security-and-privacy/uts-server
security-and-privacy/uts-server
1
0
Fork 0
mirror of https://github.com/kakwa/uts-server synced 2024-12-04 15:05:54 +01:00
Code Issues Releases Wiki Activity

dl for the signer cert + fix example + css tweaks

Browse Source 
* add a DL button + serve the signer certificate file (the one used to
timestamp)
* fix the verification instruction (add -untrusted tsa_cert.pem)
* few CSS tweaks to improve page layout
This commit is contained in:
Pierre-Francois Carpentier 2019-04-12 14:26:21 +02:00
parent bd0a32221c
commit dd19915c91
5 changed files with 102 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
goodies/index.html
View File

@ -1,7 +1,7 @@
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<title></title> <title>uts-server</title>
<meta name="author" content="Pierre-Francois Carpentier"> <meta name="author" content="Pierre-Francois Carpentier">
<meta name="description" content="uts-server"> <meta name="description" content="uts-server">
<style> <style>
@ -23,7 +23,7 @@ body {
border: 2px solid #000000; border: 2px solid #000000;
margin: 20px; margin: 20px;
padding: 10px; padding: 10px;
width: 80%; width: 90%;
background: #404040; background: #404040;
color: #e6e6e6; color: #e6e6e6;
margin-left: auto; margin-left: auto;
@ -42,13 +42,18 @@ body {
border-radius: 2px; border-radius: 2px;
padding: 10px 24px; padding: 10px 24px;
margin: 0 auto; margin: 0 auto;
display: block; display: inline;
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19); box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
margin: 0 auto;
} }
.desc { .desc {
text-decoration: underline; text-decoration: underline;
text-align: center; text-align: center;
font-size: 20px; font-size: 20px;
margin-top: 20px
}
.center {
text-align: center;
} }
.footer { .footer {
position: fixed; position: fixed;
@ -63,7 +68,6 @@ body {
.var { .var {
color: #99ccff; color: #99ccff;
} }
<span class="var">January 30, 2011</span>
</style> </style>
</head> </head>
<body> <body>
@ -71,20 +75,23 @@ body {
uts-server, a simple RFC 3161 timestamp server uts-server, a simple RFC 3161 timestamp server
</div> </div>
<div class="rcorners"> <div class="rcorners">
For timestamping a file with OpenSSL and curl, run the following commands For timestamping a file with OpenSSL and curl, run the following commands
(setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables): (setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables):
<div class="code"> <div class="code">
openssl ts -query -data "<span class="var">$FILE</span>" -out "ts_req.ts";<br/> openssl ts -query -data "<span class="var">$FILE</span>" -out "ts_req.ts";<br/>
curl "<span class="var">$UTS_SERVER_URL</span>" -H "Content-Type: application/timestamp-query" \<br/> curl "<span class="var">$UTS_SERVER_URL</span>" \<br/>
-f -g --data-binary "@ts_req.ts" -o "<span class="var">$FILE_TIMESTAMP</span>" &nbsp;&nbsp;&nbsp;&nbsp; -H "Content-Type: application/timestamp-query" \<br/>
</div> &nbsp;&nbsp;&nbsp;&nbsp; -f -g --data-binary "@ts_req.ts" -o "<span class="var">$FILE_TIMESTAMP</span>"
For verifying the timestamp with OpenSSL, download the CA, and run the following command: </div>
<div class="code"> For verifying the timestamp with OpenSSL, download the CA and the signer cert, and run the following command:
openssl ts -verify -in "<span class="var">$FILE_TIMESTAMP</span>" -data "<span class="var">$FILE</span>" -CAfile ca.pem <div class="code">
</div> openssl ts -verify -in "<span class="var">$FILE_TIMESTAMP</span>" \<br/>
<div class="centered"> &nbsp;&nbsp;&nbsp;&nbsp; -data "<span class="var">$FILE</span>" -CAfile ca.pem -untrusted tsa_cert.pem
<a href="/ca.pem" download><button class="button">Dowload CA file</button></a> </div>
</div> <div class="center">
<a href="./ca.pem" download><button class="button">Dowload CA file</button></a>
<a href="./tsa_cert.pem" download><button class="button">Dowload tsa cert file</button></a>
</div>
</div> </div>
<div class="footer"> <div class="footer">
<div class="container"> <div class="container">

1
inc/context.h
View File

@ -47,6 +47,7 @@ typedef struct {
CONF *conf; CONF *conf;
char *cust_conf[20]; char *cust_conf[20];
char *ca_file; char *ca_file;
char *cert_file;
} rfc3161_context; } rfc3161_context;
// definition of structure to describe // definition of structure to describe

56
inc/http.h
View File

@ -10,12 +10,12 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
#define STATIC_PAGE \ #define STATIC_PAGE \
"HTTP/1.1 200 OK\r\n" \ "HTTP/1.1 200 OK\r\n" \
"Content-Type: text/html\r\n" \ "Content-Type: text/html\r\n" \
"Content-Length: 2509\r\n" \ "Content-Length: 2774\r\n" \
"\r\n" \ "\r\n" \
"<html>" \ "<html>" \
"<head>" \ "<head>" \
" <meta charset=\"utf-8\">" \ " <meta charset=\"utf-8\">" \
" <title></title>" \ " <title>uts-server</title>" \
" <meta name=\"author\" content=\"Pierre-Francois Carpentier\">" \ " <meta name=\"author\" content=\"Pierre-Francois Carpentier\">" \
" <meta name=\"description\" content=\"uts-server\">" \ " <meta name=\"description\" content=\"uts-server\">" \
"<style>" \ "<style>" \
@ -38,7 +38,7 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
" border: 2px solid #000000;" \ " border: 2px solid #000000;" \
" margin: 20px;" \ " margin: 20px;" \
" padding: 10px;" \ " padding: 10px;" \
" width: 80%;" \ " width: 90%;" \
" background: #404040;" \ " background: #404040;" \
" color: #e6e6e6;" \ " color: #e6e6e6;" \
" margin-left: auto;" \ " margin-left: auto;" \
@ -57,14 +57,19 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
" border-radius: 2px;" \ " border-radius: 2px;" \
" padding: 10px 24px;" \ " padding: 10px 24px;" \
" margin: 0 auto;" \ " margin: 0 auto;" \
" display: block;" \ " display: inline;" \
" box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, " \ " box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, " \
"0, 0.19);" \ "0, 0.19);" \
" margin: 0 auto;" \
"}" \ "}" \
".desc {" \ ".desc {" \
" text-decoration: underline;" \ " text-decoration: underline;" \
" text-align: center;" \ " text-align: center;" \
" font-size: 20px;" \ " font-size: 20px;" \
" margin-top: 20px" \
"}" \
".center {" \
" text-align: center;" \
"}" \ "}" \
".footer {" \ ".footer {" \
" position: fixed;" \ " position: fixed;" \
@ -79,7 +84,6 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
".var {" \ ".var {" \
" color: #99ccff;" \ " color: #99ccff;" \
"}" \ "}" \
"<span class=\"var\">January 30, 2011</span>" \
"</style>" \ "</style>" \
"</head>" \ "</head>" \
"<body>" \ "<body>" \
@ -87,28 +91,32 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
" uts-server, a simple RFC 3161 timestamp server" \ " uts-server, a simple RFC 3161 timestamp server" \
"</div>" \ "</div>" \
"<div class=\"rcorners\">" \ "<div class=\"rcorners\">" \
" For timestamping a file with OpenSSL and curl, run the following " \ " For timestamping a file with OpenSSL and curl, run the following " \
"commands" \ "commands" \
" (setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables):" \ " (setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables):" \
" <div class=\"code\">" \ " <div class=\"code\">" \
" openssl ts -query -data \"<span class=\"var\">$FILE</span>\" -out " \ " openssl ts -query -data \"<span class=\"var\">$FILE</span>\" -out " \
"\"ts_req.ts\";<br/>" \ "\"ts_req.ts\";<br/>" \
" curl \"<span class=\"var\">$UTS_SERVER_URL</span>\" -H " \ " curl \"<span class=\"var\">$UTS_SERVER_URL</span>\" \\<br/>" \
"\"Content-Type: application/timestamp-query\" \\<br/>" \ " &nbsp;&nbsp;&nbsp;&nbsp; -H \"Content-Type: " \
" -f -g --data-binary \"@ts_req.ts\" -o \"<span " \ "application/timestamp-query\" \\<br/>" \
"class=\"var\">$FILE_TIMESTAMP</span>\"" \ " &nbsp;&nbsp;&nbsp;&nbsp; -f -g --data-binary \"@ts_req.ts\" -o " \
" </div>" \ "\"<span class=\"var\">$FILE_TIMESTAMP</span>\"" \
" For verifying the timestamp with OpenSSL, download the CA, and run " \ " </div>" \
"the following command:" \ " For verifying the timestamp with OpenSSL, download the CA and the " \
" <div class=\"code\">" \ "signer cert, and run the following command:" \
" openssl ts -verify -in \"<span " \ " <div class=\"code\">" \
"class=\"var\">$FILE_TIMESTAMP</span>\" -data \"<span " \ " openssl ts -verify -in \"<span " \
"class=\"var\">$FILE</span>\" -CAfile ca.pem" \ "class=\"var\">$FILE_TIMESTAMP</span>\" \\<br/>" \
" </div>" \ " &nbsp;&nbsp;&nbsp;&nbsp; -data \"<span class=\"var\">$FILE</span>\" " \
" <div class=\"centered\">" \ "-CAfile ca.pem -untrusted tsa_cert.pem" \
" <a href=\"/ca.pem\" download><button class=\"button\">Dowload CA " \ " </div>" \
" <div class=\"center\">" \
" <a href=\"./ca.pem\" download><button class=\"button\">Dowload CA " \
"file</button></a>" \ "file</button></a>" \
" </div>" \ " <a href=\"./tsa_cert.pem\" download><button " \
"class=\"button\">Dowload tsa cert file</button></a>" \
" </div>" \
"</div>" \ "</div>" \
"<div class=\"footer\">" \ "<div class=\"footer\">" \
" <div class=\"container\">" \ " <div class=\"container\">" \

42
src/lib/http.c
View File

@ -217,13 +217,14 @@ int ca_serve_handler(struct mg_connection *conn, void *context) {
clock_t start = clock(), diff; clock_t start = clock(), diff;
rfc3161_context *ct = (rfc3161_context *)context; rfc3161_context *ct = (rfc3161_context *)context;
const char *filename = ct->ca_file; const char *filename = ct->ca_file;
if (strlen(filename) == 0){ if (strlen(filename) == 0) {
uts_logger(context, LOG_NOTICE, "'certs' param in '[ tsa ]' section not filed"); uts_logger(context, LOG_NOTICE,
"'certs' param in '[ tsa ]' section not filed");
mg_send_http_error(conn, 404, "CA file not available"); mg_send_http_error(conn, 404, "CA file not available");
diff = clock() - start; diff = clock() - start;
log_request(request_info, "CA_DL ", ct, 404, log_request(request_info, "CA_DL ", ct, 404,
(diff * 1000000 / CLOCKS_PER_SEC)); (diff * 1000000 / CLOCKS_PER_SEC));
return 1; return 1;
} }
if (access(filename, F_OK) != -1) { if (access(filename, F_OK) != -1) {
mg_send_file(conn, filename); mg_send_file(conn, filename);
@ -242,6 +243,39 @@ int ca_serve_handler(struct mg_connection *conn, void *context) {
return 1; return 1;
} }
int cert_serve_handler(struct mg_connection *conn, void *context) {
/* In this handler, we ignore the req_info and send the file "filename". */
const struct mg_request_info *request_info = mg_get_request_info(conn);
clock_t start = clock(), diff;
rfc3161_context *ct = (rfc3161_context *)context;
const char *filename = ct->cert_file;
if (strlen(filename) == 0) {
uts_logger(context, LOG_NOTICE,
"'signer_cert' param in '[ tsa ]' section not filed");
mg_send_http_error(conn, 404, "CA file not available");
diff = clock() - start;
log_request(request_info, "CERT_DL", ct, 404,
(diff * 1000000 / CLOCKS_PER_SEC));
return 1;
}
if (access(filename, F_OK) != -1) {
mg_send_file(conn, filename);
const struct mg_response_info *ri = mg_get_response_info(conn);
diff = clock() - start;
log_request(request_info, "CERT_DL", ct, 200,
(diff * 1000000 / CLOCKS_PER_SEC));
} else {
uts_logger(context, LOG_NOTICE,
"signer certificate file '%s' not available", filename);
mg_send_http_error(conn, 404, "CA file not available");
diff = clock() - start;
log_request(request_info, "CERT_DL", ct, 404,
(diff * 1000000 / CLOCKS_PER_SEC));
}
return 1;
}
int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) { int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
struct mg_context *ctx; struct mg_context *ctx;
struct mg_callbacks callbacks; struct mg_callbacks callbacks;
@ -269,6 +303,8 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
if (ctx != NULL) { if (ctx != NULL) {
mg_set_request_handler(ctx, "/", rfc3161_handler, (void *)ct); mg_set_request_handler(ctx, "/", rfc3161_handler, (void *)ct);
mg_set_request_handler(ctx, "/ca.pem", ca_serve_handler, (void *)ct); mg_set_request_handler(ctx, "/ca.pem", ca_serve_handler, (void *)ct);
mg_set_request_handler(ctx, "/tsa_cert.pem", cert_serve_handler,
(void *)ct);
// Wait until some signals are received // Wait until some signals are received
while (g_uts_sig == 0) { while (g_uts_sig == 0) {

5
src/lib/utils.c
View File

@ -390,6 +390,10 @@ int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd) {
ct->ca_file = calloc(PATH_MAX, sizeof(char)); ct->ca_file = calloc(PATH_MAX, sizeof(char));
realpath(NCONF_get_string(ct->conf, TSA_SECTION, "certs"), ct->ca_file); realpath(NCONF_get_string(ct->conf, TSA_SECTION, "certs"), ct->ca_file);
ct->cert_file = calloc(PATH_MAX, sizeof(char));
realpath(NCONF_get_string(ct->conf, TSA_SECTION, "signer_cert"),
ct->cert_file);
// like any good daemon, return to '/' once the configuration is loaded // like any good daemon, return to '/' once the configuration is loaded
chdir("/"); chdir("/");
return ret; return ret;
@ -409,6 +413,7 @@ void free_uts_context(rfc3161_context *ct) {
} }
free(ct->ts_ctx_pool); free(ct->ts_ctx_pool);
free(ct->ca_file); free(ct->ca_file);
free(ct->cert_file);
NCONF_free(ct->conf); NCONF_free(ct->conf);
free(ct); free(ct);
} }