static void get_and_publish_cert(struct sipe_core_private *sipe_private, const gchar *uri, SIPE_UNUSED_PARAMETER const gchar *raw, sipe_xml *soap_body, gpointer callback_data) { struct certificate_callback_data *ccd = callback_data; gboolean success = (uri == NULL); /* abort case */ if (soap_body) { gchar *cert_base64 = sipe_xml_data(sipe_xml_child(soap_body, "Body/GetAndPublishCertResponse/RequestSecurityTokenResponse/RequestedSecurityToken/BinarySecurityToken")); SIPE_DEBUG_INFO("get_and_publish_cert: received valid SOAP message from service %s", uri); if (cert_base64) { gpointer opaque = sipe_cert_crypto_decode(sipe_private->certificate->backend, cert_base64); SIPE_DEBUG_INFO_NOFORMAT("get_and_publish_cert: found certificate"); if (opaque) { add_certificate(sipe_private, ccd->target, opaque); SIPE_DEBUG_INFO("get_and_publish_cert: certificate for target '%s' added", ccd->target); /* Let's try this again... */ sip_transport_authentication_completed(sipe_private); success = TRUE; } g_free(cert_base64); } } if (!success) { certificate_failure(sipe_private, _("Certificate request to %s failed"), uri, NULL); } callback_data_free(ccd); }
static CK_RV read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin) { char buf[1024], *type, *s, *p; FILE *f; CK_RV ret = CKR_OK; CK_RV failed = CKR_OK; if (fn == NULL) { st_logf("Can't open configuration file. No file specified\n"); return CKR_GENERAL_ERROR; } f = fopen(fn, "r"); if (f == NULL) { st_logf("can't open configuration file %s\n", fn); return CKR_GENERAL_ERROR; } rk_cloexec_file(f); while(fgets(buf, sizeof(buf), f) != NULL) { buf[strcspn(buf, "\n")] = '\0'; st_logf("line: %s\n", buf); p = buf; while (isspace((unsigned char)*p)) p++; if (*p == '#') continue; while (isspace((unsigned char)*p)) p++; s = NULL; type = strtok_r(p, "\t", &s); if (type == NULL) continue; if (strcasecmp("certificate", type) == 0) { char *cert, *id, *label; id = strtok_r(NULL, "\t", &s); if (id == NULL) { st_logf("no id\n"); continue; } st_logf("id: %s\n", id); label = strtok_r(NULL, "\t", &s); if (label == NULL) { st_logf("no label\n"); continue; } cert = strtok_r(NULL, "\t", &s); if (cert == NULL) { st_logf("no certfiicate store\n"); continue; } st_logf("adding: %s: %s in file %s\n", id, label, cert); ret = add_certificate(cert, pin, id, label); if (ret) failed = ret; } else if (strcasecmp("debug", type) == 0) { char *name; name = strtok_r(NULL, "\t", &s); if (name == NULL) { st_logf("no filename\n"); continue; } if (soft_token.logfile) fclose(soft_token.logfile); if (strcasecmp(name, "stdout") == 0) soft_token.logfile = stdout; else { soft_token.logfile = fopen(name, "a"); if (soft_token.logfile) rk_cloexec_file(soft_token.logfile); } if (soft_token.logfile == NULL) st_logf("failed to open file: %s\n", name); } else if (strcasecmp("app-fatal", type) == 0) { char *name; name = strtok_r(NULL, "\t", &s); if (name == NULL) { st_logf("argument to app-fatal\n"); continue; } if (strcmp(name, "true") == 0 || strcmp(name, "on") == 0) soft_token.flags.app_error_fatal = 1; else if (strcmp(name, "false") == 0 || strcmp(name, "off") == 0) soft_token.flags.app_error_fatal = 0; else st_logf("unknown app-fatal: %s\n", name); } else { st_logf("unknown type: %s\n", type); } } fclose(f); return failed; }
int main(int argc, char **argv) { if (argc < 2) { fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]); return 2; } Certificate* certs = NULL; int num_keys = 0; int argn = 1; while (argn < argc) { if (strcmp(argv[argn], "-sha256") == 0) { if (num_keys == 0) { fprintf(stderr, "May only specify -sha256 after key type\n"); return 2; } ++argn; Certificate* cert = &certs[num_keys - 1]; cert->hash_len = SHA256_DIGEST_SIZE; } else if (strcmp(argv[argn], "-ec") == 0) { ++argn; Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC); cert->ec = &test_ec_key; } else if (strcmp(argv[argn], "-e3") == 0) { ++argn; Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); cert->rsa = &test_key; } else if (strcmp(argv[argn], "-f4") == 0) { ++argn; Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); cert->rsa = &test_f4_key; } else if (strcmp(argv[argn], "-file") == 0) { if (certs != NULL) { fprintf(stderr, "Cannot specify -file with other certs specified\n"); return 2; } ++argn; certs = load_keys(argv[argn], &num_keys); ++argn; } else if (argv[argn][0] == '-') { fprintf(stderr, "Unknown argument %s\n", argv[argn]); return 2; } else { break; } } if (argn == argc) { fprintf(stderr, "Must specify package to verify\n"); return 2; } if (num_keys == 0) { certs = (Certificate*) calloc(1, sizeof(Certificate)); if (certs == NULL) { fprintf(stderr, "Failure allocating memory for default certificate\n"); return 1; } certs->key_type = Certificate::RSA; certs->rsa = &test_key; certs->ec = NULL; certs->hash_len = SHA_DIGEST_SIZE; num_keys = 1; } ui = new FakeUI(); MemMapping map; if (sysMapFile(argv[argn], &map) != 0) { fprintf(stderr, "failed to mmap %s: %s\n", argv[argn], strerror(errno)); return 4; } int result = verify_file(map.addr, map.length, certs, num_keys); if (result == VERIFY_SUCCESS) { printf("VERIFIED\n"); return 0; } else if (result == VERIFY_FAILURE) { printf("NOT VERIFIED\n"); return 1; } else { printf("bad return value\n"); return 3; } }
Certificate_Store_In_Memory::Certificate_Store_In_Memory(const X509_Certificate& cert) { add_certificate(cert); }