d5/d58/stir__shaken_8c_source.html

 /*
  * Asterisk -- An open source telephony toolkit.
  *
  * Copyright (C) 2020, Sangoma Technologies Corporation
  *
  * Kevin Harwell <[email protected]>
  *
  * See http://www.asterisk.org for more information about
  * the Asterisk project. Please do not directly contact
  * any of the maintainers of this project for assistance;
  * the project provides a web site, mailing lists and IRC
  * channels for your use.
  *
  * This program is free software, distributed under the terms of
  * the GNU General Public License Version 2. See the LICENSE file
  * at the top of the source tree.
  */

 /*! \file
  *
  * \brief Internal stir/shaken utilities
  */

 #include "asterisk.h"

 #include <openssl/evp.h>
 #include <openssl/pem.h>

 #include "asterisk/cli.h"
 #include "asterisk/sorcery.h"

 #include "stir_shaken.h"
 #include "asterisk/res_stir_shaken.h"

 int stir_shaken_cli_show(void *obj, void *arg, int flags)
 {
    struct ast_cli_args *a = arg;
    struct ast_variable *options;
    struct ast_variable *i;

    if (!obj) {
       ast_cli(a->fd, "No stir/shaken configuration found\n");
       return 0;
    }

    options = ast_variable_list_sort(ast_sorcery_objectset_create2(
       ast_stir_shaken_sorcery(), obj, AST_HANDLER_ONLY_STRING));
    if (!options) {
       return 0;
    }

    ast_cli(a->fd, "%s: %s\n", ast_sorcery_object_get_type(obj),
       ast_sorcery_object_get_id(obj));

    for (i = options; i; i = i->next) {
       ast_cli(a->fd, "\t%s: %s\n", i->name, i->value);
    }

    ast_cli(a->fd, "\n");

    ast_variables_destroy(options);

    return 0;
 }

 char *stir_shaken_tab_complete_name(const char *word, struct ao2_container *container)
 {
    void *obj;
    struct ao2_iterator it;
    int wordlen = strlen(word);
    int ret;

    it = ao2_iterator_init(container, 0);
    while ((obj = ao2_iterator_next(&it))) {
       if (!strncasecmp(word, ast_sorcery_object_get_id(obj), wordlen)) {
          ret = ast_cli_completion_add(ast_strdup(ast_sorcery_object_get_id(obj)));
          if (ret) {
             ao2_ref(obj, -1);
             break;
          }
       }
       ao2_ref(obj, -1);
    }
    ao2_iterator_destroy(&it);

    return NULL;
 }

 EVP_PKEY *stir_shaken_read_key(const char *path, int priv)
 {
    EVP_PKEY *key = NULL;
    FILE *fp;
    X509 *cert = NULL;

    fp = fopen(path, "r");
    if (!fp) {
       ast_log(LOG_ERROR, "Failed to read %s key file '%s'\n", priv ? "private" : "public", path);
       return NULL;
    }

    /* If this is to get the private key, the file will be ECDSA or RSA, with the former eventually
     * replacing the latter. For the public key, the file will be X.509.
     */
    if (priv) {
       key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
    } else {
       cert = PEM_read_X509(fp, NULL, NULL, NULL);
       if (!cert) {
          ast_log(LOG_ERROR, "Failed to read X.509 cert from file '%s'\n", path);
          fclose(fp);
          return NULL;
       }
       key = X509_get_pubkey(cert);
       /* It's fine to free the cert after we get the key because they are 2
        * independent objects; you don't need a X509 object to be in memory
        * in order to have an EVP_PKEY, and it doesn't rely on it being there.
        */
       X509_free(cert);
    }

    if (!key) {
       ast_log(LOG_ERROR, "Failed to read %s key from file '%s'\n", priv ? "private" : "public", path);
       fclose(fp);
       return NULL;
    }

    if (EVP_PKEY_id(key) != EVP_PKEY_EC && EVP_PKEY_id(key) != EVP_PKEY_RSA) {
       ast_log(LOG_ERROR, "%s key from '%s' must be of type EVP_PKEY_EC or EVP_PKEY_RSA\n",
          priv ? "Private" : "Public", path);
       fclose(fp);
       EVP_PKEY_free(key);
       return NULL;
    }

    fclose(fp);

    return key;
 }

 char *stir_shaken_get_serial_number_x509(const char *path)
 {
    FILE *fp;
    X509 *cert;
    ASN1_INTEGER *serial;
    BIGNUM *bignum;
    char *serial_hex;
    char *ret;

    fp = fopen(path, "r");
    if (!fp) {
       ast_log(LOG_ERROR, "Failed to open file %s\n", path);
       return NULL;
    }

    cert = PEM_read_X509(fp, NULL, NULL, NULL);
    if (!cert) {
       ast_log(LOG_ERROR, "Failed to read X.509 cert from file %s\n", path);
       fclose(fp);
       return NULL;
    }

    serial = X509_get_serialNumber(cert);
    if (!serial) {
       ast_log(LOG_ERROR, "Failed to get serial number from certificate %s\n", path);
       X509_free(cert);
       fclose(fp);
       return NULL;
    }

    bignum = ASN1_INTEGER_to_BN(serial, NULL);
    if (bignum == NULL) {
       ast_log(LOG_ERROR, "Failed to convert serial to bignum for certificate %s\n", path);
       X509_free(cert);
       fclose(fp);
       return NULL;
    }

    /* This will return a string with memory allocated. After we get the string,
     * we don't need the cert, file, or bignum references anymore, so free them
     * and return the string, if BN_bn2hex was a success.
     */
    serial_hex = BN_bn2hex(bignum);
    X509_free(cert);
    fclose(fp);
    BN_free(bignum);

    if (!serial_hex) {
       ast_log(LOG_ERROR, "Failed to convert bignum to hex for certificate %s\n", path);
       return NULL;
    }

    ret = ast_strdup(serial_hex);
    OPENSSL_free(serial_hex);
    if (!ret) {
       ast_log(LOG_ERROR, "Failed to dup serial from openssl for certificate %s\n", path);
       return NULL;
    }

    return ret;
 }
stir_shaken_get_serial_number_x509
char * stir_shaken_get_serial_number_x509(const char *path)
Gets the serial number in hex form from the X509 certificate at path.
Definition: stir_shaken.c:140

ast_variable::next
struct ast_variable * next
Definition: include/asterisk/config.h:90

ast_variable_list_sort
struct ast_variable * ast_variable_list_sort(struct ast_variable *head)
Performs an in-place sort on the variable list by ascending name.
Definition: main/config.c:622

ast_sorcery_objectset_create2
struct ast_variable * ast_sorcery_objectset_create2(const struct ast_sorcery *sorcery, const void *object, enum ast_sorcery_field_handler_flags flags)
Create an object set (KVP list) for an object.
Definition: sorcery.c:1511

asterisk.h
Asterisk main include file. File version handling, generic pbx functions.

ast_variables_destroy
void ast_variables_destroy(struct ast_variable *var)
Free variable list.
Definition: extconf.c:1263

ast_variable
Structure for variables, used for configurations and for channel variables.
Definition: include/asterisk/config.h:83

stir_shaken_read_key
EVP_PKEY * stir_shaken_read_key(const char *path, int priv)
Reads the public (or private) key from the specified path.
Definition: stir_shaken.c:89

ao2_iterator_destroy
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
Definition: astobj2_container.c:534

ast_strdup
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:243

NULL
#define NULL
Definition: resample.c:96

ast_cli
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6

stir_shaken_tab_complete_name
char * stir_shaken_tab_complete_name(const char *word, struct ao2_container *container)
Tab completion for name matching with STIR/SHAKEN CLI commands.
Definition: stir_shaken.c:66

ast_sorcery_object_get_type
const char * ast_sorcery_object_get_type(const void *object)
Get the type of a sorcery object.
Definition: sorcery.c:2324

ast_log
#define ast_log
Definition: astobj2.c:42

ast_variable::value
const char * value
Definition: include/asterisk/config.h:87

ast_cli_args::fd
const int fd
Definition: cli.h:159

ao2_ref
#define ao2_ref(o, delta)
Definition: astobj2.h:464

AST_HANDLER_ONLY_STRING
Use string handler only.
Definition: sorcery.h:137

ast_sorcery_object_get_id
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition: sorcery.c:2312

ast_variable::name
const char * name
Definition: include/asterisk/config.h:85

container
struct ao2_container * container
Definition: res_fax.c:502

stir_shaken_cli_show
int stir_shaken_cli_show(void *obj, void *arg, int flags)
Output configuration settings to the Asterisk CLI.
Definition: stir_shaken.c:35

stir_shaken.h

LOG_ERROR
#define LOG_ERROR
Definition: logger.h:285

ao2_iterator_next
#define ao2_iterator_next(iter)
Definition: astobj2.h:1933

res_stir_shaken.h

ast_stir_shaken_sorcery
struct ast_sorcery * ast_stir_shaken_sorcery(void)
Retrieve the stir/shaken sorcery context.
Definition: res_stir_shaken.c:173

ao2_iterator
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition: astobj2.h:1841

cli.h
Standard Command Line Interface.

ast_cli_args
Definition: cli.h:158

ao2_container
Generic container type.
Definition: astobj2_container_private.h:282

options
static struct test_options options
Definition: test_http_media_cache.c:62

ast_cli_completion_add
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
Definition: main/cli.c:2726

ao2_iterator_init
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
Definition: astobj2_container.c:485

word
short word
Definition: codecs/gsm/inc/private.h:12

sorcery.h
Sorcery Data Access Layer API.

a
static struct test_val a
Definition: test_linkedlists.c:46