ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients

This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2025-07-25 03:57:43 +00:00 · 2020-08-02 05:27:42 +04:30 · 2020-08-02 05:27:42 +04:30 · 97256ad977
commit 97256ad977
parent 9d3ffa096a
22 changed files with 161 additions and 3 deletions
--- a/Libraries/LibTLS/TLSv12.cpp
+++ b/Libraries/LibTLS/TLSv12.cpp
@ -27,6 +27,7 @@
 #include <LibCore/DateTime.h>
 #include <LibCore/Timer.h>
 #include <LibCrypto/ASN1/DER.h>
+#include <LibCrypto/ASN1/PEM.h>
 #include <LibCrypto/PK/Code/EMSA_PSS.h>
 #include <LibTLS/TLSv12.h>

@ -721,4 +722,28 @@ TLSv12::TLSv12(Core::Object* parent, Version version)
    }
 }

+bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA
+{
+    if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
+        return true;
+    }
+    auto decoded_certificate = decode_pem(certificate_pem_buffer.span(), 0);
+    if (decoded_certificate.is_empty()) {
+        dbg() << "Certificate not PEM";
+        return false;
+    }
+
+    auto maybe_certificate = parse_asn1(decoded_certificate);
+    if (!maybe_certificate.has_value()) {
+        dbg() << "Invalid certificate";
+        return false;
+    }
+
+    Crypto::PK::RSA rsa(rsa_key);
+    auto certificate = maybe_certificate.value();
+    certificate.private_key = rsa.private_key();
+
+    return add_client_key(certificate);
+}
+
 }