void generate_pem_self_signed_cert(const std::string& path);