Inicio Explorar Axuda
Iniciar sesión
mmn
/
sslsniff
Seguir 1
Destacar 0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: b65e28f65f
Ramas Etiquetas
sslsniff
/
certificate
/
Certificate.hpp

Certificate.hpp 4.4 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 
  1. /*
    2. 

  2.  * Copyright (c) 2002-2009 Moxie Marlinspike
    3. 

  3.  *
    4. 

  4.  * This program is free software; you can redistribute it and/or
    5. 

  5.  * modify it under the terms of the GNU General Public License as
    6. 

  6.  * published by the Free Software Foundation; either version 3 of the
    7. 

  7.  * License, or (at your option) any later version.
    8. 

  8.  *
    9. 

  9.  * This program is distributed in the hope that it will be useful, but
    10. 

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    12. 

  12.  * General Public License for more details.
    13. 

  13.  *
    14. 

  14.  * You should have received a copy of the GNU General Public License
    15. 

  15.  * along with this program; if not, write to the Free Software
    16. 

  16.  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
    17. 

  17.  * USA
    18. 

  18.  */
    19. 

  19. 

  20. #ifndef __CERTIFICATE_H__
    21. 

  21. #define __CERTIFICATE_H__
    22. 

  22. 

  23. #include <openssl/pem.h>
    24. 

  24. #include <openssl/conf.h>
    25. 

  25. #include <openssl/x509v3.h>
    26. 

  26. #include <openssl/ssl.h>
    27. 

  27. #include <openssl/err.h>
    28. 

  28. #include <openssl/rand.h>
    29. 

  29. 

  30. #include <boost/asio.hpp>
    31. 

  31. 

  32. #include <iostream>
    33. 

  33. #include <string>
    34. 

  34. 

  35. #include "../util/Util.hpp"
    36. 

  36. #include "../Logger.hpp"
    37. 

  37. 

  38. class BadCertificateException : public std::exception {
    39. 

  39. public:
    40. 

  40.   virtual const char* what() const throw() {
    41. 

  41.     return "Could not parse certificate...";
    42. 

  42.   }
    43. 

  43. };
    44. 

  44. 

  45. class Certificate {
    46. 

  46. 

  47. private:
    48. 

  48.   X509 *cert;
    49. 

  49.   EVP_PKEY *key;
    50. 

  50.   std::string name;
    51. 

  51. 

  52.   std::list<std::string> ocspHosts;
    53. 

  53.   std::list<boost::asio::ip::address> ips;
    54. 

  54.   std::list<boost::asio::ip::address> ocspIps;
    55. 

  55. 

  56.   std::string parseNameFromOCSPUrl(std::string &url) {
    57. 

  57.     int forwardSlash = url.find('/', 7);
    58. 

  58. 

  59.     if (forwardSlash) forwardSlash -= 7;
    60. 

  60.     else              forwardSlash  = (int) std::string::npos;
    61. 

  61. 

  62.     std::string name = url.substr(7, forwardSlash);	
    63. 

  63.     
    64. 

  64.     return name;
    65. 

  65.   }
    66. 

  66. 

  67.   void parseOCSPUrls(X509 *cert) {
    68. 

  68.     int crit = 0;
    69. 

  69.     int idx  = 0;
    70. 

  70. 

  71.     STACK_OF(ACCESS_DESCRIPTION) *ads = 
    72. 

  72.       (STACK_OF(ACCESS_DESCRIPTION)*)X509_get_ext_d2i(cert, NID_info_access, &crit, &idx); 
    73. 

  73. 

  74.     int adsnum = sk_ACCESS_DESCRIPTION_num(ads);
    75. 

  75. 

  76.     for(int i=0; i<adsnum; i++) { 
    77. 

  77.       ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(ads, i); 
    78. 

  78.       
    79. 

  79.       if (!ad) continue;
    80. 

  80.       
    81. 

  81.       if(OBJ_obj2nid(ad->method) == NID_ad_OCSP) { 
    82. 

  82. 	unsigned char * data = ASN1_STRING_data(ad->location->d.ia5);
    83. 

  83. 

  84. 	std::string url(strdup((const char*)data));
    85. 

  85. 	std::string name = parseNameFromOCSPUrl(url);
    86. 

  86. 

  87. 	this->ocspHosts.push_back(name);
    88. 

  88. 

  89. 	Logger::logInit("Added OCSP URL: " + name);
    90. 

  90.       } 
    91. 

  91.     }    
    92. 

  92.   }
    93. 

  93. 

  94.   void parseCommonName(X509 *cert) {
    95. 

  95.     std::string distinguishedName(cert->name);
    96. 

  96.     std::string::size_type cnIndex = distinguishedName.find("CN=");
    97. 

  97. 

  98.     if (cnIndex == std::string::npos) throw BadCertificateException();
    99. 

  99. 

  100.     std::string commonName           = distinguishedName.substr(cnIndex+3);    
    101. 

  101.     std::string::size_type nullIndex = commonName.find("\\x00");
    102. 

  102.     
    103. 

  103.     if (nullIndex != std::string::npos) this->name = commonName.substr(0, nullIndex);
    104. 

  104.     else                                this->name = commonName;
    105. 

  105.   }
    106. 

  106. 

  107. public:
    108. 

  108.   Certificate() {}
    109. 

  109. 

  110.   Certificate(X509 *cert, EVP_PKEY* key, bool resolve) {
    111. 

  111.     this->cert = cert;
    112. 

  112.     this->key  = key;
    113. 

  113.     
    114. 

  114.     parseCommonName(cert);
    115. 

  115.     parseOCSPUrls(cert);
    116. 

  116.     
    117. 

  117.     if (resolve) {
    118. 

  118. 

  119.       if (!isWildcard())
    120. 

  120. 	Util::resolveName(name, ips);
    121. 

  121.       
    122. 

  122.       std::list<std::string>::iterator i   = ocspHosts.begin();
    123. 

  123.       std::list<std::string>::iterator end = ocspHosts.end();
    124. 

  124.       
    125. 

  125.       for ( ; i != end ; i++) {
    126. 

  126. 	Util::resolveName(*i, ocspIps);
    127. 

  127.       }
    128. 

  128.     }
    129. 

  129. 

  130.     Logger::logInit("Certificate Ready: " + this->name);
    131. 

  131.   }
    132. 

  132. 

  133.   bool isOCSPAddress(boost::asio::ip::address &address) {
    134. 

  134.     std::list<boost::asio::ip::address>::iterator i   = ocspIps.begin();
    135. 

  135.     std::list<boost::asio::ip::address>::iterator end = ocspIps.end();
    136. 

  136. 

  137.     for ( ; i != end ; i++) {
    138. 

  138.       if ((*i) == address) return true;
    139. 

  139.     }
    140. 

  140. 

  141.     return false;    
    142. 

  142.   }
    143. 

  143. 

  144.   bool isValidTarget(boost::asio::ip::address &address, bool wildcardOK) {
    145. 

  145.     if (wildcardOK && isWildcard()) {
    146. 

  146.       return true;
    147. 

  147.     }
    148. 

  148. 

  149.     std::list<boost::asio::ip::address>::iterator i   = ips.begin();
    150. 

  150.     std::list<boost::asio::ip::address>::iterator end = ips.end();
    151. 

  151. 

  152.     for ( ; i != end ; i++) {
    153. 

  153.       if ((*i) == address) return true;
    154. 

  154.     }
    155. 

  155. 

  156.     return false;
    157. 

  157.   }
    158. 

  158. 

  159.   X509* getCert() {
    160. 

  160.     return cert;
    161. 

  161.   }
    162. 

  162. 

  163.   EVP_PKEY* getKey() {
    164. 

  164.     return key;
    165. 

  165.   }
    166. 

  166. 

  167.   void setCert(X509 *cert) {
    168. 

  168.     this->cert = cert;
    169. 

  169.   }
    170. 

  170. 

  171.   void setKey(EVP_PKEY *key) {
    172. 

  172.     this->key = key;
    173. 

  173.   }
    174. 

  174. 

  175.   std::string& getName() {
    176. 

  176.     return name;
    177. 

  177.   }
    178. 

  178. 

  179.   bool isWildcard() {
    180. 

  180.     return name[0] == '*';
    181. 

  181.   }
    182. 

  182. };
    183. 

  183. 

  184. 

  185. #endif
    186. 

  186.