Line data Source code
1 : /*
2 : SSSD - certificate handling utils
3 :
4 : Copyright (C) Sumit Bose <sbose@redhat.com> 2015
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "util/util.h"
21 : #include "util/cert.h"
22 : #include "util/crypto/sss_crypto.h"
23 :
24 5 : errno_t sss_cert_derb64_to_pem(TALLOC_CTX *mem_ctx, const char *derb64,
25 : char **pem, size_t *pem_size)
26 : {
27 : int ret;
28 : unsigned char *der;
29 : size_t der_size;
30 :
31 5 : if (derb64 == NULL) {
32 1 : return EINVAL;
33 : }
34 :
35 4 : der = sss_base64_decode(mem_ctx, derb64, &der_size);
36 4 : if (der == NULL) {
37 0 : DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
38 0 : return EINVAL;
39 : }
40 :
41 4 : ret = sss_cert_der_to_pem(mem_ctx, der, der_size, pem, pem_size);
42 4 : talloc_free(der);
43 4 : if (ret != EOK) {
44 0 : DEBUG(SSSDBG_OP_FAILURE, "sss_cert_der_to_pem failed.\n");
45 : }
46 :
47 4 : return ret;
48 : }
49 :
50 2 : errno_t sss_cert_pem_to_derb64(TALLOC_CTX *mem_ctx, const char *pem,
51 : char **derb64)
52 : {
53 : int ret;
54 : uint8_t *der;
55 : size_t der_size;
56 :
57 2 : ret = sss_cert_pem_to_der(mem_ctx, pem, &der, &der_size);
58 2 : if (ret != EOK) {
59 1 : DEBUG(SSSDBG_OP_FAILURE, "sss_cert_pem_to_der failed.\n");
60 1 : return ret;
61 : }
62 :
63 1 : *derb64 = sss_base64_encode(mem_ctx, der, der_size);
64 1 : talloc_free(der);
65 1 : if (*derb64 == NULL) {
66 0 : DEBUG(SSSDBG_OP_FAILURE, "sss_base64_encode failed.\n");
67 0 : return EINVAL;
68 : }
69 :
70 1 : return EOK;
71 : }
72 :
73 21 : errno_t sss_cert_derb64_to_ldap_filter(TALLOC_CTX *mem_ctx, const char *derb64,
74 : const char *attr_name,
75 : char **ldap_filter)
76 : {
77 : int ret;
78 : unsigned char *der;
79 : size_t der_size;
80 : char *val;
81 :
82 21 : if (derb64 == NULL || attr_name == NULL) {
83 1 : return EINVAL;
84 : }
85 :
86 20 : der = sss_base64_decode(mem_ctx, derb64, &der_size);
87 20 : if (der == NULL) {
88 0 : DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
89 0 : return EINVAL;
90 : }
91 :
92 20 : ret = bin_to_ldap_filter_value(mem_ctx, der, der_size, &val);
93 20 : talloc_free(der);
94 20 : if (ret != EOK) {
95 0 : DEBUG(SSSDBG_OP_FAILURE, "bin_to_ldap_filter_value failed.\n");
96 0 : return ret;
97 : }
98 :
99 20 : *ldap_filter = talloc_asprintf(mem_ctx, "(%s=%s)", attr_name, val);
100 20 : talloc_free(val);
101 20 : if (*ldap_filter == NULL) {
102 0 : DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
103 0 : return ENOMEM;
104 : }
105 :
106 20 : return EOK;
107 : }
108 :
109 25 : errno_t bin_to_ldap_filter_value(TALLOC_CTX *mem_ctx,
110 : const uint8_t *blob, size_t blob_size,
111 : char **_str)
112 : {
113 : int ret;
114 : size_t c;
115 : size_t len;
116 25 : char *str = NULL;
117 : char *p;
118 :
119 25 : if (blob == NULL || blob_size == 0 || _str == NULL) {
120 1 : DEBUG(SSSDBG_OP_FAILURE, "Missing input parameter.\n");
121 1 : return EINVAL;
122 : }
123 :
124 24 : len = (blob_size * 3) + 1;
125 24 : str = talloc_size(mem_ctx, len);
126 24 : if (str == NULL) {
127 0 : DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
128 0 : return ENOMEM;
129 : }
130 24 : str[len - 1] = '\0';
131 :
132 24 : p = str;
133 17701 : for (c = 0; c < blob_size; c++) {
134 17677 : ret = snprintf(p, 4, "\\%02x", blob[c]);
135 17677 : if (ret != 3) {
136 0 : DEBUG(SSSDBG_OP_FAILURE, "snprintf failed.\n");
137 0 : ret = EIO;
138 0 : goto done;
139 : }
140 :
141 17677 : p += 3;
142 : }
143 :
144 24 : ret = EOK;
145 :
146 : done:
147 24 : if (ret == EOK) {
148 24 : *_str = str;
149 : } else {
150 0 : talloc_free(str);
151 : }
152 :
153 24 : return ret;
154 : }
|
