Mercurial > trustbridge
changeset 623:5042ace08cba
Add certificate specific logging functions
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Fri, 20 Jun 2014 12:17:32 +0200 |
parents | c0f988e3df9f |
children | 736e95c63b86 |
files | common/events.mc common/logging.c common/logging.h |
diffstat | 3 files changed, 161 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/common/events.mc Fri Jun 20 09:56:10 2014 +0200 +++ b/common/events.mc Fri Jun 20 12:17:32 2014 +0200 @@ -75,3 +75,35 @@ Language=German %1 . + +;/* Keep the following two lines in line with the linux counterparts in +; logging.c */ +MessageId=0x102 +Severity=Informational +Facility=Runtime +SymbolicName=MSG_CERT_INSTALL +Language=English +Installation of root certificate: %1%n +Sha256 thumbprint:<%2>%n +Certificate store: "%3" +. +Language=German +Installation des Wurzelzertifikats: %1%n +Sha256 Fingerabdruck:<%2>%n +Zertifikatsspeicher: "%3" +. + +MessageId=0x103 +Severity=Informational +Facility=Runtime +SymbolicName=MSG_CERT_REMOVE +Language=English +Removal of root certificate: %1%n +Sha256 thumbprint:<%2>%n +Certificate store: "%3" +. +Language=German +Entfernung des Wurzelzertifikats: %1%n +Sha256 Fingerabdruck:<%2>%n +Zertifikatsspeicher: "%3" +.
--- a/common/logging.c Fri Jun 20 09:56:10 2014 +0200 +++ b/common/logging.c Fri Jun 20 12:17:32 2014 +0200 @@ -14,6 +14,10 @@ #include <strhelp.h> +#include <certhelp.h> + +#include <polarssl/sha256.h> + #ifdef WIN32 # include <windows.h> # include "events.h" @@ -21,21 +25,17 @@ # include <syslog.h> #endif - #ifdef WIN32 + +/** @brief helper to prepare common logging information */ static void -win_log(const char *format, va_list ap, bool error) +win_do_log(WORD type, WORD category, DWORD eventID, WORD numStrings, LPCWSTR *strings) { HANDLE log_src = NULL, process_token = NULL; - wchar_t *wmsg = NULL; - BOOL success = FALSE; - char buffer[MAX_LOG+1]; PTOKEN_USER user_struct = NULL; PSID user_sid = NULL; - - vsnprintf (buffer, MAX_LOG, format, ap); - buffer[MAX_LOG] = '\0'; + BOOL success = FALSE; log_src = RegisterEventSourceW (NULL, L"" LOG_NAME); @@ -45,15 +45,7 @@ return; } - wmsg = utf8_to_wchar (buffer, strlen(buffer)); - if (wmsg == NULL) - { - ERRORPRINTF ("Failed to convert log message to utf-16"); - goto done; - } - /* Get the current user sid for logging */ - OpenProcessToken (GetCurrentProcess(), TOKEN_READ, &process_token); if (process_token) { @@ -69,33 +61,57 @@ } } - success = ReportEventW (log_src, - error ? EVENTLOG_ERROR_TYPE : EVENTLOG_INFORMATION_TYPE, - EVENT_CAT_TB, - error ? MSG_DEFAULT_ERROR : MSG_DEFAULT_INFO, + type, + category, + eventID, user_sid, - 1, + numStrings, 0, - (const WCHAR **) &wmsg, + strings, NULL); if (!success) { PRINTLASTERROR ("Failed to report event."); } -done: if (process_token) { CloseHandle(process_token); } xfree (user_struct); - xfree (wmsg); if (!DeregisterEventSource (log_src)) { PRINTLASTERROR ("Failed to close log source."); } +} + +static void +win_log(const char *format, va_list ap, bool error) +{ + wchar_t *wmsg = NULL; + char buffer[MAX_LOG+1]; + vsnprintf (buffer, MAX_LOG, format, ap); + + buffer[MAX_LOG] = '\0'; + + wmsg = utf8_to_wchar (buffer, strlen(buffer)); + if (wmsg == NULL) + { + ERRORPRINTF ("Failed to convert log message to utf-16"); + return; + } + + win_do_log (error ? EVENTLOG_ERROR_TYPE : EVENTLOG_INFORMATION_TYPE, + EVENT_CAT_TB, + error ? MSG_DEFAULT_ERROR : MSG_DEFAULT_INFO, + 1, + (const WCHAR **) &wmsg); + + + xfree (wmsg); + return; } @@ -134,7 +150,6 @@ #else /* WIN32 */ - static void linux_log (const char *format, va_list ap, bool error) { @@ -145,6 +160,82 @@ #endif /* WIN32 */ void +log_certificate(const char* store, char *b64cert, bool install) +{ + char subject[MAX_LOG + 1], + *der_data = NULL; + size_t der_size = 0; + int ret = 0, + i = 0; + x509_crt chain; + unsigned char sha256sum[32]; + char fingerprint[32 * 3 + 1]; + + ret = str_base64_decode (&der_data, &der_size, b64cert, strlen(b64cert)); + + if (ret != 0) + { + ERRORPRINTF ("Error decoding certificate.\n"); + return; + } + + x509_crt_init(&chain); + if (x509_crt_parse_der(&chain, (const unsigned char *)der_data, + der_size) != 0) + { + ERRORPRINTF("Failed to parse cert.."); + xfree (der_data); + return; + } + + ret = x509_dn_gets(subject, MAX_LOG, &(chain.subject)); + + if (ret == -1) + { + ERRORPRINTF("Failed to parse subject.."); + xfree (der_data); + return; + } + subject[MAX_LOG] = '\0'; + + sha256 (chain.raw.p, chain.raw.len, sha256sum, 0); + + for (i = 0; i < 31; i++) + { + snprintf (fingerprint + i * 3, 3, "%02X:", sha256sum[i]); + } + snprintf (fingerprint + 31 * 3, 2, "%02X", sha256sum[31]); + + fingerprint[32*3] = '\0'; + +#ifdef WIN32 + { + wchar_t *wstrings[3]; + + wstrings[0] = utf8_to_wchar (subject, strnlen (subject, MAX_LOG)); + wstrings[1] = utf8_to_wchar (fingerprint, strnlen (fingerprint, MAX_LOG)); + wstrings[2] = utf8_to_wchar (store, strnlen (store, MAX_LOG)); + + win_do_log (EVENTLOG_INFORMATION_TYPE, + EVENT_CAT_CINST, + install ? MSG_CERT_INSTALL : MSG_CERT_REMOVE, + 3, + (const WCHAR**) wstrings); + xfree (wstrings[0]); + xfree (wstrings[1]); + xfree (wstrings[2]); + } +#else + /* Please keep the following line in line with message from events.mc */ + linux_log ("%s of root certificate: %s\nSha256 thumbprint:<%s>.\nCertificate store \"%s\"", + install ? "Installation" : "Removal", + subject, fingerprint, store); +#endif + x509_crt_free (&chain); + xfree (der_data); +} + +void syslog_info_printf(const char *format, ...) { va_list args;
--- a/common/logging.h Fri Jun 20 09:56:10 2014 +0200 +++ b/common/logging.h Fri Jun 20 12:17:32 2014 +0200 @@ -18,6 +18,7 @@ */ #include <stdio.h> +#include <stdbool.h> /** @def Maximum length of log messages */ #define MAX_LOG 511 @@ -134,6 +135,18 @@ */ void syslog_error_printf(const char *format, ...); + /** + * @brief log a certificate install / remove event. + * + * Logs a message in the event / syslog to mark a certificate + * installation or removal. + * + * @param[in] store name of the certificate store. + * @param[in] b64cert base64 encoded certificate. + * @param[in] install weather to log this as installation or removal + */ +void log_certificate(const char *store, char *b64cert, bool install); + #ifdef __cplusplus } #endif