From 9017c9b2bf1b00a36d39b9e43ad983051f4f87a6 Mon Sep 17 00:00:00 2001 From: kakwa Date: Fri, 19 Aug 2016 00:03:49 +0200 Subject: [PATCH 1/6] add ini parser --- inc/ini.h | 93 ++++++++++++++++++++++++ src/lib/ini.c | 194 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 287 insertions(+) create mode 100644 inc/ini.h create mode 100644 src/lib/ini.c diff --git a/inc/ini.h b/inc/ini.h new file mode 100644 index 0000000..eaa554d --- /dev/null +++ b/inc/ini.h @@ -0,0 +1,93 @@ +/* inih -- simple .INI file parser + +inih is released under the New BSD license (see LICENSE.txt). Go to the project +home page for more info: + +https://github.com/benhoyt/inih + +*/ + +#ifndef __INI_H__ +#define __INI_H__ + +/* Make this header file easier to include in C++ code */ +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Typedef for prototype of handler function. */ +typedef int (*ini_handler)(void* user, const char* section, + const char* name, const char* value); + +/* Typedef for prototype of fgets-style reader function. */ +typedef char* (*ini_reader)(char* str, int num, void* stream); + +/* Parse given INI-style file. May have [section]s, name=value pairs + (whitespace stripped), and comments starting with ';' (semicolon). Section + is "" if name=value pair parsed before any section heading. name:value + pairs are also supported as a concession to Python's configparser. + + For each name=value pair parsed, call handler function with given user + pointer as well as section, name, and value (data only valid for duration + of handler call). Handler should return nonzero on success, zero on error. + + Returns 0 on success, line number of first error on parse error (doesn't + stop on first error), -1 on file open error, or -2 on memory allocation + error (only when INI_USE_STACK is zero). +*/ +int ini_parse(const char* filename, ini_handler handler, void* user); + +/* Same as ini_parse(), but takes a FILE* instead of filename. This doesn't + close the file when it's finished -- the caller must do that. */ +int ini_parse_file(FILE* file, ini_handler handler, void* user); + +/* Same as ini_parse(), but takes an ini_reader function pointer instead of + filename. Used for implementing custom or string-based I/O. */ +int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler, + void* user); + +/* Nonzero to allow multi-line value parsing, in the style of Python's + configparser. If allowed, ini_parse() will call the handler with the same + name for each subsequent line parsed. */ +#ifndef INI_ALLOW_MULTILINE +#define INI_ALLOW_MULTILINE 1 +#endif + +/* Nonzero to allow a UTF-8 BOM sequence (0xEF 0xBB 0xBF) at the start of + the file. See http://code.google.com/p/inih/issues/detail?id=21 */ +#ifndef INI_ALLOW_BOM +#define INI_ALLOW_BOM 1 +#endif + +/* Nonzero to allow inline comments (with valid inline comment characters + specified by INI_INLINE_COMMENT_PREFIXES). Set to 0 to turn off and match + Python 3.2+ configparser behaviour. */ +#ifndef INI_ALLOW_INLINE_COMMENTS +#define INI_ALLOW_INLINE_COMMENTS 1 +#endif +#ifndef INI_INLINE_COMMENT_PREFIXES +#define INI_INLINE_COMMENT_PREFIXES ";" +#endif + +/* Nonzero to use stack, zero to use heap (malloc/free). */ +#ifndef INI_USE_STACK +#define INI_USE_STACK 1 +#endif + +/* Stop parsing on first error (default is to keep parsing). */ +#ifndef INI_STOP_ON_FIRST_ERROR +#define INI_STOP_ON_FIRST_ERROR 0 +#endif + +/* Maximum line length for any line in INI file. */ +#ifndef INI_MAX_LINE +#define INI_MAX_LINE 200 +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __INI_H__ */ diff --git a/src/lib/ini.c b/src/lib/ini.c new file mode 100644 index 0000000..27ca85b --- /dev/null +++ b/src/lib/ini.c @@ -0,0 +1,194 @@ +/* inih -- simple .INI file parser + +inih is released under the New BSD license (see LICENSE.txt). Go to the project +home page for more info: + +https://github.com/benhoyt/inih + +*/ + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_WARNINGS) +#define _CRT_SECURE_NO_WARNINGS +#endif + +#include +#include +#include + +#include "ini.h" + +#if !INI_USE_STACK +#include +#endif + +#define MAX_SECTION 50 +#define MAX_NAME 50 + +/* Strip whitespace chars off end of given string, in place. Return s. */ +static char* rstrip(char* s) +{ + char* p = s + strlen(s); + while (p > s && isspace((unsigned char)(*--p))) + *p = '\0'; + return s; +} + +/* Return pointer to first non-whitespace char in given string. */ +static char* lskip(const char* s) +{ + while (*s && isspace((unsigned char)(*s))) + s++; + return (char*)s; +} + +/* Return pointer to first char (of chars) or inline comment in given string, + or pointer to null at end of string if neither found. Inline comment must + be prefixed by a whitespace character to register as a comment. */ +static char* find_chars_or_comment(const char* s, const char* chars) +{ +#if INI_ALLOW_INLINE_COMMENTS + int was_space = 0; + while (*s && (!chars || !strchr(chars, *s)) && + !(was_space && strchr(INI_INLINE_COMMENT_PREFIXES, *s))) { + was_space = isspace((unsigned char)(*s)); + s++; + } +#else + while (*s && (!chars || !strchr(chars, *s))) { + s++; + } +#endif + return (char*)s; +} + +/* Version of strncpy that ensures dest (size bytes) is null-terminated. */ +static char* strncpy0(char* dest, const char* src, size_t size) +{ + strncpy(dest, src, size); + dest[size - 1] = '\0'; + return dest; +} + +/* See documentation in header file. */ +int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler, + void* user) +{ + /* Uses a fair bit of stack (use heap instead if you need to) */ +#if INI_USE_STACK + char line[INI_MAX_LINE]; +#else + char* line; +#endif + char section[MAX_SECTION] = ""; + char prev_name[MAX_NAME] = ""; + + char* start; + char* end; + char* name; + char* value; + int lineno = 0; + int error = 0; + +#if !INI_USE_STACK + line = (char*)malloc(INI_MAX_LINE); + if (!line) { + return -2; + } +#endif + + /* Scan through stream line by line */ + while (reader(line, INI_MAX_LINE, stream) != NULL) { + lineno++; + + start = line; +#if INI_ALLOW_BOM + if (lineno == 1 && (unsigned char)start[0] == 0xEF && + (unsigned char)start[1] == 0xBB && + (unsigned char)start[2] == 0xBF) { + start += 3; + } +#endif + start = lskip(rstrip(start)); + + if (*start == ';' || *start == '#') { + /* Per Python configparser, allow both ; and # comments at the + start of a line */ + } +#if INI_ALLOW_MULTILINE + else if (*prev_name && *start && start > line) { + /* Non-blank line with leading whitespace, treat as continuation + of previous name's value (as per Python configparser). */ + if (!handler(user, section, prev_name, start) && !error) + error = lineno; + } +#endif + else if (*start == '[') { + /* A "[section]" line */ + end = find_chars_or_comment(start + 1, "]"); + if (*end == ']') { + *end = '\0'; + strncpy0(section, start + 1, sizeof(section)); + *prev_name = '\0'; + } + else if (!error) { + /* No ']' found on section line */ + error = lineno; + } + } + else if (*start) { + /* Not a comment, must be a name[=:]value pair */ + end = find_chars_or_comment(start, "=:"); + if (*end == '=' || *end == ':') { + *end = '\0'; + name = rstrip(start); + value = lskip(end + 1); +#if INI_ALLOW_INLINE_COMMENTS + end = find_chars_or_comment(value, NULL); + if (*end) + *end = '\0'; +#endif + rstrip(value); + + /* Valid name[=:]value pair found, call handler */ + strncpy0(prev_name, name, sizeof(prev_name)); + if (!handler(user, section, name, value) && !error) + error = lineno; + } + else if (!error) { + /* No '=' or ':' found on name[=:]value line */ + error = lineno; + } + } + +#if INI_STOP_ON_FIRST_ERROR + if (error) + break; +#endif + } + +#if !INI_USE_STACK + free(line); +#endif + + return error; +} + +/* See documentation in header file. */ +int ini_parse_file(FILE* file, ini_handler handler, void* user) +{ + return ini_parse_stream((ini_reader)fgets, file, handler, user); +} + +/* See documentation in header file. */ +int ini_parse(const char* filename, ini_handler handler, void* user) +{ + FILE* file; + int error; + + file = fopen(filename, "r"); + if (!file) + return -1; + error = ini_parse_file(file, handler, user); + fclose(file); + return error; +} From 950c9fc26ca330b93e256602d60d4d221380462a Mon Sep 17 00:00:00 2001 From: kakwa Date: Fri, 19 Aug 2016 00:04:13 +0200 Subject: [PATCH 2/6] use civetweb --- CMakeLists.txt | 11 ++++--- cmake/Findlibasyncd.cmake | 7 ----- cmake/Findlibcivetweb.cmake | 7 +++++ src/lib/rfc3161.c | 61 +++++++++++++++++++++++++++++-------- 4 files changed, 62 insertions(+), 24 deletions(-) delete mode 100755 cmake/Findlibasyncd.cmake create mode 100755 cmake/Findlibcivetweb.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt index 6412708..2de104a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -12,9 +12,9 @@ set(CMAKE_C_FLAGS "${CMAKE_CXX_FLAGS} -DUTS_VERSION='\"${VERSION}\"'") set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/") -find_package(libasyncd REQUIRED) -MESSAGE( STATUS "Find Header Directory for libasyncd: " ${LIBASYNCD_INCLUDE_DIR}) -MESSAGE( STATUS "Find Dynamic Library for libasyncd: " ${LIBASYNCD_LIBRARIES}) +find_package(libcivetweb REQUIRED) +MESSAGE( STATUS "Find Header Directory for libcivetweb: " ${LIBCIVETWEB_INCLUDE_DIR}) +MESSAGE( STATUS "Find Dynamic Library for libcivetweb: " ${LIBCIVETWEB_LIBRARIES}) find_package(OpenSSL REQUIRED) MESSAGE( STATUS "OpenSSL include dir: ${OPENSSL_INCLUDE_DIR}") @@ -22,7 +22,7 @@ MESSAGE( STATUS "OpenSSL libraries: ${OPENSSL_LIBRARIES}") include_directories( ./inc/ - ${LIBASYNCD_INCLUDE_DIR} + ${LIBCIVETWEB_INCLUDE_DIR} ${OPENSSL_INCLUDE_DIR} ) @@ -30,10 +30,11 @@ add_executable(uts-server src/cmd/uts-server.c src/lib/rfc3161.c src/lib/utils.c + src/lib/ini.c ) target_link_libraries(uts-server - ${LIBASYNCD_LIBRARIES} + ${LIBCIVETWEB_LIBRARIES} ${OPENSSL_LIBRARIES} ) diff --git a/cmake/Findlibasyncd.cmake b/cmake/Findlibasyncd.cmake deleted file mode 100755 index 44ecdda..0000000 --- a/cmake/Findlibasyncd.cmake +++ /dev/null @@ -1,7 +0,0 @@ -if (NOT LIBASYNCD_LIBRARIES) - find_path(LIBASYNCD_INCLUDE_DIR asyncd.h ${_LIBASYNCD_PATHS} PATH_SUFFIXES include include/asyncd/) -endif () - -if (NOT LIBASYNCD_LIBRARIES) - find_library(LIBASYNCD_LIBRARIES NAMES asyncd ${_LIBASYNCD_PATHS} PATH_SUFFIXES lib) -endif () diff --git a/cmake/Findlibcivetweb.cmake b/cmake/Findlibcivetweb.cmake new file mode 100755 index 0000000..6c5e4f9 --- /dev/null +++ b/cmake/Findlibcivetweb.cmake @@ -0,0 +1,7 @@ +if (NOT LIBCIVETWEB_LIBRARIES) + find_path(LIBCIVETWEB_INCLUDE_DIR civetweb.h ${_LIBCIVETWEB_PATHS} PATH_SUFFIXES include include/civetweb/) +endif () + +if (NOT LIBCIVETWEB_LIBRARIES) + find_library(LIBCIVETWEB_LIBRARIES NAMES civetweb ${_LIBCIVETWEB_PATHS} PATH_SUFFIXES lib) +endif () diff --git a/src/lib/rfc3161.c b/src/lib/rfc3161.c index b89be1d..0ec1e5a 100644 --- a/src/lib/rfc3161.c +++ b/src/lib/rfc3161.c @@ -7,8 +7,9 @@ #include #include #include -#include +#include +/* int ts_http_respond(short event, ad_conn_t *conn, void *userdata) { if (event & AD_EVENT_READ) { if (ad_http_get_status(conn) == AD_HTTP_REQ_DONE) { @@ -28,17 +29,53 @@ int http_default_handler(short event, ad_conn_t *conn, void *userdata) { } return AD_OK; } +*/ + +// This function will be called by civetweb on every new request. +static int begin_request_handler(struct mg_connection *conn) +{ + const struct mg_request_info *request_info = mg_get_request_info(conn); + char content[100]; + + // Prepare the message we're going to send + int content_length = snprintf(content, sizeof(content), + "Hello from civetweb! Remote port: %d", + request_info->remote_port); + + // Send HTTP reply to the client + mg_printf(conn, + "HTTP/1.1 200 OK\r\n" + "Content-Type: text/plain\r\n" + "Content-Length: %d\r\n" // Always set Content-Length + "\r\n" + "%s", + content_length, content); + + // Returning non-zero tells civetweb that our function has replied to + // the client, and civetweb should not send client any more data. + return 1; +} int http_server_start() { - //SSL_load_error_strings(); - //SSL_library_init(); - ad_log_level(AD_LOG_DEBUG); - ad_server_t *server = ad_server_new(); - ad_server_set_option(server, "server.port", "8888"); - //ad_server_set_ssl_ctx(server, - // ad_server_ssl_ctx_create_simple("ssl.cert", "ssl.pkey")); - ad_server_register_hook(server, ad_http_handler, NULL); // HTTP Parser is also a hook. - ad_server_register_hook_on_method(server, "GET", ts_http_respond, NULL); - ad_server_register_hook(server, http_default_handler, NULL); - return ad_server_start(server); + struct mg_context *ctx; + struct mg_callbacks callbacks; + + // List of options. Last element must be NULL. + const char *options[] = {"listening_ports", "8080", NULL}; + + // Prepare callbacks structure. We have only one callback, the rest are NULL. + memset(&callbacks, 0, sizeof(callbacks)); + callbacks.begin_request = begin_request_handler; + + // Start the web server. + ctx = mg_start(&callbacks, NULL, options); + + // Wait until user hits "enter". Server is running in separate thread. + // Navigating to http://localhost:8080 will invoke begin_request_handler(). + getchar(); + + // Stop the server. + mg_stop(ctx); + + return 0; } From 95ffa057a0b702ebcef30f25226eaed53a986152 Mon Sep 17 00:00:00 2001 From: kakwa Date: Fri, 19 Aug 2016 00:05:31 +0200 Subject: [PATCH 3/6] removing unused dirs --- vendor/libasyncd/.keep | 0 vendor/qlibc/.keep | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 vendor/libasyncd/.keep delete mode 100644 vendor/qlibc/.keep diff --git a/vendor/libasyncd/.keep b/vendor/libasyncd/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/vendor/qlibc/.keep b/vendor/qlibc/.keep deleted file mode 100644 index e69de29..0000000 From 2dc9ce9cb32ade16a9b6cec55ab5ac841eca93c9 Mon Sep 17 00:00:00 2001 From: kakwa Date: Fri, 19 Aug 2016 00:09:18 +0200 Subject: [PATCH 4/6] adding civetweb in vendor dir --- vendor/civetweb | 1 + 1 file changed, 1 insertion(+) create mode 160000 vendor/civetweb diff --git a/vendor/civetweb b/vendor/civetweb new file mode 160000 index 0000000..0165351 --- /dev/null +++ b/vendor/civetweb @@ -0,0 +1 @@ +Subproject commit 016535194f6dba8e534b6eec6b9d433e6fb0a9b2 From 768578b8ea44c1ece56879adb4a79fe6f2365714 Mon Sep 17 00:00:00 2001 From: kakwa Date: Mon, 22 Aug 2016 22:26:23 +0200 Subject: [PATCH 5/6] including the glue for timestamping --- src/lib/rfc3161.c | 434 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 382 insertions(+), 52 deletions(-) diff --git a/src/lib/rfc3161.c b/src/lib/rfc3161.c index 0ec1e5a..26ec0e0 100644 --- a/src/lib/rfc3161.c +++ b/src/lib/rfc3161.c @@ -1,81 +1,411 @@ #include #include #include +#include +#include +#include +#include +#include #include #include #include #include #include #include -#include + +/* Name of config entry that defines the OID file. */ +# define ENV_OID_FILE "oid_file" + +static ASN1_OBJECT *txt2obj(const char *oid); +static CONF *load_config_file(const char *configfile); + +/* Reply related functions. */ +static int reply_command(CONF *conf, char *section, char *engine, + char *queryfile, char *passin, char *inkey, + const EVP_MD *md, char *signer, char *chain, + const char *policy, char *in, int token_in, + char *out, int token_out, int text); +static TS_RESP *read_PKCS7(BIO *in_bio); +static TS_RESP *create_response(CONF *conf, const char *section, char *engine, + char *queryfile, char *passin, + char *inkey, const EVP_MD *md, char *signer, + char *chain, const char *policy); +static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); +static ASN1_INTEGER *next_serial(const char *serialfile); +static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); + +# define B_FORMAT_TEXT 0x8000 +# define FORMAT_UNDEF 0 +# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */ +# define FORMAT_ASN1 4 /* ASN.1/DER */ + /* -int ts_http_respond(short event, ad_conn_t *conn, void *userdata) { - if (event & AD_EVENT_READ) { - if (ad_http_get_status(conn) == AD_HTTP_REQ_DONE) { - ad_http_response(conn, 200, "text/html", "Hello World", 11); - return ad_http_is_keepalive_request(conn) ? AD_DONE : AD_CLOSE; - } - } - return AD_OK; -} + int ts_http_respond(short event, ad_conn_t *conn, void *userdata) { + if (event & AD_EVENT_READ) { + if (ad_http_get_status(conn) == AD_HTTP_REQ_DONE) { + ad_http_response(conn, 200, "text/html", "Hello World", 11); + return ad_http_is_keepalive_request(conn) ? AD_DONE : AD_CLOSE; + } + } + return AD_OK; + } + + int http_default_handler(short event, ad_conn_t *conn, void *userdata) { + if (event & AD_EVENT_READ) { + if (ad_http_get_status(conn) == AD_HTTP_REQ_DONE) { + ad_http_response(conn, 501, "text/html", "Not implemented", 15); + return AD_CLOSE; // Close connection. + } + } + return AD_OK; + } + */ -int http_default_handler(short event, ad_conn_t *conn, void *userdata) { - if (event & AD_EVENT_READ) { - if (ad_http_get_status(conn) == AD_HTTP_REQ_DONE) { - ad_http_response(conn, 501, "text/html", "Not implemented", 15); - return AD_CLOSE; // Close connection. - } - } - return AD_OK; -} -*/ // This function will be called by civetweb on every new request. static int begin_request_handler(struct mg_connection *conn) { - const struct mg_request_info *request_info = mg_get_request_info(conn); - char content[100]; + const struct mg_request_info *request_info = mg_get_request_info(conn); + char content[100]; - // Prepare the message we're going to send - int content_length = snprintf(content, sizeof(content), - "Hello from civetweb! Remote port: %d", - request_info->remote_port); + // Prepare the message we're going to send + int content_length = snprintf(content, sizeof(content), + "Hello from civetweb! Remote port: %d", + request_info->remote_port); - // Send HTTP reply to the client - mg_printf(conn, - "HTTP/1.1 200 OK\r\n" - "Content-Type: text/plain\r\n" - "Content-Length: %d\r\n" // Always set Content-Length - "\r\n" - "%s", - content_length, content); + // Send HTTP reply to the client + mg_printf(conn, + "HTTP/1.1 200 OK\r\n" + "Content-Type: text/plain\r\n" + "Content-Length: %d\r\n" // Always set Content-Length + "\r\n" + "%s", + content_length, content); - // Returning non-zero tells civetweb that our function has replied to - // the client, and civetweb should not send client any more data. - return 1; + // Returning non-zero tells civetweb that our function has replied to + // the client, and civetweb should not send client any more data. + return 1; } int http_server_start() { - struct mg_context *ctx; - struct mg_callbacks callbacks; + struct mg_context *ctx; + struct mg_callbacks callbacks; - // List of options. Last element must be NULL. - const char *options[] = {"listening_ports", "8080", NULL}; + // List of options. Last element must be NULL. + const char *options[] = {"listening_ports", "8080", NULL}; - // Prepare callbacks structure. We have only one callback, the rest are NULL. - memset(&callbacks, 0, sizeof(callbacks)); - callbacks.begin_request = begin_request_handler; + // Prepare callbacks structure. We have only one callback, the rest are NULL. + memset(&callbacks, 0, sizeof(callbacks)); + callbacks.begin_request = begin_request_handler; - // Start the web server. - ctx = mg_start(&callbacks, NULL, options); + // Start the web server. + ctx = mg_start(&callbacks, NULL, options); - // Wait until user hits "enter". Server is running in separate thread. - // Navigating to http://localhost:8080 will invoke begin_request_handler(). - getchar(); + // Wait until user hits "enter". Server is running in separate thread. + // Navigating to http://localhost:8080 will invoke begin_request_handler(). + getchar(); - // Stop the server. - mg_stop(ctx); + // Stop the server. + mg_stop(ctx); - return 0; + return 0; +} + +/* + * Configuration file-related function definitions. + */ + +static ASN1_OBJECT *txt2obj(const char *oid) +{ + ASN1_OBJECT *oid_obj = NULL; + + if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL) +// BIO_printf(bio_err, "cannot convert %s to OID\n", oid); + + return oid_obj; +} + +//static CONF *load_config_file(const char *configfile) +//{ +// CONF *conf = app_load_config(configfile); +// +// if (conf != NULL) { +// const char *p; +// +//// BIO_printf(bio_err, "Using configuration from %s\n", configfile); +// p = NCONF_get_string(conf, NULL, ENV_OID_FILE); +// if (p != NULL) { +// BIO *oid_bio = BIO_new_file(p, "r"); +// if (!oid_bio) +// ERR_print_errors(bio_err); +// else { +// OBJ_create_objects(oid_bio); +// BIO_free_all(oid_bio); +// } +// } else +// ERR_clear_error(); +// if (!add_oid_section(conf)) +// ERR_print_errors(bio_err); +// } +// return conf; +//} + +/* + * Reply-related method definitions. + */ + +static int reply_command(CONF *conf, char *section, char *engine, + char *queryfile, char *passin, char *inkey, + const EVP_MD *md, char *signer, char *chain, + const char *policy, char *in, int token_in, + char *out, int token_out, int text) +{ + int ret = 0; + TS_RESP *response = NULL; + BIO *in_bio = NULL; + BIO *query_bio = NULL; + BIO *inkey_bio = NULL; + BIO *signer_bio = NULL; + BIO *out_bio = NULL; + BIO *bio_err; + + if (in != NULL) { + if ((in_bio = BIO_new_file(in, "rb")) == NULL) + goto end; + if (token_in) { + response = read_PKCS7(in_bio); + } else { + response = d2i_TS_RESP_bio(in_bio, NULL); + } + } else { + response = create_response(conf, section, engine, queryfile, + passin, inkey, md, signer, chain, policy); +// if (response) +// BIO_printf(bio_err, "Response has been generated.\n"); +// else +// BIO_printf(bio_err, "Response is not generated.\n"); + } + if (response == NULL) + goto end; + + /* Write response. */ + if (text) { +// if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL) +// goto end; + if (token_out) { + TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); + if (!TS_TST_INFO_print_bio(out_bio, tst_info)) + goto end; + } else { + if (!TS_RESP_print_bio(out_bio, response)) + goto end; + } + } else { +// if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL) +// goto end; + if (token_out) { + PKCS7 *token = TS_RESP_get_token(response); + if (!i2d_PKCS7_bio(out_bio, token)) + goto end; + } else { + if (!i2d_TS_RESP_bio(out_bio, response)) + goto end; + } + } + + ret = 1; + +end: + ERR_print_errors(bio_err); + BIO_free_all(in_bio); + BIO_free_all(query_bio); + BIO_free_all(inkey_bio); + BIO_free_all(signer_bio); + BIO_free_all(out_bio); + TS_RESP_free(response); + return ret; +} + +/* Reads a PKCS7 token and adds default 'granted' status info to it. */ +static TS_RESP *read_PKCS7(BIO *in_bio) +{ + int ret = 0; + PKCS7 *token = NULL; + TS_TST_INFO *tst_info = NULL; + TS_RESP *resp = NULL; + TS_STATUS_INFO *si = NULL; + + if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) + goto end; + if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL) + goto end; + if ((resp = TS_RESP_new()) == NULL) + goto end; + if ((si = TS_STATUS_INFO_new()) == NULL) + goto end; +// if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED)) +// goto end; + if (!TS_RESP_set_status_info(resp, si)) + goto end; + TS_RESP_set_tst_info(resp, token, tst_info); + token = NULL; /* Ownership is lost. */ + tst_info = NULL; /* Ownership is lost. */ + ret = 1; + +end: + PKCS7_free(token); + TS_TST_INFO_free(tst_info); + if (!ret) { + TS_RESP_free(resp); + resp = NULL; + } + TS_STATUS_INFO_free(si); + return resp; +} + +static TS_RESP *create_response(CONF *conf, const char *section, char *engine, + char *queryfile, char *passin, + char *inkey, const EVP_MD *md, char *signer, + char *chain, const char *policy) +{ + int ret = 0; + TS_RESP *response = NULL; + BIO *query_bio = NULL; + TS_RESP_CTX *resp_ctx = NULL; + + if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL) + goto end; + if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL) + goto end; + if ((resp_ctx = TS_RESP_CTX_new()) == NULL) + goto end; + if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) + goto end; +# ifndef OPENSSL_NO_ENGINE + if (!TS_CONF_set_crypto_device(conf, section, engine)) + goto end; +# endif + if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) + goto end; + if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) + goto end; + if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx)) + goto end; + +// if (md) { +// if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md)) +// goto end; +// } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) { +// goto end; +// } + + if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) + goto end; + if (!TS_CONF_set_policies(conf, section, resp_ctx)) + goto end; + if (!TS_CONF_set_digests(conf, section, resp_ctx)) + goto end; + if (!TS_CONF_set_accuracy(conf, section, resp_ctx)) + goto end; + if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx)) + goto end; + if (!TS_CONF_set_ordering(conf, section, resp_ctx)) + goto end; + if (!TS_CONF_set_tsa_name(conf, section, resp_ctx)) + goto end; + if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx)) + goto end; + if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL) + goto end; + ret = 1; + +end: + if (!ret) { + TS_RESP_free(response); + response = NULL; + } + TS_RESP_CTX_free(resp_ctx); + BIO_free_all(query_bio); + return response; +} + +static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data) +{ + const char *serial_file = (const char *)data; + ASN1_INTEGER *serial = next_serial(serial_file); + + if (!serial) { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Error during serial number " + "generation."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE); + } else + save_ts_serial(serial_file, serial); + + return serial; +} + +static ASN1_INTEGER *next_serial(const char *serialfile) +{ + int ret = 0; + BIO *in = NULL; + ASN1_INTEGER *serial = NULL; + BIGNUM *bn = NULL; + + if ((serial = ASN1_INTEGER_new()) == NULL) + goto err; + + if ((in = BIO_new_file(serialfile, "r")) == NULL) { + ERR_clear_error(); +// BIO_printf(bio_err, "Warning: could not open file %s for " +// "reading, using serial number: 1\n", serialfile); + if (!ASN1_INTEGER_set(serial, 1)) + goto err; + } else { + char buf[1024]; + if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) { +// BIO_printf(bio_err, "unable to load number from %s\n", +// serialfile); + goto err; + } + if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL) + goto err; + ASN1_INTEGER_free(serial); + serial = NULL; + if (!BN_add_word(bn, 1)) + goto err; + if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) + goto err; + } + ret = 1; + +err: + if (!ret) { + ASN1_INTEGER_free(serial); + serial = NULL; + } + BIO_free_all(in); + BN_free(bn); + return serial; +} + +static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial) +{ + int ret = 0; + BIO *out = NULL; + + if ((out = BIO_new_file(serialfile, "w")) == NULL) + goto err; + if (i2a_ASN1_INTEGER(out, serial) <= 0) + goto err; + if (BIO_puts(out, "\n") <= 0) + goto err; + ret = 1; +err: + if (!ret) +// BIO_printf(bio_err, "could not save serial number to %s\n", +// serialfile); + BIO_free_all(out); + return ret; } From 19c39b1a0fb9984845066f70984d7f815545bfa9 Mon Sep 17 00:00:00 2001 From: kakwa Date: Mon, 22 Aug 2016 22:28:06 +0200 Subject: [PATCH 6/6] adding copyright notice --- src/lib/rfc3161.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/rfc3161.c b/src/lib/rfc3161.c index 26ec0e0..01ad774 100644 --- a/src/lib/rfc3161.c +++ b/src/lib/rfc3161.c @@ -1,3 +1,8 @@ +/* + * "This product includes software developed by the OpenSSL Project + * * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + */ + #include #include #include