static int
verify_command(char *data, char *digest, char *queryfile, char *in,
int token_in, char *ca_path, char *ca_file, char *untrusted)
{
BIO *in_bio = NULL;
PKCS7 *token = NULL;
TS_RESP *response = NULL;
TS_VERIFY_CTX *verify_ctx = NULL;
int ret = 0;
/* Decode the token (PKCS7) or response (TS_RESP) files. */
if (!(in_bio = BIO_new_file(in, "rb")))
goto end;
if (token_in) {
if (!(token = d2i_PKCS7_bio(in_bio, NULL)))
goto end;
} else {
if (!(response = d2i_TS_RESP_bio(in_bio, NULL)))
goto end;
}
if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
ca_path, ca_file, untrusted)))
goto end;
/* Checking the token or response against the request. */
ret = token_in ?
TS_RESP_verify_token(verify_ctx, token) :
TS_RESP_verify_response(verify_ctx, response);
end:
printf("Verification: ");
if (ret)
printf("OK\n");
else {
printf("FAILED\n");
/* Print errors, if there are any. */
ERR_print_errors(bio_err);
}
/* Clean up. */
BIO_free_all(in_bio);
PKCS7_free(token);
TS_RESP_free(response);
TS_VERIFY_CTX_free(verify_ctx);
return ret;
}
static int verify_command(char *data, char *digest, char *queryfile,
char *in, int token_in,
char *CApath, char *CAfile, char *untrusted,
X509_VERIFY_PARAM *vpm)
{
BIO *in_bio = NULL;
PKCS7 *token = NULL;
TS_RESP *response = NULL;
TS_VERIFY_CTX *verify_ctx = NULL;
int ret = 0;
if ((in_bio = BIO_new_file(in, "rb")) == NULL)
goto end;
if (token_in) {
if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
goto end;
} else {
if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL)
goto end;
}
if ((verify_ctx = create_verify_ctx(data, digest, queryfile,
CApath, CAfile, untrusted,
vpm)) == NULL)
goto end;
ret = token_in
? TS_RESP_verify_token(verify_ctx, token)
: TS_RESP_verify_response(verify_ctx, response);
end:
printf("Verification: ");
if (ret)
printf("OK\n");
else {
printf("FAILED\n");
ERR_print_errors(bio_err);
}
BIO_free_all(in_bio);
PKCS7_free(token);
TS_RESP_free(response);
TS_VERIFY_CTX_free(verify_ctx);
return ret;
}
static int reply_command(CONF *conf, char *section, char *engine,
char *queryfile, char *passin, char *inkey,
const EVP_MD *md, char *signer, char *chain,
const char *policy, char *in, int token_in,
char *out, int token_out, int text)
{
int ret = 0;
TS_RESP *response = NULL;
BIO *in_bio = NULL;
BIO *query_bio = NULL;
BIO *inkey_bio = NULL;
BIO *signer_bio = NULL;
BIO *out_bio = NULL;
if (in != NULL) {
if ((in_bio = BIO_new_file(in, "rb")) == NULL)
goto end;
if (token_in) {
response = read_PKCS7(in_bio);
} else {
response = d2i_TS_RESP_bio(in_bio, NULL);
}
} else {
response = create_response(conf, section, engine, queryfile,
passin, inkey, md, signer, chain, policy);
if (response)
BIO_printf(bio_err, "Response has been generated.\n");
else
BIO_printf(bio_err, "Response is not generated.\n");
}
if (response == NULL)
goto end;
/* Write response. */
if (text) {
if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
goto end;
if (token_out) {
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
if (!TS_TST_INFO_print_bio(out_bio, tst_info))
goto end;
} else {
if (!TS_RESP_print_bio(out_bio, response))
goto end;
}
} else {
if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
goto end;
if (token_out) {
PKCS7 *token = TS_RESP_get_token(response);
if (!i2d_PKCS7_bio(out_bio, token))
goto end;
} else {
if (!i2d_TS_RESP_bio(out_bio, response))
goto end;
}
}
ret = 1;
end:
ERR_print_errors(bio_err);
BIO_free_all(in_bio);
BIO_free_all(query_bio);
BIO_free_all(inkey_bio);
BIO_free_all(signer_bio);
BIO_free_all(out_bio);
TS_RESP_free(response);
return ret;
}
static int
reply_command(CONF * conf, char *section, char *engine, char *queryfile,
char *passin, char *inkey, char *signer, char *chain, const char *policy,
char *in, int token_in, char *out, int token_out, int text)
{
int ret = 0;
TS_RESP *response = NULL;
BIO *in_bio = NULL;
BIO *query_bio = NULL;
BIO *inkey_bio = NULL;
BIO *signer_bio = NULL;
BIO *out_bio = NULL;
/* Build response object either from response or query. */
if (in != NULL) {
if ((in_bio = BIO_new_file(in, "rb")) == NULL)
goto end;
if (token_in) {
/*
* We have a ContentInfo (PKCS7) object, add
* 'granted' status info around it.
*/
response = read_PKCS7(in_bio);
} else {
/* We have a ready-made TS_RESP object. */
response = d2i_TS_RESP_bio(in_bio, NULL);
}
} else {
response = create_response(conf, section, engine, queryfile,
passin, inkey, signer, chain,
policy);
if (response)
BIO_printf(bio_err, "Response has been generated.\n");
else
BIO_printf(bio_err, "Response is not generated.\n");
}
if (response == NULL)
goto end;
/* Write response either in ASN.1 or text format. */
if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
goto end;
if (text) {
/* Text output. */
if (token_out) {
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
if (!TS_TST_INFO_print_bio(out_bio, tst_info))
goto end;
} else {
if (!TS_RESP_print_bio(out_bio, response))
goto end;
}
} else {
/* ASN.1 DER output. */
if (token_out) {
PKCS7 *token = TS_RESP_get_token(response);
if (!i2d_PKCS7_bio(out_bio, token))
goto end;
} else {
if (!i2d_TS_RESP_bio(out_bio, response))
goto end;
}
}
ret = 1;
end:
ERR_print_errors(bio_err);
/* Clean up. */
BIO_free_all(in_bio);
BIO_free_all(query_bio);
BIO_free_all(inkey_bio);
BIO_free_all(signer_bio);
BIO_free_all(out_bio);
TS_RESP_free(response);
return ret;
}
UNSIGNED32 get_timestamp_response(const char* urlStr, char* hash, UNSIGNED32 hash_size, UNSIGNED32 httpTimeOut, TS_RESP** tsResponse)
{
UNSIGNED32 result = TINTERNALERROR;
BIO* responseBio = NULL;
Url* url = NULL;
TS_REQ* tsRequest = NULL;
BIO* requestBio = NULL;
int requestHeaderLength;
int requestLength;
int requestContentLength;
char requestHeader[2048 + 256];
char* request = NULL;
void* contentBuffer = NULL;
void* resultBuffer = NULL;
int resultLength;
TS_MSG_IMPRINT* msgImprint = NULL;
ASN1_OCTET_STRING* hashedMessage = NULL;
int hashedMessageLength;
int httpResult;
char *urlBuffer = NULL;
int redirection = 0;
/* Check if TS url is specified */
if (!urlStr)
{
goto end;
}
/* Get Request for timestamp */
tsRequest = get_timestamp_request(hash, hash_size, create_nonce(NONCE_LENGTH));
msgImprint = TS_REQ_get_msg_imprint(tsRequest);
hashedMessage = TS_MSG_IMPRINT_get_msg(msgImprint);
hashedMessageLength = ASN1_STRING_length((ASN1_STRING*)hashedMessage);
if ((int)hash_size != hashedMessageLength)
{
goto end;
}
requestBio = BIO_new(BIO_s_mem());
if (requestBio == NULL)
{
goto end;
}
if (!i2d_TS_REQ_bio(requestBio, tsRequest))
{
goto end;
}
contentBuffer = memory_alloc(BIO_number_written(requestBio));
if (contentBuffer == NULL)
{
goto end;
}
requestContentLength = BIO_read(requestBio, contentBuffer, BIO_number_written(requestBio));
/* Allocate memory buffer for timestamp server url */
urlBuffer = memory_alloc(strlen(urlStr) + 1);
if (!urlBuffer)
{
goto end;
}
/* Copy TS url to allocated buffer */
strcpy(urlBuffer, urlStr);
http_redirect:
/* Parse and check URL */
url = parse_url(urlBuffer);
if (url == NULL)
{
goto end;
}
if (strcmp(url->Scheme, "http") != 0)
{
goto end;
}
requestHeaderLength = sprintf(requestHeader, "POST %s HTTP/1.0\r\nHOST: %s\r\nPragma: no-cache\r\nContent-Type: application/timestamp-query\r\nAccept: application/timestamp-reply\r\nContent-Length: %d\r\n\r\n",
urlBuffer, url->Host, requestContentLength);
requestLength = requestHeaderLength + requestContentLength;
request = (char*)memory_alloc(requestLength);
if (request == NULL)
{
goto end;
}
memcpy(request, requestHeader, requestHeaderLength);
memcpy(request + requestHeaderLength, contentBuffer, requestContentLength);
httpResult = http_read(url->Host, request, requestLength, url->Port, httpTimeOut, 1, &resultBuffer, &resultLength);
if (httpResult == HTTP_REDIRECTION && (resultBuffer) && !redirection)
{
free_url(url);
url = NULL;
memory_free(request);
request = NULL;
/* Allocated buffer for redirected url */
urlBuffer = memory_realloc(urlBuffer, resultLength);
if (!urlBuffer)
{
goto end;
}
memcpy(urlBuffer, resultBuffer, resultLength);
memory_free(resultBuffer);
redirection++;
goto http_redirect;
} else
if ((httpResult == HTTP_NOERROR) && (resultBuffer))
{
responseBio = BIO_new(BIO_s_mem());
if (responseBio == NULL)
{
goto end;
}
BIO_write(responseBio, resultBuffer, resultLength);
*tsResponse = d2i_TS_RESP_bio(responseBio, NULL);
if (*tsResponse == NULL)
{
goto end;
}
result = TNOERR;
}
else
{
switch (httpResult)
{
case HTTP_NOLIVEINTERNET_ERROR:
result = TNONET;
break;
case HTTP_TIMEOUT_ERROR:
result = TTIMEOUT;
break;
case HTTP_RESPONSESTATUS_ERROR:
result = TSERVERERROR;
break;
default:
result = TINTERNALERROR;
break;
}
}
end:
free_url(url);
if (tsRequest != NULL)
{
TS_REQ_free(tsRequest);
}
if (requestBio != NULL)
{
BIO_free_all(requestBio);
}
if (responseBio != NULL)
{
BIO_free_all(responseBio);
}
if (request != NULL)
{
memory_free(request);
}
if (contentBuffer != NULL)
{
memory_free(contentBuffer);
}
if (resultBuffer != NULL)
{
memory_free(resultBuffer);
}
if (urlBuffer != NULL)
{
memory_free(urlBuffer);
}
return result;
}
