summaryrefslogtreecommitdiff
path: root/src/components/security_manager/src/crypto_manager_impl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/components/security_manager/src/crypto_manager_impl.cc')
-rw-r--r--src/components/security_manager/src/crypto_manager_impl.cc63
1 files changed, 36 insertions, 27 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index f44198953b..6bee28a976 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -93,6 +93,7 @@ CryptoManagerImpl::CryptoManagerImpl(
OpenSSL_add_all_algorithms();
SSL_library_init();
}
+ InitCertExpTime();
}
CryptoManagerImpl::~CryptoManagerImpl() {
@@ -295,41 +296,30 @@ const CryptoManagerSettings& CryptoManagerImpl::get_settings() const {
}
bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
+ LOG4CXX_AUTO_TRACE(logger_);
+
if (cert_data.empty()) {
LOG4CXX_WARN(logger_, "Empty certificate");
return false;
}
- BIO* bio = BIO_new(BIO_f_base64());
- BIO* bmem = BIO_new_mem_buf((char*)cert_data.c_str(), cert_data.length());
- bmem = BIO_push(bio, bmem);
-
- char* buf = new char[cert_data.length()];
- int len = BIO_read(bmem, buf, cert_data.length());
-
- BIO* bio_cert = BIO_new(BIO_s_mem());
- if (NULL == bio_cert) {
- LOG4CXX_WARN(logger_, "Unable to update certificate. BIO not created");
- return false;
- }
+ BIO* bio_cert =
+ BIO_new_mem_buf(const_cast<char*>(cert_data.c_str()), cert_data.length());
utils::ScopeGuard bio_guard = utils::MakeGuard(BIO_free, bio_cert);
UNUSED(bio_guard)
- int k = 0;
- if ((k = BIO_write(bio_cert, buf, len)) <= 0) {
- LOG4CXX_WARN(logger_, "Unable to write into BIO");
- return false;
- }
- PKCS12* p12 = d2i_PKCS12_bio(bio_cert, NULL);
- if (NULL == p12) {
- LOG4CXX_ERROR(logger_, "Unable to parse certificate");
- return false;
- }
+ X509* cert = NULL;
+ PEM_read_bio_X509(bio_cert, &cert, 0, 0);
EVP_PKEY* pkey = NULL;
- X509* cert = NULL;
- PKCS12_parse(p12, NULL, &pkey, &cert, NULL);
+ if (1 == BIO_reset(bio_cert)) {
+ PEM_read_bio_PrivateKey(bio_cert, &pkey, 0, 0);
+ } else {
+ LOG4CXX_WARN(logger_,
+ "Unabled to reset BIO in order to read private key, "
+ << LastError());
+ }
if (NULL == cert || NULL == pkey) {
LOG4CXX_WARN(logger_, "Either certificate or key not valid.");
@@ -337,20 +327,35 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
}
if (!SSL_CTX_use_certificate(context_, cert)) {
- LOG4CXX_WARN(logger_, "Could not use certificate");
+ LOG4CXX_WARN(logger_, "Could not use certificate: " << LastError());
return false;
}
asn1_time_to_tm(X509_get_notAfter(cert));
if (!SSL_CTX_use_PrivateKey(context_, pkey)) {
- LOG4CXX_ERROR(logger_, "Could not use key");
+ LOG4CXX_ERROR(logger_, "Could not use key: " << LastError());
return false;
}
+
if (!SSL_CTX_check_private_key(context_)) {
- LOG4CXX_ERROR(logger_, "Could not use certificate ");
+ LOG4CXX_ERROR(logger_, "Could not use certificate: " << LastError());
return false;
}
+
+ X509_STORE* store = SSL_CTX_get_cert_store(context_);
+ if (store) {
+ X509* extra_cert = NULL;
+ while ((extra_cert = PEM_read_bio_X509(bio_cert, NULL, 0, 0))) {
+ if (extra_cert != cert) {
+ LOG4CXX_DEBUG(logger_,
+ "Added new certificate to store: " << extra_cert);
+ X509_STORE_add_cert(store, extra_cert);
+ }
+ }
+ }
+
+ LOG4CXX_DEBUG(logger_, "Certificate and key successfully updated");
return true;
}
@@ -397,4 +402,8 @@ void CryptoManagerImpl::asn1_time_to_tm(ASN1_TIME* time) {
}
}
+void CryptoManagerImpl::InitCertExpTime() {
+ strptime("1 Jan 1970 00:00:00", "%d %b %Y %H:%M:%S", &expiration_time_);
+}
+
} // namespace security_manager
View Lorry Controller Status