security: collect certificates by section type instead of specific section name

2025-12-10 07:44:39 +01:00 · 2020-04-26 09:24:56 +02:00 · 2020-04-26 09:24:56 +02:00 · fb34bcd008
commit fb34bcd008
parent 974309dc77
3 changed files with 116 additions and 107 deletions
--- a/dmtree/tr181/security.c
+++ b/dmtree/tr181/security.c
@ -11,6 +11,9 @@
 #include "security.h"
 #define DATE_LEN 128
 #define MAX_CERT 32
 static char certifcates_paths[MAX_CERT][256];
 struct certificate_profile {
 	char *path;
@ -152,19 +155,72 @@ static char *get_certificate_pk(mbedtls_pk_type_t sig_pk)
 /*************************************************************
 * ENTRY METHOD
 **************************************************************/
 static void get_certificate_paths(void)
 {
 	struct uci_section *s;
 	int cidx;
 	for (cidx=0; cidx<MAX_CERT; cidx++)
 		memset(certifcates_paths[cidx], '\0', 256);
 	cidx = 0;
 	uci_foreach_sections("owsd", "owsd-listen", s) {
 		char *cert;
 		dmuci_get_value_by_section_string(s, "cert", &cert);
 		if (*cert == '\0')
 			continue;
 		if (cidx >= MAX_CERT)
 			break;
 		if(!file_exists(cert) && is_regular_file(cert))
 			continue;
 		strncpy(certifcates_paths[cidx], cert, 256);
 		cidx++;
 	}
 	uci_foreach_sections("openvpn", "openvpn", s) {
 		char *cert;
 		dmuci_get_value_by_section_string(s, "cert", &cert);
 		if (*cert == '\0')
 			continue;
 		if (cidx >= MAX_CERT)
 			break;
 		if(!file_exists(cert) && is_regular_file(cert))
 			continue;
 		strncpy(certifcates_paths[cidx], cert, 256);
 		cidx++;
 	}
 	uci_foreach_sections("obuspa", "obuspa", s) {
 		char *cert;
 		dmuci_get_value_by_section_string(s, "cert", &cert);
 		if (*cert == '\0')
 			continue;
 		if (cidx >= MAX_CERT)
 			break;
 		if(!file_exists(cert) && is_regular_file(cert))
 			continue;
 		strncpy(certifcates_paths[cidx], cert, 256);
 		cidx++;
 	}
 }
 static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
 {
 #if defined(LOPENSSL) || defined(LMBEDTLS)
 	char **certifcates_paths;
 	int length, i;
 	char *cert_inst= NULL, *cert_inst_last= NULL, *v = NULL;
 	struct uci_section *dmmap_sect = NULL;
 	struct certificate_profile certificateprofile = {};
 	certifcates_paths = get_all_iop_certificates(&length);
 	check_create_dmmap_package("dmmap_security");
-	for (i=0; i<length; i++) {
+	get_certificate_paths();
 	int i;
 	for (i=0; i < MAX_CERT; i++) {
 		if(!strlen(certifcates_paths[i]))
 			break;
 #ifdef LOPENSSL
 		FILE *fp = NULL;
 		fp = fopen(certifcates_paths[i], "r");
@ -198,7 +254,7 @@ static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_nod
 			DMUCI_SET_VALUE_BY_SECTION(bbfdm, dmmap_sect, "path", certifcates_paths[i]);
 		}
 		init_certificate(certifcates_paths[i], cacert, dmmap_sect, &certificateprofile);
-        cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
+		cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
 		if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)&certificateprofile, cert_inst) == DM_STOP)
 			break;
 #endif
@ -215,20 +271,22 @@ static int get_Security_CertificateNumberOfEntries(char *refparam, struct dmctx
 	int number = 0;
 #if defined(LOPENSSL) || defined(LMBEDTLS)
 	int length, i;
 	char **certifcates_paths = NULL;
 	certifcates_paths = get_all_iop_certificates(&length);
-	for (i=0; i<length; i++) {
+	get_certificate_paths();
 	int i;
 	for (i=0; i < MAX_CERT; i++) {
 		if(!strlen(certifcates_paths[i]))
 			break;
 #ifdef LOPENSSL
 		FILE *fp = NULL;
 		fp = fopen(certifcates_paths[i], "r");
-        X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
+		X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
-        if (!cert) {
+		if (!cert) {
-        	fclose(fp);
+			fclose(fp);
-        	continue;
+			continue;
-        }
+		}
-        number++;
+		number++;
 		X509_free(cert);
 		cert = NULL;
 		fclose(fp);
--- a/libbbf_api/dmcommon.c
+++ b/libbbf_api/dmcommon.c
@ -1997,13 +1997,36 @@ int dm_validate_unsignedInt_list(char *value, int min_item, int max_item, int ma
 	return 0;
 }
 bool file_exists(const char* path)
 {
 	struct stat buffer;
 	if(stat(path, &buffer) == 0)
 		return true;
 	else
 		return false;
 }
 int is_regular_file(const char *path)
 {
 	if (path == NULL || strlen(path) == 0)
 		return 0;
 	if (access(path, F_OK) != 0)
 		return 1;
 	struct stat path_stat;
 	stat(path, &path_stat);
 	return S_ISREG(path_stat.st_mode);
 }
 int get_base64char_value(char b64)
 {
 	char *base64C = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 	int i;
 	for (i = 0; i < 64; i++)
 		if (base64C[i] == b64)
-			return i;
+		return i;
 	return -1;
 }
@ -2023,102 +2046,29 @@ char *decode64(char *enc)
 	return dec;
 }
 int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, char *filename)
 {
 	int i;
 	for (i = 0; i < length; i++) {
 		if (strncmp(cert_paths[i], dirpath, strlen(dirpath)) == 0 && strstr(cert_paths[i], filename))
 			return 1;
 	}
 	return 0;
 }
 int is_regular_file(const char *path)
 {
 	if (path == NULL || strlen(path) == 0)
 		return 0;
 	if (access(path, F_OK) != 0)
 		return 1;
    struct stat path_stat;
    stat(path, &path_stat);
    return S_ISREG(path_stat.st_mode);
 }
 char *get_cert_directory_path_from_uci(char *ucipath)
 {
 	char **uci_elts = NULL, **dirs = NULL;
 	char *path = NULL;
 	size_t length;
 	uci_elts = strsplit(ucipath, ".", &length);
 	dmuci_get_option_value_string(uci_elts[0], uci_elts[1], uci_elts[2], &path);
 	if(path && is_regular_file(path)) {
 		dirs = strsplit(path, "/", &length);
 		char *filenamepos = strstr(path, dirs[length - 1]);
 		char *dirpath = (char *)dmmalloc((filenamepos - path + 1)*sizeof(char));
 		memcpy(dirpath, path, filenamepos - path);
 		dirpath[filenamepos - path] = '\0';
 		return dirpath;
 	}
 	return path;
 }
 char **get_all_iop_certificates(int *length)
 {
 	char *certs_uci[] = {"openvpn.sample_server.cert", "openvpn.sample_client.cert", "owsd.ubusproxy.peer_cert", "owsd.wan_https.cert"};
 	int i, j = 0;
 	char *dirpath = NULL, **certificates_paths = NULL;
 	int number_certs_dirs = ARRAY_SIZE(certs_uci);
 	certificates_paths = (char **)dmmalloc(1024 * sizeof(char *));
 	for (i = 0; i < number_certs_dirs; i++) {
 		dirpath = get_cert_directory_path_from_uci(certs_uci[i]);
 		if (dirpath && strlen(dirpath) > 0) {
 			DIR *dir;
 			struct dirent *ent;
 			if ((dir = opendir(dirpath)) == NULL)
 				continue;
 			while ((ent = readdir (dir)) != NULL) {
 				if (ent->d_name[0] == '.' || is_string_exist_in_str_array(certificates_paths, j, dirpath, ent->d_name))
 					continue;
 				dmasprintf(&certificates_paths[j],"%s%s", dirpath, ent->d_name);
 				j++;
 			}
 			closedir(dir);
 			dmfree(dirpath);
 			dirpath = NULL;
 		}
 	}
 	*length = j;
 	return certificates_paths;
 }
 char *stringToHex(char *text, int length)
 {
-  char *hex = NULL;
+	char *hex = NULL;
-  int i, j;
+	int i, j;
  hex = (char *)dmcalloc(100, sizeof(char));
-  for (i = 0, j = 0; i < length; ++i, j += 3) {
+	hex = (char *)dmcalloc(100, sizeof(char));
-    sprintf(hex + j, "%02x", text[i] & 0xff);
+
-    if (i < length-1)
+	for (i = 0, j = 0; i < length; ++i, j += 3) {
-    	sprintf(hex + j + 2, "%c", ':');
+		sprintf(hex + j, "%02x", text[i] & 0xff);
-  }
+		if (i < length-1)
-  return hex;
+			sprintf(hex + j + 2, "%c", ':');
 	}
 	return hex;
 }
 char *replace_char(char *str, char find, char replace)
 {
-    char *current_pos = strchr(str, find);
+	char *current_pos = strchr(str, find);
-    while (current_pos) {
+	while (current_pos) {
-        *current_pos = replace;
+		*current_pos = replace;
-        current_pos = strchr(current_pos, find);
+		current_pos = strchr(current_pos, find);
-    }
+	}
-    return str;
+	return str;
 }
 int is_vlan_termination_section(char *name)
--- a/libbbf_api/dmcommon.h
+++ b/libbbf_api/dmcommon.h
@ -326,8 +326,9 @@ int dm_validate_dateTime(char *value);
 int dm_validate_hexBinary(char *value, struct range_args r_args[], int r_args_size);
 int dm_validate_string_list(char *value, int min_item, int max_item, int max_size, int min, int max, char *enumeration[], int enumeration_size, char *pattern[], int pattern_size);
 int dm_validate_unsignedInt_list(char *value, int min_item, int max_item, int max_size, struct range_args r_args[], int r_args_size);
-char **get_all_iop_certificates(int *length);
+char *decode64(char *enc);
-char *decode64 (char *enc);
+bool file_exists(const char *path);
 int is_regular_file(const char *path);
 char *stringToHex(char *text, int length);
 char *replace_char(char *str, char find, char replace);
 int is_vlan_termination_section(char *name);