static gchar *
generate_temp_cert (GError **error)
{
const gchar *dir = PACKAGE_SYSCONF_DIR "/cockpit/ws-certs.d";
gchar *cert_path = NULL;
gchar *tmp_key = NULL;
gchar *tmp_pem = NULL;
gchar *cert_data = NULL;
gchar *pem_data = NULL;
gchar *key_data = NULL;
gchar *ret = NULL;
cert_path = g_strdup_printf ("%s/0-self-signed.cert", dir);
/* Generate self-signed cert, if it does not exist */
if (g_file_test (cert_path, G_FILE_TEST_EXISTS))
{
ret = cert_path;
cert_path = NULL;
goto out;
}
if (g_mkdir_with_parents (dir, 0700) != 0)
{
g_set_error (error,
G_IO_ERROR,
G_IO_ERROR_FAILED,
"Error creating directory `%s': %m",
dir);
goto out;
}
tmp_key = create_temp_file (dir, "0-self-signed.XXXXXX.tmp", error);
if (!tmp_key)
goto out;
tmp_pem = create_temp_file (dir, "0-self-signed.XXXXXX.tmp", error);
if (!tmp_pem)
goto out;
if (!openssl_make_dummy_cert (tmp_key, tmp_pem, error))
goto out;
if (!g_file_get_contents (tmp_key, &key_data, NULL, error))
goto out;
if (!g_file_get_contents (tmp_pem, &pem_data, NULL, error))
goto out;
cert_data = g_strdup_printf ("%s\n%s\n", pem_data, key_data);
if (!g_file_set_contents (cert_path, cert_data, -1, error))
goto out;
ret = cert_path;
cert_path = NULL;
out:
g_free (cert_path);
cockpit_secclear (key_data, -1);
g_free (key_data);
g_free (pem_data);
cockpit_secclear (cert_data, -1);
g_free (cert_data);
if (tmp_key)
g_unlink (tmp_key);
if (tmp_pem)
g_unlink (tmp_pem);
g_free (tmp_key);
g_free (tmp_pem);
return ret;
}
static gchar *
generate_temp_cert (const gchar *dir,
GError **error)
{
gchar *cert_path = NULL;
gchar *ca_path = NULL;
gchar *tmp_key = NULL;
gchar *tmp_pem = NULL;
gchar *cert_data = NULL;
gchar *pem_data = NULL;
gchar *key_data = NULL;
gchar *ret = NULL;
cert_path = g_build_filename (dir, "0-self-signed.cert", NULL);
/* Create the CA cert with a .pem suffix so it's not automatically loaded */
ca_path = g_build_filename (dir, "0-self-signed-ca.pem", NULL);
/* Generate self-signed cert, if it does not exist */
if (g_file_test (cert_path, G_FILE_TEST_EXISTS))
{
ret = cert_path;
cert_path = NULL;
goto out;
}
if (g_mkdir_with_parents (dir, 0700) != 0)
{
g_set_error (error,
G_IO_ERROR,
G_IO_ERROR_FAILED,
"Error creating directory `%s': %m",
dir);
goto out;
}
/* First, try to create a private CA and certificate using SSCG */
if (sscg_make_dummy_cert (cert_path, cert_path, ca_path, error))
{
/* Creation with SSCG succeeded, so we are done now */
ret = cert_path;
cert_path = NULL;
goto out;
}
g_clear_error (error);
/* Fall back to using the openssl CLI */
tmp_key = create_temp_file (dir, "0-self-signed.XXXXXX.tmp", error);
if (!tmp_key)
goto out;
tmp_pem = create_temp_file (dir, "0-self-signed.XXXXXX.tmp", error);
if (!tmp_pem)
goto out;
if (!openssl_make_dummy_cert (tmp_key, tmp_pem, error))
goto out;
if (!g_file_get_contents (tmp_key, &key_data, NULL, error))
goto out;
if (!g_file_get_contents (tmp_pem, &pem_data, NULL, error))
goto out;
cert_data = g_strdup_printf ("%s\n%s\n", pem_data, key_data);
if (!g_file_set_contents (cert_path, cert_data, -1, error))
goto out;
ret = cert_path;
cert_path = NULL;
out:
g_free (cert_path);
g_free (ca_path);
cockpit_memory_clear (key_data, -1);
g_free (key_data);
g_free (pem_data);
cockpit_memory_clear (cert_data, -1);
g_free (cert_data);
if (tmp_key)
g_unlink (tmp_key);
if (tmp_pem)
g_unlink (tmp_pem);
g_free (tmp_key);
g_free (tmp_pem);
return ret;
}
