bug/SKALE-3751-enable-zeromq

ebc75da4 · kladko · d77c39d5 · ebc75da4 · ebc75da4 · ebc75da4
Unverified Commit ebc75da4 authored Feb 03, 2021 by kladko
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 22 deletions

ZMQClient.cpp ZMQClient.cpp +17 -17

ZMQClient.h ZMQClient.h +2 -0

ZMQMessage.cpp ZMQMessage.cpp +8 -4

ZMQMessage.h ZMQMessage.h +7 -1

No files found.
--- a/ZMQClient.cpp
+++ b/ZMQClient.cpp
@@ -215,6 +215,22 @@ string ZMQClient::signString(EVP_PKEY* _pkey, const string& _str) {
    return hexStringSig;
 }
+pair<EVP_PKEY*, X509*> ZMQClient::readPublicKeyFromCertStr(const string& _certStr) {
+    CHECK_STATE(!_certStr.empty())
+    BIO *bo = BIO_new(BIO_s_mem());
+    CHECK_STATE(bo);
+    BIO_write(bo, _certStr.c_str(), _certStr.size());
+    X509* cert = nullptr;
+    PEM_read_bio_X509(bo, &cert, 0, 0);
+    CHECK_STATE(cert);
+    auto key = X509_get_pubkey(cert);
+    BIO_free(bo);
+    CHECK_STATE(key);
+    return {key, cert};
+};
 ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &_certFileName,
                     const string &_certKeyName) : ctx(1), sign(_sign),
@@ -226,7 +242,6 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &
        CHECK_STATE(!_certFileName.empty());
        CHECK_STATE(!_certKeyName.empty());
        certificate = readFileIntoString(_certFileName);
        CHECK_STATE(!certificate.empty());
@@ -241,25 +256,10 @@ ZMQClient::ZMQClient(const string &ip, uint16_t port, bool _sign, const string &
        CHECK_STATE(pkey);
        BIO_free(bo);
        auto pubKeyStr = readFileIntoString(_certFileName);
        CHECK_STATE(!pubKeyStr.empty());
-        BIO *bo2 = BIO_new(BIO_s_mem());
+        tie(pubkey, x509Cert) = readPublicKeyFromCertStr(pubKeyStr);
-        CHECK_STATE(bo2);
-        BIO_write(bo2, pubKeyStr.c_str(), pubKeyStr.size());
-        PEM_read_bio_X509(bo2, &x509Cert, 0, 0);
-        CHECK_STATE(x509Cert);
-        pubkey = X509_get_pubkey(x509Cert);
-        CHECK_STATE(pubkey);
-        BIO_free(bo2);
        auto sig = signString(pkey, "sample");
        verifySig(pubkey, "sample", sig);

--- a/ZMQClient.h
+++ b/ZMQClient.h
@@ -88,6 +88,8 @@ public:
    void reconnect() ;
+    static pair<EVP_PKEY*, X509*>  readPublicKeyFromCertStr(const string& _cert);
    static string signString(EVP_PKEY* _pkey, const string& _str);
    static void   verifySig(EVP_PKEY* _pubkey, const string& _str, const string _sig);

--- a/ZMQMessage.cpp
+++ b/ZMQMessage.cpp
@@ -26,6 +26,7 @@
 #include <iostream>
 #include <fstream>
+#include "ZMQClient.h"
 #include "SGXWalletServer.hpp"
 #include "BLSSignReqMessage.h"
 #include "BLSSignRspMessage.h"
@@ -92,11 +93,14 @@ shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg,
        if (!verifiedCerts.exists(*cert)) {
            CHECK_STATE(SGXWalletServer::verifyCert(filepath));
-            verifiedCerts.put(*cert, true);
-            remove(cert->c_str());
-        }
+            auto handles = ZMQClient::readPublicKeyFromCertStr(*cert);
+            CHECK_STATE(handles.first);
+            CHECK_STATE(handles.second);
+            verifiedCerts.put(*cert, handles);
+            remove(cert->c_str());
+        }
    }
@@ -141,4 +145,4 @@ shared_ptr <ZMQMessage> ZMQMessage::buildResponse(string& _type, shared_ptr<rapi
    }
 }
-cache::lru_cache<string, bool> ZMQMessage::verifiedCerts(256);
+cache::lru_cache<string, pair<EVP_PKEY*, X509*>> ZMQMessage::verifiedCerts(256);
\ No newline at end of file
--- a/ZMQMessage.h
+++ b/ZMQMessage.h
@@ -27,6 +27,12 @@
 #include <memory>
 #include <vector>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
 #include "third_party/lrucache.hpp"
 #include "abstractstubserver.h"
@@ -41,7 +47,7 @@ class ZMQMessage {
    shared_ptr<rapidjson::Document> d;
-    static cache::lru_cache<string, bool> verifiedCerts;
+    static cache::lru_cache<string, pair<EVP_PKEY*, X509*>> verifiedCerts;
 protected: