/src/FreeRDP/libfreerdp/crypto/certificate_data.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * Certificate Handling |
4 | | * |
5 | | * Copyright 2011 Jiten Pathy |
6 | | * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
7 | | * Copyright 2023 Armin Novak <anovak@thincast.com> |
8 | | * Copyright 2023 Thincast Technologies GmbH |
9 | | * |
10 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
11 | | * you may not use this file except in compliance with the License. |
12 | | * You may obtain a copy of the License at |
13 | | * |
14 | | * http://www.apache.org/licenses/LICENSE-2.0 |
15 | | * |
16 | | * Unless required by applicable law or agreed to in writing, software |
17 | | * distributed under the License is distributed on an "AS IS" BASIS, |
18 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
19 | | * See the License for the specific language governing permissions and |
20 | | * limitations under the License. |
21 | | */ |
22 | | |
23 | | #include <ctype.h> |
24 | | |
25 | | #include <freerdp/config.h> |
26 | | |
27 | | #include <winpr/assert.h> |
28 | | #include <winpr/path.h> |
29 | | |
30 | | #include <freerdp/settings.h> |
31 | | |
32 | | #include <freerdp/crypto/crypto.h> |
33 | | #include <freerdp/crypto/certificate_data.h> |
34 | | |
35 | | #include "certificate.h" |
36 | | |
37 | | #include <freerdp/log.h> |
38 | | #define TAG FREERDP_TAG("crypto") |
39 | | |
40 | | struct rdp_certificate_data |
41 | | { |
42 | | char* hostname; |
43 | | UINT16 port; |
44 | | rdpCertificate* cert; |
45 | | |
46 | | char cached_hash[MAX_PATH + 10]; |
47 | | char* cached_subject; |
48 | | char* cached_issuer; |
49 | | char* cached_fingerprint; |
50 | | char* cached_pem; |
51 | | }; |
52 | | |
53 | | /* ensure our hostnames (and therefore filenames) always use the same capitalization. |
54 | | * the user might have input random case, but we always need to have a sane |
55 | | * baseline to compare against. */ |
56 | | static char* ensure_lowercase(char* str, size_t length) |
57 | 48 | { |
58 | 48 | const size_t len = strnlen(str, length); |
59 | 648 | for (size_t x = 0; x < len; x++) |
60 | 600 | str[x] = tolower(str[x]); |
61 | 48 | return str; |
62 | 48 | } |
63 | | static const char* freerdp_certificate_data_hash_(const char* hostname, UINT16 port, char* name, |
64 | | size_t length) |
65 | 24 | { |
66 | 24 | _snprintf(name, length, "%s_%" PRIu16 ".pem", hostname, port); |
67 | 24 | return ensure_lowercase(name, length); |
68 | 24 | } |
69 | | |
70 | | static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data) |
71 | 24 | { |
72 | 24 | BOOL rc = FALSE; |
73 | | |
74 | 24 | WINPR_ASSERT(data); |
75 | | |
76 | 24 | freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash, |
77 | 24 | sizeof(data->cached_hash)); |
78 | 24 | if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0) |
79 | 0 | goto fail; |
80 | | |
81 | 24 | data->cached_subject = freerdp_certificate_get_subject(data->cert); |
82 | 24 | if (!data->cached_subject) |
83 | 0 | data->cached_subject = calloc(1, 1); |
84 | | |
85 | 24 | size_t pemlen = 0; |
86 | 24 | data->cached_pem = freerdp_certificate_get_pem(data->cert, &pemlen); |
87 | 24 | if (!data->cached_pem) |
88 | 0 | goto fail; |
89 | | |
90 | 24 | data->cached_fingerprint = freerdp_certificate_get_fingerprint(data->cert); |
91 | 24 | if (!data->cached_fingerprint) |
92 | 0 | goto fail; |
93 | | |
94 | 24 | data->cached_issuer = freerdp_certificate_get_issuer(data->cert); |
95 | 24 | if (!data->cached_issuer) |
96 | 0 | data->cached_issuer = calloc(1, 1); |
97 | | |
98 | 24 | rc = TRUE; |
99 | 24 | fail: |
100 | 24 | return rc; |
101 | 24 | } |
102 | | |
103 | | static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostname, UINT16 port, |
104 | | rdpCertificate* xcert) |
105 | 776 | { |
106 | 776 | rdpCertificateData* certdata = NULL; |
107 | | |
108 | 776 | if (!hostname || !xcert) |
109 | 752 | goto fail; |
110 | | |
111 | 24 | certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData)); |
112 | | |
113 | 24 | if (!certdata) |
114 | 0 | goto fail; |
115 | | |
116 | 24 | certdata->port = port; |
117 | 24 | certdata->hostname = _strdup(hostname); |
118 | 24 | if (!certdata->hostname) |
119 | 0 | goto fail; |
120 | 24 | ensure_lowercase(certdata->hostname, strlen(certdata->hostname)); |
121 | | |
122 | 24 | certdata->cert = xcert; |
123 | 24 | if (!freerdp_certificate_data_load_cache(certdata)) |
124 | 0 | { |
125 | 0 | certdata->cert = NULL; |
126 | 0 | goto fail; |
127 | 0 | } |
128 | | |
129 | 24 | return certdata; |
130 | 752 | fail: |
131 | 752 | freerdp_certificate_data_free(certdata); |
132 | 752 | return NULL; |
133 | 24 | } |
134 | | |
135 | | rdpCertificateData* freerdp_certificate_data_new(const char* hostname, UINT16 port, |
136 | | const rdpCertificate* xcert) |
137 | 0 | { |
138 | 0 | rdpCertificate* copy = freerdp_certificate_clone(xcert); |
139 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, copy); |
140 | 0 | if (!data) |
141 | 0 | freerdp_certificate_free(copy); |
142 | 0 | return data; |
143 | 0 | } |
144 | | |
145 | | rdpCertificateData* freerdp_certificate_data_new_from_pem(const char* hostname, UINT16 port, |
146 | | const char* pem, size_t length) |
147 | 776 | { |
148 | 776 | if (!pem || (length == 0)) |
149 | 0 | return NULL; |
150 | | |
151 | 776 | rdpCertificate* cert = freerdp_certificate_new_from_pem(pem); |
152 | 776 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert); |
153 | 776 | if (!data) |
154 | 752 | freerdp_certificate_free(cert); |
155 | 776 | return data; |
156 | 776 | } |
157 | | |
158 | | rdpCertificateData* freerdp_certificate_data_new_from_file(const char* hostname, UINT16 port, |
159 | | const char* file) |
160 | 0 | { |
161 | 0 | if (!file) |
162 | 0 | return NULL; |
163 | | |
164 | 0 | rdpCertificate* cert = freerdp_certificate_new_from_file(file); |
165 | 0 | rdpCertificateData* data = freerdp_certificate_data_new_nocopy(hostname, port, cert); |
166 | 0 | if (!data) |
167 | 0 | freerdp_certificate_free(cert); |
168 | 0 | return data; |
169 | 0 | } |
170 | | |
171 | | void freerdp_certificate_data_free(rdpCertificateData* data) |
172 | 1.52k | { |
173 | 1.52k | if (data == NULL) |
174 | 1.50k | return; |
175 | | |
176 | 24 | free(data->hostname); |
177 | 24 | freerdp_certificate_free(data->cert); |
178 | 24 | free(data->cached_subject); |
179 | 24 | free(data->cached_issuer); |
180 | 24 | free(data->cached_fingerprint); |
181 | 24 | free(data->cached_pem); |
182 | | |
183 | 24 | free(data); |
184 | 24 | } |
185 | | |
186 | | const char* freerdp_certificate_data_get_host(const rdpCertificateData* cert) |
187 | 0 | { |
188 | 0 | if (!cert) |
189 | 0 | return NULL; |
190 | 0 | return cert->hostname; |
191 | 0 | } |
192 | | |
193 | | UINT16 freerdp_certificate_data_get_port(const rdpCertificateData* cert) |
194 | 0 | { |
195 | 0 | if (!cert) |
196 | 0 | return 0; |
197 | 0 | return cert->port; |
198 | 0 | } |
199 | | |
200 | | const char* freerdp_certificate_data_get_pem(const rdpCertificateData* cert) |
201 | 0 | { |
202 | 0 | if (!cert) |
203 | 0 | return NULL; |
204 | 0 | return cert->cached_pem; |
205 | 0 | } |
206 | | |
207 | | const char* freerdp_certificate_data_get_subject(const rdpCertificateData* cert) |
208 | 0 | { |
209 | 0 | if (!cert) |
210 | 0 | return NULL; |
211 | | |
212 | 0 | return cert->cached_subject; |
213 | 0 | } |
214 | | |
215 | | const char* freerdp_certificate_data_get_issuer(const rdpCertificateData* cert) |
216 | 0 | { |
217 | 0 | if (!cert) |
218 | 0 | return NULL; |
219 | | |
220 | 0 | return cert->cached_issuer; |
221 | 0 | } |
222 | | const char* freerdp_certificate_data_get_fingerprint(const rdpCertificateData* cert) |
223 | 0 | { |
224 | 0 | if (!cert) |
225 | 0 | return NULL; |
226 | | |
227 | 0 | return cert->cached_fingerprint; |
228 | 0 | } |
229 | | |
230 | | BOOL freerdp_certificate_data_equal(const rdpCertificateData* a, const rdpCertificateData* b) |
231 | 0 | { |
232 | 0 | BOOL rc = FALSE; |
233 | |
|
234 | 0 | WINPR_ASSERT(a); |
235 | 0 | WINPR_ASSERT(b); |
236 | | |
237 | 0 | if (strcmp(a->hostname, b->hostname) != 0) |
238 | 0 | return FALSE; |
239 | 0 | if (a->port != b->port) |
240 | 0 | return FALSE; |
241 | | |
242 | 0 | const char* pem1 = freerdp_certificate_data_get_fingerprint(a); |
243 | 0 | const char* pem2 = freerdp_certificate_data_get_fingerprint(b); |
244 | 0 | if (pem1 && pem2) |
245 | 0 | rc = strcmp(pem1, pem2) == 0; |
246 | 0 | else |
247 | 0 | rc = pem1 == pem2; |
248 | |
|
249 | 0 | return rc; |
250 | 0 | } |
251 | | |
252 | | const char* freerdp_certificate_data_get_hash(const rdpCertificateData* cert) |
253 | 0 | { |
254 | 0 | if (!cert) |
255 | 0 | return NULL; |
256 | | |
257 | 0 | return cert->cached_hash; |
258 | 0 | } |
259 | | |
260 | | char* freerdp_certificate_data_hash(const char* hostname, UINT16 port) |
261 | 0 | { |
262 | 0 | char name[MAX_PATH + 10] = { 0 }; |
263 | 0 | freerdp_certificate_data_hash_(hostname, port, name, sizeof(name)); |
264 | 0 | return _strdup(name); |
265 | 0 | } |