Browse Source

load certificates and verify signatures

pull/118/head
orignal 10 years ago
parent
commit
0a9eca9f94
  1. 57
      Reseed.cpp
  2. 4
      Reseed.h
  3. 5
      util.cpp
  4. 1
      util.h

57
Reseed.cpp

@ -11,6 +11,7 @@
#include "Reseed.h" #include "Reseed.h"
#include "Log.h" #include "Log.h"
#include "Identity.h" #include "Identity.h"
#include "Signature.h"
#include "NetDb.h" #include "NetDb.h"
#include "util.h" #include "util.h"
@ -211,8 +212,37 @@ namespace data
s.seekg (12, std::ios::cur); // unused s.seekg (12, std::ios::cur); // unused
s.seekg (versionLength, std::ios::cur); // skip version s.seekg (versionLength, std::ios::cur); // skip version
s.seekg (signerIDLength, std::ios::cur); // skip signer ID char signerID[256];
s.read (signerID, signerIDLength); // signerID
signerID[signerIDLength] = 0;
//try to verify signature
auto it = m_SigningKeys.find (signerID);
if (it != m_SigningKeys.end ())
{
// TODO: implement all signature types
if (signatureType == SIGNING_KEY_TYPE_RSA_SHA512_4096)
{
i2p::crypto::RSASHA5124096Verifier verifier(it->second);
size_t pos = s.tellg ();
size_t tbsLen = pos + contentLength;
uint8_t * tbs = new uint8_t[tbsLen];
s.seekg (0, std::ios::beg);
s.read ((char *)tbs, tbsLen);
uint8_t * signature = new uint8_t[signatureLength];
s.read ((char *)signature, signatureLength);
if (!verifier.Verify (tbs, tbsLen, signature))
LogPrint (eLogWarning, "SU3 signature verification failed");
delete[] signature;
delete[] tbs;
s.seekg (pos, std::ios::beg);
}
else
LogPrint (eLogWarning, "Signature type ", signatureType, " is not supported");
}
else
LogPrint (eLogWarning, "Certificate for ", signerID, " not loaded");
// handle content // handle content
int numFiles = 0; int numFiles = 0;
size_t contentPos = s.tellg (); size_t contentPos = s.tellg ();
@ -428,6 +458,29 @@ namespace data
LogPrint (eLogError, "Can't open certificate file ", filename); LogPrint (eLogError, "Can't open certificate file ", filename);
} }
void Reseeder::LoadCertificates ()
{
boost::filesystem::path reseedDir = i2p::util::filesystem::GetCertificatesDir() / "reseed";
if (!boost::filesystem::exists (reseedDir))
{
LogPrint (eLogWarning, "Reseed certificates not loaded. ", reseedDir, " doesn't exist");
return;
}
int numCertificates = 0;
boost::filesystem::directory_iterator end; // empty
for (boost::filesystem::directory_iterator it (reseedDir); it != end; ++it)
{
if (boost::filesystem::is_regular_file (it->status()) && it->path ().extension () == ".crt")
{
LoadCertificate (it->path ().string ());
numCertificates++;
}
}
LogPrint (eLogInfo, numCertificates, " certificates loaded");
}
} }
} }

4
Reseed.h

@ -23,10 +23,12 @@ namespace data
bool reseedNow(); // depreacted bool reseedNow(); // depreacted
int ReseedNowSU3 (); int ReseedNowSU3 ();
void LoadCertificate (const std::string& filename); void LoadCertificates ();
private: private:
void LoadCertificate (const std::string& filename);
int ReseedFromSU3 (const std::string& host); int ReseedFromSU3 (const std::string& host);
int ProcessSU3File (const char * filename); int ProcessSU3File (const char * filename);
int ProcessSU3Stream (std::istream& s); int ProcessSU3Stream (std::istream& s);

5
util.cpp

@ -211,6 +211,11 @@ namespace filesystem
#endif #endif
#endif #endif
} }
boost::filesystem::path GetCertificatesDir()
{
return GetDataDir () / "certificates";
}
} }
namespace http namespace http

1
util.h

@ -34,6 +34,7 @@ namespace util
boost::filesystem::path GetConfigFile(); boost::filesystem::path GetConfigFile();
void ReadConfigFile(std::map<std::string, std::string>& mapSettingsRet, void ReadConfigFile(std::map<std::string, std::string>& mapSettingsRet,
std::map<std::string, std::vector<std::string> >& mapMultiSettingsRet); std::map<std::string, std::vector<std::string> >& mapMultiSettingsRet);
boost::filesystem::path GetCertificatesDir();
} }
namespace http namespace http

Loading…
Cancel
Save