/**
 * gnutls_store_pubkey:
 * @db_name: A file specifying the stored keys (use NULL for the default)
 * @tdb: A storage structure or NULL to use the default
 * @host: The peer's name
 * @service: non-NULL if this key is specific to a service (e.g. http)
 * @cert_type: The type of the certificate
 * @cert: The data of the certificate
 * @expiration: The expiration time (use 0 to disable expiration)
 * @flags: should be 0.
 *
 * This function will store the provided certificate to 
 * the list of stored public keys. The key will be considered valid until 
 * the provided expiration time.
 *
 * The @store variable if non-null specifies a custom backend for
 * the storage of entries. If it is NULL then the
 * default file backend will be used.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 3.0
 **/
int
gnutls_store_pubkey(const char* db_name,
                    gnutls_tdb_t tdb,
                    const char* host,
                    const char* service,
                    gnutls_certificate_type_t cert_type,
                    const gnutls_datum_t * cert,
                    time_t expiration,
                    unsigned int flags)
{
FILE* fd = NULL;
gnutls_datum_t pubkey = { NULL, 0 };
int ret;
char local_file[MAX_FILENAME];

  if (cert_type != GNUTLS_CRT_X509 && cert_type != GNUTLS_CRT_OPENPGP)
    return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
  
  if (db_name == NULL && tdb == NULL)
    {
      ret = _gnutls_find_config_path(local_file, sizeof(local_file));
      if (ret < 0)
        return gnutls_assert_val(ret);
      
      _gnutls_debug_log("Configuration path: %s\n", local_file);
      mkdir(local_file, 0700);
      
      ret = find_config_file(local_file, sizeof(local_file));
      if (ret < 0)
        return gnutls_assert_val(ret);
      db_name = local_file;
    }

  if (tdb == NULL)
    tdb = &default_tdb;
    
  if (cert_type == GNUTLS_CRT_X509)
    ret = x509_crt_to_raw_pubkey(cert, &pubkey);
  else
    ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
  if (ret < 0)
    {
      gnutls_assert();
      goto cleanup;
    }

  _gnutls_debug_log("Configuration file: %s\n", db_name);

  tdb->store(db_name, host, service, expiration, &pubkey);

  ret = 0;

cleanup:
  gnutls_free(pubkey.data);
  if (fd != NULL) fclose(fd);
  
  return ret;
}
Exemple #2
0
/**
 * gnutls_store_pubkey:
 * @db_name: A file specifying the stored keys (use NULL for the default)
 * @tdb: A storage structure or NULL to use the default
 * @host: The peer's name
 * @service: non-NULL if this key is specific to a service (e.g. http)
 * @cert_type: The type of the certificate
 * @cert: The data of the certificate
 * @expiration: The expiration time (use 0 to disable expiration)
 * @flags: should be 0.
 *
 * This function will store a raw public-key or a public-key provided via
 * a raw (DER-encoded) certificate to the list of stored public keys. The key
 * will be considered valid until the provided expiration time.
 *
 * The @tdb variable if non-null specifies a custom backend for
 * the storage of entries. If it is NULL then the
 * default file backend will be used.
 *
 * Unless an alternative @tdb is provided, the storage format is a textual format
 * consisting of a line for each host with fields separated by '|'. The contents of
 * the fields are a format-identifier which is set to 'g0', the hostname that the
 * rest of the data applies to, the numeric port or host name, the expiration
 * time in seconds since the epoch (0 for no expiration), and a base64
 * encoding of the raw (DER) public key information (SPKI) of the peer.
 *
 * As of GnuTLS 3.6.6 this function also accepts raw public keys.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 3.0.13
 **/
int
gnutls_store_pubkey(const char *db_name,
		    gnutls_tdb_t tdb,
		    const char *host,
		    const char *service,
		    gnutls_certificate_type_t cert_type,
		    const gnutls_datum_t * cert,
		    time_t expiration, unsigned int flags)
{
	gnutls_datum_t pubkey = { NULL, 0 }; // Holds the pubkey in subjectPublicKeyInfo format (DER encoded)
	int ret;
	char local_file[MAX_FILENAME];
	bool need_free;


	if (db_name == NULL && tdb == NULL) {
		ret =
		    _gnutls_find_config_path(local_file,
					     sizeof(local_file));
		if (ret < 0)
			return gnutls_assert_val(ret);

		_gnutls_debug_log("Configuration path: %s\n", local_file);
		mkdir(local_file, 0700);

		ret = find_config_file(local_file, sizeof(local_file));
		if (ret < 0)
			return gnutls_assert_val(ret);
		db_name = local_file;
	}

	if (tdb == NULL)
		tdb = &default_tdb;

	/* Import the public key depending on the provided certificate type */
	switch (cert_type) {
		case GNUTLS_CRT_X509:
			/* Extract the pubkey from the cert. This function does a malloc
			 * deep down the call chain. We are responsible for freeing. */
			ret = _gnutls_x509_raw_crt_to_raw_pubkey(cert, &pubkey);

			if (ret < 0) {
				_gnutls_free_datum(&pubkey);
				return gnutls_assert_val(ret);
			}

			need_free = true;
			break;
		case GNUTLS_CRT_RAWPK:
			pubkey.data = cert->data;
			pubkey.size = cert->size;
			need_free = false;
			break;
		default:
			return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
	}

	_gnutls_debug_log("Configuration file: %s\n", db_name);

	tdb->store(db_name, host, service, expiration, &pubkey);

	if (need_free) {
		_gnutls_free_datum(&pubkey);
	}

	return GNUTLS_E_SUCCESS;
}