annotate common/listutil.c @ 1102:3d03aaeca6d4

(issue111) Use active property to handle manually changed certificates
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 15 Sep 2014 13:56:43 +0200
parents edbf5e5e88f4
children fd7d04bb37cb
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
7 */
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include "listutil.h"
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 #include <stdio.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 #include <stdlib.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12 #include <errno.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 #include <fcntl.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 #include <unistd.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15 #include <sys/types.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16 #include <sys/stat.h>
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
17 #include <string.h>
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18
1081
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
19 #ifdef WIN32
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
20 #include <share.h>
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
21 #endif
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
22
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
23 #include "strhelp.h"
630
aa48ea7ead1f Include logging in listutil (fixes linux build)
Andre Heinecke <andre.heinecke@intevation.de>
parents: 626
diff changeset
24 #include "logging.h"
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
25
359
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 292
diff changeset
26 #ifdef RELEASE_BUILD
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
27 #include "pubkey-release.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
28 #else
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
29 #include "pubkey-test.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
30 #endif
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
31
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
32 #pragma GCC diagnostic ignored "-Wconversion"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
33 /* Polarssl mh.h contains a conversion which gcc warns about */
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
34 #include <polarssl/pk.h>
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
35 #include <polarssl/base64.h>
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
36 #include <polarssl/sha256.h>
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
37 #pragma GCC diagnostic pop
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
38
178
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
39 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
40
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
41 #define READ_FILE_UNREADABLE -1
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
42 #define READ_FILE_TOO_LARGE -2
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
43 #define READ_FILE_NO_MEMORY -3
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
44 #define READ_FILE_READ_FAILED -4
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
45 #define READ_FILE_INVALID_CALL -5
769
44257ecdae6d Make Read File public
Andre Heinecke <andre.heinecke@intevation.de>
parents: 630
diff changeset
46 int
44257ecdae6d Make Read File public
Andre Heinecke <andre.heinecke@intevation.de>
parents: 630
diff changeset
47 read_file(const char *file_name, char **data, size_t *size,
1081
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
48 const size_t max_size, FILE **fptr)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
49 {
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
50 FILE *f;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
51 long file_size;
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
52
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
53 if (!file_name || !data || !size || !max_size)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
54 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
55 return READ_FILE_INVALID_CALL;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
56 }
1081
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
57 #ifdef WIN32
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
58 {
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
59 wchar_t *wFilename = utf8_to_wchar(file_name, strlen(file_name));
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
60 if (!wFilename)
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
61 {
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
62 return READ_FILE_UNREADABLE;
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
63 }
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
64 /* We open and write protect the file here so that
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
65 as long as the file is open we can be sure that
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
66 it was not modified and can use it in subsequent
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
67 calls based on the filename. */
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
68 f = _wfsopen(wFilename, L"rb", _SH_DENYWR);
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
69 xfree(wFilename);
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
70 }
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
71 #else
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
72 f = fopen(file_name, "rb");
1081
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
73 #endif
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
74 if (f == NULL)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
75 return READ_FILE_UNREADABLE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
76
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
77 fseek(f, 0, SEEK_END);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
78 file_size = ftell(f);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
79 if (file_size <= 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
80 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
81 fclose(f);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
82 return READ_FILE_UNREADABLE;
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
83 }
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
84
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
85 fseek(f, 0, SEEK_SET);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
86
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
87 if (file_size + 1 == 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
88 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
89 fclose(f);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
90 return READ_FILE_TOO_LARGE;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
91 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
92 *size = (size_t) file_size;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
93
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
94 if (*size > max_size)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
95 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
96 fclose(f);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
97 return READ_FILE_TOO_LARGE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
99
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
100 *data = (char *) malloc( *size + 1 );
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
101 if (*data == NULL)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
102 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
103 fclose(f);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
104 return READ_FILE_NO_MEMORY;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
106
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
107 if (fread(*data, 1, *size, f) != *size)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
108 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
109 free(*data);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
110 fclose(f);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
111 return READ_FILE_READ_FAILED;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
112 }
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
113
1081
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
114 if (fptr)
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
115 {
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
116 *fptr = f;
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
117 }
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
118 else
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
119 {
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
120 fclose(f);
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
121 }
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
122
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
123 (*data)[*size] = '\0';
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
124
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
125 return 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
126 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
127
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
128 int verify_list(const char *data, const size_t size)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
129 {
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
130 int ret = -1;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
131 pk_context pub_key_ctx;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
132 char *p;
770
7861950f7637 Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents: 769
diff changeset
133
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
134 /* Modulus / 8 are the necessary bytes. */
770
7861950f7637 Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents: 769
diff changeset
135 #ifndef TRUSTBRIDGE_RSA_KEY_SIZE
7861950f7637 Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents: 769
diff changeset
136 # error "Key size undefined"
7861950f7637 Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents: 769
diff changeset
137 #endif
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
138 const size_t sig_b64_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8 * 4 / 3;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
139 size_t sig_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
140
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
141 char signature_b64[sig_b64_size + 1];
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
142 unsigned char signature[sig_size];
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
143 /* Hash algroithm is sha256 */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
144 unsigned char hash[32];
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
145
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
146 if (!data || !size)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
147 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
148 return -1;
93
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
149 }
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
150
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
151 /* Fetch the signature from the first line od data */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
152 p = strchr(data, '\r');
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
153 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
154 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
155 /* printf("Invalid data. Signature might be too long.\n"); */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
156 return -1;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
157 }
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
158 strncpy(signature_b64, data + 2, sig_b64_size);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
159 signature_b64[sig_b64_size] = '\0';
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
160
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
161 ret = base64_decode(signature, &sig_size,
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
162 (unsigned char *)signature_b64, sig_b64_size);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
163
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
164 if (ret != 0 || sig_size != TRUSTBRIDGE_RSA_KEY_SIZE / 8)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
165 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
166 /* printf("failed to decode signature\n"); */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
167 return -1;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
168 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
169
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
170 /* Hash is calculated over the data without the first line.
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
171 * linebreaks are \r\n so the first char of the new line is
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
172 * p+2 */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
173 p += 2;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
174 /* Size of the data to hash is the size - signature line
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
175 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
176 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
177
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
178 pk_init(&pub_key_ctx);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
179
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
180 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem,
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
181 public_key_pem_size);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
182 if (ret != 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
183 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
184 ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
185 pk_free(&pub_key_ctx);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
186 return ret;
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
187 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
188
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
189 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0,
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
190 signature, sig_size);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
191
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
192 if (ret != 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
193 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
194 ERRORPRINTF ("pk_verify failed with -0x%04x\n\n", -ret);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
195 }
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
196 pk_free(&pub_key_ctx);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
197
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
198 return ret;
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
199 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
200
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
201 list_status_t read_and_verify_list(const char *file_name, char **data,
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
202 size_t *size)
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
203 {
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
204 list_status_t retval = UnknownError;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
205 *data = NULL;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
206 *size = 0;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
207 int ret = 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
208
1081
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file
Andre Heinecke <andre.heinecke@intevation.de>
parents: 905
diff changeset
209 ret = read_file(file_name, data, size, MAX_FILESIZE, NULL);
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
210
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
211 /* printf ("Ret: %i \n", ret); */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
212 if (ret != 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
213 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
214 if (ret == READ_FILE_TOO_LARGE)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
215 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
216 return TooLarge;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
217 }
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
218 if (ret == READ_FILE_UNREADABLE)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
219 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
220 /* TODO: work with errno ? */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
221 /* errsv = errno; */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
222 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
223 return SeekFailed;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
224 }
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
225 if (ret == READ_FILE_READ_FAILED)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
226 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
227 /* TODO: work with ferror() or feof() ? */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
228 return ReadFailed;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
229 }
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
230 return UnknownError;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
231 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
232
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
233 if (!*data || !*size)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
234 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
235 /* File is probably empty */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
236 return UnknownError;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
237 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
238
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
239 if (**data != 'S')
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
240 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
241 retval = InvalidFormat;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
242 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
243 else
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
244 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
245 ret = verify_list (*data, *size);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
246 if (ret == 0)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
247 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
248 /* Hooray */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
249 return Valid;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
250 }
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
251 if (ret == -1)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
252 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
253 /* our error */
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
254 retval = InvalidFormat;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
255 }
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
256 else
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
257 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
258 retval = InvalidSignature;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
259 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
260 }
9
2ad9a96518e3 Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents: 7
diff changeset
261
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
262 if (retval != Valid && *data)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
263 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
264 free(*data);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
265 *data = NULL;
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
266 *size = 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
267 }
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 770
diff changeset
268 return retval;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
269 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
270
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
271 char **
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
272 get_certs_from_list (char *data, const size_t size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
273 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
274 char *cur = data;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
275 char **retval = NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
276
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
277 if (!data || !size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
278 {
626
f595fcbe3e76 Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
279 ERRORPRINTF ("Invalid call to get_certs_to_remove \n");
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
280 return NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
281 }
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
282
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
283 while (cur)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
284 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
285 char *next = strchr(cur, '\n');
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
286 if (strlen(cur) > 3 && (cur[0] == 'I' || cur[0] == 'R') &&
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
287 next - cur > 4)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
288 {
292
57867a523dcf Do not cut off the last character of the line. (next-cur does not include \n)
Andre Heinecke <aheinecke@intevation.de>
parents: 286
diff changeset
289 size_t len = (size_t) (next - cur - 3);
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
290 /* Remove I: or R: at the beginning and \r\n at the end */
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
291 strv_append(&retval, cur + 2, len);
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
292 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
293 cur = next ? (next + 1) : NULL;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
294 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
295 return retval;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
296 }
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
297

http://wald.intevation.org/projects/trustbridge/