static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey)
{
gnutls_digest_algorithm_t dig;
int result = gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &dig, nullptr);
if (result < 0)
return GNUTLS_DIG_UNKNOWN;
return dig;
}
void Plugin::_loadCertificate()
{
QFile file(this->crtFile);
gnutls_datum_t datum;
size_t size = 2048;
QByteArray data;
gnutls_privkey_t privkey;
gnutls_pubkey_t pubkey;
gnutls_pubkey_t pubkeyCrt;
int error;
QMap<char *, QByteArray> oid;
gnutls_digest_algorithm_t digest;
if (!file.open(QIODevice::ReadWrite))
throw Properties("error", "Unable to open the certificate file").add("file", this->crtFile);
ASSERT_INIT(gnutls_x509_crt_init(&this->crt), "crt");
ASSERT(gnutls_privkey_init(&privkey));
ASSERT(gnutls_privkey_import_x509(privkey, this->key, 0));
ASSERT(gnutls_pubkey_init(&pubkey));
ASSERT(gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0));
// Verifies that the certificate is valid
if (file.size() > 0)
{
ASSERT(gnutls_pubkey_init(&pubkeyCrt));
data = file.readAll();
datum.size = data.size();
datum.data = (unsigned char *)data.data();
if (gnutls_x509_crt_import(this->crt, &datum, GNUTLS_X509_FMT_PEM) != GNUTLS_E_SUCCESS)
file.resize(0);
else if (gnutls_x509_crt_get_expiration_time(this->crt) < ::time(NULL) + CRT_EXPIRATION_REGEN)
file.resize(0);
else if (gnutls_pubkey_import_x509(pubkeyCrt, this->crt, 0) != GNUTLS_E_SUCCESS)
file.resize(0);
// Ensures that the public keys of the certificate and the private key match
size_t size1 = size, size2 = size;
QByteArray pub1((int)size1, 0), pub2((int)size2, 0);
if (gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_PEM, pub1.data(), &size1) != GNUTLS_E_SUCCESS
|| gnutls_pubkey_export(pubkeyCrt, GNUTLS_X509_FMT_PEM, pub2.data(), &size2) != GNUTLS_E_SUCCESS
|| size1 != size2 || pub1 != pub2)
file.resize(0);
gnutls_pubkey_deinit(pubkeyCrt);
}
// Generates a new certificate
if (file.size() == 0)
{
gnutls_x509_crt_deinit(this->crt);
this->init.removeAll("crt");
ASSERT_INIT(gnutls_x509_crt_init(&this->crt), "crt");
LOG_INFO("Generating a new certificate", "Plugin", "_generateCertificate");
oid.insert((char *)GNUTLS_OID_X520_COMMON_NAME, "LightBird");
oid.insert((char *)GNUTLS_OID_X520_ORGANIZATION_NAME, "LightBird");
QMapIterator<char *, QByteArray> it(oid);
while (it.hasNext())
ASSERT(gnutls_x509_crt_set_dn_by_oid(this->crt, it.key(), 0, it.value().data(), it.next().value().size()));
ASSERT(gnutls_x509_crt_set_pubkey(this->crt, pubkey));
data = this->_generateSerial();
ASSERT(gnutls_x509_crt_set_serial(this->crt, data.data(), data.size()));
ASSERT(gnutls_x509_crt_set_activation_time(this->crt, ::time(NULL)));
ASSERT(gnutls_x509_crt_set_expiration_time(this->crt, ::time(NULL) + CRT_EXPIRATION));
ASSERT(gnutls_x509_crt_set_basic_constraints(this->crt, 0, -1));
ASSERT(gnutls_x509_crt_set_key_purpose_oid(this->crt, GNUTLS_KP_TLS_WWW_SERVER, 0));
ASSERT(gnutls_x509_crt_set_key_usage(this->crt, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT));
data.resize((int)size);
ASSERT(gnutls_x509_crt_get_key_id(this->crt, 0, (unsigned char *)data.data(), &size));
ASSERT(gnutls_x509_crt_set_subject_key_id(this->crt, (unsigned char *)data.data(), size));
ASSERT(gnutls_x509_crt_set_version(this->crt, 3));
ASSERT(gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &digest, NULL));
ASSERT(gnutls_x509_crt_privkey_sign(this->crt, this->crt, privkey, digest, 0));
size = data.size();
ASSERT(gnutls_x509_crt_export(this->crt, GNUTLS_X509_FMT_PEM, data.data(), &size));
data.resize((int)size);
file.write(data);
}
gnutls_pubkey_deinit(pubkey);
gnutls_privkey_deinit(privkey);
}
