/src/FreeRDP/libfreerdp/crypto/certificate_data.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * Certificate Handling |
4 | | * |
5 | | * Copyright 2011 Jiten Pathy |
6 | | * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
7 | | * Copyright 2023 Armin Novak <anovak@thincast.com> |
8 | | * Copyright 2023 Thincast Technologies GmbH |
9 | | * |
10 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
11 | | * you may not use this file except in compliance with the License. |
12 | | * You may obtain a copy of the License at |
13 | | * |
14 | | * http://www.apache.org/licenses/LICENSE-2.0 |
15 | | * |
16 | | * Unless required by applicable law or agreed to in writing, software |
17 | | * distributed under the License is distributed on an "AS IS" BASIS, |
18 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
19 | | * See the License for the specific language governing permissions and |
20 | | * limitations under the License. |
21 | | */ |
22 | | |
23 | | #include <ctype.h> |
24 | | |
25 | | #include <freerdp/config.h> |
26 | | |
27 | | #include <winpr/assert.h> |
28 | | #include <winpr/path.h> |
29 | | |
30 | | #include <freerdp/settings.h> |
31 | | |
32 | | #include <freerdp/crypto/crypto.h> |
33 | | #include <freerdp/crypto/certificate_data.h> |
34 | | |
35 | | #include "certificate.h" |
36 | | |
37 | | struct rdp_certificate_data |
38 | | { |
39 | | char* hostname; |
40 | | UINT16 port; |
41 | | rdpCertificate* cert; |
42 | | |
43 | | char cached_hash[MAX_PATH + 10]; |
44 | | char* cached_subject; |
45 | | char* cached_issuer; |
46 | | char* cached_fingerprint; |
47 | | char* cached_pem; |
48 | | char* cached_pem_chain; |
49 | | }; |
50 | | |
51 | | /* ensure our hostnames (and therefore filenames) always use the same capitalization. |
52 | | * the user might have input random case, but we always need to have a sane |
53 | | * baseline to compare against. */ |
54 | | static char* ensure_lowercase(char* str, size_t length) |
55 | 0 | { |
56 | 0 | const size_t len = strnlen(str, length); |
57 | 0 | for (size_t x = 0; x < len; x++) |
58 | 0 | str[x] = (char)tolower(str[x]); |
59 | 0 | return str; |
60 | 0 | } |
61 | | static const char* freerdp_certificate_data_hash_(const char* hostname, UINT16 port, char* name, |
62 | | size_t length) |
63 | 0 | { |
64 | 0 | (void)_snprintf(name, length, "%s_%" PRIu16 ".pem", hostname, port); |
65 | 0 | return ensure_lowercase(name, length); |
66 | 0 | } |
67 | | |
68 | | static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data) |
69 | 0 | { |
70 | 0 | BOOL rc = FALSE; |
71 | |
|
72 | 0 | WINPR_ASSERT(data); |
73 | | |
74 | 0 | freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash, |
75 | 0 | sizeof(data->cached_hash)); |
76 | 0 | if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0) |
77 | 0 | goto fail; |
78 | | |
79 | 0 | data->cached_subject = freerdp_certificate_get_subject(data->cert); |
80 | 0 | if (!data->cached_subject) |
81 | 0 | data->cached_subject = calloc(1, 1); |
82 | |
|
83 | 0 | size_t pemlen = 0; |
84 | 0 | data->cached_pem = freerdp_certificate_get_pem_ex(data->cert, &pemlen, FALSE); |
85 | 0 | if (!data->cached_pem) |
86 | 0 | goto fail; |
87 | | |
88 | 0 | size_t pemchainlen = 0; |
89 | 0 | data->cached_pem_chain = freerdp_certificate_get_pem_ex(data->cert, &pemchainlen, TRUE); |
90 | 0 | if (!data->cached_pem_chain) |
91 | 0 | goto fail; |
92 | | |
93 | 0 | data->cached_fingerprint = freerdp_certificate_get_fingerprint(data->cert); |
94 | 0 | if (!data->cached_fingerprint) |
95 | 0 | goto fail; |
96 | | |
97 | 0 | data->cached_issuer = freerdp_certificate_get_issuer(data->cert); |
98 | 0 | if (!data->cached_issuer) |
99 | 0 | data->cached_issuer = calloc(1, 1); |
100 | |
|
101 | 0 | rc = TRUE; |
102 | 0 | fail: |
103 | 0 | return rc; |
104 | 0 | } |
105 | | |
106 | | static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostname, UINT16 port, |
107 | | rdpCertificate* xcert) |
108 | 0 | { |
109 | 0 | rdpCertificateData* certdata = NULL; |
110 | |
|
111 | 0 | if (!hostname || !xcert) |
112 | 0 | goto fail; |
113 | | |
114 | 0 | certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData)); |
115 | |
|
116 | 0 | if (!certdata) |
117 | 0 | goto fail; |
118 | | |
119 | 0 | certdata->port = port; |
120 | 0 | certdata->hostname = _strdup(hostname); |
121 | 0 | if (!certdata->hostname) |
122 | 0 | goto fail; |
123 | 0 | ensure_lowercase(certdata->hostname, strlen(certdata->hostname)); |
124 | |
|
125 | 0 | certdata->cert = xcert; |
126 | 0 | if (!freerdp_certificate_data_load_cache(certdata)) |
127 | 0 | { |
128 | 0 | certdata->cert = NULL; |
129 | 0 | goto fail; |
130 | 0 | } |
131 | | |
132 | 0 | return certdata; |
133 | 0 | fail: |
134 | 0 | freerdp_certificate_data_free(certdata); |
135 | 0 | return NULL; |
136 | 0 | } |
137 | | |
138 | | rdpCertificateData* freerdp_certificate_data_new(const char* hostname, UINT16 port, |
139 | | const rdpCertificate* xcert) |
140 | 0 | { |
141 | 0 | rdpCertificate* copy = freerdp_certificate_clone(xcert); |
142 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, copy); |
143 | 0 | if (!data) |
144 | 0 | freerdp_certificate_free(copy); |
145 | 0 | return data; |
146 | 0 | } |
147 | | |
148 | | rdpCertificateData* freerdp_certificate_data_new_from_pem(const char* hostname, UINT16 port, |
149 | | const char* pem, size_t length) |
150 | 0 | { |
151 | 0 | if (!pem || (length == 0)) |
152 | 0 | return NULL; |
153 | | |
154 | 0 | rdpCertificate* cert = freerdp_certificate_new_from_pem(pem); |
155 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert); |
156 | 0 | if (!data) |
157 | 0 | freerdp_certificate_free(cert); |
158 | 0 | return data; |
159 | 0 | } |
160 | | |
161 | | rdpCertificateData* freerdp_certificate_data_new_from_file(const char* hostname, UINT16 port, |
162 | | const char* file) |
163 | 0 | { |
164 | 0 | if (!file) |
165 | 0 | return NULL; |
166 | | |
167 | 0 | rdpCertificate* cert = freerdp_certificate_new_from_file(file); |
168 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert); |
169 | 0 | if (!data) |
170 | 0 | freerdp_certificate_free(cert); |
171 | 0 | return data; |
172 | 0 | } |
173 | | |
174 | | void freerdp_certificate_data_free(rdpCertificateData* data) |
175 | 0 | { |
176 | 0 | if (data == NULL) |
177 | 0 | return; |
178 | | |
179 | 0 | free(data->hostname); |
180 | 0 | freerdp_certificate_free(data->cert); |
181 | 0 | free(data->cached_subject); |
182 | 0 | free(data->cached_issuer); |
183 | 0 | free(data->cached_fingerprint); |
184 | 0 | free(data->cached_pem); |
185 | 0 | free(data->cached_pem_chain); |
186 | |
|
187 | 0 | free(data); |
188 | 0 | } |
189 | | |
190 | | const char* freerdp_certificate_data_get_host(const rdpCertificateData* cert) |
191 | 0 | { |
192 | 0 | if (!cert) |
193 | 0 | return NULL; |
194 | 0 | return cert->hostname; |
195 | 0 | } |
196 | | |
197 | | UINT16 freerdp_certificate_data_get_port(const rdpCertificateData* cert) |
198 | 0 | { |
199 | 0 | if (!cert) |
200 | 0 | return 0; |
201 | 0 | return cert->port; |
202 | 0 | } |
203 | | |
204 | | const char* freerdp_certificate_data_get_pem(const rdpCertificateData* cert) |
205 | 0 | { |
206 | 0 | return freerdp_certificate_data_get_pem_ex(cert, TRUE); |
207 | 0 | } |
208 | | |
209 | | const char* freerdp_certificate_data_get_pem_ex(const rdpCertificateData* cert, BOOL withFullChain) |
210 | 0 | { |
211 | 0 | if (!cert) |
212 | 0 | return NULL; |
213 | 0 | if (withFullChain) |
214 | 0 | return cert->cached_pem_chain; |
215 | 0 | return cert->cached_pem; |
216 | 0 | } |
217 | | |
218 | | const char* freerdp_certificate_data_get_subject(const rdpCertificateData* cert) |
219 | 0 | { |
220 | 0 | if (!cert) |
221 | 0 | return NULL; |
222 | | |
223 | 0 | return cert->cached_subject; |
224 | 0 | } |
225 | | |
226 | | const char* freerdp_certificate_data_get_issuer(const rdpCertificateData* cert) |
227 | 0 | { |
228 | 0 | if (!cert) |
229 | 0 | return NULL; |
230 | | |
231 | 0 | return cert->cached_issuer; |
232 | 0 | } |
233 | | const char* freerdp_certificate_data_get_fingerprint(const rdpCertificateData* cert) |
234 | 0 | { |
235 | 0 | if (!cert) |
236 | 0 | return NULL; |
237 | | |
238 | 0 | return cert->cached_fingerprint; |
239 | 0 | } |
240 | | |
241 | | BOOL freerdp_certificate_data_equal(const rdpCertificateData* a, const rdpCertificateData* b) |
242 | 0 | { |
243 | 0 | BOOL rc = FALSE; |
244 | |
|
245 | 0 | WINPR_ASSERT(a); |
246 | 0 | WINPR_ASSERT(b); |
247 | | |
248 | 0 | if (strcmp(a->hostname, b->hostname) != 0) |
249 | 0 | return FALSE; |
250 | 0 | if (a->port != b->port) |
251 | 0 | return FALSE; |
252 | | |
253 | 0 | const char* pem1 = freerdp_certificate_data_get_fingerprint(a); |
254 | 0 | const char* pem2 = freerdp_certificate_data_get_fingerprint(b); |
255 | 0 | if (pem1 && pem2) |
256 | 0 | rc = strcmp(pem1, pem2) == 0; |
257 | 0 | else |
258 | 0 | rc = pem1 == pem2; |
259 | |
|
260 | 0 | return rc; |
261 | 0 | } |
262 | | |
263 | | const char* freerdp_certificate_data_get_hash(const rdpCertificateData* cert) |
264 | 0 | { |
265 | 0 | if (!cert) |
266 | 0 | return NULL; |
267 | | |
268 | 0 | return cert->cached_hash; |
269 | 0 | } |
270 | | |
271 | | char* freerdp_certificate_data_hash(const char* hostname, UINT16 port) |
272 | 0 | { |
273 | 0 | char name[MAX_PATH + 10] = { 0 }; |
274 | 0 | freerdp_certificate_data_hash_(hostname, port, name, sizeof(name)); |
275 | 0 | return _strdup(name); |
276 | 0 | } |