std::string
CertificateManager::generateRSACertificate ()
{
RSA *rsa;
std::shared_ptr <EVP_PKEY> private_key;
std::string pem;
std::string rsaKey;
std::string certificateRSA;
rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr);
if (rsa == nullptr) {
GST_ERROR ("RSA not created");
return certificateRSA;
}
private_key = std::shared_ptr <EVP_PKEY> (EVP_PKEY_new (),
[] (EVP_PKEY * obj) {
EVP_PKEY_free (obj);
});
if (private_key == nullptr) {
GST_ERROR ("Private key not created");
RSA_free (rsa);
return certificateRSA;
}
if (EVP_PKEY_assign_RSA (private_key.get(), rsa) == 0) {
GST_ERROR ("Private key not assigned");
RSA_free (rsa);
return certificateRSA;
}
rsa = nullptr;
pem = generateCertificate (private_key.get() );
if (pem.empty () ) {
GST_WARNING ("Certificate not generated");
return certificateRSA;
}
rsaKey = privateKeyToPEMString (private_key.get() );
certificateRSA = rsaKey + pem;
return certificateRSA;
}
void PluginWizardPage::copyPlugins()
{
QStringList pluginList = m_pFileSysClient->getPluginList();
m_PluginManager.initFromFileSys(pluginList);
m_pThread = new QThread;
connect(&m_PluginManager,
SIGNAL(error(QString)),
this,
SLOT(showError(QString)));
connect(&m_PluginManager,
SIGNAL(info(QString)),
this,
SLOT(updateStatus(QString)));
connect(&m_PluginManager,
SIGNAL(copyFinished()),
this,
SLOT(generateCertificate()));
connect(&m_PluginManager,
SIGNAL(error(QString)),
m_pThread,
SLOT(quit()));
connect(m_pThread,
SIGNAL(finished()),
m_pThread,
SLOT(deleteLater()));
updateStatus(
tr("Copying plugins..."));
m_PluginManager.moveToThread(m_pThread);
m_pThread->start();
QMetaObject::invokeMethod(
&m_PluginManager,
"copyPlugins",
Qt::QueuedConnection);
}
std::string
CertificateManager::generateECDSACertificate ()
{
EC_KEY *ec_key;
std::shared_ptr <EC_GROUP> group;
std::shared_ptr <EVP_PKEY> private_key;
std::string pem;
std::string ecdsaParameters, ecdsaKey;
std::string certificateECDSA;
ec_key = EC_KEY_new ();
if (ec_key == nullptr) {
GST_ERROR ("EC key not created");
return certificateECDSA;
}
group = std::shared_ptr <EC_GROUP> (EC_GROUP_new_by_curve_name (
NID_X9_62_prime256v1),
[] (EC_GROUP * obj) {
EC_GROUP_free (obj);
});
EC_GROUP_set_asn1_flag (group.get(), OPENSSL_EC_NAMED_CURVE);
if (group == nullptr) {
EC_KEY_free (ec_key);
GST_ERROR ("EC group not created");
return certificateECDSA;
}
if (EC_KEY_set_group (ec_key, group.get() ) == 0) {
EC_KEY_free (ec_key);
GST_ERROR ("Group not set to key");
return certificateECDSA;
}
if (EC_KEY_generate_key (ec_key) == 0) {
EC_KEY_free (ec_key);
GST_ERROR ("EC key not generated");
return certificateECDSA;
}
private_key = std::shared_ptr<EVP_PKEY> (EVP_PKEY_new (),
[] (EVP_PKEY * obj) {
EVP_PKEY_free (obj);
});
if (private_key == nullptr) {
EC_KEY_free (ec_key);
GST_ERROR ("Private key not created");
return certificateECDSA;
}
if (EVP_PKEY_assign_EC_KEY (private_key.get(), ec_key) == 0) {
EC_KEY_free (ec_key);
GST_ERROR ("Private key not assigned");
return certificateECDSA;
}
pem = generateCertificate (private_key.get() );
if (pem.empty () ) {
GST_WARNING ("Certificate not generated");
return certificateECDSA;
}
ecdsaKey = ECDSAKeyToPEMString (ec_key);
ec_key = nullptr;
ecdsaParameters = parametersToPEMString (group.get() );
certificateECDSA = ecdsaParameters + ecdsaKey + pem;
return certificateECDSA;
}
void CryptoManager::loadCertificates() throw() {
if(!BOOLSETTING(USE_TLS))
return;
SSL_CTX_set_verify(serverContext, SSL_VERIFY_NONE, 0);
SSL_CTX_set_verify(clientContext, SSL_VERIFY_NONE, 0);
SSL_CTX_set_verify(clientVerContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
SSL_CTX_set_verify(serverVerContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
const string& cert = SETTING(TLS_CERTIFICATE_FILE);
const string& key = SETTING(TLS_PRIVATE_KEY_FILE);
if(cert.empty() || key.empty()) {
LogManager::getInstance()->message(STRING(NO_CERTIFICATE_FILE_SET));
return;
}
if(File::getSize(cert) == -1 || File::getSize(key) == -1) {
// Try to generate them...
try {
generateCertificate();
} catch(const CryptoException& e) {
LogManager::getInstance()->message(STRING(CERTIFICATE_GENERATION_FAILED) + e.getError());
}
}
if(SSL_CTX_use_certificate_file(serverContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE));
return;
}
if(SSL_CTX_use_certificate_file(clientContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE));
return;
}
if(SSL_CTX_use_certificate_file(serverVerContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE));
return;
}
if(SSL_CTX_use_certificate_file(clientVerContext, SETTING(TLS_CERTIFICATE_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_CERTIFICATE));
return;
}
if(SSL_CTX_use_PrivateKey_file(serverContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY));
return;
}
if(SSL_CTX_use_PrivateKey_file(clientContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY));
return;
}
if(SSL_CTX_use_PrivateKey_file(serverVerContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY));
return;
}
if(SSL_CTX_use_PrivateKey_file(clientVerContext, SETTING(TLS_PRIVATE_KEY_FILE).c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) {
LogManager::getInstance()->message(STRING(FAILED_TO_LOAD_PRIVATE_KEY));
return;
}
StringList certs = File::findFiles(SETTING(TLS_TRUSTED_CERTIFICATES_PATH), "*.pem");
StringList certs2 = File::findFiles(SETTING(TLS_TRUSTED_CERTIFICATES_PATH), "*.crt");
certs.insert(certs.end(), certs2.begin(), certs2.end());
for(StringIter i = certs.begin(); i != certs.end(); ++i) {
if(
SSL_CTX_load_verify_locations(clientContext, i->c_str(), NULL) != SSL_SUCCESS ||
SSL_CTX_load_verify_locations(clientVerContext, i->c_str(), NULL) != SSL_SUCCESS ||
SSL_CTX_load_verify_locations(serverContext, i->c_str(), NULL) != SSL_SUCCESS ||
SSL_CTX_load_verify_locations(serverVerContext, i->c_str(), NULL) != SSL_SUCCESS
) {
LogManager::getInstance()->message("Failed to load trusted certificate from " + *i);
}
}
certsLoaded = true;
}
