render_unit( std::istream &is, const vec3i &base_pos ) : base_pos_(base_pos), scene_static_(base_pos) { assert( is.good() ); // height_fields_ = crystal_bits::load_crystal(is, pump_factor_); // std::cout << "hf: " << height_fields_.size() << "\n"; // // // // scene_static_.init_solid(height_fields_); // const size_t pump_factor = 4; base_pos_.x *= pump_factor; base_pos_.z *= pump_factor; scene_static_.init_solid_from_crystal(is, pump_factor); // scene_static_.init_planes(); scene_static_.init_binmaps(); scene_static_.init_strips(); uint64_t scene_hash = scene_static_.hash(); auto bin_name = hash_to_filename(scene_hash); std::cout << "baked name: " << bin_name << "\n"; try { std::ifstream is( bin_name.c_str() ); light_static_ = light_static( is, scene_hash ); } catch( std::runtime_error x ) { std::cerr << "load failed. recreating. error:\n" << x.what() << std::endl; light_static_ = setup_formfactors(scene_static_.planes(), scene_static_.solid()); } if( !false ) { std::ofstream os( bin_name.c_str() ); light_static_.write(os, scene_hash); } light_dynamic_ = light_dynamic(scene_static_.planes().size() ); rad_core_ = make_rad_core_threaded(scene_static_, light_static_); // vbob_ = vbo_builder(scene_static_.planes().size() ); // vbob_.update_index_buffer( scene_static_.planes().size()); // vbob_.update_vertices( scene_static_.planes().begin(), scene_static_.planes().end()); // vbob_ts_ = vbo_builder_tristrip( scene_static_.tristrip_at(0) ); auto bin_map = scene_static_.bin_maps().at(0); lightmap.upload_rgb( (uint8_t*)bin_map.data(), 256, 256 ); }
// take certificate hashes, check their validity and output json that // will indicate which certificate were used for verification, whatever // the chain was trusted and if all certificates needed for verification // (with the exception of root CA) were present in hashes int process_chain(const char **cert_hashes) { int ret; int rc; // return code from function char *f_name; X509 *cert; X509 *x509; X509_STORE *store; X509_STORE_CTX *csc; STACK_OF(X509) *ustack; STACK_OF(X509) *vstack; // load certificates to temp structures // first the end entity cert // (EE cert needs to be passed separately to OpenSSL verification context) f_name = hash_to_filename(cert_hashes[0]); if (f_name == NULL) return 1; cert = load_cert(f_name); free(f_name); if (cert == NULL) { printf("can't load certificate!\n"); return 1; } // then the intermediate certificates ustack = sk_X509_new_null(); for (int i=1; cert_hashes[i]!=NULL; i++) { //printf(".\n"); f_name = hash_to_filename(cert_hashes[i]); if (f_name == NULL) { // file not found continue; } x509 = load_cert(f_name); if (x509 == NULL) { // loading cert failed continue; } sk_X509_push(ustack, x509); free(f_name); } // first try with just trusted certificates store = SSL_CTX_get_cert_store(trusted_only); if (store == NULL) { fprintf(stderr, "store init failed\n"); return 1; } X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST); csc = X509_STORE_CTX_new(); ret = X509_STORE_CTX_init(csc, store, cert, ustack); if (ret != 1) { return 1; } ret = X509_verify_cert(csc); if (ret != 1) { // printf("%s\n", X509_verify_cert_error_string(csc->error)); } else { // chain is complete, output certificate hashes printf("{\"chain\":\"complete\",\"certificates\":["); vstack = X509_STORE_CTX_get_chain(csc); for(int i=0; i<sk_X509_num(vstack); i++) { X509 *c = sk_X509_value(vstack, i); const EVP_MD *digest; unsigned char md[EVP_MAX_MD_SIZE]; int n; digest = EVP_get_digestbyname("sha256"); X509_digest(c, digest, md, &n); printf("\""); for(int i=0; i<n; i++) { printf("%02x", md[i]); } printf("\""); if (i+1 < sk_X509_num(vstack)) { printf(","); } } printf("]}"); X509_STORE_CTX_free(csc); sk_X509_pop_free(ustack, X509_free); X509_free(cert); return 0; } X509_STORE_CTX_free(csc); // validation failed with just the trust anchors, retry with all // known intermediate certificates store = SSL_CTX_get_cert_store(all_CAs); if (store == NULL) { fprintf(stderr, "store init failed\n"); return 1; } X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST); csc = X509_STORE_CTX_new(); ret = X509_STORE_CTX_init(csc, store, cert, ustack); if (ret != 1) { return 1; } ret = X509_verify_cert(csc); if (ret != 1) { // certificate untrusted printf("{\"chain\":\"untrusted\"}"); } else { // chain successfully verified using all certificates, // print all the certs used to verify it printf("{\"chain\":\"incomplete\",\"certificates\":["); vstack = X509_STORE_CTX_get_chain(csc); for(int i=0; i<sk_X509_num(vstack); i++) { X509 *c = sk_X509_value(vstack, i); const EVP_MD *digest; unsigned char md[EVP_MAX_MD_SIZE]; int n; digest = EVP_get_digestbyname("sha256"); X509_digest(c, digest, md, &n); printf("\""); for(int i=0; i<n; i++) { printf("%02x", md[i]); } printf("\""); if (i+1 < sk_X509_num(vstack)) { printf(","); } } printf("]}"); } X509_STORE_CTX_free(csc); sk_X509_pop_free(ustack, X509_free); X509_free(cert); return 0; }