static void get_and_publish_cert(struct sipe_core_private *sipe_private,
const gchar *uri,
SIPE_UNUSED_PARAMETER const gchar *raw,
sipe_xml *soap_body,
gpointer callback_data)
{
struct certificate_callback_data *ccd = callback_data;
gboolean success = (uri == NULL); /* abort case */
if (soap_body) {
gchar *cert_base64 = sipe_xml_data(sipe_xml_child(soap_body,
"Body/GetAndPublishCertResponse/RequestSecurityTokenResponse/RequestedSecurityToken/BinarySecurityToken"));
SIPE_DEBUG_INFO("get_and_publish_cert: received valid SOAP message from service %s",
uri);
if (cert_base64) {
gpointer opaque = sipe_cert_crypto_decode(sipe_private->certificate->backend,
cert_base64);
SIPE_DEBUG_INFO_NOFORMAT("get_and_publish_cert: found certificate");
if (opaque) {
add_certificate(sipe_private,
ccd->target,
opaque);
SIPE_DEBUG_INFO("get_and_publish_cert: certificate for target '%s' added",
ccd->target);
/* Let's try this again... */
sip_transport_authentication_completed(sipe_private);
success = TRUE;
}
g_free(cert_base64);
}
}
if (!success) {
certificate_failure(sipe_private,
_("Certificate request to %s failed"),
uri,
NULL);
}
callback_data_free(ccd);
}
static CK_RV
read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
{
char buf[1024], *type, *s, *p;
FILE *f;
CK_RV ret = CKR_OK;
CK_RV failed = CKR_OK;
if (fn == NULL) {
st_logf("Can't open configuration file. No file specified\n");
return CKR_GENERAL_ERROR;
}
f = fopen(fn, "r");
if (f == NULL) {
st_logf("can't open configuration file %s\n", fn);
return CKR_GENERAL_ERROR;
}
rk_cloexec_file(f);
while(fgets(buf, sizeof(buf), f) != NULL) {
buf[strcspn(buf, "\n")] = '\0';
st_logf("line: %s\n", buf);
p = buf;
while (isspace((unsigned char)*p))
p++;
if (*p == '#')
continue;
while (isspace((unsigned char)*p))
p++;
s = NULL;
type = strtok_r(p, "\t", &s);
if (type == NULL)
continue;
if (strcasecmp("certificate", type) == 0) {
char *cert, *id, *label;
id = strtok_r(NULL, "\t", &s);
if (id == NULL) {
st_logf("no id\n");
continue;
}
st_logf("id: %s\n", id);
label = strtok_r(NULL, "\t", &s);
if (label == NULL) {
st_logf("no label\n");
continue;
}
cert = strtok_r(NULL, "\t", &s);
if (cert == NULL) {
st_logf("no certfiicate store\n");
continue;
}
st_logf("adding: %s: %s in file %s\n", id, label, cert);
ret = add_certificate(cert, pin, id, label);
if (ret)
failed = ret;
} else if (strcasecmp("debug", type) == 0) {
char *name;
name = strtok_r(NULL, "\t", &s);
if (name == NULL) {
st_logf("no filename\n");
continue;
}
if (soft_token.logfile)
fclose(soft_token.logfile);
if (strcasecmp(name, "stdout") == 0)
soft_token.logfile = stdout;
else {
soft_token.logfile = fopen(name, "a");
if (soft_token.logfile)
rk_cloexec_file(soft_token.logfile);
}
if (soft_token.logfile == NULL)
st_logf("failed to open file: %s\n", name);
} else if (strcasecmp("app-fatal", type) == 0) {
char *name;
name = strtok_r(NULL, "\t", &s);
if (name == NULL) {
st_logf("argument to app-fatal\n");
continue;
}
if (strcmp(name, "true") == 0 || strcmp(name, "on") == 0)
soft_token.flags.app_error_fatal = 1;
else if (strcmp(name, "false") == 0 || strcmp(name, "off") == 0)
soft_token.flags.app_error_fatal = 0;
else
st_logf("unknown app-fatal: %s\n", name);
} else {
st_logf("unknown type: %s\n", type);
}
}
fclose(f);
return failed;
}
int main(int argc, char **argv) {
if (argc < 2) {
fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
return 2;
}
Certificate* certs = NULL;
int num_keys = 0;
int argn = 1;
while (argn < argc) {
if (strcmp(argv[argn], "-sha256") == 0) {
if (num_keys == 0) {
fprintf(stderr, "May only specify -sha256 after key type\n");
return 2;
}
++argn;
Certificate* cert = &certs[num_keys - 1];
cert->hash_len = SHA256_DIGEST_SIZE;
} else if (strcmp(argv[argn], "-ec") == 0) {
++argn;
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC);
cert->ec = &test_ec_key;
} else if (strcmp(argv[argn], "-e3") == 0) {
++argn;
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
cert->rsa = &test_key;
} else if (strcmp(argv[argn], "-f4") == 0) {
++argn;
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
cert->rsa = &test_f4_key;
} else if (strcmp(argv[argn], "-file") == 0) {
if (certs != NULL) {
fprintf(stderr, "Cannot specify -file with other certs specified\n");
return 2;
}
++argn;
certs = load_keys(argv[argn], &num_keys);
++argn;
} else if (argv[argn][0] == '-') {
fprintf(stderr, "Unknown argument %s\n", argv[argn]);
return 2;
} else {
break;
}
}
if (argn == argc) {
fprintf(stderr, "Must specify package to verify\n");
return 2;
}
if (num_keys == 0) {
certs = (Certificate*) calloc(1, sizeof(Certificate));
if (certs == NULL) {
fprintf(stderr, "Failure allocating memory for default certificate\n");
return 1;
}
certs->key_type = Certificate::RSA;
certs->rsa = &test_key;
certs->ec = NULL;
certs->hash_len = SHA_DIGEST_SIZE;
num_keys = 1;
}
ui = new FakeUI();
MemMapping map;
if (sysMapFile(argv[argn], &map) != 0) {
fprintf(stderr, "failed to mmap %s: %s\n", argv[argn], strerror(errno));
return 4;
}
int result = verify_file(map.addr, map.length, certs, num_keys);
if (result == VERIFY_SUCCESS) {
printf("VERIFIED\n");
return 0;
} else if (result == VERIFY_FAILURE) {
printf("NOT VERIFIED\n");
return 1;
} else {
printf("bad return value\n");
return 3;
}
}
Certificate_Store_In_Memory::Certificate_Store_In_Memory(const X509_Certificate& cert)
{
add_certificate(cert);
}
