security-and-privacy/uts-server
security-and-privacy
/
uts-server
mirror of https://github.com/kakwa/uts-server
1
0
Fork 0
Code Issues Releases Wiki Activity

multiple modications 

* add a function to dump binary as hexa in logs
* implemente the TS response generator
* begin to glue it together
This commit is contained in:
kakwa 2016-08-29 08:34:59 +02:00
parent 5ab6bc4325
commit 75dcc97e12
6 changed files with 159 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
inc/context.h
View File

@ -17,7 +17,6 @@
typedef struct { typedef struct {
uint64_t query_counter; uint64_t query_counter;
bool stdout_dbg; bool stdout_dbg;
TS_RESP_CTX *resp_ctx;
int loglevel; int loglevel;
const char *http_options[40]; const char *http_options[40];
TS_RESP_CTX *ts_ctx; TS_RESP_CTX *ts_ctx;

6
inc/rfc3161.h
View File

@ -29,10 +29,8 @@ static int reply_command(CONF *conf, char *section, char *engine, char *query,
char *in, int token_in, char *out, int token_out, char *in, int token_in, char *out, int token_out,
int text); int text);
static TS_RESP *read_PKCS7(BIO *in_bio); static TS_RESP *read_PKCS7(BIO *in_bio);
static TS_RESP *create_response(CONF *conf, const char *section, char *engine, int create_response(rfc3161_context *ct, char *query, TS_RESP_CTX *resp_ctx,
char *query, char *passin, char *inkey, int *resp_size, unsigned char **resp);
const EVP_MD *md, char *signer, char *chain,
const char *policy);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile); static ASN1_INTEGER *next_serial(const char *serialfile);
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);

2
inc/utils.h
View File

@ -2,4 +2,6 @@
void skeleton_daemon(); void skeleton_daemon();
void uts_logger(rfc3161_context *ct, int priority, char *fmt, ...); void uts_logger(rfc3161_context *ct, int priority, char *fmt, ...);
void log_hex(rfc3161_context *ct, int priority, char *id,
unsigned char *content, int content_length);
int set_params(rfc3161_context *ct, char *conf_file); int set_params(rfc3161_context *ct, char *conf_file);

50
src/lib/http.c
View File

@ -27,10 +27,10 @@ void log_request_debug(const struct mg_request_info *request_info,
request_info->request_uri); request_info->request_uri);
uts_logger(context, LOG_DEBUG, "Request[%d], local_uri: %s", request_id, uts_logger(context, LOG_DEBUG, "Request[%d], local_uri: %s", request_id,
request_info->local_uri); request_info->local_uri);
uts_logger(context, LOG_DEBUG, "Request[%d], http_version: %s", uts_logger(context, LOG_DEBUG, "Request[%d], http_version: %s", request_id,
request_id, request_info->http_version); request_info->http_version);
uts_logger(context, LOG_DEBUG, "Request[%d], query_string: %s", uts_logger(context, LOG_DEBUG, "Request[%d], query_string: %s", request_id,
request_id, request_info->query_string); request_info->query_string);
uts_logger(context, LOG_DEBUG, "Request[%d], remote_addr: %s", request_id, uts_logger(context, LOG_DEBUG, "Request[%d], remote_addr: %s", request_id,
request_info->remote_addr); request_info->remote_addr);
uts_logger(context, LOG_DEBUG, "Request[%d], is_ssl: %d", request_id, uts_logger(context, LOG_DEBUG, "Request[%d], is_ssl: %d", request_id,
@ -39,6 +39,12 @@ void log_request_debug(const struct mg_request_info *request_info,
request_id, request_info->content_length); request_id, request_info->content_length);
uts_logger(context, LOG_DEBUG, "Request[%d], remote_port: %d", request_id, uts_logger(context, LOG_DEBUG, "Request[%d], remote_port: %d", request_id,
request_info->remote_port); request_info->remote_port);
// uts_logger(context, LOG_DEBUG, "Request[%d], user_data: %s",
// request_id,
// request_info->user_data);
// uts_logger(context, LOG_DEBUG, "Request[%d], conn_data: %s",
// request_id,
// request_info->conn_data);
} }
// This function will be called by civetweb on every new request. // This function will be called by civetweb on every new request.
@ -76,18 +82,38 @@ int rfc3161_handler(struct mg_connection *conn, void *context) {
is_tsq = 1; is_tsq = 1;
} }
char *content = "\0"; unsigned char *content;
int content_length = 0; int content_length = 0;
// Send HTTP reply to the client // Send HTTP reply to the client
if (is_tsq) { if (is_tsq) {
mg_printf(conn, char *query = calloc(request_info->content_length, sizeof(char));
"HTTP/1.1 200 OK\r\n" mg_read(conn, query, request_info->content_length);
"Content-Type: application/timestamp-reply\r\n"
"Content-Length: %d\r\n" // Always set Content-Length log_hex(ct, LOG_DEBUG, "query hexdump content", query,
"\r\n" request_info->content_length);
"%s",
content_length, content); int ts_resp =
create_response(ct, query, ct->ts_ctx, &content_length, &content);
if (ts_resp) {
log_hex(ct, LOG_DEBUG, "response hexdump content", content,
content_length);
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/timestamp-reply\r\n"
"Content-Length: %d\r\n" // Always set Content-Length
"\r\n",
content_length);
mg_write(conn, content, content_length);
// free(content);
} else {
mg_printf(conn,
"HTTP/1.1 500 OK\r\n"
"Content-Type: text/plain\r\n"
"Content-Length: 17\r\n" // Always set Content-Length
"\r\n"
"uts-server error");
}
} else { } else {
mg_printf(conn, mg_printf(conn,
"HTTP/1.1 200 OK\r\n" "HTTP/1.1 200 OK\r\n"

228
src/lib/rfc3161.c
View File

@ -32,10 +32,6 @@ static int reply_command(CONF *conf, char *section, char *engine, char *query,
char *in, int token_in, char *out, int token_out, char *in, int token_in, char *out, int token_out,
int text); int text);
static TS_RESP *read_PKCS7(BIO *in_bio); static TS_RESP *read_PKCS7(BIO *in_bio);
static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
char *query, char *passin, char *inkey,
const EVP_MD *md, char *signer, char *chain,
const char *policy);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile); static ASN1_INTEGER *next_serial(const char *serialfile);
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
@ -71,10 +67,9 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
* Reply-related method definitions. * Reply-related method definitions.
*/ */
int add_oid_section(rfc3161_context *ct, CONF *conf) int add_oid_section(rfc3161_context *ct, CONF *conf) {
{
char *p; char *p;
STACK_OF(CONF_VALUE) *sktmp; STACK_OF(CONF_VALUE) * sktmp;
CONF_VALUE *cnf; CONF_VALUE *cnf;
int i; int i;
@ -93,82 +88,84 @@ int add_oid_section(rfc3161_context *ct, CONF *conf)
return 1; return 1;
} }
static int reply_command(CONF *conf, char *section, char *engine, char *query, // static int reply_command(CONF *conf, char *section, char *engine, char
char *passin, char *inkey, const EVP_MD *md, // *query,
char *signer, char *chain, const char *policy, // char *passin, char *inkey, const EVP_MD *md,
char *in, int token_in, char *out, int token_out, // char *signer, char *chain, const char *policy,
int text) { // char *in, int token_in, char *out, int token_out,
int ret = 0; // int text) {
TS_RESP *response = NULL; // int ret = 0;
BIO *in_bio = NULL; // TS_RESP *response = NULL;
BIO *query_bio = NULL; // BIO *in_bio = NULL;
BIO *inkey_bio = NULL; // BIO *query_bio = NULL;
BIO *signer_bio = NULL; // BIO *inkey_bio = NULL;
BIO *out_bio = NULL; // BIO *signer_bio = NULL;
BIO *bio_err; // BIO *out_bio = NULL;
// BIO *bio_err;
if (in != NULL) { //
if ((in_bio = BIO_new_file(in, "rb")) == NULL) // if (in != NULL) {
goto end; // if ((in_bio = BIO_new_file(in, "rb")) == NULL)
if (token_in) { // goto end;
response = read_PKCS7(in_bio); // if (token_in) {
} else { // response = read_PKCS7(in_bio);
response = d2i_TS_RESP_bio(in_bio, NULL); // } else {
} // response = d2i_TS_RESP_bio(in_bio, NULL);
} else { // }
response = create_response(conf, section, engine, query, passin, inkey, // } else {
md, signer, chain, policy); // response = create_response(conf, section, engine, query, passin,
// if (response) // inkey,
// BIO_printf(bio_err, "Response has been // md, signer, chain, policy);
// generated.\n"); // // if (response)
// else // // BIO_printf(bio_err, "Response has been
// BIO_printf(bio_err, "Response is not // // generated.\n");
// generated.\n"); // // else
} // // BIO_printf(bio_err, "Response is not
if (response == NULL) // // generated.\n");
goto end; // }
// if (response == NULL)
/* Write response. */ // goto end;
if (text) { //
// if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) // /* Write response. */
//== // if (text) {
// NULL) // // if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT))
// goto end; // //==
if (token_out) { // // NULL)
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); // // goto end;
if (!TS_TST_INFO_print_bio(out_bio, tst_info)) // if (token_out) {
goto end; // TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
} else { // if (!TS_TST_INFO_print_bio(out_bio, tst_info))
if (!TS_RESP_print_bio(out_bio, response)) // goto end;
goto end; // } else {
} // if (!TS_RESP_print_bio(out_bio, response))
} else { // goto end;
// if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) // }
//== // } else {
// NULL) // // if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1))
// goto end; // //==
if (token_out) { // // NULL)
PKCS7 *token = TS_RESP_get_token(response); // // goto end;
if (!i2d_PKCS7_bio(out_bio, token)) // if (token_out) {
goto end; // PKCS7 *token = TS_RESP_get_token(response);
} else { // if (!i2d_PKCS7_bio(out_bio, token))
if (!i2d_TS_RESP_bio(out_bio, response)) // goto end;
goto end; // } else {
} // if (!i2d_TS_RESP_bio(out_bio, response))
} // goto end;
// }
ret = 1; // }
//
end: // ret = 1;
ERR_print_errors(bio_err); //
BIO_free_all(in_bio); // end:
BIO_free_all(query_bio); // ERR_print_errors(bio_err);
BIO_free_all(inkey_bio); // BIO_free_all(in_bio);
BIO_free_all(signer_bio); // BIO_free_all(query_bio);
BIO_free_all(out_bio); // BIO_free_all(inkey_bio);
TS_RESP_free(response); // BIO_free_all(signer_bio);
return ret; // BIO_free_all(out_bio);
} // TS_RESP_free(response);
// return ret;
//}
/* Reads a PKCS7 token and adds default 'granted' status info to it. */ /* Reads a PKCS7 token and adds default 'granted' status info to it. */
static TS_RESP *read_PKCS7(BIO *in_bio) { static TS_RESP *read_PKCS7(BIO *in_bio) {
@ -322,69 +319,34 @@ end:
return NULL; return NULL;
} }
static TS_RESP *create_response(CONF *conf, const char *section, char *engine, int create_response(rfc3161_context *ct, char *query, TS_RESP_CTX *resp_ctx,
char *query, char *passin, char *inkey, int *resp_size, unsigned char **resp) {
const EVP_MD *md, char *signer, char *chain,
const char *policy) {
int ret = 0; int ret = 0;
TS_RESP *response = NULL; TS_RESP *ts_response = NULL;
char *response = NULL;
BIO *query_bio = NULL; BIO *query_bio = NULL;
TS_RESP_CTX *resp_ctx = NULL; BIO *out_bio = NULL;
if ((query_bio = BIO_new_mem_buf(query, -1)) == NULL) if ((query_bio = BIO_new_mem_buf(query, -1)) == NULL)
goto end; goto end;
if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL)
goto end;
if ((resp_ctx = TS_RESP_CTX_new()) == NULL)
goto end;
if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
goto end;
#ifndef OPENSSL_NO_ENGINE
if (!TS_CONF_set_crypto_device(conf, section, engine))
goto end;
#endif
if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
goto end;
if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
goto end;
if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
goto end;
// if (md) { if ((ts_response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL) {
// if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md)) uts_logger(ct, LOG_ERR, "failed to create ts response");
// goto end; goto end;
// } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) { }
// goto end; *resp_size = i2d_TS_RESP(ts_response, NULL);
// } *resp = calloc(*resp_size, sizeof(char));
if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) i2d_TS_RESP(ts_response, resp);
goto end;
if (!TS_CONF_set_policies(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_digests(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_ordering(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
goto end;
if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL)
goto end;
ret = 1; ret = 1;
end: end:
if (!ret) { if (!ret) {
TS_RESP_free(response); TS_RESP_free(ts_response);
response = NULL; response = NULL;
} }
TS_RESP_CTX_free(resp_ctx);
BIO_free_all(query_bio); BIO_free_all(query_bio);
return response; return ret;
} }
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data) { static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data) {
@ -461,7 +423,7 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial) {
ret = 1; ret = 1;
err: err:
if (!ret) if (!ret)
// BIO_printf(bio_err, "could not save serial number to // BIO_Printf(bio_err, "could not save serial number to
//%s\n", //%s\n",
// serialfile); // serialfile);
BIO_free_all(out); BIO_free_all(out);

24
src/lib/utils.c
View File

@ -81,6 +81,26 @@ void skeleton_daemon() {
openlog("uts-server", LOG_PID, LOG_DAEMON); openlog("uts-server", LOG_PID, LOG_DAEMON);
} }
void log_hex(rfc3161_context *ct, int priority, char *id,
unsigned char *content, int content_length) {
if (priority > ct->loglevel && !ct->stdout_dbg)
return;
FILE *stream;
char *out;
size_t len;
stream = open_memstream(&out, &len);
for (int i = 0; i < content_length; i++) {
fprintf(stream, "%02x ", content[i]);
//if (i % 4 == 3)
// fprintf(stream, " ");
}
fflush(stream);
fclose(stream);
uts_logger(ct, priority, "%s: %s", id, out);
free(out);
}
void uts_logger(rfc3161_context *ct, int priority, char *fmt, ...) { void uts_logger(rfc3161_context *ct, int priority, char *fmt, ...) {
// ignore all messages less critical than the loglevel // ignore all messages less critical than the loglevel
// except if the debug flag is set // except if the debug flag is set
@ -240,8 +260,8 @@ int set_params(rfc3161_context *ct, char *conf_file) {
ct->http_options[http_counter] = NULL; ct->http_options[http_counter] = NULL;
} }
if(! add_oid_section(ct, conf)) if (!add_oid_section(ct, conf))
ret = 0; ret = 0;
ct->ts_ctx = create_tsctx(ct, conf, NULL, NULL); ct->ts_ctx = create_tsctx(ct, conf, NULL, NULL);
if (ct->ts_ctx == NULL) if (ct->ts_ctx == NULL)
ret = 0; ret = 0;