void MoonlightInstance::NvHTTPInit(int32_t callbackId, pp::VarArray args)
{
std::string _cert = args.Get(0).AsString();
std::string _key = args.Get(1).AsString();
std::string _uniqueId = args.Get(2).AsString();
LoadCert(_cert.c_str(), _key.c_str());
g_UniqueId = strdup(_uniqueId.c_str());
pp::VarDictionary ret;
ret.Set("callbackId", pp::Var(callbackId));
ret.Set("type", pp::Var("resolve"));
ret.Set("ret", pp::Var(""));
PostMessage(ret);
}
void check(unsigned char *cert_buffer, size_t cert_len, CertFormat format, CertType type)
{
X509_NAME *issuer;
X509_NAME *subject;
int ret;
X509 *x509;
int ca;
struct tm tm_before;
struct tm tm_after;
Clear();
x509 = LoadCert(cert_buffer, cert_len, format);
if (x509 == NULL)
{
SetError(ERR_INVALID);
return;
}
ca = X509_check_ca(x509);
if (ca > 0 && type == SubscriberCertificate)
{
SetWarning(WARN_CHECKED_AS_SUBSCRIBER);
}
else if (ca == 0 && type != SubscriberCertificate)
{
SetWarning(WARN_CHECKED_AS_CA);
}
ret = X509_get_version(x509);
if (ret != 2)
{
SetError(ERR_NOT_VERSION3);
}
//CheckASN1_integer(x509->cert_info->version);
issuer = X509_get_issuer_name(x509);
if (issuer == NULL)
{
SetError(ERR_INVALID);
return;
}
CheckDN(issuer);
CheckSerial(x509);
CheckTime(x509, &tm_before, &tm_after, type);
/* Required by CAB base 9.1.3 */
if (!IsNameObjPresent(issuer, obj_organizationName))
{
SetError(ERR_ISSUER_ORG_NAME);
}
/* Required by CAB base 9.1.4 */
if (!IsNameObjPresent(issuer, obj_countryName))
{
SetError(ERR_ISSUER_COUNTRY);
}
subject = X509_get_subject_name(x509);
if (subject == NULL)
{
SetError(ERR_INVALID);
return;
}
CheckDN(subject);
CheckDuplicateExtensions(x509);
/* Prohibited in CAB base 7.1.4.2.2d */
if (!IsNameObjPresent(subject, obj_organizationName)
&& !IsNameObjPresent(subject, obj_givenName)
&& !IsNameObjPresent(subject, obj_surname)
&& IsNameObjPresent(subject, obj_StreetAddress))
{
SetError(ERR_SUBJECT_ADDR);
}
/* Required in CAB base 7.1.4.2.2e and 7.1.4.2.2f */
if (((IsNameObjPresent(subject, obj_organizationName) && type == SubscriberCertificate) ||
IsNameObjPresent(subject, obj_givenName) ||
IsNameObjPresent(subject, obj_surname))
&& !IsNameObjPresent(subject, obj_stateOrProvinceName)
&& !IsNameObjPresent(subject, obj_localityName))
{
SetError(ERR_SUBJECT_ORG_NO_PLACE);
}
/* Prohibited in CAB base 7.1.4.2.2e or 7.1.4.2.2f */
if (!IsNameObjPresent(subject, obj_organizationName)
&& !IsNameObjPresent(subject, obj_givenName)
&& !IsNameObjPresent(subject, obj_surname)
&& (IsNameObjPresent(subject, obj_localityName)
|| IsNameObjPresent(subject, obj_stateOrProvinceName)))
{
SetError(ERR_SUBJECT_NO_ORG_PLACE);
}
/* Required by CAB base 7.1.4.2.2g */
if (!IsNameObjPresent(subject, obj_organizationName)
&& !IsNameObjPresent(subject, obj_givenName)
&& !IsNameObjPresent(subject, obj_surname)
&& IsNameObjPresent(subject, obj_postalCode))
{
SetError(ERR_SUBJECT_POSTAL);
}
/* Required by CAB base 7.1.4.2.2h */
if ((IsNameObjPresent(subject, obj_organizationName) ||
IsNameObjPresent(subject, obj_givenName) ||
IsNameObjPresent(subject, obj_surname))
&& !IsNameObjPresent(subject, obj_countryName))
{
SetError(ERR_SUBJECT_COUNTRY);
}
CheckPolicy(x509, type, subject);
CheckEKU(x509, type);
CheckSAN(x509, type);
/* Deprecated in CAB base 7.1.4.2.2a */
if (IsNameObjPresent(subject, obj_commonName))
{
if (type == SubscriberCertificate)
{
SetInfo(INF_SUBJECT_CN);
}
}
else if (type != SubscriberCertificate)
{
SetWarning(WARN_NO_CN);
}
CheckCRL(x509);
CheckAIA(x509, type);
CheckPublicKey(x509, tm_after);
X509_free(x509);
}
struct MHD_Daemon* CWebServer::StartMHD(unsigned int flags, int port)
{
unsigned int timeout = 60 * 60 * 24;
const char* ciphers = "NORMAL:-VERS-TLS1.0";
MHD_set_panic_func(&panicHandlerForMHD, nullptr);
if (CServiceBroker::GetSettings().GetBool(CSettings::SETTING_SERVICES_WEBSERVERSSL) &&
MHD_is_feature_supported(MHD_FEATURE_SSL) == MHD_YES &&
LoadCert(m_key, m_cert))
// SSL enabled
return MHD_start_daemon(flags |
// one thread per connection
// WARNING: set MHD_OPTION_CONNECTION_TIMEOUT to something higher than 1
// otherwise on libmicrohttpd 0.4.4-1 it spins a busy loop
MHD_USE_THREAD_PER_CONNECTION
#if (MHD_VERSION >= 0x00095207)
| MHD_USE_INTERNAL_POLLING_THREAD /* MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD since 0.9.54 */
#endif
| MHD_USE_DEBUG /* Print MHD error messages to log */
| MHD_USE_SSL
,
port,
0,
0,
&CWebServer::AnswerToConnection,
this,
MHD_OPTION_CONNECTION_LIMIT, 512,
MHD_OPTION_CONNECTION_TIMEOUT, timeout,
MHD_OPTION_URI_LOG_CALLBACK, &CWebServer::UriRequestLogger, this,
MHD_OPTION_EXTERNAL_LOGGER, &logFromMHD, 0,
MHD_OPTION_THREAD_STACK_SIZE, m_thread_stacksize,
MHD_OPTION_HTTPS_MEM_KEY, m_key.c_str(),
MHD_OPTION_HTTPS_MEM_CERT, m_cert.c_str(),
MHD_OPTION_HTTPS_PRIORITIES, ciphers,
MHD_OPTION_END);
// No SSL
return MHD_start_daemon(flags |
// one thread per connection
// WARNING: set MHD_OPTION_CONNECTION_TIMEOUT to something higher than 1
// otherwise on libmicrohttpd 0.4.4-1 it spins a busy loop
MHD_USE_THREAD_PER_CONNECTION
#if (MHD_VERSION >= 0x00095207)
| MHD_USE_INTERNAL_POLLING_THREAD /* MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD since 0.9.54 */
#endif
| MHD_USE_DEBUG /* Print MHD error messages to log */
,
port,
0,
0,
&CWebServer::AnswerToConnection,
this,
MHD_OPTION_CONNECTION_LIMIT, 512,
MHD_OPTION_CONNECTION_TIMEOUT, timeout,
MHD_OPTION_URI_LOG_CALLBACK, &CWebServer::UriRequestLogger, this,
MHD_OPTION_EXTERNAL_LOGGER, &logFromMHD, 0,
MHD_OPTION_THREAD_STACK_SIZE, m_thread_stacksize,
MHD_OPTION_END);
}