1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <errno.h>
18 #include <string.h>
19 
20 #include <openssl/pem.h>
21 #include <openssl/x509.h>
22 
23 #include "gmid.h"
24 
25 static sigset_t set;
26 
27 void
28 block_signals(void)
29 {
30 	sigset_t new;
31 
32 	sigemptyset(&new);
33 	sigaddset(&new, SIGHUP);
34 	sigprocmask(SIG_BLOCK, &new, &set);
35 }
36 
37 void
38 unblock_signals(void)
39 {
40 	sigprocmask(SIG_SETMASK, &set, NULL);
41 }
42 
43 int
44 starts_with(const char *str, const char *prefix)
45 {
46 	size_t i;
47 
48 	if (prefix == NULL)
49 		return 0;
50 
51 	for (i = 0; prefix[i] != '\0'; ++i)
52 		if (str[i] != prefix[i])
53 			return 0;
54 	return 1;
55 }
56 
57 int
58 ends_with(const char *str, const char *sufx)
59 {
60 	size_t i, j;
61 
62 	i = strlen(str);
63 	j = strlen(sufx);
64 
65 	if (j > i)
66 		return 0;
67 
68 	i -= j;
69 	for (j = 0; str[i] != '\0'; i++, j++)
70 		if (str[i] != sufx[j])
71 			return 0;
72 	return 1;
73 }
74 
75 ssize_t
76 filesize(int fd)
77 {
78 	ssize_t len;
79 
80 	if ((len = lseek(fd, 0, SEEK_END)) == -1)
81 		return -1;
82 	if (lseek(fd, 0, SEEK_SET) == -1)
83 		return -1;
84 	return len;
85 }
86 
87 char *
88 absolutify_path(const char *path)
89 {
90 	char *wd, *r;
91 
92 	if (*path == '/') {
93 		if ((r = strdup(path)) == NULL)
94 			err(1, "strdup");
95 		return r;
96 	}
97 
98 	wd = getcwd(NULL, 0);
99 	if (asprintf(&r, "%s/%s", wd, path) == -1)
100 		err(1, "asprintf");
101 	free(wd);
102 	return r;
103 }
104 
105 char *
106 xstrdup(const char *s)
107 {
108 	char *d;
109 
110 	if ((d = strdup(s)) == NULL)
111 		err(1, "strdup");
112 	return d;
113 }
114 
115 void
116 gen_certificate(const char *host, const char *certpath, const char *keypath)
117 {
118 	BIGNUM		e;
119 	EVP_PKEY	*pkey;
120 	RSA		*rsa;
121 	X509		*x509;
122 	X509_NAME	*name;
123 	FILE		*f;
124 	const char	*org = "gmid";
125 
126 	log_notice(NULL,
127 	    "generating new certificate for %s (it could take a while)",
128 	    host);
129 
130 	if ((pkey = EVP_PKEY_new()) == NULL)
131                 fatal("couldn't create a new private key");
132 
133 	if ((rsa = RSA_new()) == NULL)
134 		fatal("could'nt generate rsa");
135 
136 	BN_init(&e);
137 	BN_set_word(&e, 17);
138 	if (!RSA_generate_key_ex(rsa, 4096, &e, NULL))
139 		fatal("couldn't generate a rsa key");
140 
141 	if (!EVP_PKEY_assign_RSA(pkey, rsa))
142 		fatal("couldn't assign the key");
143 
144 	if ((x509 = X509_new()) == NULL)
145 		fatal("couldn't generate the X509 certificate");
146 
147 	ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
148 	X509_gmtime_adj(X509_get_notBefore(x509), 0);
149 	X509_gmtime_adj(X509_get_notAfter(x509), 315360000L); /* 10 years */
150 
151 	if (!X509_set_pubkey(x509, pkey))
152 		fatal("couldn't set the public key");
153 
154 	name = X509_get_subject_name(x509);
155 	if (!X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, org, -1, -1, 0))
156 		fatal("couldn't add N to cert");
157 	if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, host, -1, -1, 0))
158 		fatal("couldn't add CN to cert");
159 	X509_set_issuer_name(x509, name);
160 
161 	if (!X509_sign(x509, pkey, EVP_sha256()))
162                 fatal("couldn't sign the certificate");
163 
164 	if ((f = fopen(keypath, "w")) == NULL)
165 		fatal("fopen(%s): %s", keypath, strerror(errno));
166 	if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))
167 		fatal("couldn't write private key");
168 	fclose(f);
169 
170 	if ((f = fopen(certpath, "w")) == NULL)
171 		fatal("fopen(%s): %s", certpath, strerror(errno));
172 	if (!PEM_write_X509(f, x509))
173 		fatal("couldn't write cert");
174 	fclose(f);
175 
176 	X509_free(x509);
177 	RSA_free(rsa);
178 }