std::string CertificateManager::generateRSACertificate () { RSA *rsa; std::shared_ptr <EVP_PKEY> private_key; std::string pem; std::string rsaKey; std::string certificateRSA; rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr); if (rsa == nullptr) { GST_ERROR ("RSA not created"); return certificateRSA; } private_key = std::shared_ptr <EVP_PKEY> (EVP_PKEY_new (), [] (EVP_PKEY * obj) { EVP_PKEY_free (obj); }); if (private_key == nullptr) { GST_ERROR ("Private key not created"); RSA_free (rsa); return certificateRSA; } if (EVP_PKEY_assign_RSA (private_key.get(), rsa) == 0) { GST_ERROR ("Private key not assigned"); RSA_free (rsa); return certificateRSA; } rsa = nullptr; pem = generateCertificate (private_key.get() ); if (pem.empty () ) { GST_WARNING ("Certificate not generated"); return certificateRSA; } rsaKey = privateKeyToPEMString (private_key.get() ); certificateRSA = rsaKey + pem; return certificateRSA; }
void PluginWizardPage::copyPlugins() { QStringList pluginList = m_pFileSysClient->getPluginList(); m_PluginManager.initFromFileSys(pluginList); m_pThread = new QThread; connect(&m_PluginManager, SIGNAL(error(QString)), this, SLOT(showError(QString))); connect(&m_PluginManager, SIGNAL(info(QString)), this, SLOT(updateStatus(QString))); connect(&m_PluginManager, SIGNAL(copyFinished()), this, SLOT(generateCertificate())); connect(&m_PluginManager, SIGNAL(error(QString)), m_pThread, SLOT(quit())); connect(m_pThread, SIGNAL(finished()), m_pThread, SLOT(deleteLater())); updateStatus( tr("Copying plugins...")); m_PluginManager.moveToThread(m_pThread); m_pThread->start(); QMetaObject::invokeMethod( &m_PluginManager, "copyPlugins", Qt::QueuedConnection); }
std::string CertificateManager::generateECDSACertificate () { EC_KEY *ec_key; std::shared_ptr <EC_GROUP> group; std::shared_ptr <EVP_PKEY> private_key; std::string pem; std::string ecdsaParameters, ecdsaKey; std::string certificateECDSA; ec_key = EC_KEY_new (); if (ec_key == nullptr) { GST_ERROR ("EC key not created"); return certificateECDSA; } group = std::shared_ptr <EC_GROUP> (EC_GROUP_new_by_curve_name ( NID_X9_62_prime256v1), [] (EC_GROUP * obj) { EC_GROUP_free (obj); }); EC_GROUP_set_asn1_flag (group.get(), OPENSSL_EC_NAMED_CURVE); if (group == nullptr) { EC_KEY_free (ec_key); GST_ERROR ("EC group not created"); return certificateECDSA; } if (EC_KEY_set_group (ec_key, group.get() ) == 0) { EC_KEY_free (ec_key); GST_ERROR ("Group not set to key"); return certificateECDSA; } if (EC_KEY_generate_key (ec_key) == 0) { EC_KEY_free (ec_key); GST_ERROR ("EC key not generated"); return certificateECDSA; } private_key = std::shared_ptr<EVP_PKEY> (EVP_PKEY_new (), [] (EVP_PKEY * obj) { EVP_PKEY_free (obj); }); if (private_key == nullptr) { EC_KEY_free (ec_key); GST_ERROR ("Private key not created"); return certificateECDSA; } if (EVP_PKEY_assign_EC_KEY (private_key.get(), ec_key) == 0) { EC_KEY_free (ec_key); GST_ERROR ("Private key not assigned"); return certificateECDSA; } pem = generateCertificate (private_key.get() ); if (pem.empty () ) { GST_WARNING ("Certificate not generated"); return certificateECDSA; } ecdsaKey = ECDSAKeyToPEMString (ec_key); ec_key = nullptr; ecdsaParameters = parametersToPEMString (group.get() ); certificateECDSA = ecdsaParameters + ecdsaKey + pem; return certificateECDSA; }
void CryptoManager::loadCertificates() throw() { if(!BOOLSETTING(USE_TLS)) return; SSL_CTX_set_verify(serverContext, SSL_VERIFY_NONE, 0); SSL_CTX_set_verify(clientContext, SSL_VERIFY_NONE, 0); SSL_CTX_set_verify(clientVerContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); SSL_CTX_set_verify(serverVerContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); const string& cert = SETTING(TLS_CERTIFICATE_FILE); const string& key = SETTING(TLS_PRIVATE_KEY_FILE); if(cert.empty() || key.empty()) { LogManager::getInstance()->message(STRING(NO_CERTIFICATE_FILE_SET)); return; } if(File::getSize(cert) == -1 || File::getSize(key) == -1) { // Try to generate them... try { generateCertificate(); } catch(const CryptoException& e) { LogManager::getInstance()->message(STRING(CERTIFICATE_GENERATION_FAILED) + e.getError()); } } if(SSL_CTX_use_certificate_file(serverContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); return; } if(SSL_CTX_use_certificate_file(clientContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); return; } if(SSL_CTX_use_certificate_file(serverVerContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); return; } if(SSL_CTX_use_certificate_file(clientVerContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE)); return; } if(SSL_CTX_use_PrivateKey_file(serverContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); return; } if(SSL_CTX_use_PrivateKey_file(clientContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); return; } if(SSL_CTX_use_PrivateKey_file(serverVerContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); return; } if(SSL_CTX_use_PrivateKey_file(clientVerContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) { LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY)); return; } StringList certs = File::findFiles(SETTING(TLS_TRUSTED_CERTIFICATES_PATH), "*.pem"); StringList certs2 = File::findFiles(SETTING(TLS_TRUSTED_CERTIFICATES_PATH), "*.crt"); certs.insert(certs.end(), certs2.begin(), certs2.end()); for(StringIter i = certs.begin(); i != certs.end(); ++i) { if( SSL_CTX_load_verify_locations(clientContext, i->c_str(), NULL) != SSL_SUCCESS || SSL_CTX_load_verify_locations(clientVerContext, i->c_str(), NULL) != SSL_SUCCESS || SSL_CTX_load_verify_locations(serverContext, i->c_str(), NULL) != SSL_SUCCESS || SSL_CTX_load_verify_locations(serverVerContext, i->c_str(), NULL) != SSL_SUCCESS ) { LogManager::getInstance()->message("Failed to load trusted certificate from " + *i); } } certsLoaded = true; }