// Add trusted CA to Cedar
void AddCa(CEDAR *cedar, X *x)
{
// Validate arguments
if (cedar == NULL || x == NULL)
{
return;
}
LockList(cedar->CaList);
{
UINT i;
bool ok = true;
for (i = 0;i < LIST_NUM(cedar->CaList);i++)
{
X *exist_x = LIST_DATA(cedar->CaList, i);
if (CompareX(exist_x, x))
{
ok = false;
break;
}
}
if (ok)
{
Insert(cedar->CaList, CloneX(x));
}
}
UnlockList(cedar->CaList);
}
// Compares the cluster starting at "p" with the cluster with starting points "start"
int Compare(Pt p, Pt start[], int old) {
int rotSym ;
for( rotSym = 0 ; rotSym < 8 ; rotSym++ ) {
if( CompareX(p, start[rotSym], -1, rotSym) )
return true ;
else Fill(p, -1, old) ;
}
return false ;
}
// Compares two clusters according to the orientation "rotSym"
int CompareX(Pt p, Pt q, int arrow, int rotSym) {
int a ;
Pt np = Walk(p, arrow, 0), nq = Walk(q, arrow, rotSym) ;
if( get(np) == '0' ) return get(nq) == '0' ;
if( get(np) == '1' ) return true ;
set(np, '1') ;
if( get(nq) == '0' ) return false ;
for( a = 0 ; a < 8 ; a++ )
if( !CompareX(np, nq, a, rotSym) ) return false ;
return true ;
}
colorContainer::colorContainer(vector<colorObject> theColors, colorObject color, int counter) {
int size = theColors.size();
pointArray.resize(size);
for (int i = 0; i < size; i++) {
pointArray.push_back(Point(theColors.at(i).getXPos(), theColors.at(i).getYPos()));
}
setType(color.getType());
setCounter(counter);
std::sort(pointArray.begin(), pointArray.end(), CompareX());
divideArray();
}
// Get the CA which signed the certificate
X *FindCaSignedX(LIST *o, X *x)
{
X *ret;
// Validate arguments
if (o == NULL || x == NULL)
{
return NULL;
}
ret = NULL;
LockList(o);
{
UINT i;
for (i = 0;i < LIST_NUM(o);i++)
{
X *ca = LIST_DATA(o, i);
if (CheckXDateNow(ca))
{
if (CompareName(ca->subject_name, x->issuer_name))
{
K *k = GetKFromX(ca);
if (k != NULL)
{
if (CheckSignature(x, k))
{
ret = CloneX(ca);
}
FreeK(k);
}
}
else if (CompareX(ca, x))
{
ret = CloneX(ca);
}
}
if (ret != NULL)
{
break;
}
}
}
UnlockList(o);
return ret;
}
// Get the root certificate that signed the specified certificate from the list
X *GetIssuerFromList(LIST *cert_list, X *cert)
{
UINT i;
X *ret = NULL;
// Validate arguments
if (cert_list == NULL || cert == NULL)
{
return NULL;
}
for (i = 0;i < LIST_NUM(cert_list);i++)
{
X *x = LIST_DATA(cert_list, i);
// Name comparison
if (CheckXDateNow(x))
{
if (CompareName(x->subject_name, cert->issuer_name))
{
// Get the public key of the root certificate
K *k = GetKFromX(x);
if (k != NULL)
{
// Check the signature
if (CheckSignature(cert, k))
{
ret = x;
}
FreeK(k);
}
}
}
if (CompareX(x, cert))
{
// Complete identical
ret = x;
}
}
return ret;
}
// Certificate authentication of user
bool SamAuthUserByCert(HUB *h, char *username, X *x)
{
bool b = false;
// Validate arguments
if (h == NULL || username == NULL || x == NULL)
{
return false;
}
if (GetGlobalServerFlag(GSF_DISABLE_CERT_AUTH) != 0)
{
return false;
}
// Check expiration date
if (CheckXDateNow(x) == false)
{
return false;
}
// Check the Certification Revocation List
if (IsValidCertInHub(h, x) == false)
{
// Bad
wchar_t tmp[MAX_SIZE * 2];
// Log the contents of the certificate
GetAllNameFromX(tmp, sizeof(tmp), x);
HLog(h, "LH_AUTH_NG_CERT", username, tmp);
return false;
}
AcLock(h);
{
USER *u;
u = AcGetUser(h, username);
if (u)
{
Lock(u->lock);
{
if (u->AuthType == AUTHTYPE_USERCERT)
{
// Check whether to matche with the registered certificate
AUTHUSERCERT *auth = (AUTHUSERCERT *)u->AuthData;
if (CompareX(auth->UserX, x))
{
b = true;
}
}
else if (u->AuthType == AUTHTYPE_ROOTCERT)
{
// Check whether the certificate has been signed by the root certificate
AUTHROOTCERT *auth = (AUTHROOTCERT *)u->AuthData;
if (h->HubDb != NULL)
{
LockList(h->HubDb->RootCertList);
{
X *root_cert;
root_cert = GetIssuerFromList(h->HubDb->RootCertList, x);
if (root_cert != NULL)
{
b = true;
if (auth->CommonName != NULL && UniIsEmptyStr(auth->CommonName) == false)
{
// Compare the CN
if (UniStrCmpi(x->subject_name->CommonName, auth->CommonName) != 0)
{
b = false;
}
}
if (auth->Serial != NULL && auth->Serial->size >= 1)
{
// Compare the serial number
if (CompareXSerial(x->serial, auth->Serial) == false)
{
b = false;
}
}
}
}
UnlockList(h->HubDb->RootCertList);
}
}
}
Unlock(u->lock);
ReleaseUser(u);
}
}
AcUnlock(h);
if (b)
{
wchar_t tmp[MAX_SIZE * 2];
// Log the contents of the certificate
GetAllNameFromX(tmp, sizeof(tmp), x);
HLog(h, "LH_AUTH_OK_CERT", username, tmp);
}
return b;
}
// Test main procedure
void TestSecMain(SECURE *sec)
{
char *test_str = CEDAR_PRODUCT_STR " VPN";
K *public_key, *private_key;
// Validate arguments
if (sec == NULL)
{
return;
}
Print("test_str: \"%s\"\n", test_str);
Print("Writing Data...\n");
if (WriteSecData(sec, true, "test_str", test_str, StrLen(test_str)) == false)
{
Print("WriteSecData() Failed.\n");
}
else
{
char data[MAX_SIZE];
Zero(data, sizeof(data));
Print("Reading Data...\n");
if (ReadSecData(sec, "test_str", data, sizeof(data)) == false)
{
Print("ReadSecData() Failed.\n");
}
else
{
Print("test_str: \"%s\"\n", data);
}
Print("Deleting Data...\n");
DeleteSecData(sec, "test_str");
}
Print("Generating Key...\n");
if (RsaGen(&private_key, &public_key, 1024) == false)
{
Print("RsaGen() Failed.\n");
}
else
{
X *cert;
NAME *name;
X_SERIAL *serial;
UINT num = 0x11220000;
Print("Creating Cert...\n");
serial = NewXSerial(&num, sizeof(UINT));
name = NewName(L"Test", L"Test", L"Test", L"JP", L"Test", L"Test");
cert = NewRootX(public_key, private_key, name, 365, NULL);
FreeXSerial(serial);
if (cert == NULL)
{
Print("NewRootX() Failed.\n");
}
else
{
Print("Writing Cert...\n");
DeleteSecData(sec, "test_cer");
if (WriteSecCert(sec, true, "test_cer", cert) == false)
{
Print("WriteSecCert() Failed.\n");
}
else
{
X *x;
Print("Reading Cert...\n");
x = ReadSecCert(sec, "test_cer");
if (x == NULL)
{
Print("ReadSecCert() Failed.\n");
}
else
{
Print("Checking two Certs... ");
if (CompareX(x, cert) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
}
FreeX(x);
}
if (cert != NULL)
{
X *x;
XToFile(cert, "cert_tmp.cer", true);
x = FileToX("cert_tmp.cer");
if (CompareX(x, cert) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
Print("Writing Private Key...\n");
DeleteSecKey(sec, "test_key");
if (WriteSecKey(sec, false, "test_key", private_key) == false)
{
Print("WriteSecKey() Failed.\n");
}
else
{
UCHAR sign_cpu[128];
UCHAR sign_sec[128];
K *pub = GetKFromX(cert);
Print("Ok.\n");
Print("Signing Data by CPU...\n");
if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false)
{
Print("RsaSign() Failed.\n");
}
else
{
Print("Ok.\n");
Print("sign_cpu: ");
PrintBin(sign_cpu, sizeof(sign_cpu));
Print("Signing Data by %s..\n", sec->Dev->DeviceName);
if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false)
{
Print("SignSec() Failed.\n");
}
else
{
Print("Ok.\n");
Print("sign_sec: ");
PrintBin(sign_sec, sizeof(sign_sec));
Print("Compare...");
if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0)
{
Print("Ok.\n");
Print("Verify...");
if (RsaVerify(test_str, StrLen(test_str),
sign_sec, pub) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
}
}
else
{
Print("[DIFFIRENT]\n");
}
}
}
Print("Deleting test_key...\n");
// DeleteSecKey(sec, "test_key");
FreeK(pub);
}
}
FreeX(x);
}
}
Print("Deleting Cert..\n");
// DeleteSecCert(sec, "test_cer");
FreeX(cert);
}
FreeName(name);
FreeK(private_key);
FreeK(public_key);
}
}
