/src/FreeRDP/libfreerdp/crypto/certificate_data.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * Certificate Handling |
4 | | * |
5 | | * Copyright 2011 Jiten Pathy |
6 | | * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
7 | | * Copyright 2023 Armin Novak <anovak@thincast.com> |
8 | | * Copyright 2023 Thincast Technologies GmbH |
9 | | * |
10 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
11 | | * you may not use this file except in compliance with the License. |
12 | | * You may obtain a copy of the License at |
13 | | * |
14 | | * http://www.apache.org/licenses/LICENSE-2.0 |
15 | | * |
16 | | * Unless required by applicable law or agreed to in writing, software |
17 | | * distributed under the License is distributed on an "AS IS" BASIS, |
18 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
19 | | * See the License for the specific language governing permissions and |
20 | | * limitations under the License. |
21 | | */ |
22 | | |
23 | | #include <ctype.h> |
24 | | |
25 | | #include <freerdp/config.h> |
26 | | |
27 | | #include <winpr/assert.h> |
28 | | #include <winpr/path.h> |
29 | | |
30 | | #include <freerdp/settings.h> |
31 | | |
32 | | #include <freerdp/crypto/crypto.h> |
33 | | #include <freerdp/crypto/certificate_data.h> |
34 | | |
35 | | #include "certificate.h" |
36 | | |
37 | | #include <freerdp/log.h> |
38 | | #define TAG FREERDP_TAG("crypto") |
39 | | |
40 | | struct rdp_certificate_data |
41 | | { |
42 | | char* hostname; |
43 | | UINT16 port; |
44 | | rdpCertificate* cert; |
45 | | |
46 | | char cached_hash[MAX_PATH + 10]; |
47 | | char* cached_subject; |
48 | | char* cached_issuer; |
49 | | char* cached_fingerprint; |
50 | | char* cached_pem; |
51 | | char* cached_pem_chain; |
52 | | }; |
53 | | |
54 | | /* ensure our hostnames (and therefore filenames) always use the same capitalization. |
55 | | * the user might have input random case, but we always need to have a sane |
56 | | * baseline to compare against. */ |
57 | | static char* ensure_lowercase(char* str, size_t length) |
58 | 0 | { |
59 | 0 | const size_t len = strnlen(str, length); |
60 | 0 | for (size_t x = 0; x < len; x++) |
61 | 0 | str[x] = tolower(str[x]); |
62 | 0 | return str; |
63 | 0 | } |
64 | | static const char* freerdp_certificate_data_hash_(const char* hostname, UINT16 port, char* name, |
65 | | size_t length) |
66 | 0 | { |
67 | 0 | (void)_snprintf(name, length, "%s_%" PRIu16 ".pem", hostname, port); |
68 | 0 | return ensure_lowercase(name, length); |
69 | 0 | } |
70 | | |
71 | | static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data) |
72 | 0 | { |
73 | 0 | BOOL rc = FALSE; |
74 | |
|
75 | 0 | WINPR_ASSERT(data); |
76 | | |
77 | 0 | freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash, |
78 | 0 | sizeof(data->cached_hash)); |
79 | 0 | if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0) |
80 | 0 | goto fail; |
81 | | |
82 | 0 | data->cached_subject = freerdp_certificate_get_subject(data->cert); |
83 | 0 | if (!data->cached_subject) |
84 | 0 | data->cached_subject = calloc(1, 1); |
85 | |
|
86 | 0 | size_t pemlen = 0; |
87 | 0 | data->cached_pem = freerdp_certificate_get_pem_ex(data->cert, &pemlen, FALSE); |
88 | 0 | if (!data->cached_pem) |
89 | 0 | goto fail; |
90 | | |
91 | 0 | size_t pemchainlen = 0; |
92 | 0 | data->cached_pem_chain = freerdp_certificate_get_pem_ex(data->cert, &pemchainlen, TRUE); |
93 | 0 | if (!data->cached_pem_chain) |
94 | 0 | goto fail; |
95 | | |
96 | 0 | data->cached_fingerprint = freerdp_certificate_get_fingerprint(data->cert); |
97 | 0 | if (!data->cached_fingerprint) |
98 | 0 | goto fail; |
99 | | |
100 | 0 | data->cached_issuer = freerdp_certificate_get_issuer(data->cert); |
101 | 0 | if (!data->cached_issuer) |
102 | 0 | data->cached_issuer = calloc(1, 1); |
103 | |
|
104 | 0 | rc = TRUE; |
105 | 0 | fail: |
106 | 0 | return rc; |
107 | 0 | } |
108 | | |
109 | | static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostname, UINT16 port, |
110 | | rdpCertificate* xcert) |
111 | 0 | { |
112 | 0 | rdpCertificateData* certdata = NULL; |
113 | |
|
114 | 0 | if (!hostname || !xcert) |
115 | 0 | goto fail; |
116 | | |
117 | 0 | certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData)); |
118 | |
|
119 | 0 | if (!certdata) |
120 | 0 | goto fail; |
121 | | |
122 | 0 | certdata->port = port; |
123 | 0 | certdata->hostname = _strdup(hostname); |
124 | 0 | if (!certdata->hostname) |
125 | 0 | goto fail; |
126 | 0 | ensure_lowercase(certdata->hostname, strlen(certdata->hostname)); |
127 | |
|
128 | 0 | certdata->cert = xcert; |
129 | 0 | if (!freerdp_certificate_data_load_cache(certdata)) |
130 | 0 | { |
131 | 0 | certdata->cert = NULL; |
132 | 0 | goto fail; |
133 | 0 | } |
134 | | |
135 | 0 | return certdata; |
136 | 0 | fail: |
137 | 0 | freerdp_certificate_data_free(certdata); |
138 | 0 | return NULL; |
139 | 0 | } |
140 | | |
141 | | rdpCertificateData* freerdp_certificate_data_new(const char* hostname, UINT16 port, |
142 | | const rdpCertificate* xcert) |
143 | 0 | { |
144 | 0 | rdpCertificate* copy = freerdp_certificate_clone(xcert); |
145 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, copy); |
146 | 0 | if (!data) |
147 | 0 | freerdp_certificate_free(copy); |
148 | 0 | return data; |
149 | 0 | } |
150 | | |
151 | | rdpCertificateData* freerdp_certificate_data_new_from_pem(const char* hostname, UINT16 port, |
152 | | const char* pem, size_t length) |
153 | 0 | { |
154 | 0 | if (!pem || (length == 0)) |
155 | 0 | return NULL; |
156 | | |
157 | 0 | rdpCertificate* cert = freerdp_certificate_new_from_pem(pem); |
158 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert); |
159 | 0 | if (!data) |
160 | 0 | freerdp_certificate_free(cert); |
161 | 0 | return data; |
162 | 0 | } |
163 | | |
164 | | rdpCertificateData* freerdp_certificate_data_new_from_file(const char* hostname, UINT16 port, |
165 | | const char* file) |
166 | 0 | { |
167 | 0 | if (!file) |
168 | 0 | return NULL; |
169 | | |
170 | 0 | rdpCertificate* cert = freerdp_certificate_new_from_file(file); |
171 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert); |
172 | 0 | if (!data) |
173 | 0 | freerdp_certificate_free(cert); |
174 | 0 | return data; |
175 | 0 | } |
176 | | |
177 | | void freerdp_certificate_data_free(rdpCertificateData* data) |
178 | 0 | { |
179 | 0 | if (data == NULL) |
180 | 0 | return; |
181 | | |
182 | 0 | free(data->hostname); |
183 | 0 | freerdp_certificate_free(data->cert); |
184 | 0 | free(data->cached_subject); |
185 | 0 | free(data->cached_issuer); |
186 | 0 | free(data->cached_fingerprint); |
187 | 0 | free(data->cached_pem); |
188 | 0 | free(data->cached_pem_chain); |
189 | |
|
190 | 0 | free(data); |
191 | 0 | } |
192 | | |
193 | | const char* freerdp_certificate_data_get_host(const rdpCertificateData* cert) |
194 | 0 | { |
195 | 0 | if (!cert) |
196 | 0 | return NULL; |
197 | 0 | return cert->hostname; |
198 | 0 | } |
199 | | |
200 | | UINT16 freerdp_certificate_data_get_port(const rdpCertificateData* cert) |
201 | 0 | { |
202 | 0 | if (!cert) |
203 | 0 | return 0; |
204 | 0 | return cert->port; |
205 | 0 | } |
206 | | |
207 | | const char* freerdp_certificate_data_get_pem(const rdpCertificateData* cert) |
208 | 0 | { |
209 | 0 | return freerdp_certificate_data_get_pem_ex(cert, TRUE); |
210 | 0 | } |
211 | | |
212 | | const char* freerdp_certificate_data_get_pem_ex(const rdpCertificateData* cert, BOOL withFullChain) |
213 | 0 | { |
214 | 0 | if (!cert) |
215 | 0 | return NULL; |
216 | 0 | if (withFullChain) |
217 | 0 | return cert->cached_pem_chain; |
218 | 0 | return cert->cached_pem; |
219 | 0 | } |
220 | | |
221 | | const char* freerdp_certificate_data_get_subject(const rdpCertificateData* cert) |
222 | 0 | { |
223 | 0 | if (!cert) |
224 | 0 | return NULL; |
225 | | |
226 | 0 | return cert->cached_subject; |
227 | 0 | } |
228 | | |
229 | | const char* freerdp_certificate_data_get_issuer(const rdpCertificateData* cert) |
230 | 0 | { |
231 | 0 | if (!cert) |
232 | 0 | return NULL; |
233 | | |
234 | 0 | return cert->cached_issuer; |
235 | 0 | } |
236 | | const char* freerdp_certificate_data_get_fingerprint(const rdpCertificateData* cert) |
237 | 0 | { |
238 | 0 | if (!cert) |
239 | 0 | return NULL; |
240 | | |
241 | 0 | return cert->cached_fingerprint; |
242 | 0 | } |
243 | | |
244 | | BOOL freerdp_certificate_data_equal(const rdpCertificateData* a, const rdpCertificateData* b) |
245 | 0 | { |
246 | 0 | BOOL rc = FALSE; |
247 | |
|
248 | 0 | WINPR_ASSERT(a); |
249 | 0 | WINPR_ASSERT(b); |
250 | | |
251 | 0 | if (strcmp(a->hostname, b->hostname) != 0) |
252 | 0 | return FALSE; |
253 | 0 | if (a->port != b->port) |
254 | 0 | return FALSE; |
255 | | |
256 | 0 | const char* pem1 = freerdp_certificate_data_get_fingerprint(a); |
257 | 0 | const char* pem2 = freerdp_certificate_data_get_fingerprint(b); |
258 | 0 | if (pem1 && pem2) |
259 | 0 | rc = strcmp(pem1, pem2) == 0; |
260 | 0 | else |
261 | 0 | rc = pem1 == pem2; |
262 | |
|
263 | 0 | return rc; |
264 | 0 | } |
265 | | |
266 | | const char* freerdp_certificate_data_get_hash(const rdpCertificateData* cert) |
267 | 0 | { |
268 | 0 | if (!cert) |
269 | 0 | return NULL; |
270 | | |
271 | 0 | return cert->cached_hash; |
272 | 0 | } |
273 | | |
274 | | char* freerdp_certificate_data_hash(const char* hostname, UINT16 port) |
275 | 0 | { |
276 | 0 | char name[MAX_PATH + 10] = { 0 }; |
277 | 0 | freerdp_certificate_data_hash_(hostname, port, name, sizeof(name)); |
278 | 0 | return _strdup(name); |
279 | 0 | } |