Changeset 104745 in vbox for trunk/src/VBox/Main

Timestamp:

May 21, 2024 12:52:09 PM (6 months ago)

Author:

vboxsync

Message:

IPRT,Main: Reworked the newly introduced RTCrX509Certificate_Generate function. It's now called RTCrX509Certificate_GenerateSelfSignedRsa and takes a few more parameters. We still can't read the output it creates. Added a create-self-signed-rsa-cert command to RTSignTool for easy testing. bugref:10310

File:

• trunk/src/VBox/Main/src-server/VRDEServerImpl.cpp (modified) (3 diffs)

trunk/src/VBox/Main/src-server/VRDEServerImpl.cpp

@@ -241 +241 @@
 int VRDEServer::i_generateServerCertificate()
 {
-    Utf8Str strServerCertificate = "server_cert.pem";
-    Utf8Str strServerPrivateKey = "server_key_private.pem";
-    mParent->i_calculateFullPath(strServerCertificate, strServerCertificate);
-    mParent->i_calculateFullPath(strServerPrivateKey, strServerPrivateKey);
-    const char *pszServerCertificate = strServerCertificate.c_str();
-    const char *pszServerPrivateKey = strServerPrivateKey.c_str();
-
-    int vrc = RTCrX509Certificate_Generate(pszServerCertificate, pszServerPrivateKey);
-
+    Utf8Str strServerCertificate("server_cert.pem");
+    int vrc = mParent->i_calculateFullPath(strServerCertificate, strServerCertificate);
+    AssertRCReturn(vrc, vrc);
+
+    Utf8Str strServerPrivateKey("server_key_private.pem");
+    vrc = mParent->i_calculateFullPath(strServerPrivateKey, strServerPrivateKey);
+    AssertRCReturn(vrc, vrc);
+
+    vrc = RTCrX509Certificate_GenerateSelfSignedRsa(RTDIGESTTYPE_SHA1, 2048 /*cBits*/, 10 * 365 * RT_SEC_1DAY,
+                                                    0 /*fKeyUsage*/, 0 /*fExtKeyUsage*/, NULL /*pvSubjectTodo*/,
+                                                    strServerCertificate.c_str(), strServerPrivateKey.c_str(), NULL /*pErrInfo*/);
     if (RT_SUCCESS(vrc))
     {
@@ -255 +257 @@
         mData.backup();
 
+/** @todo r=bird: These statements may trigger exceptions and leave
+ * dangling server_cert.pem & server_key_private.pem files around.
+ * Since we're not doing an active settings save here (problematic IIRC) there
+ * are probably hundreds more likely ways this could go belly up and leave those
+ * files behind.
+ *
+ * The problem is that the code relies on the _settings_ to decide whether they
+ * are there or not, and if no it creates them.  If anything goes wrong before
+ * we can save settings, this function will fail to retify the situation because
+ * the file already exist and RTCrX509Certificate_GenerateSelfSignedRsa won't
+ * overwrite existing files.
+ *
+ * Klaus, some settings saving input required here!
+ */
         mData->mapProperties["Security/Method"] = Utf8Str("TLS");
         mData->mapProperties["Security/ServerCertificate"] = strServerCertificate;
@@ -306 +322 @@
                 int vrc = i_generateServerCertificate();
                 if (RT_FAILURE(vrc))
-                {
                     LogRel(("Failed to auto generate server key and certificate: (%Rrc)\n", vrc));
-                }
             }
         }