cert.cpp

一个用于点对点传输加密的工具包源码

/*
 * Copyright (c) 2001 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *   the documentation and/or other materials provided with the
 *   distribution.
 *
 * 3. Neither the name of the Intel Corporation nor the names of its
 *    contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * cert - simple certificate management.
 *
 */

#include <stdio.h>
#include <ctype.h>
#include <stdarg.h>
#include <string.h>
#include <ptp/id.h>
#include <ptp/store.h>
#include <ptp/debug.h>
#ifdef WIN32
#include <windowsx.h>
#include "resource.h"
#else
#include <sys/stat.h>
#include <sys/types.h>
#endif

#define EXPIRE_DEFAULT (30 * 24 * 60 * 60)

/*
 * Error: Print an error message.
 * @fmt: printf-style format string.
 * ...: Additional arguments.
 */
static void
Error(const char *fmt, ...)
{
	char *buffer = new char[strlen(fmt) + 1024];
	va_list args;
	va_start(args, fmt);
	vsprintf(buffer, fmt, args);
	va_end(args);
	buffer[0] = tolower(buffer[0]);
	printf("cert: %s", buffer);
	delete [] buffer;
}

/*
 * Load: Load a certificate from a file.
 * @path: File pathname.
 * @passwd: Certificate store password or NULL.
 * Returns: Certificate on success or NULL on error.
 */
static PTP::Identity *
Load(const char *path, const char *passwd)
{
	PTP::Identity *id = NULL;
	PTP::Store store(path, passwd, passwd);
	if (store.Load() == 0)
	{
		const PTP::Store::Entry *entry
			= store.Find(PTP::Store::IDENTITY);
		if (entry)
			id = new PTP::Identity(*entry->ident.ident);
	}
	else
		Error("Cannot load `%s'.\n", path);
	return id;
}

/*
 * Save: Save a certificate to a file.
 * @ident: Certificate.
 * @exportkey: 1 to export private key or 0 to not.
 * @path: File pathname.
 * @passwd: Certificate store password or NULL.
 * Returns: 0 on success or -1 on error.
 */
static int
Save(PTP::Identity *ident, const char *path, const char *passwd)
{
	if (!ident)
		return -1;
	PTP::Store store(path, passwd, passwd);
	store.Insert(ident, 0);
	if (store.Save())
		Error("Cannot save `%s'.\n", path);
	return 0;
}

/*
 * Verify: Check validity of the certificate.
 * @store: Certificate store.
 * @ident: Certificate.
 * Returns: 0 on valid certificate or -1 for an invalid certificate.
 */
static int
Verify(PTP::Store *store, PTP::Identity *ident)
{
	PTP::Identity *issuer = ident;
	if (ident && strcmp(ident->GetName(), ident->GetIssuerName()) != 0)
		issuer = store->Find(ident->GetIssuerName());
	return (issuer && issuer->Verify(ident) == 0) ? 0:-1;
}

/*
 * Insert: Insert certificate into store if valid.
 * @store: Certificate store.
 * @ident: Certificate.
 * @exportkey: 1 to export private key or 0 to not.
 * Returns: 0 on sucess or -1 on error.
 */
static int
Insert(PTP::Store *store, PTP::Identity *ident, int exportkey)
{
	if (!ident)
		return -1;
	if (Verify(store, ident))
	{
		Error("Invalid certificate `%s'.\n", ident->GetName());
		return -1;
	}

	PTP::Identity *local = store->Find(NULL, 1);
	if (local && strcmp(local->GetName(), ident->GetName()) == 0)
		return 0;

	PTP::Identity *old = store->Find(ident->GetName(), 0);
	if (old)
		store->Remove(old);
	store->Insert(ident, exportkey);
	return 0;
}

/*
 * Find: Find certificate in store.
 * @store: Certificate store.
 * @name: Subject common name.
 * Returns: Certificate on success or NULL if not found.
 */
static PTP::Identity *
Find(PTP::Store *store, const char *name)
{
	PTP::Identity *ident = store->Find(name, 0);
	if (!ident)
		Error("Cannot find `%s'.\n", name);
	return ident;
}

/*
 * Remove: Remove certificate from store.
 * @store: Certificate store.
 * @name: Subject common name.
 * Returns: 0 on success or -1 on error.
 */
static int
Remove(PTP::Store *store, const char *name)
{
	const PTP::Identity *local = store->Find(NULL, 1);
	PTP::Identity *ident = Find(store, name);
	if (!ident)
		return -1;
	else if (ident == local)
	{
		Error("Cannot remove local certificate.\n", name);
		return -1;
	}
	store->Remove(ident);
	return 0;
}

/*
 * SaveAll: Save certificate store.
 * @store: Certificate store.
 */
static void
SaveAll(PTP::Store *store)
{
	if (store->Save())
		Error("Cannot save certificate store.\n");
}

/*
 * Sign: Sign certificate
 * @store: Certificate store.
 * @ident: Certificate.
 * Returns: 0 on success or -1 on error.
 */
static int
Sign(PTP::Store *store, PTP::Identity *ident, int expire)
{
	const PTP::Identity *local = store->Find(NULL, 1);
	if (!local)
	{
		Error("Cannot find local certificate.\n");
		return -1;
	}
	return local->Sign(ident, expire);
}

#ifdef WIN32

static HINSTANCE g_inst;

/*
 * DisplayContext: Context for &ListCallback and &ShowCallback.
 */
struct DisplayContext
{
	PTP::Store *store;
	const char *path;
	PTP::Identity *ident;
};

static void Show(PTP::Store *store,
		 PTP::Identity *ident,
		 const char *path = NULL);

/*
 * ListCallback: Handle certificate list property page.
 */
static int CALLBACK
ListCallback(HWND wnd, UINT msg, WPARAM wparam, LPARAM lparam)
{
	HWND lwnd = GetDlgItem(wnd, IDC_CERTS);
	DisplayContext *ctx = (DisplayContext*)
		GetWindowLong(wnd, GWL_USERDATA);

	int refresh = 0;
	switch (msg)
	{
	case WM_INITDIALOG:
		ctx = (DisplayContext*)	(((PROPSHEETPAGE*) lparam)->lParam);
		SetWindowLong(wnd, GWL_USERDATA, (long) ctx);
		break;
	case WM_COMMAND:
		{
			int i = ListBox_GetCurSel(lwnd);
			PTP::Identity *ident = (PTP::Identity*)
				((i >= 0) ? ListBox_GetItemData(lwnd, i):NULL);
			if (!ident)
				break;

			switch (LOWORD(wparam))
			{
			case IDC_SIGN:
				Sign(ctx->store, ident, EXPIRE_DEFAULT);
				break;
			case IDC_REMOVE:
				Remove(ctx->store, ident->GetName());
				refresh = 1;
				break;
			case IDC_PROP:
				Show(ctx->store, ident);
				break;
			default:
				return FALSE;
			}
		}
		break;
	case WM_NOTIFY:
		{
			NMHDR *hdr = (NMHDR*) lparam;
			switch (hdr->code)
			{
			case PSN_APPLY:
				SaveAll(ctx->store);
				break;
			case PSN_SETACTIVE:
				refresh = 1;
				break;
			default:
				return FALSE;
			}
		}
		break;
	default:
		return FALSE;
	}

	if (refresh)
	{
		ListBox_ResetContent(lwnd);
		
		PTP::Identity *ident = NULL;
		for (;;)
		{
			ident = ctx->store->Find(NULL, 0, NULL, ident);
			if (!ident)
				break;
			int i = ListBox_AddString(lwnd, ident->GetName());
			ListBox_SetItemData(lwnd, i, ident);
		}
	}

	return TRUE;
}

/*
 * ShowCallback: Handle certificate information property page.
 */
static int CALLBACK
ShowCallback(HWND wnd, UINT msg, WPARAM wparam, LPARAM lparam)
{
	DisplayContext *ctx = (DisplayContext*)
		GetWindowLong(wnd, GWL_USERDATA);

	int refresh = 0;
	switch (msg)
	{
	case WM_INITDIALOG:
		ctx = (DisplayContext*)	(((PROPSHEETPAGE*) lparam)->lParam);
		SetWindowLong(wnd, GWL_USERDATA, (long) ctx);
		break;
	case WM_COMMAND:
		switch (LOWORD(wparam))
		{
		case IDC_IMPORT:
			Insert(ctx->store, ctx->ident, 0);
			break;
		case IDC_REMOVE:
			Remove(ctx->store, ctx->ident->GetName());
			break;
		default:
			return FALSE;