SKALE-2536-fix-cert

47929d15 · kladko · 3d23ab77 · 47929d15 · 47929d15 · 47929d15
Unverified Commit 47929d15 authored May 07, 2020 by kladko
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 30 deletions

SGXRegistrationServer.cpp SGXRegistrationServer.cpp +18 -15

yourdomain.csr insecure-samples/yourdomain.csr +14 -14

testw.cpp testw.cpp +14 -1

No files found.
--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -74,19 +74,26 @@ Json::Value signCertificateImpl(const string &_csr, bool _autoSign = false) {
            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
        }
-        if (_autoSign) {
-            string csr_name = string(CERT_DIR) + "/" + hash + ".csr";
+        string csr_name = string(CERT_DIR) + "/" + hash + ".csr";
-            ofstream outfile(csr_name);
+        ofstream outfile(csr_name);
-            outfile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
+        outfile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
-            outfile << _csr << endl;
+        outfile << _csr << endl;
-            outfile.close();
+        outfile.close();
-            if (system(("ls " + csr_name).c_str()) != 0) {
+        if (system(("ls " + csr_name).c_str()) != 0) {
-                spdlog::error("could not create csr file");
+            spdlog::error("could not create csr file");
-                throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
+            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
-            }
+        }
+        if (system(("openssl req -in " + csr_name).c_str()) != 0) {
+            spdlog::error("Incorrect CSR format: {}", _csr);
+            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "Incorrect CSR format ");
+        }
+        if (_autoSign) {
            string genCert = string("cd ") + CERT_DIR + "&& ./"
                    + CERT_CREATE_COMMAND + " " + hash ;
@@ -97,10 +104,6 @@ Json::Value signCertificateImpl(const string &_csr, bool _autoSign = false) {
                string status = "0";
                LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);
-                if (system(("rm -f " + csr_name).c_str()) != 0) {
-                    spdlog::error("could not delete csr file");
-                }
            } else {
                spdlog::error("Client cert generation failed: {} ", genCert);

--- a/insecure-samples/yourdomain.csr
+++ b/insecure-samples/yourdomain.csr
 -----BEGIN CERTIFICATE REQUEST-----
-MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+MIICmjCCAYICAQAwVTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUx
-ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAwwFU0tB
-AQEBBQADggEPADCCAQoCggEBAMTpgPTVyliLJpxD6fF6yg3chWzvhv/7vy7ClQxd
+TEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE6YD01cpYiyacQ+nx
-uh2V81MuOptY6RXAFU1m2stIBr13VSfP6A4N8MG1UyVxaTJ9EuBB9PwqzqikRSK2
+esoN3IVs74b/+78uwpUMXbodlfNTLjqbWOkVwBVNZtrLSAa9d1Unz+gODfDBtVMl
-bLNzcH+texTeU7SobP60exw4H2UlBWXrgtdoWlUVOeEsdm1DG8+6qsx+dzqITQeU
+cWkyfRLgQfT8Ks6opEUitmyzc3B/rXsU3lO0qGz+tHscOB9lJQVl64LXaFpVFTnh
-tT3BgAVV4PG2YfihMWxNywo0rhRLKeXIjfehzirWxQLZlgHYPU557C24CUkQSrvk
+LHZtQxvPuqrMfnc6iE0HlLU9wYAFVeDxtmH4oTFsTcsKNK4USynlyI33oc4q1sUC
-KtKVZe6qu4WnWSA0qn/EB3DsKeEIFCGYwLWrWQAriij+Dg1vZIxLlV8cBOezAld2
+2ZYB2D1OeewtuAlJEEq75CrSlWXuqruFp1kgNKp/xAdw7CnhCBQhmMC1q1kAK4oo
-NswPbq1E6vtjxY6iNbAe0LZhT3pyrLe3D1ThE0abdJ+CSFkCAwEAAaAAMA0GCSqG
+/g4Nb2SMS5VfHATnswJXdjbMD26tROr7Y8WOojWwHtC2YU96cqy3tw9U4RNGm3Sf
-SIb3DQEBCwUAA4IBAQAgl1d1VPHQx+s4faFjYqxAxaICFreGOTIa4Thm0KY8mm4V
+gkhZAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAcioOqQ0t/M57ugitShFeN6Cq
-Hkd6bltSV19q22gXTe9aaF9uClGFlCe/ewft6t4acZhdM+gUMffamIbfwkSzCTaN
+cnc8mScGkLlaWjr9eznr9N3GiQQfSY3otJ/i0SD2kbrZ3E1MAGIup0ZHm+CTs2KU
-Em/KvhwuvEejTDuBd28tcEJKUoz6sF1zYFyFFZeD3LbxEYjzrEJ4+F/H6rc+OcE7
+sPJYz6XwDHPN17Pfal95+wA2dpWOwHz3c8AJ/9qIh2e3SesLF4lUrP56HspNiRbJ
-2TqHnDJpte1NR8NGXEzNvfi1PRl6/KB0Zqqs7U+pENHdbzJURoJT6rxaBbfWjyiK
+EReGdHHA+c5MLe85vAOoRwEX+XHwmnoki3V9MORx0oTCecshuebY11aGXTSqB8t2
-JAcU52yVA6+NSxL+OZaGPGYL0rUGcrrFBCquvSxohG6cSExMsfUH/E58cFKbI1wb
+xe6GrVoBHIUS56z5lltKHJayoFbyiI0dfrMs0SnY2j9CwYqEy/0w8gDH78zCc2wf
-c2XgEK/zUt6kiV9Yfzv5694CWoL7l/PhtXNmUtUU
+bgneXwSdFcy/V9182hcocKHxECLdYal+3DnnnN0GZHZlxV5yn1zfAIYHYBBzkg==
 -----END CERTIFICATE REQUEST-----
--- a/testw.cpp
+++ b/testw.cpp
@@ -787,9 +787,22 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") {
 TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {
    REQUIRE(SGXRegistrationServer::getServer() != nullptr);
-    auto result = SGXRegistrationServer::getServer()->SignCertificate("Haha");
+    string csrFile = "insecure-samples/yourdomain.csr";
+    ifstream infile(csrFile);
+    infile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
+    ostringstream ss;
+    ss << infile.rdbuf();
+    infile.close();
+    auto result = SGXRegistrationServer::getServer()->SignCertificate(ss.str());
    REQUIRE(result["status"] == 0);
+    result = SGXRegistrationServer::getServer()->SignCertificate("Haha");
+    REQUIRE(result["status"] != 0);
 }