1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 20:27:45 +00:00

ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients

This makes gemini.circumlunar.space (and some more gemini pages) work
again :^)
This commit is contained in:
AnotherTest 2020-08-02 05:27:42 +04:30 committed by Andreas Kling
parent 9d3ffa096a
commit 97256ad977
22 changed files with 161 additions and 3 deletions

View file

@ -27,6 +27,7 @@
#include <LibCore/DateTime.h>
#include <LibCore/Timer.h>
#include <LibCrypto/ASN1/DER.h>
#include <LibCrypto/ASN1/PEM.h>
#include <LibCrypto/PK/Code/EMSA_PSS.h>
#include <LibTLS/TLSv12.h>
@ -721,4 +722,28 @@ TLSv12::TLSv12(Core::Object* parent, Version version)
}
}
bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA
{
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
return true;
}
auto decoded_certificate = decode_pem(certificate_pem_buffer.span(), 0);
if (decoded_certificate.is_empty()) {
dbg() << "Certificate not PEM";
return false;
}
auto maybe_certificate = parse_asn1(decoded_certificate);
if (!maybe_certificate.has_value()) {
dbg() << "Invalid certificate";
return false;
}
Crypto::PK::RSA rsa(rsa_key);
auto certificate = maybe_certificate.value();
certificate.private_key = rsa.private_key();
return add_client_key(certificate);
}
}