mirror of
https://dev.iopsys.eu/bbf/bbfdm.git
synced 2025-12-10 07:44:39 +01:00
security: collect certificates by section type instead of specific section name
This commit is contained in:
Sukru Senli
Omar Kallel
parent
974309dc77
commit
fb34bcd008
3 changed files with 116 additions and 107 deletions
|
|
@ -11,6 +11,9 @@
|
|||
#include "security.h"
|
||||
|
||||
#define DATE_LEN 128
|
||||
#define MAX_CERT 32
|
||||
|
||||
static char certifcates_paths[MAX_CERT][256];
|
||||
|
||||
struct certificate_profile {
|
||||
char *path;
|
||||
|
|
@ -152,19 +155,72 @@ static char *get_certificate_pk(mbedtls_pk_type_t sig_pk)
|
|||
/*************************************************************
|
||||
* ENTRY METHOD
|
||||
**************************************************************/
|
||||
|
||||
static void get_certificate_paths(void)
|
||||
{
|
||||
struct uci_section *s;
|
||||
int cidx;
|
||||
|
||||
for (cidx=0; cidx<MAX_CERT; cidx++)
|
||||
memset(certifcates_paths[cidx], '\0', 256);
|
||||
|
||||
cidx = 0;
|
||||
|
||||
uci_foreach_sections("owsd", "owsd-listen", s) {
|
||||
char *cert;
|
||||
dmuci_get_value_by_section_string(s, "cert", &cert);
|
||||
if (*cert == '\0')
|
||||
continue;
|
||||
if (cidx >= MAX_CERT)
|
||||
break;
|
||||
if(!file_exists(cert) && is_regular_file(cert))
|
||||
continue;
|
||||
strncpy(certifcates_paths[cidx], cert, 256);
|
||||
cidx++;
|
||||
}
|
||||
|
||||
uci_foreach_sections("openvpn", "openvpn", s) {
|
||||
char *cert;
|
||||
dmuci_get_value_by_section_string(s, "cert", &cert);
|
||||
if (*cert == '\0')
|
||||
continue;
|
||||
if (cidx >= MAX_CERT)
|
||||
break;
|
||||
if(!file_exists(cert) && is_regular_file(cert))
|
||||
continue;
|
||||
strncpy(certifcates_paths[cidx], cert, 256);
|
||||
cidx++;
|
||||
}
|
||||
|
||||
uci_foreach_sections("obuspa", "obuspa", s) {
|
||||
char *cert;
|
||||
dmuci_get_value_by_section_string(s, "cert", &cert);
|
||||
if (*cert == '\0')
|
||||
continue;
|
||||
if (cidx >= MAX_CERT)
|
||||
break;
|
||||
if(!file_exists(cert) && is_regular_file(cert))
|
||||
continue;
|
||||
strncpy(certifcates_paths[cidx], cert, 256);
|
||||
cidx++;
|
||||
}
|
||||
}
|
||||
|
||||
static int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
|
||||
{
|
||||
#if defined(LOPENSSL) || defined(LMBEDTLS)
|
||||
char **certifcates_paths;
|
||||
int length, i;
|
||||
char *cert_inst= NULL, *cert_inst_last= NULL, *v = NULL;
|
||||
struct uci_section *dmmap_sect = NULL;
|
||||
struct certificate_profile certificateprofile = {};
|
||||
|
||||
certifcates_paths = get_all_iop_certificates(&length);
|
||||
check_create_dmmap_package("dmmap_security");
|
||||
|
||||
for (i=0; i<length; i++) {
|
||||
get_certificate_paths();
|
||||
|
||||
int i;
|
||||
for (i=0; i < MAX_CERT; i++) {
|
||||
if(!strlen(certifcates_paths[i]))
|
||||
break;
|
||||
#ifdef LOPENSSL
|
||||
FILE *fp = NULL;
|
||||
fp = fopen(certifcates_paths[i], "r");
|
||||
|
|
@ -215,11 +271,13 @@ static int get_Security_CertificateNumberOfEntries(char *refparam, struct dmctx
|
|||
int number = 0;
|
||||
|
||||
#if defined(LOPENSSL) || defined(LMBEDTLS)
|
||||
int length, i;
|
||||
char **certifcates_paths = NULL;
|
||||
certifcates_paths = get_all_iop_certificates(&length);
|
||||
|
||||
for (i=0; i<length; i++) {
|
||||
get_certificate_paths();
|
||||
|
||||
int i;
|
||||
for (i=0; i < MAX_CERT; i++) {
|
||||
if(!strlen(certifcates_paths[i]))
|
||||
break;
|
||||
#ifdef LOPENSSL
|
||||
FILE *fp = NULL;
|
||||
fp = fopen(certifcates_paths[i], "r");
|
||||
|
|
|
|||
|
|
@ -1997,6 +1997,29 @@ int dm_validate_unsignedInt_list(char *value, int min_item, int max_item, int ma
|
|||
return 0;
|
||||
}
|
||||
|
||||
bool file_exists(const char* path)
|
||||
{
|
||||
struct stat buffer;
|
||||
|
||||
if(stat(path, &buffer) == 0)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
int is_regular_file(const char *path)
|
||||
{
|
||||
if (path == NULL || strlen(path) == 0)
|
||||
return 0;
|
||||
|
||||
if (access(path, F_OK) != 0)
|
||||
return 1;
|
||||
|
||||
struct stat path_stat;
|
||||
stat(path, &path_stat);
|
||||
return S_ISREG(path_stat.st_mode);
|
||||
}
|
||||
|
||||
int get_base64char_value(char b64)
|
||||
{
|
||||
char *base64C = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||
|
|
@ -2023,84 +2046,11 @@ char *decode64(char *enc)
|
|||
return dec;
|
||||
}
|
||||
|
||||
int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, char *filename)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < length; i++) {
|
||||
if (strncmp(cert_paths[i], dirpath, strlen(dirpath)) == 0 && strstr(cert_paths[i], filename))
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int is_regular_file(const char *path)
|
||||
{
|
||||
if (path == NULL || strlen(path) == 0)
|
||||
return 0;
|
||||
|
||||
if (access(path, F_OK) != 0)
|
||||
return 1;
|
||||
|
||||
struct stat path_stat;
|
||||
stat(path, &path_stat);
|
||||
return S_ISREG(path_stat.st_mode);
|
||||
}
|
||||
|
||||
char *get_cert_directory_path_from_uci(char *ucipath)
|
||||
{
|
||||
char **uci_elts = NULL, **dirs = NULL;
|
||||
char *path = NULL;
|
||||
size_t length;
|
||||
|
||||
uci_elts = strsplit(ucipath, ".", &length);
|
||||
dmuci_get_option_value_string(uci_elts[0], uci_elts[1], uci_elts[2], &path);
|
||||
if(path && is_regular_file(path)) {
|
||||
dirs = strsplit(path, "/", &length);
|
||||
char *filenamepos = strstr(path, dirs[length - 1]);
|
||||
char *dirpath = (char *)dmmalloc((filenamepos - path + 1)*sizeof(char));
|
||||
memcpy(dirpath, path, filenamepos - path);
|
||||
dirpath[filenamepos - path] = '\0';
|
||||
return dirpath;
|
||||
}
|
||||
return path;
|
||||
}
|
||||
|
||||
char **get_all_iop_certificates(int *length)
|
||||
{
|
||||
char *certs_uci[] = {"openvpn.sample_server.cert", "openvpn.sample_client.cert", "owsd.ubusproxy.peer_cert", "owsd.wan_https.cert"};
|
||||
int i, j = 0;
|
||||
char *dirpath = NULL, **certificates_paths = NULL;
|
||||
int number_certs_dirs = ARRAY_SIZE(certs_uci);
|
||||
|
||||
certificates_paths = (char **)dmmalloc(1024 * sizeof(char *));
|
||||
|
||||
for (i = 0; i < number_certs_dirs; i++) {
|
||||
dirpath = get_cert_directory_path_from_uci(certs_uci[i]);
|
||||
if (dirpath && strlen(dirpath) > 0) {
|
||||
DIR *dir;
|
||||
struct dirent *ent;
|
||||
if ((dir = opendir(dirpath)) == NULL)
|
||||
continue;
|
||||
while ((ent = readdir (dir)) != NULL) {
|
||||
if (ent->d_name[0] == '.' || is_string_exist_in_str_array(certificates_paths, j, dirpath, ent->d_name))
|
||||
continue;
|
||||
dmasprintf(&certificates_paths[j],"%s%s", dirpath, ent->d_name);
|
||||
j++;
|
||||
}
|
||||
closedir(dir);
|
||||
dmfree(dirpath);
|
||||
dirpath = NULL;
|
||||
}
|
||||
}
|
||||
*length = j;
|
||||
return certificates_paths;
|
||||
}
|
||||
|
||||
char *stringToHex(char *text, int length)
|
||||
{
|
||||
char *hex = NULL;
|
||||
int i, j;
|
||||
|
||||
hex = (char *)dmcalloc(100, sizeof(char));
|
||||
|
||||
for (i = 0, j = 0; i < length; ++i, j += 3) {
|
||||
|
|
|
|||
|
|
@ -326,8 +326,9 @@ int dm_validate_dateTime(char *value);
|
|||
int dm_validate_hexBinary(char *value, struct range_args r_args[], int r_args_size);
|
||||
int dm_validate_string_list(char *value, int min_item, int max_item, int max_size, int min, int max, char *enumeration[], int enumeration_size, char *pattern[], int pattern_size);
|
||||
int dm_validate_unsignedInt_list(char *value, int min_item, int max_item, int max_size, struct range_args r_args[], int r_args_size);
|
||||
char **get_all_iop_certificates(int *length);
|
||||
char *decode64 (char *enc);
|
||||
char *decode64(char *enc);
|
||||
bool file_exists(const char *path);
|
||||
int is_regular_file(const char *path);
|
||||
char *stringToHex(char *text, int length);
|
||||
char *replace_char(char *str, char find, char replace);
|
||||
int is_vlan_termination_section(char *name);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue