diff options
author | Thomas Haller <thaller@redhat.com> | 2022-03-18 21:33:20 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-03-29 11:56:04 +0200 |
commit | 723e1fc76f127001eded94ffbeabc0395738bec7 (patch) | |
tree | 39e2df300da49f3c536e09d59c56ec9e19520393 /src/libnm-crypto | |
parent | 901787e06fe35bbcd8dfbb622a9e4c9b97a37698 (diff) | |
download | NetworkManager-723e1fc76f127001eded94ffbeabc0395738bec7.tar.gz |
libnm: move dependency to libnm-crypto out of libnm-core's "nm-utils.c"
libnm-core is also used by the daemon, thus currently dragging in
libnm-crypto there. But could we ever drop that dependency?
One use of the libnm-crypto is in functions like nm_utils_file_is_certificate()
in "nm-utils.h". These are part of the public API of libnm.
But this is not used by the daemon. Move it to "libnm-client-core"
to be closer to where it's actually used.
As we have unit tests in "libnm-core-impl/tests" that test this function,
those unit tests also would need to move to "libnm-client-impl".
Instead, add the actual implementation of these function to "libnm-crypto"
and test it there.
This patch moves forward declarations from public header "nm-utils.h" to
"nm-client.h". Arguably, "nm-client.h" is not a great name, but we don't
have a general purpose header in "libnm-client-public", so use this.
Note that libnm users can only include <NetworkManager.h> and including
individual files is not supported (and even prevented). Thus moving
the declarations won't break any users.
Diffstat (limited to 'src/libnm-crypto')
-rw-r--r-- | src/libnm-crypto/nm-crypto.c | 51 | ||||
-rw-r--r-- | src/libnm-crypto/nm-crypto.h | 3 |
2 files changed, 54 insertions, 0 deletions
diff --git a/src/libnm-crypto/nm-crypto.c b/src/libnm-crypto/nm-crypto.c index 56f297e605..0480105120 100644 --- a/src/libnm-crypto/nm-crypto.c +++ b/src/libnm-crypto/nm-crypto.c @@ -1042,3 +1042,54 @@ nmtst_crypto_rsa_key_encrypt(const guint8 *data, NM_SET_OUT(out_password, g_strdup(tmp_password)); return nm_secret_buf_to_gbytes_take(ret, ret_len); } + +/*****************************************************************************/ + +static gboolean +file_has_extension(const char *filename, const char *extensions[]) +{ + const char *ext; + gsize i; + + ext = strrchr(filename, '.'); + if (!ext) + return FALSE; + + for (i = 0; extensions[i]; i++) { + if (!g_ascii_strcasecmp(ext, extensions[i])) + return TRUE; + } + + return FALSE; +} + +gboolean +nm_crypto_utils_file_is_certificate(const char *filename) +{ + const char *extensions[] = {".der", ".pem", ".crt", ".cer", NULL}; + NMCryptoFileFormat file_format; + + nm_assert(filename); + + if (!file_has_extension(filename, extensions)) + return FALSE; + + if (!nm_crypto_load_and_verify_certificate(filename, &file_format, NULL, NULL)) + return FALSE; + return file_format = NM_CRYPTO_FILE_FORMAT_X509; +} + +gboolean +nm_crypto_utils_file_is_private_key(const char *filename, gboolean *out_encrypted) +{ + const char *extensions[] = {".der", ".pem", ".p12", ".key", NULL}; + + nm_assert(filename); + + NM_SET_OUT(out_encrypted, FALSE); + if (!file_has_extension(filename, extensions)) + return FALSE; + + return nm_crypto_verify_private_key(filename, NULL, out_encrypted, NULL) + != NM_CRYPTO_FILE_FORMAT_UNKNOWN; +} diff --git a/src/libnm-crypto/nm-crypto.h b/src/libnm-crypto/nm-crypto.h index a740c43c5b..48c7c6b7ab 100644 --- a/src/libnm-crypto/nm-crypto.h +++ b/src/libnm-crypto/nm-crypto.h @@ -93,4 +93,7 @@ guint8 *nmtst_crypto_make_des_aes_key(NMCryptoCipherType cipher, /*****************************************************************************/ +gboolean nm_crypto_utils_file_is_certificate(const char *filename); +gboolean nm_crypto_utils_file_is_private_key(const char *filename, gboolean *out_encrypted); + #endif /* __NM_CRYPTO_H__ */ |