#include <openssl/pem.h>
#include <openssl/x509v3.h>
-#include <dpl/log/wrt_log.h>
+#include <dpl/log/log.h>
#include <dpl/assert.h>
#include <dpl/db/orm.h>
#include <dpl/foreach.h>
{
CRL::StringList result = argCert->getCrlUris();
- if (!result.empty()) {
+ if (!result.empty())
return result;
- }
- WrtLogI("No distribution points found. Getting from CA cert.");
+
+ LogInfo("No distribution points found. Getting from CA cert.");
X509_STORE_CTX *ctx = createContext(argCert);
X509_OBJECT obj;
&obj);
X509_STORE_CTX_free(ctx);
if (0 >= retVal) {
- WrtLogE("No dedicated CA certificate available");
+ LogError("No dedicated CA certificate available");
return result;
}
CertificatePtr caCert(new Certificate(obj.data.x509));
{
Assert(m_crlCache != NULL);
- WrtLogI("CRL storage initialization.");
+ LogInfo("CRL storage initialization.");
m_store = X509_STORE_new();
if (!m_store)
VcoreThrowMsg(CRLException::StorageError,
VcoreThrowMsg(CRLException::StorageError,
"Failed to add lookup dir for PEM files");
}
- WrtLogI("CRL storage initialization complete.");
+ LogInfo("CRL storage initialization complete.");
}
CRLImpl::~CRLImpl()
void CRLImpl::cleanup()
{
- WrtLogI("Free CRL storage");
+ LogInfo("Free CRL storage");
// STORE is responsible for LOOKUP release
// X509_LOOKUP_free(m_lookup);
X509_STORE_free(m_store);
FOREACH(it, crlUris) {
CRLDataPtr crl = getCRL(*it);
if (!crl) {
- WrtLogD("CRL not found for URI: %s", (*it).c_str());
+ LogDebug("CRL not found for URI: " << *it);
continue;
}
X509_CRL *crlInternal = convertToInternal(crl);
// If nextUpdate is not set assume it is actual.
retStatus.isCRLValid = true;
}
- WrtLogI("CRL valid: %d", retStatus.isCRLValid);
+ LogInfo("CRL valid: " << retStatus.isCRLValid);
X509_REVOKED rev;
rev.serialNumber = X509_get_serialNumber(argCert->getX509());
// sk_X509_REVOKED_find returns index if serial number is found on list
retVal = sk_X509_REVOKED_find(crlInternal->crl->revoked, &rev);
X509_CRL_free(crlInternal);
retStatus.isRevoked = retVal != -1;
- WrtLogI("CRL revoked: %d", retStatus.isRevoked);
+ LogInfo("CRL revoked: " << retStatus.isRevoked);
if (!retStatus.isRevoked && isOutOfDate(crl)) {
- WrtLogD("Certificate is not Revoked, but CRL is outOfDate.");
+ LogDebug("Certificate is not Revoked, but CRL is outOfDate.");
continue;
}
const CertificateList &certList = certChain.getChain();
FOREACH(it, certList) {
if (!(*it)->isRootCert()) {
- WrtLogI("Certificate common name: %s", (*it)->getCommonName().c_str());
+ LogInfo("Certificate common name: " << (*it)->getCommonName());
CRL::RevocationStatus certResult = checkCertificate(*it);
ret.isCRLValid &= certResult.isCRLValid;
ret.isRevoked |= certResult.isRevoked;
VerificationStatus CRLImpl::checkEndEntity(CertificateCollection &chain)
{
if (!chain.sort() && !chain.empty()) {
- WrtLogI("Could not find End Entity certificate. "
+ LogInfo("Could not find End Entity certificate. "
"Collection does not form chain.");
return VERIFICATION_STATUS_ERROR;
}
bool CRLImpl::updateList(const CertificatePtr &argCert,
const CRL::UpdatePolicy updatePolicy)
{
- WrtLogI("Update CRL for certificate");
+ LogInfo("Update CRL for certificate");
// Retrieve distribution points
CRL::StringList crlUris = getCrlUris(argCert);
FOREACH(it, crlUris) {
// Try to get CRL from database
- WrtLogI("Getting CRL for URI: %s", (*it).c_str());
+ LogInfo("Getting CRL for URI: " << *it);
bool downloaded = false;
}
if (!!crl && isOutOfDate(crl)) {
- WrtLogD("Crl out of date - downloading.");
+ LogDebug("Crl out of date - downloading.");
crl = downloadCRL(*it);
downloaded = true;
}
if (!crl) {
- WrtLogD("Crl not found in cache - downloading.");
+ LogDebug("Crl not found in cache - downloading.");
crl = downloadCRL(*it);
downloaded = true;
}
if (!crl) {
- WrtLogD("Failed to obtain CRL. URL: %s", (*it).c_str());
+ LogDebug("Failed to obtain CRL. URL: " << *it);
continue;
}
if (!!crl && isOutOfDate(crl)) {
- WrtLogE("CRL out of date. Broken URL: %s", (*it).c_str());
+ LogError("CRL out of date. Broken URL: " << *it);
}
// Make X509 internal structure
//Check if CRL is signed
if (!verifyCRL(crlInternal, argCert)) {
- WrtLogE("Failed to verify CRL. URI: %s", (crl->uri).c_str());
+ LogError("Failed to verify CRL. URI: " << (crl->uri).c_str());
X509_CRL_free(crlInternal);
return false;
}
X509_CRL_get_issuer(crl), &obj);
X509_STORE_CTX_free(ctx);
if (0 >= retVal) {
- WrtLogE("Unknown CRL issuer certificate!");
+ LogError("Unknown CRL issuer certificate!");
return false;
}
EVP_PKEY *pkey = X509_get_pubkey(obj.data.x509);
X509_OBJECT_free_contents(&obj);
if (!pkey) {
- WrtLogE("Failed to get issuer's public key.");
+ LogError("Failed to get issuer's public key.");
return false;
}
retVal = X509_CRL_verify(crl, pkey);
EVP_PKEY_free(pkey);
if (0 > retVal) {
- WrtLogE("Failed to verify CRL.");
+ LogError("Failed to verify CRL.");
return false;
} else if (0 == retVal) {
- WrtLogE("CRL is invalid");
+ LogError("CRL is invalid");
return false;
}
- WrtLogI("CRL is valid.");
+ LogInfo("CRL is valid.");
return true;
}
const char *pattern = "-----BEGIN X509 CRL-----";
std::string content(crl->buffer, crl->length);
if (content.find(pattern) != std::string::npos) {
- WrtLogI("CRL is in PEM format.");
+ LogInfo("CRL is in PEM format.");
return true;
}
- WrtLogI("CRL is in DER format.");
+ LogInfo("CRL is in DER format.");
return false;
}
&cpath,
&use_ssl))
{
- WrtLogW("Error in OCSP_parse_url");
+ LogWarning("Error in OCSP_parse_url");
return CRLDataPtr();
}
message.setHeader("Host", host);
if (SoupMessageSendSync::REQUEST_STATUS_OK != message.sendSync()) {
- WrtLogW("Error in sending network request.");
+ LogWarning("Error in sending network request.");
return CRLDataPtr();
}
CRLCachedData cachedCrl;
cachedCrl.distribution_point = uri;
if (!(m_crlCache->getCRLResponse(&cachedCrl))) {
- WrtLogI("CRL not present in database. URI: %s", uri.c_str());
+ LogInfo("CRL not present in database. URI: " << uri);
return CRLDataPtr();
}
std::string body = cachedCrl.crl_body;
- WrtLogI("CRL found in database.");
+ LogInfo("CRL found in database.");
//TODO: remove when ORM::blob available
//Encode buffer to base64 format to store in database
projects / platform / core / security / cert-svc.git / blobdiff