SKALE-2536-fix-cert

47929d15 · kladko · 3d23ab77 · 47929d15 · 47929d15 · 47929d15
Unverified Commit 47929d15 authored May 07, 2020 by kladko
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 30 deletions

SGXRegistrationServer.cpp SGXRegistrationServer.cpp +18 -15

yourdomain.csr insecure-samples/yourdomain.csr +14 -14

testw.cpp testw.cpp +14 -1

No files found.
--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -74,19 +74,26 @@ Json::Value signCertificateImpl(const string &_csr, bool _autoSign = false) {
            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
        }

-        if (_autoSign) {
-            string csr_name = string(CERT_DIR) + "/" + hash + ".csr";
-            ofstream outfile(csr_name);
-            outfile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
-            outfile << _csr << endl;
-            outfile.close();
-
-            if (system(("ls " + csr_name).c_str()) != 0) {
-                spdlog::error("could not create csr file");
-                throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
-            }
+
+        string csr_name = string(CERT_DIR) + "/" + hash + ".csr";
+        ofstream outfile(csr_name);
+        outfile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
+        outfile << _csr << endl;
+        outfile.close();
+
+        if (system(("ls " + csr_name).c_str()) != 0) {
+            spdlog::error("could not create csr file");
+            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
+        }
+
+        if (system(("openssl req -in " + csr_name).c_str()) != 0) {
+            spdlog::error("Incorrect CSR format: {}", _csr);
+            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "Incorrect CSR format ");
+        }


+        if (_autoSign) {
+
            string genCert = string("cd ") + CERT_DIR + "&& ./"
                    + CERT_CREATE_COMMAND + " " + hash ;

@@ -97,10 +104,6 @@ Json::Value signCertificateImpl(const string &_csr, bool _autoSign = false) {
                string status = "0";
                LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);

-                if (system(("rm -f " + csr_name).c_str()) != 0) {
-                    spdlog::error("could not delete csr file");
-                }
-
            } else {

                spdlog::error("Client cert generation failed: {} ", genCert);

--- a/insecure-samples/yourdomain.csr
+++ b/insecure-samples/yourdomain.csr
 -----BEGIN CERTIFICATE REQUEST-----
-MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMTpgPTVyliLJpxD6fF6yg3chWzvhv/7vy7ClQxd
-uh2V81MuOptY6RXAFU1m2stIBr13VSfP6A4N8MG1UyVxaTJ9EuBB9PwqzqikRSK2
-bLNzcH+texTeU7SobP60exw4H2UlBWXrgtdoWlUVOeEsdm1DG8+6qsx+dzqITQeU
-tT3BgAVV4PG2YfihMWxNywo0rhRLKeXIjfehzirWxQLZlgHYPU557C24CUkQSrvk
-KtKVZe6qu4WnWSA0qn/EB3DsKeEIFCGYwLWrWQAriij+Dg1vZIxLlV8cBOezAld2
-NswPbq1E6vtjxY6iNbAe0LZhT3pyrLe3D1ThE0abdJ+CSFkCAwEAAaAAMA0GCSqG
-SIb3DQEBCwUAA4IBAQAgl1d1VPHQx+s4faFjYqxAxaICFreGOTIa4Thm0KY8mm4V
-Hkd6bltSV19q22gXTe9aaF9uClGFlCe/ewft6t4acZhdM+gUMffamIbfwkSzCTaN
-Em/KvhwuvEejTDuBd28tcEJKUoz6sF1zYFyFFZeD3LbxEYjzrEJ4+F/H6rc+OcE7
-2TqHnDJpte1NR8NGXEzNvfi1PRl6/KB0Zqqs7U+pENHdbzJURoJT6rxaBbfWjyiK
-JAcU52yVA6+NSxL+OZaGPGYL0rUGcrrFBCquvSxohG6cSExMsfUH/E58cFKbI1wb
-c2XgEK/zUt6kiV9Yfzv5694CWoL7l/PhtXNmUtUU
+MIICmjCCAYICAQAwVTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAwwFU0tB
+TEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE6YD01cpYiyacQ+nx
+esoN3IVs74b/+78uwpUMXbodlfNTLjqbWOkVwBVNZtrLSAa9d1Unz+gODfDBtVMl
+cWkyfRLgQfT8Ks6opEUitmyzc3B/rXsU3lO0qGz+tHscOB9lJQVl64LXaFpVFTnh
+LHZtQxvPuqrMfnc6iE0HlLU9wYAFVeDxtmH4oTFsTcsKNK4USynlyI33oc4q1sUC
+2ZYB2D1OeewtuAlJEEq75CrSlWXuqruFp1kgNKp/xAdw7CnhCBQhmMC1q1kAK4oo
+/g4Nb2SMS5VfHATnswJXdjbMD26tROr7Y8WOojWwHtC2YU96cqy3tw9U4RNGm3Sf
+gkhZAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAcioOqQ0t/M57ugitShFeN6Cq
+cnc8mScGkLlaWjr9eznr9N3GiQQfSY3otJ/i0SD2kbrZ3E1MAGIup0ZHm+CTs2KU
+sPJYz6XwDHPN17Pfal95+wA2dpWOwHz3c8AJ/9qIh2e3SesLF4lUrP56HspNiRbJ
+EReGdHHA+c5MLe85vAOoRwEX+XHwmnoki3V9MORx0oTCecshuebY11aGXTSqB8t2
+xe6GrVoBHIUS56z5lltKHJayoFbyiI0dfrMs0SnY2j9CwYqEy/0w8gDH78zCc2wf
+bgneXwSdFcy/V9182hcocKHxECLdYal+3DnnnN0GZHZlxV5yn1zfAIYHYBBzkg==
 -----END CERTIFICATE REQUEST-----
--- a/testw.cpp
+++ b/testw.cpp
@@ -787,9 +787,22 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") {
 TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {

    REQUIRE(SGXRegistrationServer::getServer() != nullptr);
-    auto result = SGXRegistrationServer::getServer()->SignCertificate("Haha");
+
+    string csrFile = "insecure-samples/yourdomain.csr";
+
+    ifstream infile(csrFile);
+    infile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
+    ostringstream ss;
+    ss << infile.rdbuf();
+    infile.close();
+
+    auto result = SGXRegistrationServer::getServer()->SignCertificate(ss.str());

    REQUIRE(result["status"] == 0);
+
+    result = SGXRegistrationServer::getServer()->SignCertificate("Haha");
+
+    REQUIRE(result["status"] != 0);
 }