Skip to content

GitLab

Commit 253ec340 authored by garciay's avatar garciay
Browse files

Validation of TD_AUTO_IOT_DENM_SVW_BV_01 done

parent 0ec9a035
Hide whitespace changes
Inline Side-by-side
Showing with 200 additions and 137 deletions
ccsrc/Protocols/GeoNetworking/GeoNetworkingLayer.cc
View file @ 253ec340
......@@ -173,8 +173,14 @@ void GeoNetworkingLayer::receiveData(OCTETSTRING& data, Params& params) {
// Verify and extract the GeoNetworking Secured Packet as specified in ETSI EN 302 636-4-1 V1.3.1 (2017-08) Clause 9.4 GeoNetworking Secured Packet
OCTETSTRING unsecured_gn_payload;
OCTETSTRING secured_data = OCTETSTRING(data.lengthof() - basic_header_len, static_cast<const unsigned char*>(data) + basic_header_len);
///////////////////
if (*static_cast<const unsigned char*>(secured_data) == 0x02) { // This is the old Security version format, discard it
loggers::get_instance().warning("GeoNetworkingLayer::receiveData: Old security format, discard it");
return;
}
///////////////////
if (security_services::get_instance().verify_and_extract_gn_payload(secured_data, _enable_security_checks, unsecured_gn_payload, params) != 0) {
loggers::get_instance().warning("GeoNetworkingLayer::receiveData: security error");
loggers::get_instance().warning("GeoNetworkingLayer::receiveData: Security error");
if (_enable_security_checks) {
return;
}
......
ccsrc/Protocols/Security/certificates_loader.cc
View file @ 253ec340
......@@ -10,7 +10,7 @@ namespace fs = std::experimental::filesystem;
certificates_loader * certificates_loader::instance = nullptr;
certificates_loader::certificates_loader(): _certificateExt{".crt"}, _privateKeyExt{".pkey"}, _publicKeysExt{".vkey"}, _full_path(), _is_cache_initialized{false}, _directory_filter{".svn", "._.DS_Store", ".DS_Store"} {
certificates_loader::certificates_loader(): _certificateExt{".crt"}, _privateKeyExt{".pkey"}, _publicKeysExt{".vkey"}, _hashedidDigestExt{".hashedid"}, _issuerDigestExt{".issuer"}, _full_path(), _is_cache_initialized{false}, _directory_filter{".svn", "._.DS_Store", ".DS_Store"} {
loggers::get_instance().log(">>> certificates_loader::certificates_loader");
} // End of ctor
......@@ -20,12 +20,15 @@ int certificates_loader::build_path(const std::string& p_root_directory) {
// Build full path
if (!p_root_directory.empty()) {
_full_path = p_root_directory;
if (!std::experimental::filesystem::is_directory(_full_path)) {
_full_path = "./";
}
} else {
_full_path = "./";
}
fs::canonical(_full_path);
std::experimental::filesystem::canonical(_full_path);
loggers::get_instance().log("certificates_loader::build_path: full path: %s", _full_path.string().c_str());
if (!fs::exists(_full_path)) {
if (!std::experimental::filesystem::exists(_full_path)) {
loggers::get_instance().warning("certificates_loader::build_path: Invalid path");
_full_path.clear();
return -1;
......@@ -34,25 +37,23 @@ int certificates_loader::build_path(const std::string& p_root_directory) {
return 0;
} // End of method build_path
int certificates_loader::load_certificates(std::map<const std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<const std::vector<unsigned char>, const std::string&>& p_hashed_id8s) {
int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s) {
loggers::get_instance().log(">>> certificates_loader::load_certificates");
// Sanity check
if (_full_path.empty()) {
return -1;
}
if (_is_cache_initialized) {
return 0;
}
// Retrieve the list of the files in the path
std::set<fs::path> files;
std::set<std::experimental::filesystem::path> files;
if (retrieve_certificates_list(files) == -1) {
loggers::get_instance().warning("certificates_loader::load_certificates: Failed to build the list of certificate files");
return -1;
}
// Build the certificates cache
if (build_certificates_cache(files, p_certificates, p_hashed_id8s) == -1) {
loggers::get_instance().warning("certificates_loader::load_certificates: Failed to build the certificate cache");
return -1;
}
......@@ -65,10 +66,10 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
loggers::get_instance().log(">>> certificates_loader::retrieve_certificates_list");
// Walk through directories
std::set<fs::path> folders;
for (const fs::directory_entry it : fs::recursive_directory_iterator(_full_path.string())) {
std::set<std::experimental::filesystem::path> folders;
for (const std::experimental::filesystem::directory_entry it : std::experimental::filesystem::recursive_directory_iterator(_full_path.string())) {
loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Processing directory '%s'", it.path().string().c_str());
if (fs::is_directory(it)) {
if (std::experimental::filesystem::is_directory(it)) {
std::set<std::string>::const_iterator i = _directory_filter.find(it.path().filename());
if (i != _directory_filter.cend()) {
loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Exclude directory '%s'", it.path().string().c_str());
......@@ -86,11 +87,11 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
// Process files
p_files.clear();
std::set<std::string> extensions_filter{ _certificateExt, _privateKeyExt, _publicKeysExt };
for (std::set<fs::path>::const_reverse_iterator f = folders.crbegin(); f != folders.crend(); ++f) {
for (std::set<std::experimental::filesystem::path>::const_reverse_iterator f = folders.crbegin(); f != folders.crend(); ++f) {
loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Processing directory '%s'", f->string().c_str());
for(const fs::directory_entry it : fs::recursive_directory_iterator(*f)) {
for(const std::experimental::filesystem::directory_entry it : std::experimental::filesystem::recursive_directory_iterator(*f)) {
loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Processing file '%s'", it.path().filename().string().c_str());
if (fs::is_regular_file(it)) {
if (std::experimental::filesystem::is_regular_file(it)) {
loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Check extension '%s'", it.path().extension().string().c_str());
std::set<std::string>::const_iterator i = extensions_filter.find(it.path().extension().string());
if (i != extensions_filter.cend()) {
......@@ -109,13 +110,13 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
return 0;
} // End of method retrieve_certificates_list
int certificates_loader::build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<const std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<const std::vector<unsigned char>, const std::string&>& p_hashed_id8s) {
int certificates_loader::build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s) {
loggers::get_instance().log(">>> certificates_loader::build_certificates_cache");
std::set<std::experimental::filesystem::path>::const_iterator it = p_files.cbegin();
do {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching '%s'", it->string().c_str());
fs::path p = *it;
std::experimental::filesystem::path p = *it;
std::string key = p.filename();
// Load certificate file
......@@ -126,12 +127,31 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching certificate '%s'", it->string().c_str());
std::ifstream is(it->string(), ios::in | ios::binary);
std::vector<unsigned char> certificate(fs::file_size(*it), 0x00);
std::vector<unsigned char> certificate(std::experimental::filesystem::file_size(*it), 0x00);
is.read(reinterpret_cast<char *>(certificate.data()), certificate.size());
is.close();
// Remove items from the list
p_files.erase(it);
// Load private key file
it = p_files.find(p.replace_extension(_privateKeyExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private keys file not found for '%s'", key.c_str());
return -1;
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching private keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
int size = std::experimental::filesystem::file_size(*it);
if ((size != 32) && (size != 48)) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Private keys file not found for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> private_key(size, 0x00);
is.read(reinterpret_cast<char *>(private_key.data()), private_key.size());
is.close();
// Remove items from the list
p_files.erase(it);
// Load public key file
it = p_files.find(p.replace_extension(_publicKeysExt));
if (it == p_files.cend()) {
......@@ -140,7 +160,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching public keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
int size = fs::file_size(*it);
size = std::experimental::filesystem::file_size(*it);
if ((size != 64) && (size != 96)) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Public keys file not found for '%s'", key.c_str());
return -1;
......@@ -153,26 +173,62 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
// Remove items from the list
p_files.erase(it);
// FIXME Caching private key, digest and issuer
// Load issuer
it = p_files.find(p.replace_extension(_issuerDigestExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Issuer keys file not found for '%s'", key.c_str());
return -1;
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching issuer keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if (size != 8) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Issuer keys file not found for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> issuer(size, 0x00);
is.read(reinterpret_cast<char *>(issuer.data()), issuer.size());
is.close();
// Remove items from the list
p_files.erase(it);
// Load hashed_id
it = p_files.find(p.replace_extension(_hashedidDigestExt));
if (it == p_files.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Hashed_Id keys file not found for '%s'", key.c_str());
return -1;
}
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching hashed_id keys '%s'", it->string().c_str());
is.open(it->string(), ios::in | ios::binary);
size = std::experimental::filesystem::file_size(*it);
if (size != 8) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Hashed_Id keys file not found for '%s'", key.c_str());
return -1;
}
std::vector<unsigned char> hashed_id(size, 0x00);
is.read(reinterpret_cast<char *>(hashed_id.data()), hashed_id.size());
is.close();
// Remove items from the list
p_files.erase(it);
// FIXME create new record
/*p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(
// Create new record
p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(
new security_db_record(
key,
certificate, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
hashed_id, // Hashed ID
private_key, // Private key
public_key_x, // Public key X
public_key_y // Public key Y
))
));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator i = p_certificates.find(key);
if (i == _certificates.cend()) {
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator i = p_certificates.find(key);
if (i == p_certificates.cend()) {
loggers::get_instance().warning("certificates_loader::build_certificates_cache: Failed to insert new record '%s'", key.c_str());
return -1;
}
p_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(i->second.get()->hashed_id(), i->first));*/
p_hashed_id8s.insert(std::pair<std::vector<unsigned char>, std::string>(i->second.get()->hashed_id(), i->first));
// Reset pointer
it = p_files.cbegin();
......@@ -181,3 +237,74 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
return 0;
} // End of method build_certificates_cache
int certificates_loader::save_certificate(const security_db_record& p_certificate) {
loggers::get_instance().log(">>> certificates_loader::save_certificate");
// Certificate file
std::experimental::filesystem::path p(_full_path);
p /= p_certificate.certificate_id();
p += _certificateExt;//, _privateKeyExt{".pkey"}, _publicKeysExt{".vkey"}
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Certificate file: '%s'", p.string().c_str());
std::ofstream os(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.certificate().data()), p_certificate.certificate().size());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Private key
p = _full_path;
p /= p_certificate.certificate_id();
p += _privateKeyExt; // _publicKeysExt{".vkey"}
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Private key file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.private_key().data()), p_certificate.private_key().size());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Public keys
p = _full_path;
p /= p_certificate.certificate_id();
p += _publicKeysExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Public key file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.public_key_x().data()), p_certificate.public_key_x().size());
os.write(reinterpret_cast<const char *>(p_certificate.public_key_y().data()), p_certificate.public_key_y().size());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Issuer
p = _full_path;
p /= p_certificate.certificate_id();
p += _issuerDigestExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Issuer digest file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.hashed_id_issuer().data()), p_certificate.hashed_id_issuer().size());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
// Hashedid8
p = _full_path;
p /= p_certificate.certificate_id();
p += _hashedidDigestExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
loggers::get_instance().log("certificates_loader::save_certificate: Hashedid8 digest file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.hashed_id().data()), p_certificate.hashed_id().size());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
return 0;
} // End of method save_certificate
ccsrc/Protocols/Security/certificates_loader.hh
View file @ 253ec340
......@@ -21,6 +21,10 @@ class certificates_loader {
std::string _publicKeysExt;
std::string _hashedidDigestExt;
std::string _issuerDigestExt;
/*!
* \brief The full folder path to load certificates
*/
......@@ -67,10 +71,13 @@ public: /*! \publicsection */
int build_path(const std::string& p_root_directory);
int load_certificates(std::map<const std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<const std::vector<unsigned char>, const std::string&>& p_hashed_id8s);
int load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s);
//int load_certificate(std::unique_ptr<security_db_record> >& p_certificate, std::map<const std::vector<unsigned char>, const std::string&>& p_hashed_id8s);
int save_certificate(const security_db_record& p_certificate);
private:
int retrieve_certificates_list(std::set<std::experimental::filesystem::path>& p_files);
int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<const std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<const std::vector<unsigned char>, const std::string&>& p_hashed_id8s);
int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s);
}; // End of class certificates_loader
ccsrc/Protocols/Security/security_db.cc
View file @ 253ec340
......@@ -15,13 +15,8 @@ security_db::security_db(): _certificates(), _hashed_id8s() {
security_db::security_db(const std::string& p_db_path): security_db() {
loggers::get_instance().log(">>> security_db::security_db: '%s'", p_db_path.c_str());
if (p_db_path.empty()) {
simulate_certificates();
dump();
} else {
load_from_files(p_db_path);
dump();
}
load_from_files(p_db_path);
dump();
} // End of ctor
security_db::~security_db() {
......@@ -39,7 +34,7 @@ int security_db::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string
loggers::get_instance().log_msg(">>> security_db::get_certificate_id: ", p_hashed_id8);
std::vector<unsigned char> key(static_cast<const unsigned char*>(p_hashed_id8), p_hashed_id8.lengthof() + static_cast<const unsigned char*>(p_hashed_id8));
std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.find(key);
std::map<std::vector<unsigned char>, std::string>::const_iterator it = _hashed_id8s.find(key);
if (it == _hashed_id8s.cend()) {
p_certifcate_id = "";
return -1;
......@@ -52,7 +47,7 @@ int security_db::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string
int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRING& p_certificate) const {
loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str());
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
if (it == _certificates.cend()) {
loggers::get_instance().warning("security_db::get_certificate: record not found");
return -1;
......@@ -66,7 +61,7 @@ int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRIN
int security_db::get_hashed_id_issuer(const std::string& p_certificate_id, OCTETSTRING& p_hashed_id_issuer) const {
loggers::get_instance().log(">>> security_db::get_hashed_id_issuer: '%s'", p_certificate_id.c_str());
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
if (it == _certificates.cend()) {
loggers::get_instance().warning("security_db::get_certificate: record not found");
return -1;
......@@ -80,7 +75,7 @@ int security_db::get_hashed_id_issuer(const std::string& p_certificate_id, OCTET
int security_db::get_hashed_id(const std::string& p_certificate_id, OCTETSTRING& p_hashed_id) const {
loggers::get_instance().log(">>> security_db::get_hashed_id: '%s'", p_certificate_id.c_str());
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
if (it == _certificates.cend()) {
loggers::get_instance().warning("security_db::get_certificate: record not found");
return -1;
......@@ -94,7 +89,7 @@ int security_db::get_hashed_id(const std::string& p_certificate_id, OCTETSTRING&
int security_db::get_private_key(const std::string& p_certificate_id, OCTETSTRING& p_private_key) const {
loggers::get_instance().log(">>> security_db::get_private_key: '%s'", p_certificate_id.c_str());
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
if (it == _certificates.cend()) {
loggers::get_instance().warning("security_db::get_certificate: record not found");
return -1;
......@@ -108,7 +103,7 @@ int security_db::get_private_key(const std::string& p_certificate_id, OCTETSTRIN
int security_db::get_public_keys(const std::string& p_certificate_id, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) const {
loggers::get_instance().log(">>> security_db::get_public_keys: '%s'", p_certificate_id.c_str());
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
if (it == _certificates.cend()) {
loggers::get_instance().warning("security_db::get_certificate: record not found");
return -1;
......@@ -125,12 +120,12 @@ int security_db::load_from_files(const std::string& p_db_path) {
loggers::get_instance().log(">>> security_db::load_from_files: '%s'", p_db_path.c_str());
if (certificates_loader::get_instance().build_path(p_db_path) == -1) {
loggers::get_instance().log(">>> security_db::load_from_files: certificates_loader::build_path metthod failed");
loggers::get_instance().log(">>> security_db::load_from_files: certificates_loader::build_path method failed");
return -1;
}
if (certificates_loader::get_instance().load_certificates(_certificates, _hashed_id8s) == -1) {
loggers::get_instance().log(">>> security_db::load_from_files: certificates_loader::load_certificates metthod failed");
loggers::get_instance().log(">>> security_db::load_from_files: certificates_loader::load_certificates method failed");
return -1;
}
......@@ -140,7 +135,7 @@ int security_db::load_from_files(const std::string& p_db_path) {
int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_hashed_id8, const OCTETSTRING& p_issuer) {
loggers::get_instance().log_msg(">>> security_db::store_certificate: ", p_cert_id);
const std::string key(static_cast<const char*>(p_cert_id));
std::string key(static_cast<const char*>(p_cert_id));
std::vector<unsigned char> cert(static_cast<const unsigned char*>(p_cert), static_cast<const unsigned char*>(p_cert) + p_cert.lengthof());
std::vector<unsigned char> private_key(static_cast<const unsigned char*>(p_private_key), static_cast<const unsigned char*>(p_private_key) + p_private_key.lengthof());
std::vector<unsigned char> public_key_x(static_cast<const unsigned char*>(p_public_key_x), static_cast<const unsigned char*>(p_public_key_x) + p_public_key_x.lengthof());
......@@ -159,24 +154,28 @@ int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRIN
if (p == nullptr) {
return -1;
}
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator i = _certificates.find(key);
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator i = _certificates.find(key);
if (i != _certificates.cend()) {
_certificates.erase(i);
}
std::map<const std::vector<unsigned char>, const std::string&>::const_iterator h = _hashed_id8s.find(hashed_id8);
std::map<std::vector<unsigned char>, std::string>::const_iterator h = _hashed_id8s.find(hashed_id8);
if (h != _hashed_id8s.cend()) {
_hashed_id8s.erase(h);
}
_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p)));
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(hashed_id8, key));
_certificates.insert(std::pair<std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(p)));
_hashed_id8s.insert(std::pair<std::vector<unsigned char>, std::string&>(hashed_id8, key));
dump();
if (certificates_loader::get_instance().save_certificate(*p) == -1) {
return -1;
}
return 0;
}
void security_db::dump() const {
loggers::get_instance().log("security_db::dump_certificates: # items = %d", _certificates.size());
for (std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.cbegin(); it != _certificates.cend(); ++it) {
for (std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.cbegin(); it != _certificates.cend(); ++it) {
security_db_record* p = it->second.get();
loggers::get_instance().log("security_db::dump: certificate_id = %s", p->certificate_id().c_str());
loggers::get_instance().log_to_hexa("security_db::dump: certificate = ", p->certificate().data(), p->certificate().size());
......@@ -186,86 +185,7 @@ void security_db::dump() const {
loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size());
loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size());
} // End of 'for' statement
for (std::map<const std::vector<unsigned char>, const std::string&>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) {
for (std::map<std::vector<unsigned char>, std::string>::const_iterator it = _hashed_id8s.cbegin(); it != _hashed_id8s.cend(); ++it) {
loggers::get_instance().log("security_db::dump: Hashedid8 idx = %s", it->second.c_str());
} // End of 'for' statement
} // End of method dump
int security_db::simulate_certificates() {
loggers::get_instance().log(">>> security_db::simulate_certificates");
{
std::string key("ta_cert_nistp256_sha256_ca");
std::vector<unsigned char> cert = converter::get_instance().hexa_to_bytes("8003008100188120535446353338204E6973745032353620526F6F742043657274696669636174650000000000010A8F1C86000A01028001248104038300018001258104038300010101E0800101800101810101010000808084CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CBA61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD2844322738084CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CBA61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD284432273C4757BF29746FBA553EAEE5A79A00C6A3B45F62A6104DCEFF4ECDEA832A9F7C47F40836703F51CF635DF408741A92E5CCFB66A840C601AE0EEED832D38DB95CC");
std::vector<unsigned char> issuer;
std::vector<unsigned char> h = converter::get_instance().hexa_to_bytes("7AE33C47E0C1EF90"); // Hashed ID
std::vector<unsigned char> pk = converter::get_instance().hexa_to_bytes("D22D278BE33B9E5659D5F531DE5B9A53E8912EE76B48242EC041667342DC9541"); // Private key
std::vector<unsigned char> xk = converter::get_instance().hexa_to_bytes("CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CB"); // Public key X
std::vector<unsigned char> yk = converter::get_instance().hexa_to_bytes("A61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD284432273"); // Public key Y
_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(new security_db_record(
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
}
{
std::string key = "ta_cert_nistp256_sha256_aa";
std::vector<unsigned char> cert = converter::get_instance().hexa_to_bytes("800300807AE33C47E0C1EF9050811E535446353338204E697374503235362041412043657274696669636174650000000000010A8F1C86000A83010280000C8000220102800124810403830001800125810403830001808084804ECD51522FB92F464C815CACE691FC4DDB157AB736116698BD1EB17B05DDC2C85FD7C0D28EB038F061599E91DC8CD432720E3844A5B223C08B7CE20D84FBF78084CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CBA61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD2844322739D6ECE19CEBE366268B420F4288EC7CBD8C275B0357F6BBB057ECBB9F35985F7154534E278336A0E76675A037A46B33CFA4951CDBAA9F41364DA4E8A4DDCEBEB");
std::vector<unsigned char> issuer = converter::get_instance().hexa_to_bytes("7AE33C47E0C1EF90");
std::vector<unsigned char> h = converter::get_instance().hexa_to_bytes("B72C8DC20C0B895D"); // Hashed ID
std::vector<unsigned char> pk = converter::get_instance().hexa_to_bytes("DB35514A5B97D01807D198B2EE083806B7B80BA1BE710AC28C5E122F051DC985"); // Private key
std::vector<unsigned char> xk = converter::get_instance().hexa_to_bytes("804ECD51522FB92F464C815CACE691FC4DDB157AB736116698BD1EB17B05DDC2"); // Public key X
std::vector<unsigned char> yk = converter::get_instance().hexa_to_bytes("C85FD7C0D28EB038F061599E91DC8CD432720E3844A5B223C08B7CE20D84FBF7"); // Public key Y
_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(new security_db_record(
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
}
{
std::string key = "ta_cert_nistp256_sha256_at";
std::vector<unsigned char> cert = converter::get_instance().hexa_to_bytes("80030080B72C8DC20C0B895D50811E535446353338204E697374503235362041542043657274696669636174650000000000010A8F1C86000A83010280000C8000220102800124810403830001800125810403830001808084778176B2068C42EC4815DF780A428627061DC14E02F4DD249738A940B130836F665E7B08BBB6195BEABC169F4B21DDD0AD093D58764D1A9E9BCD9DADD2BB8AC88084804ECD51522FB92F464C815CACE691FC4DDB157AB736116698BD1EB17B05DDC2C85FD7C0D28EB038F061599E91DC8CD432720E3844A5B223C08B7CE20D84FBF750C6D53A1B14EC95DAAFB33C10597BA6A6CEF527FBF339D8FD9D03024ADD362AD88346C027E8CB55751592CCF6852AA2A6D1E5B78460B44C776E6A208472127F");
std::vector<unsigned char> issuer = converter::get_instance().hexa_to_bytes("B72C8DC20C0B895D");
std::vector<unsigned char> h = converter::get_instance().hexa_to_bytes("DD2D89F4C9DE0436"); // Hashed ID
std::vector<unsigned char> pk = converter::get_instance().hexa_to_bytes("58887AE281046FC03AA8F78DF792EC64B6922D9633A87B32515599875321640D"); // Private key
std::vector<unsigned char> xk = converter::get_instance().hexa_to_bytes("778176B2068C42EC4815DF780A428627061DC14E02F4DD249738A940B130836F"); // Public key X
std::vector<unsigned char> yk = converter::get_instance().hexa_to_bytes("665E7B08BBB6195BEABC169F4B21DDD0AD093D58764D1A9E9BCD9DADD2BB8AC8"); // Public key Y
_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(new security_db_record(
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(key);
if (it == _certificates.cend()) {
return -1;
}
_hashed_id8s.insert(std::pair<const std::vector<unsigned char>, const std::string&>(it->second.get()->hashed_id(), it->first));
}
return 0;
} // End of method genrate_certificates
ccsrc/Protocols/Security/security_db.hh
View file @ 253ec340
......@@ -15,8 +15,9 @@ class CHARSTRING;
* \brief This class provides security record description for security database
*/
class security_db {
std::map<const std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certficate identifier