[PATCH 3 of 5] Add certificate specific logging functions
Wald Commits
scm-commit at wald.intevation.org
Fri Jun 20 12:53:23 CEST 2014
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1403259452 -7200
# Node ID 5042ace08cbabba747fc6c35fcb3c8891ac8fdb7
# Parent c0f988e3df9f35651af6aad968d36279acc098a6
Add certificate specific logging functions
diff -r c0f988e3df9f -r 5042ace08cba common/events.mc
--- a/common/events.mc Fri Jun 20 09:56:10 2014 +0200
+++ b/common/events.mc Fri Jun 20 12:17:32 2014 +0200
@@ -75,3 +75,35 @@
Language=German
%1
.
+
+;/* Keep the following two lines in line with the linux counterparts in
+; logging.c */
+MessageId=0x102
+Severity=Informational
+Facility=Runtime
+SymbolicName=MSG_CERT_INSTALL
+Language=English
+Installation of root certificate: %1%n
+Sha256 thumbprint:<%2>%n
+Certificate store: "%3"
+.
+Language=German
+Installation des Wurzelzertifikats: %1%n
+Sha256 Fingerabdruck:<%2>%n
+Zertifikatsspeicher: "%3"
+.
+
+MessageId=0x103
+Severity=Informational
+Facility=Runtime
+SymbolicName=MSG_CERT_REMOVE
+Language=English
+Removal of root certificate: %1%n
+Sha256 thumbprint:<%2>%n
+Certificate store: "%3"
+.
+Language=German
+Entfernung des Wurzelzertifikats: %1%n
+Sha256 Fingerabdruck:<%2>%n
+Zertifikatsspeicher: "%3"
+.
diff -r c0f988e3df9f -r 5042ace08cba common/logging.c
--- a/common/logging.c Fri Jun 20 09:56:10 2014 +0200
+++ b/common/logging.c Fri Jun 20 12:17:32 2014 +0200
@@ -14,6 +14,10 @@
#include <strhelp.h>
+#include <certhelp.h>
+
+#include <polarssl/sha256.h>
+
#ifdef WIN32
# include <windows.h>
# include "events.h"
@@ -21,21 +25,17 @@
# include <syslog.h>
#endif
+#ifdef WIN32
-#ifdef WIN32
+/** @brief helper to prepare common logging information */
static void
-win_log(const char *format, va_list ap, bool error)
+win_do_log(WORD type, WORD category, DWORD eventID, WORD numStrings, LPCWSTR *strings)
{
HANDLE log_src = NULL,
process_token = NULL;
- wchar_t *wmsg = NULL;
- BOOL success = FALSE;
- char buffer[MAX_LOG+1];
PTOKEN_USER user_struct = NULL;
PSID user_sid = NULL;
-
- vsnprintf (buffer, MAX_LOG, format, ap);
- buffer[MAX_LOG] = '\0';
+ BOOL success = FALSE;
log_src = RegisterEventSourceW (NULL, L"" LOG_NAME);
@@ -45,15 +45,7 @@
return;
}
- wmsg = utf8_to_wchar (buffer, strlen(buffer));
- if (wmsg == NULL)
- {
- ERRORPRINTF ("Failed to convert log message to utf-16");
- goto done;
- }
-
/* Get the current user sid for logging */
-
OpenProcessToken (GetCurrentProcess(), TOKEN_READ, &process_token);
if (process_token)
{
@@ -69,33 +61,57 @@
}
}
-
success = ReportEventW (log_src,
- error ? EVENTLOG_ERROR_TYPE : EVENTLOG_INFORMATION_TYPE,
- EVENT_CAT_TB,
- error ? MSG_DEFAULT_ERROR : MSG_DEFAULT_INFO,
+ type,
+ category,
+ eventID,
user_sid,
- 1,
+ numStrings,
0,
- (const WCHAR **) &wmsg,
+ strings,
NULL);
if (!success)
{
PRINTLASTERROR ("Failed to report event.");
}
-done:
if (process_token)
{
CloseHandle(process_token);
}
xfree (user_struct);
- xfree (wmsg);
if (!DeregisterEventSource (log_src))
{
PRINTLASTERROR ("Failed to close log source.");
}
+}
+
+static void
+win_log(const char *format, va_list ap, bool error)
+{
+ wchar_t *wmsg = NULL;
+ char buffer[MAX_LOG+1];
+ vsnprintf (buffer, MAX_LOG, format, ap);
+
+ buffer[MAX_LOG] = '\0';
+
+ wmsg = utf8_to_wchar (buffer, strlen(buffer));
+ if (wmsg == NULL)
+ {
+ ERRORPRINTF ("Failed to convert log message to utf-16");
+ return;
+ }
+
+ win_do_log (error ? EVENTLOG_ERROR_TYPE : EVENTLOG_INFORMATION_TYPE,
+ EVENT_CAT_TB,
+ error ? MSG_DEFAULT_ERROR : MSG_DEFAULT_INFO,
+ 1,
+ (const WCHAR **) &wmsg);
+
+
+ xfree (wmsg);
+
return;
}
@@ -134,7 +150,6 @@
#else /* WIN32 */
-
static void
linux_log (const char *format, va_list ap, bool error)
{
@@ -145,6 +160,82 @@
#endif /* WIN32 */
void
+log_certificate(const char* store, char *b64cert, bool install)
+{
+ char subject[MAX_LOG + 1],
+ *der_data = NULL;
+ size_t der_size = 0;
+ int ret = 0,
+ i = 0;
+ x509_crt chain;
+ unsigned char sha256sum[32];
+ char fingerprint[32 * 3 + 1];
+
+ ret = str_base64_decode (&der_data, &der_size, b64cert, strlen(b64cert));
+
+ if (ret != 0)
+ {
+ ERRORPRINTF ("Error decoding certificate.\n");
+ return;
+ }
+
+ x509_crt_init(&chain);
+ if (x509_crt_parse_der(&chain, (const unsigned char *)der_data,
+ der_size) != 0)
+ {
+ ERRORPRINTF("Failed to parse cert..");
+ xfree (der_data);
+ return;
+ }
+
+ ret = x509_dn_gets(subject, MAX_LOG, &(chain.subject));
+
+ if (ret == -1)
+ {
+ ERRORPRINTF("Failed to parse subject..");
+ xfree (der_data);
+ return;
+ }
+ subject[MAX_LOG] = '\0';
+
+ sha256 (chain.raw.p, chain.raw.len, sha256sum, 0);
+
+ for (i = 0; i < 31; i++)
+ {
+ snprintf (fingerprint + i * 3, 3, "%02X:", sha256sum[i]);
+ }
+ snprintf (fingerprint + 31 * 3, 2, "%02X", sha256sum[31]);
+
+ fingerprint[32*3] = '\0';
+
+#ifdef WIN32
+ {
+ wchar_t *wstrings[3];
+
+ wstrings[0] = utf8_to_wchar (subject, strnlen (subject, MAX_LOG));
+ wstrings[1] = utf8_to_wchar (fingerprint, strnlen (fingerprint, MAX_LOG));
+ wstrings[2] = utf8_to_wchar (store, strnlen (store, MAX_LOG));
+
+ win_do_log (EVENTLOG_INFORMATION_TYPE,
+ EVENT_CAT_CINST,
+ install ? MSG_CERT_INSTALL : MSG_CERT_REMOVE,
+ 3,
+ (const WCHAR**) wstrings);
+ xfree (wstrings[0]);
+ xfree (wstrings[1]);
+ xfree (wstrings[2]);
+ }
+#else
+ /* Please keep the following line in line with message from events.mc */
+ linux_log ("%s of root certificate: %s\nSha256 thumbprint:<%s>.\nCertificate store \"%s\"",
+ install ? "Installation" : "Removal",
+ subject, fingerprint, store);
+#endif
+ x509_crt_free (&chain);
+ xfree (der_data);
+}
+
+void
syslog_info_printf(const char *format, ...)
{
va_list args;
diff -r c0f988e3df9f -r 5042ace08cba common/logging.h
--- a/common/logging.h Fri Jun 20 09:56:10 2014 +0200
+++ b/common/logging.h Fri Jun 20 12:17:32 2014 +0200
@@ -18,6 +18,7 @@
*/
#include <stdio.h>
+#include <stdbool.h>
/** @def Maximum length of log messages */
#define MAX_LOG 511
@@ -134,6 +135,18 @@
*/
void syslog_error_printf(const char *format, ...);
+ /**
+ * @brief log a certificate install / remove event.
+ *
+ * Logs a message in the event / syslog to mark a certificate
+ * installation or removal.
+ *
+ * @param[in] store name of the certificate store.
+ * @param[in] b64cert base64 encoded certificate.
+ * @param[in] install weather to log this as installation or removal
+ */
+void log_certificate(const char *store, char *b64cert, bool install);
+
#ifdef __cplusplus
}
#endif
More information about the Trustbridge-commits
mailing list