2023-10-19 17:49:54 +02:00
|
|
|
;; tinmop: a multiprotocol client
|
2023-10-19 17:46:22 +02:00
|
|
|
;; Copyright © cage
|
2020-06-22 13:58:04 +02:00
|
|
|
|
|
|
|
;; This program is free software: you can redistribute it and/or modify
|
|
|
|
;; it under the terms of the GNU General Public License as published by
|
|
|
|
;; the Free Software Foundation, either version 3 of the License, or
|
|
|
|
;; (at your option) any later version.
|
|
|
|
|
|
|
|
;; This program is distributed in the hope that it will be useful,
|
|
|
|
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
;; GNU General Public License for more details.
|
|
|
|
|
|
|
|
;; You should have received a copy of the GNU General Public License
|
|
|
|
;; along with this program.
|
|
|
|
;; If not, see [[http://www.gnu.org/licenses/][http://www.gnu.org/licenses/]].
|
|
|
|
|
|
|
|
(in-package :x509)
|
|
|
|
|
|
|
|
(defun dump-certificate (ssl-stream)
|
2020-12-09 10:44:04 +01:00
|
|
|
(let* ((cert (cl+ssl:ssl-stream-x509-certificate ssl-stream))
|
|
|
|
(certificate-length (i2d-x509 cert (cffi:null-pointer))))
|
2022-04-06 19:34:49 +02:00
|
|
|
(unwind-protect
|
|
|
|
(if (< certificate-length 0)
|
|
|
|
(error "i2d-X509 failed")
|
|
|
|
(cffi:with-foreign-object (buf* :unsigned-char certificate-length)
|
|
|
|
(cffi:with-foreign-object (buf** :pointer)
|
|
|
|
(setf (cffi:mem-ref buf** :pointer) buf*)
|
|
|
|
(i2d-x509 cert buf**)
|
2022-04-23 15:19:29 +02:00
|
|
|
(let* ((data (loop for i from 0 below certificate-length
|
|
|
|
collect
|
|
|
|
(cffi:mem-aref buf* :unsigned-char i)))
|
2022-04-06 19:34:49 +02:00
|
|
|
(res (misc:make-fresh-array certificate-length 0 '(unsigned-byte 8) t)))
|
|
|
|
(misc:copy-list-into-array data res)
|
|
|
|
res))))
|
2022-04-23 15:19:29 +02:00
|
|
|
(cl+ssl:x509-free cert))))
|
|
|
|
|
|
|
|
|
|
|
|
(defun pem->der (pem-file)
|
|
|
|
(handler-case
|
|
|
|
(let* ((raw (fs:slurp-file pem-file))
|
|
|
|
(encoded (cl-ppcre:regex-replace-all "-----(BEGIN|END) CERTIFICATE-----" raw ""))
|
|
|
|
(decoded (base64:base64-string-to-usb8-array encoded)))
|
|
|
|
(fs:with-anaphoric-temp-file (stream)
|
|
|
|
(write-sequence decoded stream)
|
|
|
|
filesystem-utils::temp-file))
|
|
|
|
(error () pem-file)))
|
|
|
|
|
|
|
|
(defgeneric certificate-fingerprint (object &key hash-algorithm))
|
|
|
|
|
|
|
|
(defmacro decode-fingerprint (cert hash-algorithm)
|
|
|
|
(alexandria:with-gensyms (hash hash-string algo-string)
|
|
|
|
`(unwind-protect
|
|
|
|
(let* ((,hash (cl+ssl:certificate-fingerprint ,cert ,hash-algorithm))
|
|
|
|
(,hash-string (format nil "~{~2,'0x~}" (map 'list #'identity ,hash)))
|
|
|
|
(,algo-string (format nil "~:@(~a~)" ,hash-algorithm)))
|
|
|
|
(text-utils:strcat ,algo-string ":" (string-downcase ,hash-string)))
|
|
|
|
(cl+ssl:x509-free ,cert))))
|
|
|
|
|
|
|
|
(defmethod certificate-fingerprint ((object cl+ssl::ssl-stream) &key (hash-algorithm :sha256))
|
2024-02-10 14:36:01 +01:00
|
|
|
(let ((cert (cl+ssl:ssl-stream-x509-certificate object)))
|
|
|
|
(when (not (cffi:null-pointer-p cert))
|
|
|
|
(decode-fingerprint cert hash-algorithm))))
|
2022-04-23 15:19:29 +02:00
|
|
|
|
|
|
|
(defmethod certificate-fingerprint ((object string) &key (hash-algorithm :sha256))
|
2024-02-10 14:36:01 +01:00
|
|
|
(let ((cert (cl+ssl:decode-certificate-from-file (pem->der object) :format :der)))
|
|
|
|
(when (not (cffi:null-pointer-p cert))
|
|
|
|
(decode-fingerprint cert hash-algorithm))))
|