Unverified Commit ebc75da4 authored by kladko's avatar kladko

bug/SKALE-3751-enable-zeromq

parent d77c39d5
...@@ -215,6 +215,22 @@ string ZMQClient::signString(EVP_PKEY* _pkey, const string& _str) { ...@@ -215,6 +215,22 @@ string ZMQClient::signString(EVP_PKEY* _pkey, const string& _str) {
return hexStringSig; return hexStringSig;
} }
pair<EVP_PKEY*, X509*> ZMQClient::readPublicKeyFromCertStr(const string& _certStr) {
CHECK_STATE(!_certStr.empty())
BIO *bo = BIO_new(BIO_s_mem());
CHECK_STATE(bo);
BIO_write(bo, _certStr.c_str(), _certStr.size());
X509* cert = nullptr;
PEM_read_bio_X509(bo, &cert, 0, 0);
CHECK_STATE(cert);
auto key = X509_get_pubkey(cert);
BIO_free(bo);
CHECK_STATE(key);
return {key, cert};
};
ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &_certFileName, ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &_certFileName,
const string &_certKeyName) : ctx(1), sign(_sign), const string &_certKeyName) : ctx(1), sign(_sign),
...@@ -226,7 +242,6 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string & ...@@ -226,7 +242,6 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &
CHECK_STATE(!_certFileName.empty()); CHECK_STATE(!_certFileName.empty());
CHECK_STATE(!_certKeyName.empty()); CHECK_STATE(!_certKeyName.empty());
certificate = readFileIntoString(_certFileName); certificate = readFileIntoString(_certFileName);
CHECK_STATE(!certificate.empty()); CHECK_STATE(!certificate.empty());
...@@ -241,25 +256,10 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string & ...@@ -241,25 +256,10 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &
CHECK_STATE(pkey); CHECK_STATE(pkey);
BIO_free(bo); BIO_free(bo);
auto pubKeyStr = readFileIntoString(_certFileName); auto pubKeyStr = readFileIntoString(_certFileName);
CHECK_STATE(!pubKeyStr.empty()); CHECK_STATE(!pubKeyStr.empty());
BIO *bo2 = BIO_new(BIO_s_mem()); tie(pubkey, x509Cert) = readPublicKeyFromCertStr(pubKeyStr);
CHECK_STATE(bo2);
BIO_write(bo2, pubKeyStr.c_str(), pubKeyStr.size());
PEM_read_bio_X509(bo2, &x509Cert, 0, 0);
CHECK_STATE(x509Cert);
pubkey = X509_get_pubkey(x509Cert);
CHECK_STATE(pubkey);
BIO_free(bo2);
auto sig = signString(pkey, "sample"); auto sig = signString(pkey, "sample");
verifySig(pubkey, "sample", sig); verifySig(pubkey, "sample", sig);
......
...@@ -88,6 +88,8 @@ public: ...@@ -88,6 +88,8 @@ public:
void reconnect() ; void reconnect() ;
static pair<EVP_PKEY*, X509*> readPublicKeyFromCertStr(const string& _cert);
static string signString(EVP_PKEY* _pkey, const string& _str); static string signString(EVP_PKEY* _pkey, const string& _str);
static void verifySig(EVP_PKEY* _pubkey, const string& _str, const string _sig); static void verifySig(EVP_PKEY* _pubkey, const string& _str, const string _sig);
......
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
#include <iostream> #include <iostream>
#include <fstream> #include <fstream>
#include "ZMQClient.h"
#include "SGXWalletServer.hpp" #include "SGXWalletServer.hpp"
#include "BLSSignReqMessage.h" #include "BLSSignReqMessage.h"
#include "BLSSignRspMessage.h" #include "BLSSignRspMessage.h"
...@@ -92,11 +93,14 @@ shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg, ...@@ -92,11 +93,14 @@ shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg,
if (!verifiedCerts.exists(*cert)) { if (!verifiedCerts.exists(*cert)) {
CHECK_STATE(SGXWalletServer::verifyCert(filepath)); CHECK_STATE(SGXWalletServer::verifyCert(filepath));
verifiedCerts.put(*cert, true);
remove(cert->c_str());
}
auto handles = ZMQClient::readPublicKeyFromCertStr(*cert);
CHECK_STATE(handles.first);
CHECK_STATE(handles.second);
verifiedCerts.put(*cert, handles);
remove(cert->c_str());
}
} }
...@@ -141,4 +145,4 @@ shared_ptr <ZMQMessage> ZMQMessage::buildResponse(string& _type, shared_ptr<rapi ...@@ -141,4 +145,4 @@ shared_ptr <ZMQMessage> ZMQMessage::buildResponse(string& _type, shared_ptr<rapi
} }
} }
cache::lru_cache<string, bool> ZMQMessage::verifiedCerts(256); cache::lru_cache<string, pair<EVP_PKEY*, X509*>> ZMQMessage::verifiedCerts(256);
\ No newline at end of file \ No newline at end of file
...@@ -27,6 +27,12 @@ ...@@ -27,6 +27,12 @@
#include <memory> #include <memory>
#include <vector> #include <vector>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
#include "third_party/lrucache.hpp" #include "third_party/lrucache.hpp"
#include "abstractstubserver.h" #include "abstractstubserver.h"
...@@ -41,7 +47,7 @@ class ZMQMessage { ...@@ -41,7 +47,7 @@ class ZMQMessage {
shared_ptr<rapidjson::Document> d; shared_ptr<rapidjson::Document> d;
static cache::lru_cache<string, bool> verifiedCerts; static cache::lru_cache<string, pair<EVP_PKEY*, X509*>> verifiedCerts;
protected: protected:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment