1
0
Fork 0
tinmop/src/x509.lisp

69 lines
3.1 KiB
Common Lisp
Raw Normal View History

;; tinmop: a multiprotocol client
2023-10-19 17:46:22 +02:00
;; Copyright © cage
;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;; You should have received a copy of the GNU General Public License
;; along with this program.
;; If not, see [[http://www.gnu.org/licenses/][http://www.gnu.org/licenses/]].
(in-package :x509)
(defun dump-certificate (ssl-stream)
(let* ((cert (cl+ssl:ssl-stream-x509-certificate ssl-stream))
(certificate-length (i2d-x509 cert (cffi:null-pointer))))
(unwind-protect
(if (< certificate-length 0)
(error "i2d-X509 failed")
(cffi:with-foreign-object (buf* :unsigned-char certificate-length)
(cffi:with-foreign-object (buf** :pointer)
(setf (cffi:mem-ref buf** :pointer) buf*)
(i2d-x509 cert buf**)
(let* ((data (loop for i from 0 below certificate-length
collect
(cffi:mem-aref buf* :unsigned-char i)))
(res (misc:make-fresh-array certificate-length 0 '(unsigned-byte 8) t)))
(misc:copy-list-into-array data res)
res))))
(cl+ssl:x509-free cert))))
(defun pem->der (pem-file)
(handler-case
(let* ((raw (fs:slurp-file pem-file))
(encoded (cl-ppcre:regex-replace-all "-----(BEGIN|END) CERTIFICATE-----" raw ""))
(decoded (base64:base64-string-to-usb8-array encoded)))
(fs:with-anaphoric-temp-file (stream)
(write-sequence decoded stream)
filesystem-utils::temp-file))
(error () pem-file)))
(defgeneric certificate-fingerprint (object &key hash-algorithm))
(defmacro decode-fingerprint (cert hash-algorithm)
(alexandria:with-gensyms (hash hash-string algo-string)
`(unwind-protect
(let* ((,hash (cl+ssl:certificate-fingerprint ,cert ,hash-algorithm))
(,hash-string (format nil "~{~2,'0x~}" (map 'list #'identity ,hash)))
(,algo-string (format nil "~:@(~a~)" ,hash-algorithm)))
(text-utils:strcat ,algo-string ":" (string-downcase ,hash-string)))
(cl+ssl:x509-free ,cert))))
(defmethod certificate-fingerprint ((object cl+ssl::ssl-stream) &key (hash-algorithm :sha256))
(let ((cert (cl+ssl:ssl-stream-x509-certificate object)))
(when (not (cffi:null-pointer-p cert))
(decode-fingerprint cert hash-algorithm))))
(defmethod certificate-fingerprint ((object string) &key (hash-algorithm :sha256))
(let ((cert (cl+ssl:decode-certificate-from-file (pem->der object) :format :der)))
(when (not (cffi:null-pointer-p cert))
(decode-fingerprint cert hash-algorithm))))