| /* Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "apr_dbd.h" |
| #include "apr_escape.h" |
| #include "apr_strings.h" |
| |
| #include "httpd.h" |
| #include "http_log.h" |
| #include "http_main.h" |
| |
| #include "ssl_ct_sct.h" |
| #include "ssl_ct_log_config.h" |
| #include "ssl_ct_util.h" |
| |
| APLOG_USE_MODULE(ssl_ct); |
| |
| int log_config_readable(apr_pool_t *p, const char *logconfig, |
| const char **msg) |
| { |
| const apr_dbd_driver_t *driver; |
| apr_dbd_t *handle; |
| apr_status_t rv; |
| apr_dbd_results_t *res; |
| int rc; |
| |
| rv = apr_dbd_get_driver(p, "sqlite3", &driver); |
| if (rv != APR_SUCCESS) { |
| if (msg) { |
| *msg = "SQLite3 driver cannot be loaded"; |
| } |
| return 0; |
| } |
| |
| rv = apr_dbd_open(driver, p, logconfig, &handle); |
| if (rv != APR_SUCCESS) { |
| return 0; |
| } |
| |
| /* is there a cheaper way? */ |
| res = NULL; |
| rc = apr_dbd_select(driver, p, handle, &res, |
| "SELECT * FROM loginfo WHERE id = 0", 0); |
| |
| apr_dbd_close(driver, handle); |
| |
| if (rc != 0) { |
| return 0; |
| } |
| |
| return 1; |
| } |
| |
| static apr_status_t public_key_cleanup(void *data) |
| { |
| EVP_PKEY *pubkey = data; |
| |
| EVP_PKEY_free(pubkey); |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t read_public_key(apr_pool_t *p, const char *pubkey_fname, |
| EVP_PKEY **ppkey) |
| { |
| apr_status_t rv; |
| EVP_PKEY *pubkey; |
| FILE *pubkeyf; |
| |
| *ppkey = NULL; |
| |
| rv = ctutil_fopen(pubkey_fname, "r", &pubkeyf); |
| if (rv != APR_SUCCESS) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, rv, ap_server_conf, |
| APLOGNO(02751) "could not open log public key file %s", |
| pubkey_fname); |
| return rv; |
| } |
| |
| pubkey = PEM_read_PUBKEY(pubkeyf, NULL, NULL, NULL); |
| if (!pubkey) { |
| fclose(pubkeyf); |
| rv = APR_EINVAL; |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02752) "PEM_read_PUBKEY() failed to process " |
| "public key file %s", |
| pubkey_fname); |
| return rv; |
| } |
| |
| fclose(pubkeyf); |
| |
| *ppkey = pubkey; |
| |
| apr_pool_cleanup_register(p, (void *)pubkey, public_key_cleanup, |
| apr_pool_cleanup_null); |
| |
| return APR_SUCCESS; |
| } |
| |
| static void digest_public_key(EVP_PKEY *pubkey, unsigned char digest[LOG_ID_SIZE]) |
| { |
| int len = i2d_PUBKEY(pubkey, NULL); |
| unsigned char *val = malloc(len); |
| unsigned char *tmp = val; |
| SHA256_CTX sha256ctx; |
| |
| ap_assert(LOG_ID_SIZE == SHA256_DIGEST_LENGTH); |
| |
| i2d_PUBKEY(pubkey, &tmp); |
| SHA256_Init(&sha256ctx); |
| SHA256_Update(&sha256ctx, (unsigned char *)val, len); |
| SHA256_Final(digest, &sha256ctx); |
| free(val); |
| } |
| |
| static apr_status_t parse_log_url(apr_pool_t *p, const char *lu, apr_uri_t *puri) |
| { |
| apr_status_t rv; |
| apr_uri_t uri; |
| |
| rv = apr_uri_parse(p, lu, &uri); |
| if (rv == APR_SUCCESS) { |
| if (!uri.scheme |
| || !uri.hostname |
| || !uri.path) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02753) "Error in log url \"%s\": URL can't be " |
| "parsed or is missing required elements", lu); |
| rv = APR_EINVAL; |
| } |
| if (strcmp(uri.scheme, "http")) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02754) "Error in log url \"%s\": Only scheme " |
| "\"http\" (instead of \"%s\") is currently " |
| "accepted", |
| lu, uri.scheme); |
| rv = APR_EINVAL; |
| } |
| if (strcmp(uri.path, "/")) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02755) "Error in log url \"%s\": Only path " |
| "\"/\" (instead of \"%s\") is currently accepted", |
| lu, uri.path); |
| rv = APR_EINVAL; |
| } |
| } |
| if (rv == APR_SUCCESS) { |
| *puri = uri; |
| } |
| return rv; |
| } |
| |
| static apr_status_t parse_time_str(apr_pool_t *p, const char *time_str, |
| apr_time_t *time) |
| { |
| apr_int64_t val; |
| const char *end; |
| |
| errno = 0; |
| val = apr_strtoi64(time_str, (char **)&end, 10); |
| if (errno || *end != '\0') { |
| return APR_EINVAL; |
| } |
| |
| *time = apr_time_from_msec(val); |
| return APR_SUCCESS; |
| } |
| |
| /* The log_config array should have already been allocated from p. */ |
| apr_status_t save_log_config_entry(apr_array_header_t *log_config, |
| apr_pool_t *p, |
| const char *log_id, |
| const char *pubkey_fname, |
| const char *distrusted_str, |
| const char *min_time_str, |
| const char *max_time_str, |
| const char *url) |
| { |
| apr_size_t len; |
| apr_status_t rv; |
| apr_time_t min_time, max_time; |
| apr_uri_t uri; |
| char *computed_log_id = NULL, *log_id_bin = NULL; |
| ct_log_config *newconf, **pnewconf; |
| int distrusted; |
| EVP_PKEY *public_key; |
| |
| if (!distrusted_str) { |
| distrusted = DISTRUSTED_UNSET; |
| } |
| else if (!strcmp(distrusted_str, "1")) { |
| distrusted = DISTRUSTED; |
| } |
| else if (!strcmp(distrusted_str, "0")) { |
| distrusted = TRUSTED; |
| } |
| else { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02756) "Trusted status \"%s\" not valid", |
| distrusted_str); |
| return APR_EINVAL; |
| } |
| |
| if (log_id) { |
| rv = apr_unescape_hex(NULL, log_id, strlen(log_id), 0, &len); |
| if (rv != 0 || len != 32) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02757) "Log id \"%s\" not valid", log_id); |
| log_id_bin = apr_palloc(p, len); |
| apr_unescape_hex(log_id_bin, log_id, strlen(log_id), 0, NULL); |
| } |
| } |
| |
| if (pubkey_fname) { |
| rv = read_public_key(p, pubkey_fname, &public_key); |
| if (rv != APR_SUCCESS) { |
| return rv; |
| } |
| } |
| else { |
| public_key = NULL; |
| } |
| |
| if (min_time_str) { |
| rv = parse_time_str(p, min_time_str, &min_time); |
| if (rv) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02758) "Invalid min time \"%s\"", min_time_str); |
| return rv; |
| } |
| } |
| else { |
| min_time = 0; |
| } |
| |
| if (max_time_str) { |
| rv = parse_time_str(p, max_time_str, &max_time); |
| if (rv) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02759) "Invalid max time \"%s\"", max_time_str); |
| return rv; |
| } |
| } |
| else { |
| max_time = 0; |
| } |
| |
| if (url) { |
| rv = parse_log_url(p, url, &uri); |
| if (rv != APR_SUCCESS) { |
| return rv; |
| } |
| } |
| |
| newconf = apr_pcalloc(p, sizeof(ct_log_config)); |
| pnewconf = (ct_log_config **)apr_array_push(log_config); |
| *pnewconf = newconf; |
| |
| newconf->distrusted = distrusted; |
| newconf->public_key = public_key; |
| |
| if (newconf->public_key) { |
| computed_log_id = apr_palloc(p, LOG_ID_SIZE); |
| digest_public_key(newconf->public_key, |
| (unsigned char *)computed_log_id); |
| } |
| |
| if (computed_log_id && log_id_bin) { |
| if (memcmp(computed_log_id, log_id_bin, LOG_ID_SIZE)) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, |
| APLOGNO(02760) "Provided log id doesn't match digest " |
| "of public key"); |
| return APR_EINVAL; |
| } |
| } |
| |
| newconf->log_id = log_id_bin ? log_id_bin : computed_log_id; |
| |
| newconf->min_valid_time = min_time; |
| newconf->max_valid_time = max_time; |
| |
| newconf->url = url; |
| if (url) { |
| newconf->uri = uri; |
| newconf->uri_str = apr_uri_unparse(p, &uri, 0); |
| } |
| newconf->public_key_pem = pubkey_fname; |
| |
| return APR_SUCCESS; |
| } |
| |
| apr_status_t read_config_db(apr_pool_t *p, server_rec *s_main, |
| const char *log_config_fname, |
| apr_array_header_t *log_config) |
| { |
| apr_status_t rv; |
| const apr_dbd_driver_t *driver; |
| apr_dbd_t *handle; |
| apr_dbd_results_t *res; |
| apr_dbd_row_t *row; |
| int rc; |
| |
| ap_assert(log_config); |
| |
| rv = apr_dbd_get_driver(p, "sqlite3", &driver); |
| if (rv != APR_SUCCESS) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, rv, s_main, |
| APLOGNO(02761) "APR SQLite3 driver can't be loaded"); |
| return rv; |
| } |
| |
| rv = apr_dbd_open(driver, p, log_config_fname, &handle); |
| if (rv != APR_SUCCESS) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, rv, s_main, |
| APLOGNO(02762) "Can't open SQLite3 db %s", |
| log_config_fname); |
| return rv; |
| } |
| |
| res = NULL; |
| rc = apr_dbd_select(driver, p, handle, &res, |
| "SELECT * FROM loginfo", 0); |
| |
| if (rc != 0) { |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main, |
| APLOGNO(02763) "SELECT of loginfo records failed"); |
| apr_dbd_close(driver, handle); |
| return APR_EINVAL; |
| } |
| |
| rc = apr_dbd_num_tuples(driver, res); |
| switch (rc) { |
| case -1: |
| ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main, |
| APLOGNO(02764) "Unexpected asynchronous result reading %s", |
| log_config_fname); |
| apr_dbd_close(driver, handle); |
| return APR_EINVAL; |
| case 0: |
| ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s_main, |
| APLOGNO(02765) "Log configuration in %s is empty", |
| log_config_fname); |
| apr_dbd_close(driver, handle); |
| return APR_SUCCESS; |
| default: |
| /* quiet some lints */ |
| break; |
| } |
| |
| for (rv = apr_dbd_get_row(driver, p, res, &row, -1); |
| rv == APR_SUCCESS; |
| rv = apr_dbd_get_row(driver, p, res, &row, -1)) { |
| int cur = 0; |
| const char *id = apr_dbd_get_entry(driver, row, cur++); |
| const char *log_id = apr_dbd_get_entry(driver, row, cur++); |
| const char *public_key = apr_dbd_get_entry(driver, row, cur++); |
| const char *distrusted = apr_dbd_get_entry(driver, row, cur++); |
| const char *min_timestamp = apr_dbd_get_entry(driver, row, cur++); |
| const char *max_timestamp = apr_dbd_get_entry(driver, row, cur++); |
| const char *url = apr_dbd_get_entry(driver, row, cur++); |
| |
| ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s_main, APLOGNO(03036) |
| "Log config: Record %s, log id %s, public key file %s," |
| " distrusted %s, URL %s, time %s->%s", |
| id, |
| log_id ? log_id : "(unset)", |
| public_key ? public_key : "(unset)", |
| distrusted ? distrusted : "(unset, defaults to trusted)", |
| url ? url : "(unset)", |
| min_timestamp ? min_timestamp : "-INF", |
| max_timestamp ? max_timestamp : "+INF"); |
| |
| rv = save_log_config_entry(log_config, p, log_id, |
| public_key, distrusted, |
| min_timestamp, max_timestamp, url); |
| if (rv != APR_SUCCESS) { |
| apr_dbd_close(driver, handle); |
| return rv; |
| } |
| } |
| |
| apr_dbd_close(driver, handle); |
| |
| return APR_SUCCESS; |
| } |
| |
| int log_valid_for_received_sct(const ct_log_config *l, apr_time_t to_check) |
| { |
| if (l->distrusted == DISTRUSTED) { |
| return 0; |
| } |
| |
| if (l->max_valid_time && l->max_valid_time < to_check) { |
| return 0; |
| } |
| |
| if (l->min_valid_time && l->min_valid_time < to_check) { |
| return 0; |
| } |
| |
| return 1; |
| } |
| |
| int log_valid_for_sent_sct(const ct_log_config *l) |
| { |
| /* The log could return us an SCT with an older timestamp which |
| * is within the trusted time interval for the log, but for |
| * simplicity let's just assume that if the log isn't still |
| * within a trusted interval we won't send SCTs from the log. |
| */ |
| return log_valid_for_received_sct(l, apr_time_now()); |
| } |
| |
| int log_configured_for_fetching_sct(const ct_log_config *l) |
| { |
| /* must have a url and a public key configured in order to obtain |
| * an SCT from the log |
| */ |
| return l->url != NULL && l->public_key != NULL; |
| } |
