summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2018-01-15 12:43:44 (GMT)
committerTobias Markmann <tm@ayena.de>2018-02-02 08:56:47 (GMT)
commit9e2eee27d47ff1523677eb3881b4edcf66d7c0db (patch)
treec354e42f8b5314e1727da4aa8d9a248311e4242a /Swiften/TLS/OpenSSL
parent9eaa75b907a515a65ccb2002632fbf2f30c5aee8 (diff)
downloadswift-9e2eee27d47ff1523677eb3881b4edcf66d7c0db.zip
swift-9e2eee27d47ff1523677eb3881b4edcf66d7c0db.tar.bz2
Add support for extracting certificate chain from PEM string
Add PrivateKey class to simply encapsulate arbitrary private key data and the corresponding password. This enables easy unit testing by loading the certificate and key from within a test case. Test-Information: Added unit tests for certificate and key generated by OpenSSL. Tested on macOS 10.13.2 with OpenSSL. Change-Id: I1c9ffc3c70f61af65c4f1c48670badaf74b672b7
Diffstat (limited to 'Swiften/TLS/OpenSSL')
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp50
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h10
2 files changed, 56 insertions, 4 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
new file mode 100644
index 0000000..c94702c
--- /dev/null
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2018 Isode Limited.
+ * All rights reserved.
+ * See the COPYING file for more information.
+ */
+
+#include <Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h>
+
+#include <openssl/pem.h>
+
+namespace Swift {
+
+OpenSSLCertificateFactory::OpenSSLCertificateFactory() {
+}
+
+OpenSSLCertificateFactory::~OpenSSLCertificateFactory() {
+}
+
+Certificate* OpenSSLCertificateFactory::createCertificateFromDER(const ByteArray& der) {
+ return new OpenSSLCertificate(der);
+}
+
+std::vector<Certificate::ref> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) {
+ std::vector<Certificate::ref> certificateChain;
+
+ if (data.size() > std::numeric_limits<int>::max()) {
+ return certificateChain;
+ }
+
+ auto bio = std::shared_ptr<BIO>(BIO_new(BIO_s_mem()), BIO_free);
+ BIO_write(bio.get(), vecptr(data), int(data.size()));
+
+ // Attempt parsing data as PEM
+ X509* openSSLCert = nullptr;
+ auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr);
+ if (x509certFromPEM && openSSLCert) {
+ std::shared_ptr<X509> x509Cert(openSSLCert, X509_free);
+ certificateChain.push_back(std::make_shared<OpenSSLCertificate>(x509Cert));
+ openSSLCert = nullptr;
+ while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) {
+ std::shared_ptr<X509> x509Cert(openSSLCert, X509_free);
+ certificateChain.push_back(std::make_shared<OpenSSLCertificate>(x509Cert));
+ openSSLCert = nullptr;
+ }
+ }
+
+ return certificateChain;
+}
+
+}
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h
index c996cd5..af45a33 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010-2014 Isode Limited.
+ * Copyright (c) 2010-2018 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
@@ -12,8 +12,10 @@
namespace Swift {
class OpenSSLCertificateFactory : public CertificateFactory {
public:
- virtual Certificate* createCertificateFromDER(const ByteArray& der) {
- return new OpenSSLCertificate(der);
- }
+ OpenSSLCertificateFactory();
+ virtual ~OpenSSLCertificateFactory() override final;
+
+ virtual Certificate* createCertificateFromDER(const ByteArray& der) override final;
+ virtual std::vector<Certificate::ref> createCertificateChain(const ByteArray& data) override final;
};
}