#include "squid.h"
#include "anyp/Host.h"
#include "base/IoManip.h"
#include "error/SysErrorDetail.h"
#include "ip/Address.h"
#include "sbuf/Stream.h"
#include "security/Io.h"
#include "ssl/gadgets.h"

Go to the source code of this file.
Functions | |
static bool | signWithDigest (const Security::PrivateKeyPointer &key) |
whether to supply a digest algorithm name when calling X509_sign() with the given key More... | |
static auto | Sign (Security::Certificate &cert, const Security::PrivateKeyPointer &key, const EVP_MD &availableDigest) |
OpenSSL X509_sign() wrapper. More... | |
static void | ThrowErrors (const char *const problem, const int savedErrno, const SourceLocation &where) |
static Security::PrivateKeyPointer | CreateRsaPrivateKey () |
static bool | setSerialNumber (ASN1_INTEGER *ai, BIGNUM const *serial) |
static bool | replaceCommonName (Security::CertPointer &cert, std::string const &rawCn) |
static void | printX509Signature (const Security::CertPointer &cert, std::string &out) |
static bool | mimicAuthorityKeyId (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert) |
static int | mimicExtensions (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert) |
static std::optional< SBuf > | ParseAsUtf8 (const ASN1_STRING &asnBuffer) |
OpenSSL ASN1_STRING_to_UTF8() wrapper. More... | |
static bool | addAltNameWithSubjectCn (Security::CertPointer &cert) |
static bool | buildCertificate (Security::CertPointer &cert, Ssl::CertificateProperties const &properties) |
static bool | generateFakeSslCertificate (Security::CertPointer &certToStore, Security::PrivateKeyPointer &pkeyToStore, Ssl::CertificateProperties const &properties, Ssl::BIGNUM_Pointer const &serial) |
static BIGNUM * | createCertSerial (unsigned char *md, unsigned int n) |
static BIGNUM * | x509Digest (Security::CertPointer const &cert) |
static BIGNUM * | x509Pubkeydigest (Security::CertPointer const &cert) |
static bool | createSerial (Ssl::BIGNUM_Pointer &serial, Ssl::CertificateProperties const &properties) |
static bool | asn1timeToGeneralizedTimeStr (ASN1_TIME *aTime, char *buf, int bufLen) |
Print the time represented by a ASN1_TIME struct to a string using GeneralizedTime format. More... | |
static int | asn1time_cmp (ASN1_TIME *asnTime1, ASN1_TIME *asnTime2) |
static const char * | getSubjectEntry (X509 *x509, int nid) |
Variables | |
static const size_t | MaxCnLen = 64 |
Function Documentation
◆ addAltNameWithSubjectCn()
|
static |
Adds a new subjectAltName extension containing Subject CN or returns false expects the caller to check for the existing subjectAltName extension
Definition at line 577 of file gadgets.cc.
References Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::ParseCommonNameAt(), and ToSBuf().
Referenced by buildCertificate().
◆ asn1time_cmp()
|
static |
Definition at line 971 of file gadgets.cc.
References asn1timeToGeneralizedTimeStr().
Referenced by Ssl::certificateMatchesProperties().
◆ asn1timeToGeneralizedTimeStr()
|
static |
Definition at line 942 of file gadgets.cc.
Referenced by asn1time_cmp().
◆ buildCertificate()
|
static |
Definition at line 607 of file gadgets.cc.
References addAltNameWithSubjectCn(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::CertificateProperties::mimicCert, mimicExtensions(), replaceCommonName(), Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signWithX509, X509_getm_notAfter, X509_getm_notBefore, X509_set1_notAfter, and X509_set1_notBefore.
Referenced by generateFakeSslCertificate().
◆ createCertSerial()
|
static |
Definition at line 738 of file gadgets.cc.
References assert.
Referenced by x509Digest(), and x509Pubkeydigest().
◆ CreateRsaPrivateKey()
|
static |
Definition at line 100 of file gadgets.cc.
Referenced by generateFakeSslCertificate().
◆ createSerial()
|
static |
Generate a unique serial number based on a Ssl::CertificateProperties object for a new generated certificate
Definition at line 791 of file gadgets.cc.
References generateFakeSslCertificate(), Security::LockingPointer< T, UnLocker, Locker >::reset(), Ssl::CertificateProperties::signWithX509, x509Digest(), and x509Pubkeydigest().
Referenced by Ssl::generateSslCertificate().
◆ generateFakeSslCertificate()
|
static |
Definition at line 692 of file gadgets.cc.
References Ssl::algSignSelf, assert, buildCertificate(), CreateRsaPrivateKey(), Security::LockingPointer< T, UnLocker, Locker >::get(), hash, setSerialNumber(), Sign(), Ssl::CertificateProperties::signAlgorithm, Ssl::CertificateProperties::signHash, Ssl::CertificateProperties::signWithPkey, Ssl::CertificateProperties::signWithX509, and SQUID_SSL_SIGN_HASH_IF_NONE.
Referenced by createSerial(), and Ssl::generateSslCertificate().
◆ getSubjectEntry()
|
static |
Definition at line 1055 of file gadgets.cc.
Referenced by Ssl::CommonHostName(), and Ssl::getOrganization().
◆ mimicAuthorityKeyId()
|
static |
Check if mimicCert certificate has the Authority Key Identifier extension and if yes add the extension to cert certificate with the same fields if possible. If the issuerCert certificate does not have the Subject Key Identifier extension (required to build the keyIdentifier field of AuthorityKeyIdentifier) then the authorityCertIssuer and authorityCertSerialNumber fields added.
issuer name and issuer serial
Definition at line 359 of file gadgets.cc.
References Security::LockingPointer< T, UnLocker, Locker >::get().
Referenced by mimicExtensions().
◆ mimicExtensions()
|
static |
Copy certificate extensions from cert to mimicCert. Returns the number of extensions copied.
Definition at line 439 of file gadgets.cc.
References assert, EVP_PKEY_get0_RSA(), Security::LockingPointer< T, UnLocker, Locker >::get(), and mimicAuthorityKeyId().
Referenced by buildCertificate().
◆ ParseAsUtf8()
|
static |
Definition at line 526 of file gadgets.cc.
References Assure, debugs, and Ssl::ReportAndForgetErrors().
Referenced by Ssl::ParseCommonNameAt().
◆ printX509Signature()
|
static |
Definition at line 301 of file gadgets.cc.
References Ssl::X509_get_signature().
Referenced by Ssl::OnDiskCertificateDbKey().
◆ replaceCommonName()
|
static |
Definition at line 235 of file gadgets.cc.
References Security::LockingPointer< T, UnLocker, Locker >::get(), and MaxCnLen.
Referenced by buildCertificate().
◆ Sign()
|
static |
Definition at line 59 of file gadgets.cc.
References signWithDigest().
Referenced by generateFakeSslCertificate().
◆ signWithDigest()
|
static |
Definition at line 20 of file gadgets.cc.
References Assure, debugs, and Ssl::ReportAndForgetErrors().
Referenced by Sign().
◆ ThrowErrors()
|
static |
Definition at line 91 of file gadgets.cc.
References Ssl::ReportAndForgetErrors(), and ToSBuf().
Referenced by Ssl::ReadOnlyBioTiedTo(), and Ssl::ReadOptionalCertificate().
◆ x509Digest()
|
static |
Return the SHA1 digest of the DER encoded version of the certificate stored in a BIGNUM
Definition at line 767 of file gadgets.cc.
References createCertSerial(), and Security::LockingPointer< T, UnLocker, Locker >::get().
Referenced by createSerial().
◆ x509Pubkeydigest()
|
static |
Definition at line 778 of file gadgets.cc.
References createCertSerial(), and Security::LockingPointer< T, UnLocker, Locker >::get().
Referenced by createSerial().
Variable Documentation
◆ MaxCnLen
|
static |
Definition at line 232 of file gadgets.cc.
Referenced by replaceCommonName().
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products