/src/FreeRDP/libfreerdp/crypto/certificate_data.c

Source (jump to first uncovered line)
/**
 * FreeRDP: A Remote Desktop Protocol Implementation
 * Certificate Handling
 *
 * Copyright 2011 Jiten Pathy
 * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
 * Copyright 2023 Armin Novak <anovak@thincast.com>
 * Copyright 2023 Thincast Technologies GmbH
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <ctype.h>

#include <freerdp/config.h>

#include <winpr/assert.h>
#include <winpr/path.h>

#include <freerdp/settings.h>

#include <freerdp/crypto/crypto.h>
#include <freerdp/crypto/certificate_data.h>

#include "certificate.h"

#include <freerdp/log.h>
#define TAG FREERDP_TAG("crypto")

struct rdp_certificate_data
{
  char* hostname;
  UINT16 port;
  rdpCertificate* cert;

  char cached_hash[MAX_PATH + 10];
  char* cached_subject;
  char* cached_issuer;
  char* cached_fingerprint;
  char* cached_pem;
};

static const char* freerdp_certificate_data_hash_(const char* hostname, UINT16 port, char* name,
                                                  size_t length)
{
  _snprintf(name, length, "%s_%" PRIu16 ".pem", hostname, port);
  return name;
}

static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data)
{
  BOOL rc = FALSE;

  WINPR_ASSERT(data);

  freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash,
                                 sizeof(data->cached_hash));
  if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0)
    goto fail;

  data->cached_subject = freerdp_certificate_get_subject(data->cert);
  if (!data->cached_subject)
    data->cached_subject = calloc(1, 1);

  size_t pemlen = 0;
  data->cached_pem = freerdp_certificate_get_pem(data->cert, &pemlen);
  if (!data->cached_pem)
    goto fail;

  data->cached_fingerprint = freerdp_certificate_get_fingerprint(data->cert);
  if (!data->cached_fingerprint)
    goto fail;

  data->cached_issuer = freerdp_certificate_get_issuer(data->cert);
  if (!data->cached_issuer)
    data->cached_issuer = calloc(1, 1);

  rc = TRUE;
fail:
  return rc;
}

static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostname, UINT16 port,
                                                               rdpCertificate* xcert)
{
  size_t i;
  rdpCertificateData* certdata = NULL;

  if (!hostname || !xcert)
    goto fail;

  certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData));

  if (!certdata)
    goto fail;

  certdata->port = port;
  certdata->hostname = _strdup(hostname);
  if (!certdata->hostname)
    goto fail;
  for (i = 0; i < strlen(hostname); i++)
    certdata->hostname[i] = tolower(certdata->hostname[i]);

  certdata->cert = xcert;
  if (!freerdp_certificate_data_load_cache(certdata))
  {
    certdata->cert = NULL;
    goto fail;
  }

  return certdata;
fail:
  freerdp_certificate_data_free(certdata);
  return NULL;
}

rdpCertificateData* freerdp_certificate_data_new(const char* hostname, UINT16 port,
                                                 const rdpCertificate* xcert)
{
  rdpCertificate* copy = freerdp_certificate_clone(xcert);
  rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, copy);
  if (!data)
    freerdp_certificate_free(copy);
  return data;
}

rdpCertificateData* freerdp_certificate_data_new_from_pem(const char* hostname, UINT16 port,
                                                          const char* pem, size_t length)
{
  if (!pem || (length == 0))
    return NULL;

  rdpCertificate* cert = freerdp_certificate_new_from_pem(pem);
  rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert);
  if (!data)
    freerdp_certificate_free(cert);
  return data;
}

rdpCertificateData* freerdp_certificate_data_new_from_file(const char* hostname, UINT16 port,
                                                           const char* file)
{
  if (!file)
    return NULL;

  rdpCertificate* cert = freerdp_certificate_new_from_file(file);
  rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert);
  if (!data)
    freerdp_certificate_free(cert);
  return data;
}

void freerdp_certificate_data_free(rdpCertificateData* data)
{
  if (data == NULL)
    return;

  free(data->hostname);
  freerdp_certificate_free(data->cert);
  free(data->cached_subject);
  free(data->cached_issuer);
  free(data->cached_fingerprint);
  free(data->cached_pem);

  free(data);
}

const char* freerdp_certificate_data_get_host(const rdpCertificateData* cert)
{
  WINPR_ASSERT(cert);
  return cert->hostname;
}

UINT16 freerdp_certificate_data_get_port(const rdpCertificateData* cert)
{
  WINPR_ASSERT(cert);
  return cert->port;
}

const char* freerdp_certificate_data_get_pem(const rdpCertificateData* cert)
{
  WINPR_ASSERT(cert);
  WINPR_ASSERT(cert->cached_pem);

  return cert->cached_pem;
}

const char* freerdp_certificate_data_get_subject(const rdpCertificateData* cert)
{
  WINPR_ASSERT(cert);
  WINPR_ASSERT(cert->cached_subject);

  return cert->cached_subject;
}

const char* freerdp_certificate_data_get_issuer(const rdpCertificateData* cert)
{
  WINPR_ASSERT(cert);
  WINPR_ASSERT(cert->cached_issuer);

  return cert->cached_issuer;
}
const char* freerdp_certificate_data_get_fingerprint(const rdpCertificateData* cert)
{
  WINPR_ASSERT(cert);
  WINPR_ASSERT(cert->cached_fingerprint);

  return cert->cached_fingerprint;
}

BOOL freerdp_certificate_data_equal(const rdpCertificateData* a, const rdpCertificateData* b)
{
  BOOL rc = FALSE;

  WINPR_ASSERT(a);
  WINPR_ASSERT(b);

  if (strcmp(a->hostname, b->hostname) != 0)
    return FALSE;
  if (a->port != b->port)
    return FALSE;

  const char* pem1 = freerdp_certificate_data_get_fingerprint(a);
  const char* pem2 = freerdp_certificate_data_get_fingerprint(b);
  if (pem1 && pem2)
    rc = strcmp(pem1, pem2) == 0;
  else
    rc = pem1 == pem2;

  return rc;
}

const char* freerdp_certificate_data_get_hash(const rdpCertificateData* cert)
{
  WINPR_ASSERT(cert);
  WINPR_ASSERT(cert->cached_hash);

  return cert->cached_hash;
}

char* freerdp_certificate_data_hash(const char* hostname, UINT16 port)
{
  char name[MAX_PATH + 10] = { 0 };
  freerdp_certificate_data_hash_(hostname, port, name, sizeof(name));
  return _strdup(name);
}

Coverage Report

Created: 2023-09-25 06:56

Line	Count	Source (jump to first uncovered line)
1		/**
2		* FreeRDP: A Remote Desktop Protocol Implementation
3		* Certificate Handling
4		*
5		* Copyright 2011 Jiten Pathy
6		* Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
7		* Copyright 2023 Armin Novak <anovak@thincast.com>
8		* Copyright 2023 Thincast Technologies GmbH
9		*
10		* Licensed under the Apache License, Version 2.0 (the "License");
11		* you may not use this file except in compliance with the License.
12		* You may obtain a copy of the License at
13		*
14		* http://www.apache.org/licenses/LICENSE-2.0
15		*
16		* Unless required by applicable law or agreed to in writing, software
17		* distributed under the License is distributed on an "AS IS" BASIS,
18		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19		* See the License for the specific language governing permissions and
20		* limitations under the License.
21		*/
22
23		#include <ctype.h>
24
25		#include <freerdp/config.h>
26
27		#include <winpr/assert.h>
28		#include <winpr/path.h>
29
30		#include <freerdp/settings.h>
31
32		#include <freerdp/crypto/crypto.h>
33		#include <freerdp/crypto/certificate_data.h>
34
35		#include "certificate.h"
36
37		#include <freerdp/log.h>
38		#define TAG FREERDP_TAG("crypto")
39
40		struct rdp_certificate_data
41		{
42		char* hostname;
43		UINT16 port;
44		rdpCertificate* cert;
45
46		char cached_hash[MAX_PATH + 10];
47		char* cached_subject;
48		char* cached_issuer;
49		char* cached_fingerprint;
50		char* cached_pem;
51		};
52
53		static const char* freerdp_certificate_data_hash_(const char* hostname, UINT16 port, char* name,
54		size_t length)
55	0	{
56	0	_snprintf(name, length, "%s_%" PRIu16 ".pem", hostname, port);
57	0	return name;
58	0	}
59
60		static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data)
61	0	{
62	0	BOOL rc = FALSE;
63
64	0	WINPR_ASSERT(data);
65
66	0	freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash,
67	0	sizeof(data->cached_hash));
68	0	if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0)
69	0	goto fail;
70
71	0	data->cached_subject = freerdp_certificate_get_subject(data->cert);
72	0	if (!data->cached_subject)
73	0	data->cached_subject = calloc(1, 1);
74
75	0	size_t pemlen = 0;
76	0	data->cached_pem = freerdp_certificate_get_pem(data->cert, &pemlen);
77	0	if (!data->cached_pem)
78	0	goto fail;
79
80	0	data->cached_fingerprint = freerdp_certificate_get_fingerprint(data->cert);
81	0	if (!data->cached_fingerprint)
82	0	goto fail;
83
84	0	data->cached_issuer = freerdp_certificate_get_issuer(data->cert);
85	0	if (!data->cached_issuer)
86	0	data->cached_issuer = calloc(1, 1);
87
88	0	rc = TRUE;
89	0	fail:
90	0	return rc;
91	0	}
92
93		static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostname, UINT16 port,
94		rdpCertificate* xcert)
95	0	{
96	0	size_t i;
97	0	rdpCertificateData* certdata = NULL;
98
99	0	if (!hostname \|\| !xcert)
100	0	goto fail;
101
102	0	certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData));
103
104	0	if (!certdata)
105	0	goto fail;
106
107	0	certdata->port = port;
108	0	certdata->hostname = _strdup(hostname);
109	0	if (!certdata->hostname)
110	0	goto fail;
111	0	for (i = 0; i < strlen(hostname); i++)
112	0	certdata->hostname[i] = tolower(certdata->hostname[i]);
113
114	0	certdata->cert = xcert;
115	0	if (!freerdp_certificate_data_load_cache(certdata))
116	0	{
117	0	certdata->cert = NULL;
118	0	goto fail;
119	0	}
120
121	0	return certdata;
122	0	fail:
123	0	freerdp_certificate_data_free(certdata);
124	0	return NULL;
125	0	}
126
127		rdpCertificateData* freerdp_certificate_data_new(const char* hostname, UINT16 port,
128		const rdpCertificate* xcert)
129	0	{
130	0	rdpCertificate* copy = freerdp_certificate_clone(xcert);
131	0	rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, copy);
132	0	if (!data)
133	0	freerdp_certificate_free(copy);
134	0	return data;
135	0	}
136
137		rdpCertificateData* freerdp_certificate_data_new_from_pem(const char* hostname, UINT16 port,
138		const char* pem, size_t length)
139	0	{
140	0	if (!pem \|\| (length == 0))
141	0	return NULL;
142
143	0	rdpCertificate* cert = freerdp_certificate_new_from_pem(pem);
144	0	rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert);
145	0	if (!data)
146	0	freerdp_certificate_free(cert);
147	0	return data;
148	0	}
149
150		rdpCertificateData* freerdp_certificate_data_new_from_file(const char* hostname, UINT16 port,
151		const char* file)
152	0	{
153	0	if (!file)
154	0	return NULL;
155
156	0	rdpCertificate* cert = freerdp_certificate_new_from_file(file);
157	0	rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert);
158	0	if (!data)
159	0	freerdp_certificate_free(cert);
160	0	return data;
161	0	}
162
163		void freerdp_certificate_data_free(rdpCertificateData* data)
164	0	{
165	0	if (data == NULL)
166	0	return;
167
168	0	free(data->hostname);
169	0	freerdp_certificate_free(data->cert);
170	0	free(data->cached_subject);
171	0	free(data->cached_issuer);
172	0	free(data->cached_fingerprint);
173	0	free(data->cached_pem);
174
175	0	free(data);
176	0	}
177
178		const char* freerdp_certificate_data_get_host(const rdpCertificateData* cert)
179	0	{
180	0	WINPR_ASSERT(cert);
181	0	return cert->hostname;
182	0	}
183
184		UINT16 freerdp_certificate_data_get_port(const rdpCertificateData* cert)
185	0	{
186	0	WINPR_ASSERT(cert);
187	0	return cert->port;
188	0	}
189
190		const char* freerdp_certificate_data_get_pem(const rdpCertificateData* cert)
191	0	{
192	0	WINPR_ASSERT(cert);
193	0	WINPR_ASSERT(cert->cached_pem);
194
195	0	return cert->cached_pem;
196	0	}
197
198		const char* freerdp_certificate_data_get_subject(const rdpCertificateData* cert)
199	0	{
200	0	WINPR_ASSERT(cert);
201	0	WINPR_ASSERT(cert->cached_subject);
202
203	0	return cert->cached_subject;
204	0	}
205
206		const char* freerdp_certificate_data_get_issuer(const rdpCertificateData* cert)
207	0	{
208	0	WINPR_ASSERT(cert);
209	0	WINPR_ASSERT(cert->cached_issuer);
210
211	0	return cert->cached_issuer;
212	0	}
213		const char* freerdp_certificate_data_get_fingerprint(const rdpCertificateData* cert)
214	0	{
215	0	WINPR_ASSERT(cert);
216	0	WINPR_ASSERT(cert->cached_fingerprint);
217
218	0	return cert->cached_fingerprint;
219	0	}
220
221		BOOL freerdp_certificate_data_equal(const rdpCertificateData* a, const rdpCertificateData* b)
222	0	{
223	0	BOOL rc = FALSE;
224
225	0	WINPR_ASSERT(a);
226	0	WINPR_ASSERT(b);
227
228	0	if (strcmp(a->hostname, b->hostname) != 0)
229	0	return FALSE;
230	0	if (a->port != b->port)
231	0	return FALSE;
232
233	0	const char* pem1 = freerdp_certificate_data_get_fingerprint(a);
234	0	const char* pem2 = freerdp_certificate_data_get_fingerprint(b);
235	0	if (pem1 && pem2)
236	0	rc = strcmp(pem1, pem2) == 0;
237	0	else
238	0	rc = pem1 == pem2;
239
240	0	return rc;
241	0	}
242
243		const char* freerdp_certificate_data_get_hash(const rdpCertificateData* cert)
244	0	{
245	0	WINPR_ASSERT(cert);
246	0	WINPR_ASSERT(cert->cached_hash);
247
248	0	return cert->cached_hash;
249	0	}
250
251		char* freerdp_certificate_data_hash(const char* hostname, UINT16 port)
252	0	{
253	0	char name[MAX_PATH + 10] = { 0 };
254	0	freerdp_certificate_data_hash_(hostname, port, name, sizeof(name));
255	0	return _strdup(name);
256	0	}