// Generate the packet BUF *WpcGeneratePacket(PACK *pack, X *cert, K *key) { UCHAR hash[SHA1_SIZE]; BUF *pack_data; BUF *cert_data = NULL; BUF *sign_data = NULL; BUF *b; // Validate arguments if (pack == NULL) { return NULL; } pack_data = PackToBuf(pack); HashSha1(hash, pack_data->Buf, pack_data->Size); if (cert != NULL && key != NULL) { UCHAR sign[128]; cert_data = XToBuf(cert, false); RsaSign(sign, hash, sizeof(hash), key); sign_data = NewBuf(); WriteBuf(sign_data, sign, sizeof(sign)); SeekBuf(sign_data, 0, 0); } b = NewBuf(); WpcAddDataEntryBin(b, "PACK", pack_data->Buf, pack_data->Size); WpcAddDataEntryBin(b, "HASH", hash, sizeof(hash)); if (cert_data != NULL) { WpcAddDataEntryBin(b, "CERT", cert_data->Buf, cert_data->Size); WpcAddDataEntryBin(b, "SIGN", sign_data->Buf, sign_data->Size); } FreeBuf(pack_data); FreeBuf(cert_data); FreeBuf(sign_data); SeekBuf(b, 0, 0); return b; }
// Write the configuration to a file void NiWriteConfig(NAT *n) { // Validate arguments if (n == NULL) { return; } Lock(n->lock); { FOLDER *root = CfgCreateFolder(NULL, TAG_ROOT); BUF *b; // Certificate b = XToBuf(n->AdminX, false); CfgAddBuf(root, "AdminCert", b); FreeBuf(b); // Secret key b = KToBuf(n->AdminK, false, NULL); CfgAddBuf(root, "AdminKey", b); FreeBuf(b); // Password CfgAddByte(root, "HashedPassword", n->HashedPassword, sizeof(n->HashedPassword)); CfgAddInt(root, "AdminPort", n->AdminPort); CfgAddBool(root, "Online", n->Online); // Virtual host option NiWriteVhOption(n, root); // Connection options if (n->ClientOption != NULL && n->ClientAuth != NULL) { NiWriteClientData(n, root); } SaveCfgRw(n->CfgRw, root); CfgDeleteFolder(root); } Unlock(n->lock); }
// 設定をファイルに書き込む void NiWriteConfig(NAT *n) { // 引数チェック if (n == NULL) { return; } Lock(n->lock); { FOLDER *root = CfgCreateFolder(NULL, TAG_ROOT); BUF *b; // 証明書 b = XToBuf(n->AdminX, false); CfgAddBuf(root, "AdminCert", b); FreeBuf(b); // 秘密鍵 b = KToBuf(n->AdminK, false, NULL); CfgAddBuf(root, "AdminKey", b); FreeBuf(b); // パスワード CfgAddByte(root, "HashedPassword", n->HashedPassword, sizeof(n->HashedPassword)); CfgAddInt(root, "AdminPort", n->AdminPort); CfgAddBool(root, "Online", n->Online); // 仮想ホストオプション NiWriteVhOption(n, root); // 接続オプション if (n->ClientOption != NULL && n->ClientAuth != NULL) { NiWriteClientData(n, root); } SaveCfgRw(n->CfgRw, root); CfgDeleteFolder(root); } Unlock(n->lock); }
// Write the certificate object bool WriteSecCert(SECURE *sec, bool private_obj, char *name, X *x) { UINT obj_class = CKO_CERTIFICATE; CK_BBOOL b_true = true, b_false = false, b_private_obj = private_obj; UINT cert_type = CKC_X_509; CK_DATE start_date, end_date; UCHAR subject[MAX_SIZE]; UCHAR issuer[MAX_SIZE]; wchar_t w_subject[MAX_SIZE]; wchar_t w_issuer[MAX_SIZE]; UCHAR serial_number[MAX_SIZE]; UCHAR value[4096]; UINT ret; BUF *b; UINT object; CK_ATTRIBUTE a[] = { {CKA_SUBJECT, subject, 0}, // 0 {CKA_ISSUER, issuer, 0}, // 1 {CKA_SERIAL_NUMBER, serial_number, 0}, // 2 {CKA_VALUE, value, 0}, // 3 {CKA_CLASS, &obj_class, sizeof(obj_class)}, {CKA_TOKEN, &b_true, sizeof(b_true)}, {CKA_PRIVATE, &b_private_obj, sizeof(b_private_obj)}, {CKA_LABEL, name, StrLen(name)}, {CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)}, #if 0 // Don't use these because some tokens fail {CKA_START_DATE, &start_date, sizeof(start_date)}, {CKA_END_DATE, &end_date, sizeof(end_date)}, #endif }; // Validate arguments if (sec == NULL) { return false; } if (name == NULL) { sec->Error = SEC_ERROR_BAD_PARAMETER; return false; } if (sec->SessionCreated == false) { sec->Error = SEC_ERROR_NO_SESSION; return false; } if (sec->LoginFlag == false && private_obj) { sec->Error = SEC_ERROR_NOT_LOGIN; return false; } // Copy the certificate to the buffer b = XToBuf(x, false); if (b == NULL) { sec->Error = SEC_ERROR_INVALID_CERT; return false; } if (b->Size > sizeof(value)) { // Size is too large FreeBuf(b); sec->Error = SEC_ERROR_DATA_TOO_BIG; return false; } Copy(value, b->Buf, b->Size); A_SIZE(a, 3) = b->Size; FreeBuf(b); // Store the Subject and the Issuer by encoding into UTF-8 GetPrintNameFromName(w_subject, sizeof(w_subject), x->subject_name); UniToUtf8(subject, sizeof(subject), w_subject); A_SIZE(a, 0) = StrLen(subject); if (x->root_cert == false) { GetPrintNameFromName(w_issuer, sizeof(w_issuer), x->issuer_name); UniToUtf8(issuer, sizeof(issuer), w_issuer); A_SIZE(a, 1) = StrLen(issuer); } // Copy the serial number Copy(serial_number, x->serial->data, MIN(x->serial->size, sizeof(serial_number))); A_SIZE(a, 2) = MIN(x->serial->size, sizeof(serial_number)); // Expiration date information UINT64ToCkDate(&start_date, SystemToLocal64(x->notBefore)); UINT64ToCkDate(&end_date, SystemToLocal64(x->notAfter)); // Workaround for Gemalto PKCS#11 API. It rejects a private certificate. if(sec->Dev->Id == 18 || sec->Dev->Id == 19) { b_private_obj = false; } // Remove objects which have the same name if (CheckSecObject(sec, name, SEC_X)) { DeleteSecCert(sec, name); } // Creating if ((ret = sec->Api->C_CreateObject(sec->SessionId, a, sizeof(a) / sizeof(a[0]), &object)) != CKR_OK) { // Failure sec->Error = SEC_ERROR_HARDWARE_ERROR; Debug("Error: 0x%02x\n", ret); return false; } // Clear Cache EraseEnumSecObjectCache(sec); return true; }