ETM-Schurig/powersync-core
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move certificategerneator to a separate file

Browse Source
This commit is contained in:
Michael Zanetti 2017-09-06 14:23:18 +02:00
parent e4cb51bf8e
commit 807c2bc385
5 changed files with 154 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
server/certificategenerator.cpp Normal file
View File

@ -0,0 +1,113 @@
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
* Copyright (C) 2017 Michael Zanetti <michael.zanetti@guh.io> *
* *
* This file is part of guh. *
* *
* Guh is free software: you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation, version 2 of the License. *
* *
* Guh is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with guh. If not, see <http://www.gnu.org/licenses/>. *
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
#include "certificategenerator.h"
#include "openssl/ssl.h"
#include <QRegExp>
#include <QFileInfo>
#include <QDir>
#include <QUuid>
#include <QDebug>
namespace guhserver {
void CertificateGenerator::generate(const QString &certificateFilename, const QString &keyFilename)
{
EVP_PKEY * pkey = nullptr;
RSA * rsa = nullptr;
X509 * x509 = nullptr;
X509_NAME * name = nullptr;
BIO * bp_public = nullptr, * bp_private = nullptr;
const char * buffer = nullptr;
long size;
pkey = EVP_PKEY_new();
q_check_ptr(pkey);
rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr);
q_check_ptr(rsa);
EVP_PKEY_assign_RSA(pkey, rsa);
x509 = X509_new();
q_check_ptr(x509);
// Randomize serial number in case a previous one is stuck in a browser (Chromium
// completely rejects reused serial numbers and doesn't even allow to bypass it by an exception)
qsrand(QUuid::createUuid().toString().remove(QRegExp("[a-zA-Z{}-]")).left(5).toInt());
ASN1_INTEGER_set(X509_get_serialNumber(x509), qrand());
X509_gmtime_adj(X509_get_notBefore(x509), 0); // not before current time
X509_gmtime_adj(X509_get_notAfter(x509), 31536000L*10); // not after 10 years from this point
X509_set_pubkey(x509, pkey);
name = X509_get_subject_name(x509);
q_check_ptr(name);
X509_NAME_add_entry_by_txt(name, "E", MBSTRING_ASC, (unsigned char *)"guh.io", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)"guh.io", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, (unsigned char *)"home", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char *)"guh.io", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "L", MBSTRING_ASC, (unsigned char *)"Vienna", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)"AT", -1, -1, 0);
X509_set_issuer_name(x509, name);
X509_sign(x509, pkey, EVP_sha256());
bp_private = BIO_new(BIO_s_mem());
q_check_ptr(bp_private);
if(PEM_write_bio_PrivateKey(bp_private, pkey, nullptr, nullptr, 0, nullptr, nullptr) != 1)
{
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free_all(bp_private);
qFatal("PEM_write_bio_PrivateKey");
}
bp_public = BIO_new(BIO_s_mem());
q_check_ptr(bp_public);
if(PEM_write_bio_X509(bp_public, x509) != 1)
{
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free_all(bp_public);
BIO_free_all(bp_private);
qFatal("PEM_write_bio_X509");
}
size = BIO_get_mem_data(bp_public, &buffer);
q_check_ptr(buffer);
QFileInfo certFi(certificateFilename);
QDir dir;
QFile certfile(certificateFilename);
if (!dir.mkpath(certFi.absolutePath()) || !certfile.open(QFile::WriteOnly | QFile::Truncate) || certfile.write(buffer, size) != size) {
qWarning() << "Error writing certificate file" << certificateFilename;
}
certfile.close();
size = BIO_get_mem_data(bp_private, &buffer);
q_check_ptr(buffer);
QFileInfo keyFi(keyFilename);
QFile keyFile(keyFilename);
if (!dir.mkpath(keyFi.absolutePath()) || !keyFile.open(QFile::WriteOnly | QFile::Truncate) || keyFile.write(buffer, size) != size) {
qWarning() << "Error writing key file" << keyFilename;
}
keyFile.close();
EVP_PKEY_free(pkey); // this will also free the rsa key
X509_free(x509);
BIO_free_all(bp_public);
BIO_free_all(bp_private);
}
}

36
server/certificategenerator.h Normal file
View File

@ -0,0 +1,36 @@
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
* Copyright (C) 2017 Michael Zanetti <michael.zanetti@guh.io> *
* *
* This file is part of guh. *
* *
* Guh is free software: you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation, version 2 of the License. *
* *
* Guh is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with guh. If not, see <http://www.gnu.org/licenses/>. *
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
#ifndef CERTIFICATEGENERATOR_H
#define CERTIFICATEGENERATOR_H
#include <QString>
namespace guhserver {
class CertificateGenerator
{
public:
static void generate(const QString &certificateFilename, const QString &keyFilename);
};
}
#endif // CERTIFICATEGENERATOR_H

6
server/server.pri
View File

@ -57,7 +57,8 @@ HEADERS += $$top_srcdir/server/guhcore.h \
$$top_srcdir/server/networkmanager/networkconnection.h \
$$top_srcdir/server/networkmanager/wirednetworkdevice.h \
$$top_srcdir/server/usermanager.h \
$$top_srcdir/server/tokeninfo.h
$$top_srcdir/server/tokeninfo.h \
$$PWD/certificategenerator.h
SOURCES += $$top_srcdir/server/guhcore.cpp \
@ -114,5 +115,6 @@ SOURCES += $$top_srcdir/server/guhcore.cpp \
$$top_srcdir/server/networkmanager/networkconnection.cpp \
$$top_srcdir/server/networkmanager/wirednetworkdevice.cpp \
$$top_srcdir/server/usermanager.cpp \
$$top_srcdir/server/tokeninfo.cpp
$$top_srcdir/server/tokeninfo.cpp \
$$PWD/certificategenerator.cpp

80
server/servermanager.cpp
View File

@ -35,6 +35,7 @@
#include "servermanager.h"
#include "guhcore.h"
#include "certificategenerator.h"
#include <QSslCertificate>
#include <QSslConfiguration>
@ -171,83 +172,4 @@ bool ServerManager::loadCertificate(const QString &certificateKeyFileName, const
return true;
}
void CertificateGenerator::generate(const QString &certificateFilename, const QString &keyFilename)
{
EVP_PKEY * pkey = nullptr;
RSA * rsa = nullptr;
X509 * x509 = nullptr;
X509_NAME * name = nullptr;
BIO * bp_public = nullptr, * bp_private = nullptr;
const char * buffer = nullptr;
long size;
pkey = EVP_PKEY_new();
q_check_ptr(pkey);
rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr);
q_check_ptr(rsa);
EVP_PKEY_assign_RSA(pkey, rsa);
x509 = X509_new();
q_check_ptr(x509);
// Randomize serial number in case a previous one is stuck in a browser (Chromium
// completely rejects reused serial numbers and doesn't even allow to bypass it by an exception)
qsrand(QUuid::createUuid().toString().remove(QRegExp("[a-zA-Z{}-]")).left(5).toInt());
ASN1_INTEGER_set(X509_get_serialNumber(x509), qrand());
X509_gmtime_adj(X509_get_notBefore(x509), 0); // not before current time
X509_gmtime_adj(X509_get_notAfter(x509), 31536000L*10); // not after 10 years from this point
X509_set_pubkey(x509, pkey);
name = X509_get_subject_name(x509);
q_check_ptr(name);
X509_NAME_add_entry_by_txt(name, "E", MBSTRING_ASC, (unsigned char *)"guh.io", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)"guh.io", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, (unsigned char *)"home", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char *)"guh.io", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "L", MBSTRING_ASC, (unsigned char *)"Vienna", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)"AT", -1, -1, 0);
X509_set_issuer_name(x509, name);
X509_sign(x509, pkey, EVP_sha256());
bp_private = BIO_new(BIO_s_mem());
q_check_ptr(bp_private);
if(PEM_write_bio_PrivateKey(bp_private, pkey, nullptr, nullptr, 0, nullptr, nullptr) != 1)
{
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free_all(bp_private);
qFatal("PEM_write_bio_PrivateKey");
}
bp_public = BIO_new(BIO_s_mem());
q_check_ptr(bp_public);
if(PEM_write_bio_X509(bp_public, x509) != 1)
{
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free_all(bp_public);
BIO_free_all(bp_private);
qFatal("PEM_write_bio_X509");
}
size = BIO_get_mem_data(bp_public, &buffer);
q_check_ptr(buffer);
QFileInfo certFi(certificateFilename);
QDir dir;
QFile certfile(certificateFilename);
if (!dir.mkpath(certFi.absolutePath()) || !certfile.open(QFile::WriteOnly | QFile::Truncate) || certfile.write(buffer, size) != size) {
qWarning() << "Error writing certificate file" << certificateFilename;
}
certfile.close();
size = BIO_get_mem_data(bp_private, &buffer);
q_check_ptr(buffer);
QFileInfo keyFi(keyFilename);
QFile keyFile(keyFilename);
if (!dir.mkpath(keyFi.absolutePath()) || !keyFile.open(QFile::WriteOnly | QFile::Truncate) || keyFile.write(buffer, size) != size) {
qWarning() << "Error writing key file" << keyFilename;
}
keyFile.close();
EVP_PKEY_free(pkey); // this will also free the rsa key
X509_free(x509);
BIO_free_all(bp_public);
BIO_free_all(bp_private);
}
}

8
server/servermanager.h
View File

@ -35,8 +35,6 @@
#include "mocktcpserver.h"
#endif
#include "openssl/ssl.h"
class QSslConfiguration;
class QSslCertificate;
class QSslKey;
@ -87,12 +85,6 @@ private:
bool loadCertificate(const QString &certificateKeyFileName, const QString &certificateFileName);
};
class CertificateGenerator
{
public:
static void generate(const QString &certificateFilename, const QString &keyFilename);
};
}
#endif // SERVERMANAGER_H