Internal stir/shaken utilities. More...

#include "asterisk.h"
#include <openssl/evp.h>
#include <openssl/pem.h>
#include "asterisk/cli.h"
#include "asterisk/sorcery.h"
#include "stir_shaken.h"
#include "asterisk/res_stir_shaken.h"

Include dependency graph for stir_shaken.c:

Go to the source code of this file.

Functions
int	stir_shaken_cli_show (void obj, void arg, int flags)
	Output configuration settings to the Asterisk CLI. More...

char *	stir_shaken_get_serial_number_x509 (const char *path)
	Gets the serial number in hex form from the X509 certificate at path. More...

EVP_PKEY *	stir_shaken_read_key (const char *path, int priv)
	Reads the public (or private) key from the specified path. More...

char *	stir_shaken_tab_complete_name (const char word, struct ao2_container container)
	Tab completion for name matching with STIR/SHAKEN CLI commands. More...

Detailed Description

Internal stir/shaken utilities.

Definition in file stir_shaken.c.

Function Documentation

◆ stir_shaken_cli_show()

int stir_shaken_cli_show	(	void *	obj,
		void *	arg,
		int	flags
	)

Output configuration settings to the Asterisk CLI.

Parameters

obj	A sorcery object containing configuration data
arg	Asterisk CLI argument object
flags	ao2 container flags

Return values

0

Definition at line 35 of file stir_shaken.c.

References a, ast_cli(), AST_HANDLER_ONLY_STRING, ast_sorcery_object_get_id(), ast_sorcery_object_get_type(), ast_sorcery_objectset_create2(), ast_stir_shaken_sorcery(), ast_variable_list_sort(), ast_variables_destroy(), ast_cli_args::fd, ast_variable::name, ast_variable::next, options, and ast_variable::value.

Referenced by stir_shaken_certificate_show(), stir_shaken_certificate_show_all(), stir_shaken_general_show(), and stir_shaken_store_show().

 {
  struct ast_cli_args *a = arg;
  struct ast_variable *options;
  struct ast_variable *i;
 
  if (!obj) {
  ast_cli(a->fd, "No stir/shaken configuration found\n");
  return 0;
  }
 
  options = ast_variable_list_sort(ast_sorcery_objectset_create2(
  ast_stir_shaken_sorcery(), obj, AST_HANDLER_ONLY_STRING));
  if (!options) {
  return 0;
  }
 
  ast_cli(a->fd, "%s: %s\n", ast_sorcery_object_get_type(obj),
  ast_sorcery_object_get_id(obj));
 
  for (i = options; i; i = i->next) {
  ast_cli(a->fd, "\t%s: %s\n", i->name, i->value);
  }
 
  ast_cli(a->fd, "\n");
 
  ast_variables_destroy(options);
 
  return 0;
 }

◆ stir_shaken_get_serial_number_x509()

char* stir_shaken_get_serial_number_x509 ( const char * path )

Gets the serial number in hex form from the X509 certificate at path.

Note: The returned string will need to be freed by the caller

Parameters

path	The full path of the X509 certificate

Return values

NULL	on failure
serial	number on success

Definition at line 140 of file stir_shaken.c.

References ast_log, ast_strdup, LOG_ERROR, and NULL.

Referenced by curl_public_key().

 {
  FILE *fp;
  X509 *cert;
  ASN1_INTEGER *serial;
  BIGNUM *bignum;
  char *serial_hex;
  char *ret;
 
  fp = fopen(path, "r");
  if (!fp) {
  ast_log(LOG_ERROR, "Failed to open file %s\n", path);
  return NULL;
  }
 
  cert = PEM_read_X509(fp, NULL, NULL, NULL);
  if (!cert) {
  ast_log(LOG_ERROR, "Failed to read X.509 cert from file %s\n", path);
  fclose(fp);
  return NULL;
  }
 
  serial = X509_get_serialNumber(cert);
  if (!serial) {
  ast_log(LOG_ERROR, "Failed to get serial number from certificate %s\n", path);
  X509_free(cert);
  fclose(fp);
  return NULL;
  }
 
  bignum = ASN1_INTEGER_to_BN(serial, NULL);
  if (bignum == NULL) {
  ast_log(LOG_ERROR, "Failed to convert serial to bignum for certificate %s\n", path);
  X509_free(cert);
  fclose(fp);
  return NULL;
  }
 
  /* This will return a string with memory allocated. After we get the string,
  * we don't need the cert, file, or bignum references anymore, so free them
  * and return the string, if BN_bn2hex was a success.
  */
  serial_hex = BN_bn2hex(bignum);
  X509_free(cert);
  fclose(fp);
  BN_free(bignum);
 
  if (!serial_hex) {
  ast_log(LOG_ERROR, "Failed to convert bignum to hex for certificate %s\n", path);
  return NULL;
  }
 
  ret = ast_strdup(serial_hex);
  OPENSSL_free(serial_hex);
  if (!ret) {
  ast_log(LOG_ERROR, "Failed to dup serial from openssl for certificate %s\n", path);
  return NULL;
  }
 
  return ret;
 }

◆ stir_shaken_read_key()

EVP_PKEY* stir_shaken_read_key	(	const char *	path,
		int	priv
	)

Reads the public (or private) key from the specified path.

Parameters

path	The path to the file containing the private key
priv	Specify 0 for public, 1 for private

Return values

NULL	on failure
The	public/private key on success

Definition at line 89 of file stir_shaken.c.

References ast_log, LOG_ERROR, and NULL.

Referenced by ast_stir_shaken_verify(), stir_shaken_certificate_apply(), and test_stir_shaken_create_cert().

 {
  EVP_PKEY *key = NULL;
  FILE *fp;
  X509 *cert = NULL;
 
  fp = fopen(path, "r");
  if (!fp) {
  ast_log(LOG_ERROR, "Failed to read %s key file '%s'\n", priv ? "private" : "public", path);
  return NULL;
  }
 
  /* If this is to get the private key, the file will be ECDSA or RSA, with the former eventually
  * replacing the latter. For the public key, the file will be X.509.
  */
  if (priv) {
  key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
  } else {
  cert = PEM_read_X509(fp, NULL, NULL, NULL);
  if (!cert) {
  ast_log(LOG_ERROR, "Failed to read X.509 cert from file '%s'\n", path);
  fclose(fp);
  return NULL;
  }
  key = X509_get_pubkey(cert);
  /* It's fine to free the cert after we get the key because they are 2
  * independent objects; you don't need a X509 object to be in memory
  * in order to have an EVP_PKEY, and it doesn't rely on it being there.
  */
  X509_free(cert);
  }
 
  if (!key) {
  ast_log(LOG_ERROR, "Failed to read %s key from file '%s'\n", priv ? "private" : "public", path);
  fclose(fp);
  return NULL;
  }
 
  if (EVP_PKEY_id(key) != EVP_PKEY_EC && EVP_PKEY_id(key) != EVP_PKEY_RSA) {
  ast_log(LOG_ERROR, "%s key from '%s' must be of type EVP_PKEY_EC or EVP_PKEY_RSA\n",
  priv ? "Private" : "Public", path);
  fclose(fp);
  EVP_PKEY_free(key);
  return NULL;
  }
 
  fclose(fp);
 
  return key;
 }

◆ stir_shaken_tab_complete_name()

char* stir_shaken_tab_complete_name	(	const char *	word,
		struct ao2_container *	container
	)

Tab completion for name matching with STIR/SHAKEN CLI commands.

Parameters

word	The word to tab complete on
container	The sorcery container to iterate through

Return values

The	tab completion options

Definition at line 66 of file stir_shaken.c.

References ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_completion_add(), ast_sorcery_object_get_id(), ast_strdup, and NULL.

Referenced by stir_shaken_certificate_show(), and stir_shaken_store_show().

 {
  void *obj;
  struct ao2_iterator it;
  int wordlen = strlen(word);
  int ret;
 
  it = ao2_iterator_init(container, 0);
  while ((obj = ao2_iterator_next(&it))) {
  if (!strncasecmp(word, ast_sorcery_object_get_id(obj), wordlen)) {
  ret = ast_cli_completion_add(ast_strdup(ast_sorcery_object_get_id(obj)));
  if (ret) {
  ao2_ref(obj, -1);
  break;
  }
  }
  ao2_ref(obj, -1);
  }
  ao2_iterator_destroy(&it);
 
  return NULL;
 }

Functions

Detailed Description

Function Documentation

◆ stir_shaken_cli_show()

◆ stir_shaken_get_serial_number_x509()

◆ stir_shaken_read_key()

◆ stir_shaken_tab_complete_name()