From fd3628ef45a8160f2434e0d8b747d31d65685340 Mon Sep 17 00:00:00 2001 From: Oz Linden Date: Fri, 14 Apr 2017 16:05:59 -0400 Subject: Change certificate store infrastructure to key off of the Subject Key Id rather than sha1 hash, since that is rarely used in modern certs. The previous form was storing trusted certs using an empty sha1 hash value as the key, which meant most certificates matched... not good. Modify the LLCertException to pass certificate information back as LLSD rather than an LLPointer, because when the exception is being thown from the certificate constructor that results in one of a couple of other exceptions (even refcounting won't save you when the problem is that the thing you're pointing to never finished coming into being properly). Update the certificates in the llsechandler_basic_test to modern conventions, and extend the classes to allow for an optional validation date so that the test can use a fixed date. Also make all the certificates include the plain text form for ease of reference. --- indra/newview/llsecapi.h | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) (limited to 'indra/newview/llsecapi.h') diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 6af5a28fa5..d207f3b5b7 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -334,24 +334,21 @@ std::ostream& operator <<(std::ostream& s, const LLCredential& cred); class LLCertException: public LLException { public: - LLCertException(LLPointer cert, const std::string& msg): - LLException(msg) + LLCertException(const LLSD& cert_data, const std::string& msg): LLException(msg), + mCertData(cert_data) { - - mCert = cert; - LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL; } virtual ~LLCertException() throw() {} - LLPointer getCert() const { return mCert; } + LLSD getCertData() const { return mCertData; } protected: - LLPointer mCert; + LLSD mCertData; }; class LLInvalidCertificate : public LLCertException { public: - LLInvalidCertificate(LLPointer cert) : LLCertException(cert, "CertInvalid") + LLInvalidCertificate(const LLSD& cert_data) : LLCertException(cert_data, "CertInvalid") { } virtual ~LLInvalidCertificate() throw() {} @@ -361,7 +358,7 @@ protected: class LLCertValidationTrustException : public LLCertException { public: - LLCertValidationTrustException(LLPointer cert) : LLCertException(cert, "CertUntrusted") + LLCertValidationTrustException(const LLSD& cert_data) : LLCertException(cert_data, "CertUntrusted") { } virtual ~LLCertValidationTrustException() throw() {} @@ -372,7 +369,7 @@ class LLCertValidationHostnameException : public LLCertException { public: LLCertValidationHostnameException(std::string hostname, - LLPointer cert) : LLCertException(cert, "CertInvalidHostname") + const LLSD& cert_data) : LLCertException(cert_data, "CertInvalidHostname") { mHostname = hostname; } @@ -385,8 +382,8 @@ protected: class LLCertValidationExpirationException : public LLCertException { public: - LLCertValidationExpirationException(LLPointer cert, - LLDate current_time) : LLCertException(cert, "CertExpired") + LLCertValidationExpirationException(const LLSD& cert_data, + LLDate current_time) : LLCertException(cert_data, "CertExpired") { mTime = current_time; } @@ -399,7 +396,7 @@ protected: class LLCertKeyUsageValidationException : public LLCertException { public: - LLCertKeyUsageValidationException(LLPointer cert) : LLCertException(cert, "CertKeyUsage") + LLCertKeyUsageValidationException(const LLSD& cert_data) : LLCertException(cert_data, "CertKeyUsage") { } virtual ~LLCertKeyUsageValidationException() throw() {} @@ -409,7 +406,7 @@ protected: class LLCertBasicConstraintsValidationException : public LLCertException { public: - LLCertBasicConstraintsValidationException(LLPointer cert) : LLCertException(cert, "CertBasicConstraints") + LLCertBasicConstraintsValidationException(const LLSD& cert_data) : LLCertException(cert_data, "CertBasicConstraints") { } virtual ~LLCertBasicConstraintsValidationException() throw() {} @@ -419,7 +416,7 @@ protected: class LLCertValidationInvalidSignatureException : public LLCertException { public: - LLCertValidationInvalidSignatureException(LLPointer cert) : LLCertException(cert, "CertInvalidSignature") + LLCertValidationInvalidSignatureException(const LLSD& cert_data) : LLCertException(cert_data, "CertInvalidSignature") { } virtual ~LLCertValidationInvalidSignatureException() throw() {} -- cgit v1.2.3