VirtualBox

Ignore:
Timestamp:
Apr 4, 2013 9:37:00 AM (12 years ago)
Author:
vboxsync
Message:

Runtime/http: add new function to set the filename containing the trusted root certificates, plus an extension of the testcase which fetches the root certificates

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Runtime/testcase/tstHttp.cpp

    r43645 r45331  
    55
    66/*
    7  * Copyright (C) 2012 Oracle Corporation
     7 * Copyright (C) 2012-2013 Oracle Corporation
    88 *
    99 * This file is part of VirtualBox Open Source Edition (OSE), as
     
    3131#include <iprt/http.h>
    3232#include <iprt/mem.h>
     33#include <iprt/file.h>
    3334#include <iprt/stream.h>
     35#include <iprt/string.h>
    3436#include <iprt/initterm.h>
    35 #include <iprt/thread.h>
     37
     38#define CAFILE_NAME "tstHttp-tempcafile.crt"
    3639
    3740int main()
     
    4447    int rc = RTHttpCreate(&hHttp);
    4548    char *pszBuf = NULL;
     49    PRTSTREAM CAFile = NULL;
     50
     51    // create certificate file
     52    rc = RTStrmOpen(CAFILE_NAME, "w+b", &CAFile);
     53
     54    // fetch root CA certificate (new one, often avoided in cert chains by
     55    // using an intermediate cert which is signed by old root)
     56    if (RT_SUCCESS(rc))
     57        rc = RTHttpGet(hHttp,
     58                       "http://www.verisign.com/repository/roots/root-certificates/PCA-3G5.pem",
     59                       &pszBuf);
     60    if (RT_SUCCESS(rc) && pszBuf)
     61    {
     62        /// @todo check certificate fingerprint against a strong hash,
     63        // otherwise there's a simple way for a man-in-the-middle attack
     64        rc = RTStrmWrite(CAFile, pszBuf, strlen(pszBuf));
     65        if (RT_SUCCESS(rc))
     66            rc = RTStrmWrite(CAFile, RTFILE_LINEFEED, strlen(RTFILE_LINEFEED));
     67    }
     68    if (pszBuf)
     69    {
     70        RTMemFree(pszBuf);
     71        pszBuf = NULL;
     72    }
     73
     74    // fetch root CA certificate (old one, but still very widely used)
     75    if (RT_SUCCESS(rc))
     76        rc = RTHttpGet(hHttp,
     77                       "http://www.verisign.com/repository/roots/root-certificates/PCA-3.pem",
     78                       &pszBuf);
     79    if (RT_SUCCESS(rc) && pszBuf)
     80    {
     81        /// @todo check certificate fingerprint against a strong hash,
     82        // otherwise there's a simple way for a man-in-the-middle attack
     83        rc = RTStrmWrite(CAFile, pszBuf, strlen(pszBuf));
     84        if (RT_SUCCESS(rc))
     85            rc = RTStrmWrite(CAFile, RTFILE_LINEFEED, strlen(RTFILE_LINEFEED));
     86    }
     87    if (pszBuf)
     88    {
     89        RTMemFree(pszBuf);
     90        pszBuf = NULL;
     91    }
     92
     93    // close certificate file
     94    if (CAFile)
     95    {
     96        RTStrmClose(CAFile);
     97        CAFile = NULL;
     98    }
     99
     100    if (RT_SUCCESS(rc))
     101        rc = RTHttpSetCAFile(hHttp, CAFILE_NAME);
    46102    if (RT_SUCCESS(rc))
    47103        rc = RTHttpGet(hHttp,
     
    50106    RTHttpDestroy(hHttp);
    51107
     108    if (RT_FAILURE(rc))
     109        cErrors++;
     110
    52111    RTPrintf("Error code: %Rrc\nGot: %s\n", rc, pszBuf);
    53112    RTMemFree(pszBuf);
    54113
     114//    RTFileDelete(CAFILE_NAME);
     115
    55116    return !!cErrors;
    56117}
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette