Newer
Older
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p_public_enc_comp_key, ecc_compressed_mode::compressed_y_0);
p_public_enc_key_x = ecc.public_key_x();
p_public_enc_key_y = ecc.public_key_y();
p_public_enc_comp_key_mode = INTEGER(0);
} else if (p.publicKey().eciesBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
p_public_enc_comp_key = p.publicKey().eciesBrainpoolP256r1().compressed__y__1();
security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p_public_enc_comp_key, ecc_compressed_mode::compressed_y_1);
p_public_enc_key_x = ecc.public_key_x();
p_public_enc_key_y = ecc.public_key_y();
p_public_enc_comp_key_mode = INTEGER(1);
} else if (p.publicKey().eciesBrainpoolP256r1().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
p_public_enc_key_x = p.publicKey().eciesBrainpoolP256r1().uncompressedP256().x();
p_public_enc_key_y = p.publicKey().eciesBrainpoolP256r1().uncompressedP256().y();
} else {
loggers::get_instance().error("security_services::extract_encryption_keys: Unsupported EncryptionKey");
return -1;
}
} else {
loggers::get_instance().error("security_services::extract_encryption_keys: Unsupported EncryptionKey");
return -1;
}
} else {
loggers::get_instance().warning("security_services::extract_encryption_keys: EncryptionKey omitted");
p_public_enc_key_x = OCTETSTRING(0, nullptr);
p_public_enc_key_y = OCTETSTRING(0, nullptr);
p_public_enc_comp_key = OCTETSTRING(0, nullptr);
}
return 0;
} // End of method extract_encryption_keys
int security_services::extract_and_store_certificate(const IEEE1609dot2::CertificateBase& p_certificate, std::string& p_certificate_id) {
loggers::get_instance().log_msg(">>> security_services::extract_and_store_certificate: ", p_certificate);
// Encode certificate
etsi_ts103097_certificate_codec codec;
OCTETSTRING enc_cert;
codec.encode(p_certificate, enc_cert);
if (enc_cert.lengthof() == 0) {
loggers::get_instance().warning("security_services::extract_and_store_certificate: Failed to encode certificate");
return -1;
}
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Encoded certificate=", enc_cert);
int result = -1;
if (p_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
// Calculate the hash according to the hashId
OCTETSTRING hash_cert;
hash_sha256(enc_cert, hash_cert);
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: hash_cert= ", hash_cert);
const OCTETSTRING hashed_id8 = substr(hash_cert, hash_cert.lengthof() - 8, 8);
// Retrieve the certificate identifier from digest
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Retrieve the certificate identifier from digest: ", hashed_id8);
result = _security_db.get()->get_certificate_id(hashed_id8, p_certificate_id);
if (result == -1) { // Not found in current DB
if (_security_cache.get()->get_certificate_id(hashed_id8, p_certificate_id) == -1) { // Not found in TS cache
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
// const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
// p_certificate_id = converter::get_instance().bytes_to_hexa(v);
p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
// Add it into the cache
OCTETSTRING public_key_x, public_key_y, public_comp_key;
INTEGER public_comp_key_mode;
if (extract_verification_keys(p_certificate, public_key_x, public_key_y, public_comp_key, public_comp_key_mode) == -1) {
loggers::get_instance().error("security_services::extract_and_store_certificate: Unsupported EncryptionKey");
return -1;
}
// Add encryption keys
OCTETSTRING public_enc_key_x, public_enc_key_y, public_enc_comp_key;
INTEGER public_enc_comp_key_mode;
if (extract_encryption_keys(p_certificate, public_enc_key_x, public_enc_key_y, public_enc_comp_key, public_enc_comp_key_mode) == -1) {
loggers::get_instance().error("security_services::extract_and_store_certificate: Unsupported EncryptionKey");
return -1;
}
// And store it into the cache
_security_cache.get()->store_certificate(
CHARSTRING(p_certificate_id.c_str()),
enc_cert,
int2oct(0, 32), // No way to get the private key here
public_key_x,
public_key_y,
public_comp_key,
public_comp_key_mode,
hash_cert,
p_certificate.issuer().sha256AndDigest(),
OCTETSTRING(0, nullptr), // Encryption private not used
public_enc_key_y,
public_enc_comp_key,
public_enc_comp_key_mode
);
}
}
} else if (p_certificate.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
// Calculate the hash according to the hashId
OCTETSTRING hash_cert;
hash_sha384(enc_cert, hash_cert);
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: hash_cert= ", hash_cert);
const OCTETSTRING hashed_id8 = substr(hash_cert, hash_cert.lengthof() - 8, 8);
// Retrieve the certificate identifier from digest
loggers::get_instance().log("security_services::extract_and_store_certificate: Retrieve the certificate identifier from digest");
result = _security_db.get()->get_certificate_id(hashed_id8, p_certificate_id);
if (result == -1) {
if (_security_cache.get()->get_certificate_id(hashed_id8, p_certificate_id) == -1) {
loggers::get_instance().log_msg("security_services::extract_and_store_certificate: Store new certificate in cache: ", p_certificate);
// const std::vector<unsigned char> v(static_cast<const unsigned char*>(hashed_id8), static_cast<const unsigned char*>(hashed_id8) + hashed_id8.lengthof());
// p_certificate_id = converter::get_instance().bytes_to_hexa(v);
p_certificate_id = std::string(static_cast<const char*>(oct2char(hashed_id8)));
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
// Add it into the cache
OCTETSTRING public_key_x, public_key_y, public_comp_key;
INTEGER public_comp_key_mode;
if (extract_verification_keys(p_certificate, public_key_x, public_key_y, public_comp_key, public_comp_key_mode) == -1) {
loggers::get_instance().error("security_services::extract_and_store_certificate: Unsupported EncryptionKey");
return -1;
}
// Add encryption keys
OCTETSTRING public_enc_key_x, public_enc_key_y, public_enc_comp_key;
INTEGER public_enc_comp_key_mode;
if (extract_encryption_keys(p_certificate, public_enc_key_x, public_enc_key_y, public_enc_comp_key, public_enc_comp_key_mode) == -1) {
loggers::get_instance().error("security_services::extract_and_store_certificate: Unsupported EncryptionKey");
return -1;
}
// And store it into the cache
_security_cache.get()->store_certificate(
CHARSTRING(p_certificate_id.c_str()),
enc_cert,
int2oct(0, 48), // No way to get the private key here
public_key_x,
public_key_y,
public_comp_key,
public_comp_key_mode,
hash_cert,
p_certificate.issuer().sha384AndDigest(),
OCTETSTRING(0, nullptr), // Encryption private not used
public_enc_key_y,
public_enc_comp_key,
public_enc_comp_key_mode
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
);
}
}
} else {
loggers::get_instance().error("security_services::extract_and_store_certificate: Unsupported issuer");
return -1;
}
return 0;
} // End of method extract_and_store_certificate
int security_services::read_certificate(const CHARSTRING& p_certificate_id, OCTETSTRING& p_certificate) const {
return _security_db.get()->get_certificate(std::string(static_cast<const char*>(p_certificate_id)), p_certificate);
}
int security_services::read_certificate_digest(const CHARSTRING& p_certificate_id, OCTETSTRING& p_digest) const {
return _security_db.get()->get_hashed_id(std::string(static_cast<const char*>(p_certificate_id)), p_digest);
}
int security_services::read_certificate_hash(const CHARSTRING& p_certificate_id, OCTETSTRING& p_hash) const {
return _security_db.get()->get_hash(std::string(static_cast<const char*>(p_certificate_id)), p_hash);
}
int security_services::read_certificate_from_digest(const OCTETSTRING& p_digest, CHARSTRING& p_certificate_id) const {
std::string certificate_id;
if (_security_db.get()->get_certificate_id(p_digest, certificate_id) != -1) {
p_certificate_id = CHARSTRING(certificate_id.c_str());
return 0;
}
return -1;
}
int security_services::read_private_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_key) const {
return _security_db.get()->get_private_key(std::string(static_cast<const char*>(p_certificate_id)), p_private_key);
}
int security_services::read_private_enc_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_enc_key) const {
return _security_db.get()->get_private_enc_key(std::string(static_cast<const char*>(p_certificate_id)), p_private_enc_key);
}