github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-06 00:00:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
56284506fccdd38b3d45b1656809db8036d3ced0
OpenVPNAdapter/openvpn/mbedtls/pki/x509cert.hpp
Sergey Abramchuk 56284506fc Squashed 'OpenVPN Adapter/Vendors/openvpn/' changes from e6d68831a..35bbca799 
35bbca799 Merged in OVPN3-184-generate-warning (pull request #1)
a73d2ce68 Merged in antonio/OVPN3-169-pure-ssl-transport (pull request #3)
8d7f5f3c1 Merged in feature/docker (pull request #2)
d9b5055cd [OVPN3-169] cli.cpp: compile with -DOPENVPN_TLS_LINK when requested
2d99bbfea [OVPN3-169] cliopt.hpp: add support for TLS transport module
62c8461d2 [OVPN3-169] tcpcli.hpp: add runtime support for TLSLink
e0e76bb28 [OVPN3-169] tcplink: introduce LinkBase abstract class
a71014d40 [OVPN3-169] tcplink: create LinkCommon class and inherit from it
cfd6df5bc build system: fix 'git apply'
3e49de7de [OVPN3-210] ovpncli: handle "allow-name-constraints" for OpenSSL
08d72bd76 [OVPN3-184] mbedtls: handle Name Constraints
40c70113d [OVPN3-184] Add mbedTLS patch
ef8d11f34 [OVPN3-169] OpenSSL: implement write_ciphertext_unbuffered() function
37dc86378 [OVPN3-169] mbedTLS: implement write_ciphertext_unbuffered() function
5834ed401 [OVPN3-169] SSLAPI: add write_ciphertext_unbuffered() function
071050b5f vars-linux-dbg: update linux debug profile
5bbfe68c3 [OVPN3-169] Protocol: add support for TLS transport protocol type
dc12d3189 [OVPN3-223] build: add docker images

git-subtree-dir: OpenVPN Adapter/Vendors/openvpn
git-subtree-split: 35bbca799dfa3fbe8e17f8d6e94c3946c397b593
2018-05-03 11:46:13 +03:00

171 lines
4.4 KiB
C++
Raw Blame History

// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS x509_crt object
#ifndef OPENVPN_MBEDTLS_PKI_X509CERT_H
#define OPENVPN_MBEDTLS_PKI_X509CERT_H
#include <string>
#include <sstream>
#include <cstring>
#include <iostream>
#include <mbedtls/x509.h>
#include <mbedtls/pem.h>
#include <mbedtls/base64.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class X509Cert : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<X509Cert> Ptr;
X509Cert() : chain(nullptr) {}
X509Cert(const std::string& cert_txt, const std::string& title, const bool strict)
: chain(nullptr)
{
try {
parse(cert_txt, title, strict);
}
catch (...)
{
dealloc();
throw;
}
}
void parse(const std::string& cert_txt, const std::string& title, const bool strict)
{
alloc();
if (cert_txt.empty())
throw MbedTLSException(title + " certificate is undefined");
// cert_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_x509_crt_parse() expects to see.
const int status = mbedtls_x509_crt_parse(chain,
(const unsigned char *)cert_txt.c_str(),
cert_txt.length() + 1);
if (status < 0)
{
throw MbedTLSException("error parsing " + title + " certificate", status);
}
if (status > 0)
{
std::ostringstream os;
os << status << " certificate(s) in " << title << " bundle failed to parse";
if (strict)
throw MbedTLSException(os.str());
else
OPENVPN_LOG("MBEDTLS: " << os.str());
}
}
static std::string der_to_pem(const unsigned char* der, size_t der_size)
{
size_t olen = 0;
int ret;
ret = mbedtls_pem_write_buffer(begin_cert.c_str(), end_cert.c_str(), der,
der_size, NULL, 0, &olen);
if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL)
throw MbedTLSException("X509Cert::extract: can't calculate PEM size");
BufferAllocated buff(olen, 0);
ret = mbedtls_pem_write_buffer(begin_cert.c_str(), end_cert.c_str(), der,
der_size, buff.data(), buff.max_size(), &olen);
if (ret)
throw MbedTLSException("X509Cert::extract: can't write PEM buffer");
return std::string((const char *)buff.data());
}
std::string extract() const
{
return der_to_pem(chain->raw.p, chain->raw.len);
}
std::vector<std::string> extract_extra_certs() const
{
std::vector<std::string> extra_certs;
/* extra certificates are appended to the main one */
for (mbedtls_x509_crt *cert = chain->next; cert; cert = cert->next)
{
extra_certs.push_back(der_to_pem(cert->raw.p, cert->raw.len));
}
return extra_certs;
}
mbedtls_x509_crt* get() const
{
return chain;
}
virtual ~X509Cert()
{
dealloc();
}
protected:
void alloc()
{
if (!chain)
{
chain = new mbedtls_x509_crt;
mbedtls_x509_crt_init(chain);
}
}
mbedtls_x509_crt *chain;
private:
void dealloc()
{
if (chain)
{
mbedtls_x509_crt_free(chain);
delete chain;
chain = nullptr;
}
}
static const std::string begin_cert;
static const std::string end_cert;
};
const std::string X509Cert::begin_cert = "-----BEGIN CERTIFICATE-----\n";
const std::string X509Cert::end_cert = "-----END CERTIFICATE-----\n";
}
}
#endif
Reference in New Issue View Git Blame Copy Permalink