mirror of
https://github.com/kakwa/uts-server
synced 2024-12-04 23:15:54 +01:00
dl for the signer cert + fix example + css tweaks
* add a DL button + serve the signer certificate file (the one used to timestamp) * fix the verification instruction (add -untrusted tsa_cert.pem) * few CSS tweaks to improve page layout
This commit is contained in:
parent
bd0a32221c
commit
dd19915c91
@ -1,7 +1,7 @@
|
|||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<title></title>
|
<title>uts-server</title>
|
||||||
<meta name="author" content="Pierre-Francois Carpentier">
|
<meta name="author" content="Pierre-Francois Carpentier">
|
||||||
<meta name="description" content="uts-server">
|
<meta name="description" content="uts-server">
|
||||||
<style>
|
<style>
|
||||||
@ -23,7 +23,7 @@ body {
|
|||||||
border: 2px solid #000000;
|
border: 2px solid #000000;
|
||||||
margin: 20px;
|
margin: 20px;
|
||||||
padding: 10px;
|
padding: 10px;
|
||||||
width: 80%;
|
width: 90%;
|
||||||
background: #404040;
|
background: #404040;
|
||||||
color: #e6e6e6;
|
color: #e6e6e6;
|
||||||
margin-left: auto;
|
margin-left: auto;
|
||||||
@ -42,13 +42,18 @@ body {
|
|||||||
border-radius: 2px;
|
border-radius: 2px;
|
||||||
padding: 10px 24px;
|
padding: 10px 24px;
|
||||||
margin: 0 auto;
|
margin: 0 auto;
|
||||||
display: block;
|
display: inline;
|
||||||
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
|
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
|
||||||
|
margin: 0 auto;
|
||||||
}
|
}
|
||||||
.desc {
|
.desc {
|
||||||
text-decoration: underline;
|
text-decoration: underline;
|
||||||
text-align: center;
|
text-align: center;
|
||||||
font-size: 20px;
|
font-size: 20px;
|
||||||
|
margin-top: 20px
|
||||||
|
}
|
||||||
|
.center {
|
||||||
|
text-align: center;
|
||||||
}
|
}
|
||||||
.footer {
|
.footer {
|
||||||
position: fixed;
|
position: fixed;
|
||||||
@ -63,7 +68,6 @@ body {
|
|||||||
.var {
|
.var {
|
||||||
color: #99ccff;
|
color: #99ccff;
|
||||||
}
|
}
|
||||||
<span class="var">January 30, 2011</span>
|
|
||||||
</style>
|
</style>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
@ -75,15 +79,18 @@ body {
|
|||||||
(setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables):
|
(setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables):
|
||||||
<div class="code">
|
<div class="code">
|
||||||
openssl ts -query -data "<span class="var">$FILE</span>" -out "ts_req.ts";<br/>
|
openssl ts -query -data "<span class="var">$FILE</span>" -out "ts_req.ts";<br/>
|
||||||
curl "<span class="var">$UTS_SERVER_URL</span>" -H "Content-Type: application/timestamp-query" \<br/>
|
curl "<span class="var">$UTS_SERVER_URL</span>" \<br/>
|
||||||
-f -g --data-binary "@ts_req.ts" -o "<span class="var">$FILE_TIMESTAMP</span>"
|
-H "Content-Type: application/timestamp-query" \<br/>
|
||||||
|
-f -g --data-binary "@ts_req.ts" -o "<span class="var">$FILE_TIMESTAMP</span>"
|
||||||
</div>
|
</div>
|
||||||
For verifying the timestamp with OpenSSL, download the CA, and run the following command:
|
For verifying the timestamp with OpenSSL, download the CA and the signer cert, and run the following command:
|
||||||
<div class="code">
|
<div class="code">
|
||||||
openssl ts -verify -in "<span class="var">$FILE_TIMESTAMP</span>" -data "<span class="var">$FILE</span>" -CAfile ca.pem
|
openssl ts -verify -in "<span class="var">$FILE_TIMESTAMP</span>" \<br/>
|
||||||
|
-data "<span class="var">$FILE</span>" -CAfile ca.pem -untrusted tsa_cert.pem
|
||||||
</div>
|
</div>
|
||||||
<div class="centered">
|
<div class="center">
|
||||||
<a href="/ca.pem" download><button class="button">Dowload CA file</button></a>
|
<a href="./ca.pem" download><button class="button">Dowload CA file</button></a>
|
||||||
|
<a href="./tsa_cert.pem" download><button class="button">Dowload tsa cert file</button></a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="footer">
|
<div class="footer">
|
||||||
|
@ -47,6 +47,7 @@ typedef struct {
|
|||||||
CONF *conf;
|
CONF *conf;
|
||||||
char *cust_conf[20];
|
char *cust_conf[20];
|
||||||
char *ca_file;
|
char *ca_file;
|
||||||
|
char *cert_file;
|
||||||
} rfc3161_context;
|
} rfc3161_context;
|
||||||
|
|
||||||
// definition of structure to describe
|
// definition of structure to describe
|
||||||
|
38
inc/http.h
38
inc/http.h
@ -10,12 +10,12 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
|
|||||||
#define STATIC_PAGE \
|
#define STATIC_PAGE \
|
||||||
"HTTP/1.1 200 OK\r\n" \
|
"HTTP/1.1 200 OK\r\n" \
|
||||||
"Content-Type: text/html\r\n" \
|
"Content-Type: text/html\r\n" \
|
||||||
"Content-Length: 2509\r\n" \
|
"Content-Length: 2774\r\n" \
|
||||||
"\r\n" \
|
"\r\n" \
|
||||||
"<html>" \
|
"<html>" \
|
||||||
"<head>" \
|
"<head>" \
|
||||||
" <meta charset=\"utf-8\">" \
|
" <meta charset=\"utf-8\">" \
|
||||||
" <title></title>" \
|
" <title>uts-server</title>" \
|
||||||
" <meta name=\"author\" content=\"Pierre-Francois Carpentier\">" \
|
" <meta name=\"author\" content=\"Pierre-Francois Carpentier\">" \
|
||||||
" <meta name=\"description\" content=\"uts-server\">" \
|
" <meta name=\"description\" content=\"uts-server\">" \
|
||||||
"<style>" \
|
"<style>" \
|
||||||
@ -38,7 +38,7 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
|
|||||||
" border: 2px solid #000000;" \
|
" border: 2px solid #000000;" \
|
||||||
" margin: 20px;" \
|
" margin: 20px;" \
|
||||||
" padding: 10px;" \
|
" padding: 10px;" \
|
||||||
" width: 80%;" \
|
" width: 90%;" \
|
||||||
" background: #404040;" \
|
" background: #404040;" \
|
||||||
" color: #e6e6e6;" \
|
" color: #e6e6e6;" \
|
||||||
" margin-left: auto;" \
|
" margin-left: auto;" \
|
||||||
@ -57,14 +57,19 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
|
|||||||
" border-radius: 2px;" \
|
" border-radius: 2px;" \
|
||||||
" padding: 10px 24px;" \
|
" padding: 10px 24px;" \
|
||||||
" margin: 0 auto;" \
|
" margin: 0 auto;" \
|
||||||
" display: block;" \
|
" display: inline;" \
|
||||||
" box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, " \
|
" box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, " \
|
||||||
"0, 0.19);" \
|
"0, 0.19);" \
|
||||||
|
" margin: 0 auto;" \
|
||||||
"}" \
|
"}" \
|
||||||
".desc {" \
|
".desc {" \
|
||||||
" text-decoration: underline;" \
|
" text-decoration: underline;" \
|
||||||
" text-align: center;" \
|
" text-align: center;" \
|
||||||
" font-size: 20px;" \
|
" font-size: 20px;" \
|
||||||
|
" margin-top: 20px" \
|
||||||
|
"}" \
|
||||||
|
".center {" \
|
||||||
|
" text-align: center;" \
|
||||||
"}" \
|
"}" \
|
||||||
".footer {" \
|
".footer {" \
|
||||||
" position: fixed;" \
|
" position: fixed;" \
|
||||||
@ -79,7 +84,6 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
|
|||||||
".var {" \
|
".var {" \
|
||||||
" color: #99ccff;" \
|
" color: #99ccff;" \
|
||||||
"}" \
|
"}" \
|
||||||
"<span class=\"var\">January 30, 2011</span>" \
|
|
||||||
"</style>" \
|
"</style>" \
|
||||||
"</head>" \
|
"</head>" \
|
||||||
"<body>" \
|
"<body>" \
|
||||||
@ -93,21 +97,25 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
|
|||||||
" <div class=\"code\">" \
|
" <div class=\"code\">" \
|
||||||
" openssl ts -query -data \"<span class=\"var\">$FILE</span>\" -out " \
|
" openssl ts -query -data \"<span class=\"var\">$FILE</span>\" -out " \
|
||||||
"\"ts_req.ts\";<br/>" \
|
"\"ts_req.ts\";<br/>" \
|
||||||
" curl \"<span class=\"var\">$UTS_SERVER_URL</span>\" -H " \
|
" curl \"<span class=\"var\">$UTS_SERVER_URL</span>\" \\<br/>" \
|
||||||
"\"Content-Type: application/timestamp-query\" \\<br/>" \
|
" -H \"Content-Type: " \
|
||||||
" -f -g --data-binary \"@ts_req.ts\" -o \"<span " \
|
"application/timestamp-query\" \\<br/>" \
|
||||||
"class=\"var\">$FILE_TIMESTAMP</span>\"" \
|
" -f -g --data-binary \"@ts_req.ts\" -o " \
|
||||||
|
"\"<span class=\"var\">$FILE_TIMESTAMP</span>\"" \
|
||||||
" </div>" \
|
" </div>" \
|
||||||
" For verifying the timestamp with OpenSSL, download the CA, and run " \
|
" For verifying the timestamp with OpenSSL, download the CA and the " \
|
||||||
"the following command:" \
|
"signer cert, and run the following command:" \
|
||||||
" <div class=\"code\">" \
|
" <div class=\"code\">" \
|
||||||
" openssl ts -verify -in \"<span " \
|
" openssl ts -verify -in \"<span " \
|
||||||
"class=\"var\">$FILE_TIMESTAMP</span>\" -data \"<span " \
|
"class=\"var\">$FILE_TIMESTAMP</span>\" \\<br/>" \
|
||||||
"class=\"var\">$FILE</span>\" -CAfile ca.pem" \
|
" -data \"<span class=\"var\">$FILE</span>\" " \
|
||||||
|
"-CAfile ca.pem -untrusted tsa_cert.pem" \
|
||||||
" </div>" \
|
" </div>" \
|
||||||
" <div class=\"centered\">" \
|
" <div class=\"center\">" \
|
||||||
" <a href=\"/ca.pem\" download><button class=\"button\">Dowload CA " \
|
" <a href=\"./ca.pem\" download><button class=\"button\">Dowload CA " \
|
||||||
"file</button></a>" \
|
"file</button></a>" \
|
||||||
|
" <a href=\"./tsa_cert.pem\" download><button " \
|
||||||
|
"class=\"button\">Dowload tsa cert file</button></a>" \
|
||||||
" </div>" \
|
" </div>" \
|
||||||
"</div>" \
|
"</div>" \
|
||||||
"<div class=\"footer\">" \
|
"<div class=\"footer\">" \
|
||||||
|
@ -218,7 +218,8 @@ int ca_serve_handler(struct mg_connection *conn, void *context) {
|
|||||||
rfc3161_context *ct = (rfc3161_context *)context;
|
rfc3161_context *ct = (rfc3161_context *)context;
|
||||||
const char *filename = ct->ca_file;
|
const char *filename = ct->ca_file;
|
||||||
if (strlen(filename) == 0) {
|
if (strlen(filename) == 0) {
|
||||||
uts_logger(context, LOG_NOTICE, "'certs' param in '[ tsa ]' section not filed");
|
uts_logger(context, LOG_NOTICE,
|
||||||
|
"'certs' param in '[ tsa ]' section not filed");
|
||||||
mg_send_http_error(conn, 404, "CA file not available");
|
mg_send_http_error(conn, 404, "CA file not available");
|
||||||
diff = clock() - start;
|
diff = clock() - start;
|
||||||
log_request(request_info, "CA_DL ", ct, 404,
|
log_request(request_info, "CA_DL ", ct, 404,
|
||||||
@ -242,6 +243,39 @@ int ca_serve_handler(struct mg_connection *conn, void *context) {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int cert_serve_handler(struct mg_connection *conn, void *context) {
|
||||||
|
/* In this handler, we ignore the req_info and send the file "filename". */
|
||||||
|
const struct mg_request_info *request_info = mg_get_request_info(conn);
|
||||||
|
clock_t start = clock(), diff;
|
||||||
|
rfc3161_context *ct = (rfc3161_context *)context;
|
||||||
|
const char *filename = ct->cert_file;
|
||||||
|
if (strlen(filename) == 0) {
|
||||||
|
uts_logger(context, LOG_NOTICE,
|
||||||
|
"'signer_cert' param in '[ tsa ]' section not filed");
|
||||||
|
mg_send_http_error(conn, 404, "CA file not available");
|
||||||
|
diff = clock() - start;
|
||||||
|
log_request(request_info, "CERT_DL", ct, 404,
|
||||||
|
(diff * 1000000 / CLOCKS_PER_SEC));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if (access(filename, F_OK) != -1) {
|
||||||
|
mg_send_file(conn, filename);
|
||||||
|
const struct mg_response_info *ri = mg_get_response_info(conn);
|
||||||
|
diff = clock() - start;
|
||||||
|
log_request(request_info, "CERT_DL", ct, 200,
|
||||||
|
(diff * 1000000 / CLOCKS_PER_SEC));
|
||||||
|
|
||||||
|
} else {
|
||||||
|
uts_logger(context, LOG_NOTICE,
|
||||||
|
"signer certificate file '%s' not available", filename);
|
||||||
|
mg_send_http_error(conn, 404, "CA file not available");
|
||||||
|
diff = clock() - start;
|
||||||
|
log_request(request_info, "CERT_DL", ct, 404,
|
||||||
|
(diff * 1000000 / CLOCKS_PER_SEC));
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
|
int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
|
||||||
struct mg_context *ctx;
|
struct mg_context *ctx;
|
||||||
struct mg_callbacks callbacks;
|
struct mg_callbacks callbacks;
|
||||||
@ -269,6 +303,8 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
|
|||||||
if (ctx != NULL) {
|
if (ctx != NULL) {
|
||||||
mg_set_request_handler(ctx, "/", rfc3161_handler, (void *)ct);
|
mg_set_request_handler(ctx, "/", rfc3161_handler, (void *)ct);
|
||||||
mg_set_request_handler(ctx, "/ca.pem", ca_serve_handler, (void *)ct);
|
mg_set_request_handler(ctx, "/ca.pem", ca_serve_handler, (void *)ct);
|
||||||
|
mg_set_request_handler(ctx, "/tsa_cert.pem", cert_serve_handler,
|
||||||
|
(void *)ct);
|
||||||
|
|
||||||
// Wait until some signals are received
|
// Wait until some signals are received
|
||||||
while (g_uts_sig == 0) {
|
while (g_uts_sig == 0) {
|
||||||
|
@ -390,6 +390,10 @@ int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd) {
|
|||||||
|
|
||||||
ct->ca_file = calloc(PATH_MAX, sizeof(char));
|
ct->ca_file = calloc(PATH_MAX, sizeof(char));
|
||||||
realpath(NCONF_get_string(ct->conf, TSA_SECTION, "certs"), ct->ca_file);
|
realpath(NCONF_get_string(ct->conf, TSA_SECTION, "certs"), ct->ca_file);
|
||||||
|
ct->cert_file = calloc(PATH_MAX, sizeof(char));
|
||||||
|
realpath(NCONF_get_string(ct->conf, TSA_SECTION, "signer_cert"),
|
||||||
|
ct->cert_file);
|
||||||
|
|
||||||
// like any good daemon, return to '/' once the configuration is loaded
|
// like any good daemon, return to '/' once the configuration is loaded
|
||||||
chdir("/");
|
chdir("/");
|
||||||
return ret;
|
return ret;
|
||||||
@ -409,6 +413,7 @@ void free_uts_context(rfc3161_context *ct) {
|
|||||||
}
|
}
|
||||||
free(ct->ts_ctx_pool);
|
free(ct->ts_ctx_pool);
|
||||||
free(ct->ca_file);
|
free(ct->ca_file);
|
||||||
|
free(ct->cert_file);
|
||||||
NCONF_free(ct->conf);
|
NCONF_free(ct->conf);
|
||||||
free(ct);
|
free(ct);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user