upmpdcli / Code / Diff of /src/ohcredentials.cxx

Diff of /src/ohcredentials.cxx [4b5ddb] .. [256394]

Switch to unified view


...

class OHCredentials::Internal {
public:
    
    Internal(const string& cd) {
        opensslcmd = "openssl";
        g_config->get("opensslcmd", opensslcmd);
        cachedir = path_cat(cd, "ohcreds");
        if (!path_makepath(cachedir, 0700)) {
            LOGERR("OHCredentials: can't create cache dir " << cachedir <<endl);
            return;
        }
        keyfile = path_cat(cachedir, "credkey.pem");
        cmd.putenv("RANDFILE", path_cat(cachedir, "randfile"));

        if (!path_exists(keyfile)) {
            vector<string> acmd{opensslcmd, "genrsa", "-out", keyfile, "4096"};
            int status = cmd.doexec1(acmd);
            chmod(keyfile.c_str(), 0600);
            if (status != 0) {
                LOGERR("OHCredentials: could not create key\n");
                return;
...
        // pkey format is pkcs#12. Explanations about the formats:
        // https://stackoverflow.com/questions/18039401/how-can-i-transform
        //-between-the-two-styles-of-public-key-format-one-begin-rsa#29707204
        //  So use the openssl rsa command with the appropriate option
        //  instead of openssl pkey
        // vector<string> acmd{opensslcmd, "pkey", "-in", keyfile, "-pubout"};
        vector<string> acmd{opensslcmd,"rsa","-in",keyfile, "-RSAPublicKey_out"};
        if (!cmd.backtick(acmd, pubkey)) {
            LOGERR("OHCredentials: could not read public key\n");
            return;
        }
        LOGDEB1("OHCredentials: my public key:\n" << pubkey << endl);
        tryLoad();
    }

    bool decrypt(const string& in, string& out) {
        vector<string> acmd{opensslcmd, "pkeyutl", "-inkey",
                keyfile, "-pkeyopt", "rsa_padding_mode:oaep", "-decrypt"};
        int status = cmd.doexec1(acmd, &in, &out);
        if (status) {
            LOGERR("OHCredentials: decrypt failed\n");
            return false;
...
                LOGDEB("OHCreds: using saved creds for " << id << endl);
                creds[id] = ServiceCreds(shortid, user, pass, epass);
            }
        }
    }
    string opensslcmd;
    ExecCmd cmd;
    string cachedir;
    string keyfile;
    string pubkey;
    int seq{1};

	a/src/ohcredentials.cxx		b/src/ohcredentials.cxx
	...		...
242		242
243	class OHCredentials::Internal {	243	class OHCredentials::Internal {
244	public:	244	public:
245		245
246	Internal(const string& cd) {	246	Internal(const string& cd) {
		247	opensslcmd = "openssl";
		248	g_config->get("opensslcmd", opensslcmd);
247	cachedir = path_cat(cd, "ohcreds");	249	cachedir = path_cat(cd, "ohcreds");
248	if (!path_makepath(cachedir, 0700)) {	250	if (!path_makepath(cachedir, 0700)) {
249	LOGERR("OHCredentials: can't create cache dir " << cachedir <<endl);	251	LOGERR("OHCredentials: can't create cache dir " << cachedir <<endl);
250	return;	252	return;
251	}	253	}
252	keyfile = path_cat(cachedir, "credkey.pem");	254	keyfile = path_cat(cachedir, "credkey.pem");
253	cmd.putenv("RANDFILE", path_cat(cachedir, "randfile"));	255	cmd.putenv("RANDFILE", path_cat(cachedir, "randfile"));
254		256
255	if (!path_exists(keyfile)) {	257	if (!path_exists(keyfile)) {
256	vector<string> acmd{"openssl", "genrsa", "-out", keyfile, "4096"};	258	vector<string> acmd{opensslcmd, "genrsa", "-out", keyfile, "4096"};
257	int status = cmd.doexec1(acmd);	259	int status = cmd.doexec1(acmd);
258	chmod(keyfile.c_str(), 0600);	260	chmod(keyfile.c_str(), 0600);
259	if (status != 0) {	261	if (status != 0) {
260	LOGERR("OHCredentials: could not create key\n");	262	LOGERR("OHCredentials: could not create key\n");
261	return;	263	return;
	...		...
267	// pkey format is pkcs#12. Explanations about the formats:	269	// pkey format is pkcs#12. Explanations about the formats:
268	// https://stackoverflow.com/questions/18039401/how-can-i-transform	270	// https://stackoverflow.com/questions/18039401/how-can-i-transform
269	//-between-the-two-styles-of-public-key-format-one-begin-rsa#29707204	271	//-between-the-two-styles-of-public-key-format-one-begin-rsa#29707204
270	// So use the openssl rsa command with the appropriate option	272	// So use the openssl rsa command with the appropriate option
271	// instead of openssl pkey	273	// instead of openssl pkey
272	// vector<string> acmd{"openssl", "pkey", "-in", keyfile, "-pubout"};	274	// vector<string> acmd{opensslcmd, "pkey", "-in", keyfile, "-pubout"};
273	vector<string> acmd{"openssl","rsa","-in",keyfile, "-RSAPublicKey_out"};	275	vector<string> acmd{opensslcmd,"rsa","-in",keyfile, "-RSAPublicKey_out"};
274	if (!cmd.backtick(acmd, pubkey)) {	276	if (!cmd.backtick(acmd, pubkey)) {
275	LOGERR("OHCredentials: could not read public key\n");	277	LOGERR("OHCredentials: could not read public key\n");
276	return;	278	return;
277	}	279	}
278	LOGDEB1("OHCredentials: my public key:\n" << pubkey << endl);	280	LOGDEB1("OHCredentials: my public key:\n" << pubkey << endl);
279	tryLoad();	281	tryLoad();
280	}	282	}
281		283
282	bool decrypt(const string& in, string& out) {	284	bool decrypt(const string& in, string& out) {
283	vector<string> acmd{"openssl", "pkeyutl", "-inkey",	285	vector<string> acmd{opensslcmd, "pkeyutl", "-inkey",
284	keyfile, "-pkeyopt", "rsa_padding_mode:oaep", "-decrypt"};	286	keyfile, "-pkeyopt", "rsa_padding_mode:oaep", "-decrypt"};
285	int status = cmd.doexec1(acmd, &in, &out);	287	int status = cmd.doexec1(acmd, &in, &out);
286	if (status) {	288	if (status) {
287	LOGERR("OHCredentials: decrypt failed\n");	289	LOGERR("OHCredentials: decrypt failed\n");
288	return false;	290	return false;
	...		...
398	LOGDEB("OHCreds: using saved creds for " << id << endl);	400	LOGDEB("OHCreds: using saved creds for " << id << endl);
399	creds[id] = ServiceCreds(shortid, user, pass, epass);	401	creds[id] = ServiceCreds(shortid, user, pass, epass);
400	}	402	}
401	}	403	}
402	}	404	}
403		405	string opensslcmd;
404	ExecCmd cmd;	406	ExecCmd cmd;
405	string cachedir;	407	string cachedir;
406	string keyfile;	408	string keyfile;
407	string pubkey;	409	string pubkey;
408	int seq{1};	410	int seq{1};