// Generate the packet
BUF *WpcGeneratePacket(PACK *pack, X *cert, K *key)
{
UCHAR hash[SHA1_SIZE];
BUF *pack_data;
BUF *cert_data = NULL;
BUF *sign_data = NULL;
BUF *b;
// Validate arguments
if (pack == NULL)
{
return NULL;
}
pack_data = PackToBuf(pack);
HashSha1(hash, pack_data->Buf, pack_data->Size);
if (cert != NULL && key != NULL)
{
UCHAR sign[128];
cert_data = XToBuf(cert, false);
RsaSign(sign, hash, sizeof(hash), key);
sign_data = NewBuf();
WriteBuf(sign_data, sign, sizeof(sign));
SeekBuf(sign_data, 0, 0);
}
b = NewBuf();
WpcAddDataEntryBin(b, "PACK", pack_data->Buf, pack_data->Size);
WpcAddDataEntryBin(b, "HASH", hash, sizeof(hash));
if (cert_data != NULL)
{
WpcAddDataEntryBin(b, "CERT", cert_data->Buf, cert_data->Size);
WpcAddDataEntryBin(b, "SIGN", sign_data->Buf, sign_data->Size);
}
FreeBuf(pack_data);
FreeBuf(cert_data);
FreeBuf(sign_data);
SeekBuf(b, 0, 0);
return b;
}
// Write the configuration to a file
void NiWriteConfig(NAT *n)
{
// Validate arguments
if (n == NULL)
{
return;
}
Lock(n->lock);
{
FOLDER *root = CfgCreateFolder(NULL, TAG_ROOT);
BUF *b;
// Certificate
b = XToBuf(n->AdminX, false);
CfgAddBuf(root, "AdminCert", b);
FreeBuf(b);
// Secret key
b = KToBuf(n->AdminK, false, NULL);
CfgAddBuf(root, "AdminKey", b);
FreeBuf(b);
// Password
CfgAddByte(root, "HashedPassword", n->HashedPassword, sizeof(n->HashedPassword));
CfgAddInt(root, "AdminPort", n->AdminPort);
CfgAddBool(root, "Online", n->Online);
// Virtual host option
NiWriteVhOption(n, root);
// Connection options
if (n->ClientOption != NULL && n->ClientAuth != NULL)
{
NiWriteClientData(n, root);
}
SaveCfgRw(n->CfgRw, root);
CfgDeleteFolder(root);
}
Unlock(n->lock);
}
// 設定をファイルに書き込む
void NiWriteConfig(NAT *n)
{
// 引数チェック
if (n == NULL)
{
return;
}
Lock(n->lock);
{
FOLDER *root = CfgCreateFolder(NULL, TAG_ROOT);
BUF *b;
// 証明書
b = XToBuf(n->AdminX, false);
CfgAddBuf(root, "AdminCert", b);
FreeBuf(b);
// 秘密鍵
b = KToBuf(n->AdminK, false, NULL);
CfgAddBuf(root, "AdminKey", b);
FreeBuf(b);
// パスワード
CfgAddByte(root, "HashedPassword", n->HashedPassword, sizeof(n->HashedPassword));
CfgAddInt(root, "AdminPort", n->AdminPort);
CfgAddBool(root, "Online", n->Online);
// 仮想ホストオプション
NiWriteVhOption(n, root);
// 接続オプション
if (n->ClientOption != NULL && n->ClientAuth != NULL)
{
NiWriteClientData(n, root);
}
SaveCfgRw(n->CfgRw, root);
CfgDeleteFolder(root);
}
Unlock(n->lock);
}
// Write the certificate object
bool WriteSecCert(SECURE *sec, bool private_obj, char *name, X *x)
{
UINT obj_class = CKO_CERTIFICATE;
CK_BBOOL b_true = true, b_false = false, b_private_obj = private_obj;
UINT cert_type = CKC_X_509;
CK_DATE start_date, end_date;
UCHAR subject[MAX_SIZE];
UCHAR issuer[MAX_SIZE];
wchar_t w_subject[MAX_SIZE];
wchar_t w_issuer[MAX_SIZE];
UCHAR serial_number[MAX_SIZE];
UCHAR value[4096];
UINT ret;
BUF *b;
UINT object;
CK_ATTRIBUTE a[] =
{
{CKA_SUBJECT, subject, 0}, // 0
{CKA_ISSUER, issuer, 0}, // 1
{CKA_SERIAL_NUMBER, serial_number, 0}, // 2
{CKA_VALUE, value, 0}, // 3
{CKA_CLASS, &obj_class, sizeof(obj_class)},
{CKA_TOKEN, &b_true, sizeof(b_true)},
{CKA_PRIVATE, &b_private_obj, sizeof(b_private_obj)},
{CKA_LABEL, name, StrLen(name)},
{CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)},
#if 0 // Don't use these because some tokens fail
{CKA_START_DATE, &start_date, sizeof(start_date)},
{CKA_END_DATE, &end_date, sizeof(end_date)},
#endif
};
// Validate arguments
if (sec == NULL)
{
return false;
}
if (name == NULL)
{
sec->Error = SEC_ERROR_BAD_PARAMETER;
return false;
}
if (sec->SessionCreated == false)
{
sec->Error = SEC_ERROR_NO_SESSION;
return false;
}
if (sec->LoginFlag == false && private_obj)
{
sec->Error = SEC_ERROR_NOT_LOGIN;
return false;
}
// Copy the certificate to the buffer
b = XToBuf(x, false);
if (b == NULL)
{
sec->Error = SEC_ERROR_INVALID_CERT;
return false;
}
if (b->Size > sizeof(value))
{
// Size is too large
FreeBuf(b);
sec->Error = SEC_ERROR_DATA_TOO_BIG;
return false;
}
Copy(value, b->Buf, b->Size);
A_SIZE(a, 3) = b->Size;
FreeBuf(b);
// Store the Subject and the Issuer by encoding into UTF-8
GetPrintNameFromName(w_subject, sizeof(w_subject), x->subject_name);
UniToUtf8(subject, sizeof(subject), w_subject);
A_SIZE(a, 0) = StrLen(subject);
if (x->root_cert == false)
{
GetPrintNameFromName(w_issuer, sizeof(w_issuer), x->issuer_name);
UniToUtf8(issuer, sizeof(issuer), w_issuer);
A_SIZE(a, 1) = StrLen(issuer);
}
// Copy the serial number
Copy(serial_number, x->serial->data, MIN(x->serial->size, sizeof(serial_number)));
A_SIZE(a, 2) = MIN(x->serial->size, sizeof(serial_number));
// Expiration date information
UINT64ToCkDate(&start_date, SystemToLocal64(x->notBefore));
UINT64ToCkDate(&end_date, SystemToLocal64(x->notAfter));
// Workaround for Gemalto PKCS#11 API. It rejects a private certificate.
if(sec->Dev->Id == 18 || sec->Dev->Id == 19)
{
b_private_obj = false;
}
// Remove objects which have the same name
if (CheckSecObject(sec, name, SEC_X))
{
DeleteSecCert(sec, name);
}
// Creating
if ((ret = sec->Api->C_CreateObject(sec->SessionId, a, sizeof(a) / sizeof(a[0]), &object)) != CKR_OK)
{
// Failure
sec->Error = SEC_ERROR_HARDWARE_ERROR;
Debug("Error: 0x%02x\n", ret);
return false;
}
// Clear Cache
EraseEnumSecObjectCache(sec);
return true;
}
