bug/SKALE-3751-enable-zeromq

ZMQClient.cpp

@@ -215,6 +215,22 @@ string ZMQClient::signString(EVP_PKEY* _pkey, const string& _str) {
     return hexStringSig;
 }
 
+pair<EVP_PKEY*, X509*> ZMQClient::readPublicKeyFromCertStr(const string& _certStr) {
+
+    CHECK_STATE(!_certStr.empty())
+
+    BIO *bo = BIO_new(BIO_s_mem());
+    CHECK_STATE(bo);
+    BIO_write(bo, _certStr.c_str(), _certStr.size());
+
+    X509* cert = nullptr;
+    PEM_read_bio_X509(bo, &cert, 0, 0);
+    CHECK_STATE(cert);
+    auto key = X509_get_pubkey(cert);
+    BIO_free(bo);
+    CHECK_STATE(key);
+    return {key, cert};
+};
 
 ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &_certFileName,
                      const string &_certKeyName) : ctx(1), sign(_sign),
@@ -226,7 +242,6 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &
         CHECK_STATE(!_certFileName.empty());
         CHECK_STATE(!_certKeyName.empty());
 
-
         certificate = readFileIntoString(_certFileName);
         CHECK_STATE(!certificate.empty());
 
@@ -241,25 +256,10 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &
         CHECK_STATE(pkey);
         BIO_free(bo);
 
-
-
-
-
-
         auto pubKeyStr = readFileIntoString(_certFileName);
         CHECK_STATE(!pubKeyStr.empty());
 
-        BIO *bo2 = BIO_new(BIO_s_mem());
-        CHECK_STATE(bo2);
-        BIO_write(bo2, pubKeyStr.c_str(), pubKeyStr.size());
-
-
-        PEM_read_bio_X509(bo2, &x509Cert, 0, 0);
-        CHECK_STATE(x509Cert);
-        pubkey = X509_get_pubkey(x509Cert);
-        CHECK_STATE(pubkey);
-
-        BIO_free(bo2);
+        tie(pubkey, x509Cert) = readPublicKeyFromCertStr(pubKeyStr);
 
         auto sig = signString(pkey, "sample");
         verifySig(pubkey, "sample", sig);

ZMQClient.h

@@ -88,6 +88,8 @@ public:
 
     void reconnect() ;
 
+    static pair<EVP_PKEY*, X509*>  readPublicKeyFromCertStr(const string& _cert);
+
     static string signString(EVP_PKEY* _pkey, const string& _str);
 
     static void   verifySig(EVP_PKEY* _pubkey, const string& _str, const string _sig);

ZMQMessage.cpp

@@ -26,6 +26,7 @@
 #include <iostream>
 #include <fstream>
 
+#include "ZMQClient.h"
 #include "SGXWalletServer.hpp"
 #include "BLSSignReqMessage.h"
 #include "BLSSignRspMessage.h"
@@ -92,11 +93,14 @@ shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg,
 
         if (!verifiedCerts.exists(*cert)) {
             CHECK_STATE(SGXWalletServer::verifyCert(filepath));
-            verifiedCerts.put(*cert, true);
-            remove(cert->c_str());
-        }
 
+            auto handles = ZMQClient::readPublicKeyFromCertStr(*cert);
+            CHECK_STATE(handles.first);
+            CHECK_STATE(handles.second);
 
+            verifiedCerts.put(*cert, handles);
+            remove(cert->c_str());
+        }
 
     }
 
@@ -141,4 +145,4 @@ shared_ptr <ZMQMessage> ZMQMessage::buildResponse(string& _type, shared_ptr<rapi
     }
 }
 
-cache::lru_cache<string, bool> ZMQMessage::verifiedCerts(256);
\ No newline at end of file
+cache::lru_cache<string, pair<EVP_PKEY*, X509*>> ZMQMessage::verifiedCerts(256);
\ No newline at end of file

ZMQMessage.h

@@ -27,6 +27,12 @@
 #include <memory>
 #include <vector>
 
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+
 #include "third_party/lrucache.hpp"
 
 #include "abstractstubserver.h"
@@ -41,7 +47,7 @@ class ZMQMessage {
     shared_ptr<rapidjson::Document> d;
 
 
-    static cache::lru_cache<string, bool> verifiedCerts;
+    static cache::lru_cache<string, pair<EVP_PKEY*, X509*>> verifiedCerts;
 
 protected: