/[resiprocate]/main/sip/resiprocate/Security.cxx
ViewVC logotype

Diff of /main/sip/resiprocate/Security.cxx

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 4600 by derek, Wed May 11 23:10:19 2005 UTC revision 4601 by derek, Thu May 12 01:10:49 2005 UTC
# Line 17  Line 17 
17  #include "resiprocate/os/DataStream.hxx"  #include "resiprocate/os/DataStream.hxx"
18  #include "resiprocate/os/Logger.hxx"  #include "resiprocate/os/Logger.hxx"
19  #include "resiprocate/os/Random.hxx"  #include "resiprocate/os/Random.hxx"
20    #include "resiprocate/os/SHA1Stream.hxx"
21  #include "resiprocate/os/Socket.hxx"  #include "resiprocate/os/Socket.hxx"
22  #include "resiprocate/os/Timer.hxx"  #include "resiprocate/os/Timer.hxx"
23  #include "resiprocate/os/ParseBuffer.hxx"  #include "resiprocate/os/ParseBuffer.hxx"
# Line 1530  Line 1531 
1531     int resultSize = sizeof(result);     int resultSize = sizeof(result);
1532     assert( resultSize >= RSA_size(rsa) );     assert( resultSize >= RSA_size(rsa) );
1533    
1534     assert(SHA_DIGEST_LENGTH == 20);     SHA1Stream sha;
1535     unsigned char hashRes[SHA_DIGEST_LENGTH];     sha << in;
1536     unsigned int hashResLen=SHA_DIGEST_LENGTH;     Data hashRes =  sha.getBin();
1537       DebugLog( << "hash of string is 0x" << hashRes.hex() );
    SHA_CTX sha;  
    SHA1_Init( &sha );  
    SHA1_Update(&sha, in.data() , in.size() );  
    SHA1_Final( hashRes, &sha );  
   
    DebugLog( << "hash of string is 0x" <<  Data(hashRes,sizeof(hashRes)).hex() );  
1538    
1539  #if 1  #if 1
1540     int r = RSA_sign(NID_sha1, hashRes, hashResLen,     int r = RSA_sign(NID_sha1, (unsigned char *)hashRes.data(), hashRes.size(),
1541                      result, (unsigned int*)( &resultSize ),                      result, (unsigned int*)( &resultSize ),
1542              rsa);              rsa);
1543     assert( r == 1 );     assert( r == 1 );
# Line 1579  Line 1574 
1574     Data enc = res.base64encode();     Data enc = res.base64encode();
1575    
1576     Security::dumpAsn("identity-in", in );     Security::dumpAsn("identity-in", in );
1577     Security::dumpAsn("identity-in-hash", Data(hashRes, hashResLen) );     Security::dumpAsn("identity-in-hash", hashRes );
1578     Security::dumpAsn("identity-in-rsa",res);     Security::dumpAsn("identity-in-rsa",res);
1579     Security::dumpAsn("identity-in-base64",enc);     Security::dumpAsn("identity-in-base64",enc);
1580    
# Line 1588  Line 1583 
1583    
1584    
1585  bool  bool
1586  BaseSecurity::checkIdentity( const Data& signerDomain, const Data& in, const Data& sigBase64 ) const  BaseSecurity::checkIdentity( const Data& signerDomain, const Data& in, const Data& sigBase64, X509* pCert ) const
1587    {
1588       X509* cert =  pCert;
1589       if (!cert)
1590  {  {
1591     if (mDomainCerts.count(signerDomain) == 0)     if (mDomainCerts.count(signerDomain) == 0)
1592     {     {
1593        ErrLog( << "No public key for " << signerDomain );        ErrLog( << "No public key for " << signerDomain );
1594        throw Exception("Missing public key when verifying identity",__FILE__,__LINE__);        throw Exception("Missing public key when verifying identity",__FILE__,__LINE__);
1595     }     }
1596     X509* cert = mDomainCerts[signerDomain];        cert = mDomainCerts[signerDomain];
1597       }
1598    
1599     DebugLog( << "Check identity for " << in );     DebugLog( << "Check identity for " << in );
1600     DebugLog( << " base64 data is " << sigBase64 );     DebugLog( << " base64 data is " << sigBase64 );
# Line 1603  Line 1602 
1602     Data sig = sigBase64.base64decode();     Data sig = sigBase64.base64decode();
1603     DebugLog( << "decoded sig is 0x"<< sig.hex() );     DebugLog( << "decoded sig is 0x"<< sig.hex() );
1604    
1605     assert(SHA_DIGEST_LENGTH == 20);     SHA1Stream sha;
1606     unsigned char hashRes[SHA_DIGEST_LENGTH];     sha << in;
1607     unsigned int hashResLen=SHA_DIGEST_LENGTH;     Data hashRes =  sha.getBin();
1608       DebugLog( << "hash of string is 0x" << hashRes.hex() );
    SHA_CTX sha;  
    SHA1_Init( &sha );  
    SHA1_Update(&sha, in.data() , in.size() );  
    SHA1_Final( hashRes, &sha );  
    Data computedHash(hashRes, hashResLen);  
   
    DebugLog( << "hash of string is 0x" <<  Data(hashRes,sizeof(hashRes)).hex() );  
1609    
1610     EVP_PKEY* pKey = X509_get_pubkey( cert );     EVP_PKEY* pKey = X509_get_pubkey( cert );
1611     assert( pKey );     assert( pKey );
# Line 1622  Line 1614 
1614     RSA* rsa = EVP_PKEY_get1_RSA(pKey);     RSA* rsa = EVP_PKEY_get1_RSA(pKey);
1615    
1616  #if 1  #if 1
1617     int ret = RSA_verify(NID_sha1, hashRes, hashResLen,     int ret = RSA_verify(NID_sha1, (unsigned char *)hashRes.data(),
1618                          (unsigned char*)sig.data(), sig.size(),                          hashRes.size(), (unsigned char*)sig.data(), sig.size(),
1619                          rsa);                          rsa);
1620  #else  #else
1621     unsigned char result[4096];     unsigned char result[4096];
# Line 1645  Line 1637 
1637     dumpAsn("identity-out-msg", in );     dumpAsn("identity-out-msg", in );
1638     dumpAsn("identity-out-base64", sigBase64 );     dumpAsn("identity-out-base64", sigBase64 );
1639     dumpAsn("identity-out-sig", sig );     dumpAsn("identity-out-sig", sig );
1640     dumpAsn("identity-out-hash", computedHash );     dumpAsn("identity-out-hash", hashRes );
1641    
1642     return (ret != 0);     return (ret != 0);
1643  }  }
1644    
1645    
1646  void  void
1647  BaseSecurity::checkAndSetIdentity( const SipMessage& msg ) const  BaseSecurity::checkAndSetIdentity( const SipMessage& msg, const Data& certDer) const
1648  {  {
1649     auto_ptr<SecurityAttributes> sec(new SecurityAttributes);     auto_ptr<SecurityAttributes> sec(new SecurityAttributes);
1650       X509* cert=NULL;
1651    
1652     try     try
1653     {     {
1654          if ( !certDer.empty() )
1655          {
1656             unsigned char* in = (unsigned char*)certDer.data();
1657             if (d2i_X509(&cert,&in,certDer.size()) == 0)
1658             {
1659                DebugLog(<< "Could not read DER certificate from " << certDer );
1660                cert = NULL;
1661             }
1662          }
1663          if ( certDer.empty() || cert )
1664          {
1665        if (checkIdentity(msg.header(h_From).uri().host(),        if (checkIdentity(msg.header(h_From).uri().host(),
1666                          msg.getCanonicalIdentityString(),                          msg.getCanonicalIdentityString(),
1667                          msg.header(h_Identity).value()))                              msg.header(h_Identity).value(),
1668                                cert ) )
1669        {        {
1670           sec->setIdentity(msg.header(h_From).uri().getAor());           sec->setIdentity(msg.header(h_From).uri().getAor());
1671           sec->setIdentityStrength(SecurityAttributes::Identity);           sec->setIdentityStrength(SecurityAttributes::Identity);
# Line 1671  Line 1676 
1676           sec->setIdentityStrength(SecurityAttributes::FailedIdentity);           sec->setIdentityStrength(SecurityAttributes::FailedIdentity);
1677        }        }
1678     }     }
1679          else
1680          {
1681             sec->setIdentity(msg.header(h_From).uri().getAor());
1682             sec->setIdentityStrength(SecurityAttributes::FailedIdentity);
1683          }
1684       }
1685     catch (BaseException&)     catch (BaseException&)
1686     {     {
1687        sec->setIdentity(msg.header(h_From).uri().getAor());        sec->setIdentity(msg.header(h_From).uri().getAor());

Legend:
Removed from v.4600  
changed lines
  Added in v.4601

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27