From fb34bcd008cf4185f455230b980c7b01fd0a235d Mon Sep 17 00:00:00 2001
From: Sukru Senli <sukru.senli@iopsys.eu>
Date: Sun, 26 Apr 2020 09:24:56 +0200
Subject: [PATCH] security: collect certificates by section type instead of
 specific section name

---
 dmtree/tr181/security.c |  88 ++++++++++++++++++++++-----
 libbbf_api/dmcommon.c   | 130 +++++++++++++---------------------------
 libbbf_api/dmcommon.h   |   5 +-
 3 files changed, 116 insertions(+), 107 deletions(-)

diff --git a/dmtree/tr181/security.c b/dmtree/tr181/security.c
index 11d39fb8..40d086b2 100644
--- a/dmtree/tr181/security.c
+++ b/dmtree/tr181/security.c
@@ -11,6 +11,9 @@
 #include "security.h"
 
 #define DATE_LEN 128
+#define MAX_CERT 32
+
+static char certifcates_paths[MAX_CERT][256];
 
 struct certificate_profile {
 	char *path;
@@ -152,19 +155,72 @@ static char *get_certificate_pk(mbedtls_pk_type_t sig_pk)
 /*************************************************************
 * ENTRY METHOD
 **************************************************************/
+
+static void get_certificate_paths(void)
+{
+	struct uci_section *s;
+	int cidx;
+
+	for (cidx=0; cidx<MAX_CERT; cidx++)
+		memset(certifcates_paths[cidx], '\0', 256);
+
+	cidx = 0;
+
+	uci_foreach_sections("owsd", "owsd-listen", s) {
+		char *cert;
+		dmuci_get_value_by_section_string(s, "cert", &cert);
+		if (*cert == '\0')
+			continue;
+		if (cidx >= MAX_CERT)
+			break;
+		if(!file_exists(cert) && is_regular_file(cert))
+			continue;
+		strncpy(certifcates_paths[cidx], cert, 256);
+		cidx++;
+	}
+
+	uci_foreach_sections("openvpn", "openvpn", s) {
+		char *cert;
+		dmuci_get_value_by_section_string(s, "cert", &cert);
+		if (*cert == '\0')
+			continue;
+		if (cidx >= MAX_CERT)
+			break;
+		if(!file_exists(cert) && is_regular_file(cert))
+			continue;
+		strncpy(certifcates_paths[cidx], cert, 256);
+		cidx++;
+	}
+
+	uci_foreach_sections("obuspa", "obuspa", s) {
+		char *cert;
+		dmuci_get_value_by_section_string(s, "cert", &cert);
+		if (*cert == '\0')
+			continue;
+		if (cidx >= MAX_CERT)
+			break;
+		if(!file_exists(cert) && is_regular_file(cert))
+			continue;
+		strncpy(certifcates_paths[cidx], cert, 256);
+		cidx++;
+	}
+}
+
 static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
 {
 #if defined(LOPENSSL) || defined(LMBEDTLS)
-	char **certifcates_paths;
-	int length, i;
 	char *cert_inst= NULL, *cert_inst_last= NULL, *v = NULL;
 	struct uci_section *dmmap_sect = NULL;
 	struct certificate_profile certificateprofile = {};
 
-	certifcates_paths = get_all_iop_certificates(&length);
 	check_create_dmmap_package("dmmap_security");
 
-	for (i=0; i<length; i++) {
+	get_certificate_paths();
+
+	int i;
+	for (i=0; i < MAX_CERT; i++) {
+		if(!strlen(certifcates_paths[i]))
+			break;
 #ifdef LOPENSSL
 		FILE *fp = NULL;
 		fp = fopen(certifcates_paths[i], "r");
@@ -198,7 +254,7 @@ static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_nod
 			DMUCI_SET_VALUE_BY_SECTION(bbfdm, dmmap_sect, "path", certifcates_paths[i]);
 		}
 		init_certificate(certifcates_paths[i], cacert, dmmap_sect, &certificateprofile);
-        cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
+		cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
 		if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)&certificateprofile, cert_inst) == DM_STOP)
 			break;
 #endif
@@ -215,20 +271,22 @@ static int get_Security_CertificateNumberOfEntries(char *refparam, struct dmctx
 	int number = 0;
 
 #if defined(LOPENSSL) || defined(LMBEDTLS)
-	int length, i;
-	char **certifcates_paths = NULL;
-	certifcates_paths = get_all_iop_certificates(&length);
 
-	for (i=0; i<length; i++) {
+	get_certificate_paths();
+
+	int i;
+	for (i=0; i < MAX_CERT; i++) {
+		if(!strlen(certifcates_paths[i]))
+			break;
 #ifdef LOPENSSL
 		FILE *fp = NULL;
 		fp = fopen(certifcates_paths[i], "r");
-        X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
-        if (!cert) {
-        	fclose(fp);
-        	continue;
-        }
-        number++;
+		X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
+		if (!cert) {
+			fclose(fp);
+			continue;
+		}
+		number++;
 		X509_free(cert);
 		cert = NULL;
 		fclose(fp);
diff --git a/libbbf_api/dmcommon.c b/libbbf_api/dmcommon.c
index 7d2f055d..4c4de652 100644
--- a/libbbf_api/dmcommon.c
+++ b/libbbf_api/dmcommon.c
@@ -1997,13 +1997,36 @@ int dm_validate_unsignedInt_list(char *value, int min_item, int max_item, int ma
 	return 0;
 }
 
+bool file_exists(const char* path)
+{
+	struct stat buffer;
+
+	if(stat(path, &buffer) == 0)
+		return true;
+	else
+		return false;
+}
+
+int is_regular_file(const char *path)
+{
+	if (path == NULL || strlen(path) == 0)
+		return 0;
+
+	if (access(path, F_OK) != 0)
+		return 1;
+
+	struct stat path_stat;
+	stat(path, &path_stat);
+	return S_ISREG(path_stat.st_mode);
+}
+
 int get_base64char_value(char b64)
 {
 	char *base64C = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 	int i;
 	for (i = 0; i < 64; i++)
 		if (base64C[i] == b64)
-			return i;
+		return i;
 	return -1;
 }
 
@@ -2023,102 +2046,29 @@ char *decode64(char *enc)
 	return dec;
 }
 
-int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, char *filename)
-{
-	int i;
-
-	for (i = 0; i < length; i++) {
-		if (strncmp(cert_paths[i], dirpath, strlen(dirpath)) == 0 && strstr(cert_paths[i], filename))
-			return 1;
-	}
-	return 0;
-}
-
-int is_regular_file(const char *path)
-{
-	if (path == NULL || strlen(path) == 0)
-		return 0;
-
-	if (access(path, F_OK) != 0)
-		return 1;
-
-    struct stat path_stat;
-    stat(path, &path_stat);
-    return S_ISREG(path_stat.st_mode);
-}
-
-char *get_cert_directory_path_from_uci(char *ucipath)
-{
-	char **uci_elts = NULL, **dirs = NULL;
-	char *path = NULL;
-	size_t length;
-
-	uci_elts = strsplit(ucipath, ".", &length);
-	dmuci_get_option_value_string(uci_elts[0], uci_elts[1], uci_elts[2], &path);
-	if(path && is_regular_file(path)) {
-		dirs = strsplit(path, "/", &length);
-		char *filenamepos = strstr(path, dirs[length - 1]);
-		char *dirpath = (char *)dmmalloc((filenamepos - path + 1)*sizeof(char));
-		memcpy(dirpath, path, filenamepos - path);
-		dirpath[filenamepos - path] = '\0';
-		return dirpath;
-	}
-	return path;
-}
-
-char **get_all_iop_certificates(int *length)
-{
-	char *certs_uci[] = {"openvpn.sample_server.cert", "openvpn.sample_client.cert", "owsd.ubusproxy.peer_cert", "owsd.wan_https.cert"};
-	int i, j = 0;
-	char *dirpath = NULL, **certificates_paths = NULL;
-	int number_certs_dirs = ARRAY_SIZE(certs_uci);
-
-	certificates_paths = (char **)dmmalloc(1024 * sizeof(char *));
-
-	for (i = 0; i < number_certs_dirs; i++) {
-		dirpath = get_cert_directory_path_from_uci(certs_uci[i]);
-		if (dirpath && strlen(dirpath) > 0) {
-			DIR *dir;
-			struct dirent *ent;
-			if ((dir = opendir(dirpath)) == NULL)
-				continue;
-			while ((ent = readdir (dir)) != NULL) {
-				if (ent->d_name[0] == '.' || is_string_exist_in_str_array(certificates_paths, j, dirpath, ent->d_name))
-					continue;
-				dmasprintf(&certificates_paths[j],"%s%s", dirpath, ent->d_name);
-				j++;
-			}
-			closedir(dir);
-			dmfree(dirpath);
-			dirpath = NULL;
-		}
-	}
-	*length = j;
-	return certificates_paths;
-}
-
 char *stringToHex(char *text, int length)
 {
-  char *hex = NULL;
-  int i, j;
-  hex = (char *)dmcalloc(100, sizeof(char));
+	char *hex = NULL;
+	int i, j;
 
-  for (i = 0, j = 0; i < length; ++i, j += 3) {
-    sprintf(hex + j, "%02x", text[i] & 0xff);
-    if (i < length-1)
-    	sprintf(hex + j + 2, "%c", ':');
-  }
-  return hex;
+	hex = (char *)dmcalloc(100, sizeof(char));
+
+	for (i = 0, j = 0; i < length; ++i, j += 3) {
+		sprintf(hex + j, "%02x", text[i] & 0xff);
+		if (i < length-1)
+			sprintf(hex + j + 2, "%c", ':');
+	}
+	return hex;
 }
 
 char *replace_char(char *str, char find, char replace)
 {
-    char *current_pos = strchr(str, find);
-    while (current_pos) {
-        *current_pos = replace;
-        current_pos = strchr(current_pos, find);
-    }
-    return str;
+	char *current_pos = strchr(str, find);
+	while (current_pos) {
+		*current_pos = replace;
+		current_pos = strchr(current_pos, find);
+	}
+	return str;
 }
 
 int is_vlan_termination_section(char *name)
diff --git a/libbbf_api/dmcommon.h b/libbbf_api/dmcommon.h
index 8352e36e..db2a0f60 100644
--- a/libbbf_api/dmcommon.h
+++ b/libbbf_api/dmcommon.h
@@ -326,8 +326,9 @@ int dm_validate_dateTime(char *value);
 int dm_validate_hexBinary(char *value, struct range_args r_args[], int r_args_size);
 int dm_validate_string_list(char *value, int min_item, int max_item, int max_size, int min, int max, char *enumeration[], int enumeration_size, char *pattern[], int pattern_size);
 int dm_validate_unsignedInt_list(char *value, int min_item, int max_item, int max_size, struct range_args r_args[], int r_args_size);
-char **get_all_iop_certificates(int *length);
-char *decode64 (char *enc);
+char *decode64(char *enc);
+bool file_exists(const char *path);
+int is_regular_file(const char *path);
 char *stringToHex(char *text, int length);
 char *replace_char(char *str, char find, char replace);
 int is_vlan_termination_section(char *name);