gui: Use openssl library instead of CLI tool to generate fingerprints
This commit is contained in:
parent
cf732aba37
commit
dbf56a9375
|
@ -131,7 +131,7 @@ add_executable (barrier WIN32
|
||||||
|
|
||||||
include_directories (./src)
|
include_directories (./src)
|
||||||
|
|
||||||
target_link_libraries (barrier Qt5::Core Qt5::Widgets Qt5::Network ${OPENSSL_LIBS})
|
target_link_libraries(barrier net base io Qt5::Core Qt5::Widgets Qt5::Network ${OPENSSL_LIBS})
|
||||||
target_compile_definitions (barrier PRIVATE -DBARRIER_VERSION_STAGE="${BARRIER_VERSION_STAGE}")
|
target_compile_definitions (barrier PRIVATE -DBARRIER_VERSION_STAGE="${BARRIER_VERSION_STAGE}")
|
||||||
target_compile_definitions (barrier PRIVATE -DBARRIER_REVISION="${BARRIER_REVISION}")
|
target_compile_definitions (barrier PRIVATE -DBARRIER_REVISION="${BARRIER_REVISION}")
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "SslCertificate.h"
|
#include "SslCertificate.h"
|
||||||
#include "Fingerprint.h"
|
#include "Fingerprint.h"
|
||||||
#include "common/DataDirectories.h"
|
#include "common/DataDirectories.h"
|
||||||
|
#include "net/SecureUtils.h"
|
||||||
|
|
||||||
#include <QProcess>
|
#include <QProcess>
|
||||||
#include <QDir>
|
#include <QDir>
|
||||||
|
@ -149,34 +150,14 @@ void SslCertificate::generateCertificate()
|
||||||
|
|
||||||
void SslCertificate::generateFingerprint(const QString& certificateFilename)
|
void SslCertificate::generateFingerprint(const QString& certificateFilename)
|
||||||
{
|
{
|
||||||
QStringList arguments;
|
try {
|
||||||
arguments.append("x509");
|
auto fingerprint = barrier::get_pem_file_cert_fingerprint(certificateFilename.toStdString(),
|
||||||
arguments.append("-fingerprint");
|
barrier::FingerprintType::SHA1);
|
||||||
arguments.append("-sha1");
|
Fingerprint::local().trust(QString::fromStdString(
|
||||||
arguments.append("-noout");
|
barrier::format_ssl_fingerprint(fingerprint)), false);
|
||||||
arguments.append("-in");
|
|
||||||
arguments.append(certificateFilename);
|
|
||||||
|
|
||||||
auto ret = runTool(arguments);
|
|
||||||
bool success = ret.first;
|
|
||||||
std::string output = ret.second;
|
|
||||||
|
|
||||||
if (!success) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// find the fingerprint from the tool output
|
|
||||||
auto i = output.find_first_of('=');
|
|
||||||
if (i != std::string::npos) {
|
|
||||||
i++;
|
|
||||||
auto fingerprint = output.substr(
|
|
||||||
i, output.size() - i);
|
|
||||||
|
|
||||||
Fingerprint::local().trust(QString::fromStdString(fingerprint), false);
|
|
||||||
emit info(tr("SSL fingerprint generated."));
|
emit info(tr("SSL fingerprint generated."));
|
||||||
}
|
} catch (const std::exception& e) {
|
||||||
else {
|
emit error(tr("Failed to find SSL fingerprint.") + e.what());
|
||||||
emit error(tr("Failed to find SSL fingerprint."));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,10 +17,13 @@
|
||||||
|
|
||||||
#include "SecureUtils.h"
|
#include "SecureUtils.h"
|
||||||
#include "base/String.h"
|
#include "base/String.h"
|
||||||
|
#include "base/finally.h"
|
||||||
|
#include "io/fstream.h"
|
||||||
|
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
|
#include <cstdio>
|
||||||
#include <stdexcept>
|
#include <stdexcept>
|
||||||
|
|
||||||
namespace barrier {
|
namespace barrier {
|
||||||
|
@ -76,4 +79,22 @@ std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType t
|
||||||
return digest_vec;
|
return digest_vec;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
|
||||||
|
FingerprintType type)
|
||||||
|
{
|
||||||
|
auto fp = fopen_utf8_path(path, "r");
|
||||||
|
if (!fp) {
|
||||||
|
throw std::runtime_error("Could not open certificate path");
|
||||||
|
}
|
||||||
|
auto file_close = finally([fp]() { std::fclose(fp); });
|
||||||
|
|
||||||
|
X509* cert = PEM_read_X509(fp, nullptr, nullptr, nullptr);
|
||||||
|
if (!cert) {
|
||||||
|
throw std::runtime_error("Certificate could not be parsed");
|
||||||
|
}
|
||||||
|
auto cert_free = finally([cert]() { X509_free(cert); });
|
||||||
|
|
||||||
|
return get_ssl_cert_fingerprint(cert, type);
|
||||||
|
}
|
||||||
|
|
||||||
} // namespace barrier
|
} // namespace barrier
|
||||||
|
|
|
@ -35,6 +35,9 @@ std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint,
|
||||||
|
|
||||||
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
|
std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
|
||||||
|
|
||||||
|
std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
|
||||||
|
FingerprintType type);
|
||||||
|
|
||||||
} // namespace barrier
|
} // namespace barrier
|
||||||
|
|
||||||
#endif // BARRIER_LIB_NET_SECUREUTILS_H
|
#endif // BARRIER_LIB_NET_SECUREUTILS_H
|
||||||
|
|
Loading…
Reference in New Issue