From 1a9d19d95527d717b89d4ebf45af81824fcbdf44 Mon Sep 17 00:00:00 2001 From: Roxanne Skelly Date: Fri, 3 Jul 2009 01:05:27 +0000 Subject: Initial secapi merge svn merge -c112450 svn+ssh://svn.lindenlab.com/svn/linden/branches/giab-viewer/giab-viewer-1 giab-viewer-1-23 svn merge -c112913 svn+ssh://svn.lindenlab.com/svn/linden/branches/giab-viewer/giab-viewer-1 giab-viewer-1-23 --- indra/newview/llsechandler_basic.h | 116 +++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 indra/newview/llsechandler_basic.h (limited to 'indra/newview/llsechandler_basic.h') diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h new file mode 100644 index 0000000000..0ec6938583 --- /dev/null +++ b/indra/newview/llsechandler_basic.h @@ -0,0 +1,116 @@ +/** + * @file llsechandler_basic.h + * @brief Security API for services such as certificate handling + * secure local storage, etc. + * + * $LicenseInfo:firstyear=2009&license=viewergpl$ + * + * Copyright (c) 2009, Linden Research, Inc. + * + * Second Life Viewer Source Code + * The source code in this file ("Source Code") is provided by Linden Lab + * to you under the terms of the GNU General Public License, version 2.0 + * ("GPL"), unless you have obtained a separate licensing agreement + * ("Other License"), formally executed by you and Linden Lab. Terms of + * the GPL can be found in doc/GPL-license.txt in this distribution, or + * online at http://secondlife.com/developers/opensource/gplv2 + * + * There are special exceptions to the terms and conditions of the GPL as + * it is applied to this Source Code. View the full text of the exception + * in the file doc/FLOSS-exception.txt in this software distribution, or + * online at http://secondlife.com/developers/opensource/flossexception + * + * By copying, modifying or distributing this software, you acknowledge + * that you have read and understood your obligations described above, + * and agree to abide by those obligations. + * + * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO + * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, + * COMPLETENESS OR PERFORMANCE. + * $/LicenseInfo$ + */ + +#ifndef LLSECHANDLER_BASIC +#define LLSECHANDLER_BASIC + +#include "llsecapi.h" +#include +#include + +// helpers +extern LLSD cert_name_from_X509_NAME(X509_NAME* name); +extern std::string cert_string_name_from_X509_NAME(X509_NAME* name); +extern std::string cert_string_from_asn1_integer(ASN1_INTEGER* value); +extern LLDate cert_date_from_asn1_time(ASN1_TIME* asn1_time); +extern std::string cert_get_digest(const std::string& digest_type, X509 *cert); + + +// class LLCertificate +// +class LLBasicCertificate : public LLCertificate +{ +public: + LOG_CLASS(LLBasicCertificate); + + LLBasicCertificate(const std::string& pem_cert); + LLBasicCertificate(X509* openSSLX509); + + virtual ~LLBasicCertificate(); + + virtual std::string getPem(); + virtual std::vector getBinary(); + virtual LLSD getLLSD(); + + virtual X509* getOpenSSLX509(); +protected: + // certificates are stored as X509 objects, as validation and + // other functionality is via openssl + X509* mCert; +}; + +// LLSecAPIBasicHandler Class +// Interface handler class for the various security storage handlers. +class LLSecAPIBasicHandler : public LLSecAPIHandler +{ +public: + + LLSecAPIBasicHandler(const std::string& protected_data_filename); + LLSecAPIBasicHandler(); + + virtual ~LLSecAPIBasicHandler(); + + // instantiate a certificate from a pem string + virtual LLPointer getCertificate(const std::string& pem_cert); + + + // instiate a certificate from an openssl X509 structure + virtual LLPointer getCertificate(X509* openssl_cert); + + // instantiate a chain from an X509_STORE_CTX + virtual LLPointer getCertificateChain(const X509_STORE_CTX* chain); + + // instantiate a cert store given it's id. if a persisted version + // exists, it'll be loaded. If not, one will be created (but not + // persisted) + virtual LLPointer getCertificateStore(const std::string& store_id); + + // persist data in a protected store + virtual void setProtectedData(const std::string& data_type, + const std::string& data_id, + const LLSD& data); + + // retrieve protected data + virtual LLSD getProtectedData(const std::string& data_type, + const std::string& data_id); +protected: + void _readProtectedData(); + void _writeProtectedData(); + + std::string mProtectedDataFilename; + LLSD mProtectedDataMap; +}; + +#endif // LLSECHANDLER_BASIC + + + -- cgit v1.2.3 From fe71dd340ab396b93bde45df438041af5d85fd47 Mon Sep 17 00:00:00 2001 From: Roxie Linden Date: Mon, 1 Feb 2010 15:10:19 -0800 Subject: Merge giab-viewer-trunk 2497, general merge of more secapi stuff as well as certificate handling stuff. Grid manager as well --- indra/newview/llsechandler_basic.h | 80 +++++++++++++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 2 deletions(-) (limited to 'indra/newview/llsechandler_basic.h') diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index 0ec6938583..5d81b6e190 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -68,13 +68,69 @@ protected: X509* mCert; }; +// class LLCertificateStore +// represents a store of certificates, typically a store of root CA +// certificates. The store can be persisted, and can be used to validate +// a cert chain +// +class LLBasicCertificateStore : public LLCertificateStore +{ +public: + LLBasicCertificateStore(const std::string& filename); + LLBasicCertificateStore(const X509_STORE* store); + virtual ~LLBasicCertificateStore(); + + virtual X509_STORE* getOpenSSLX509Store(); // return an openssl X509_STORE + // for this store + + // add a copy of a cert to the store + virtual void append(const LLCertificate& cert); + + // add a copy of a cert to the store + virtual void insert(const int index, const LLCertificate& cert); + + // remove a certificate from the store + virtual void remove(int index); + + // return a certificate at the index + virtual LLPointer operator[](int index); + // return the number of certs in the store + virtual int len() const; + + // load the store from a persisted location + virtual void load(const std::string& store_id); + + // persist the store + virtual void save(); + + // return the store id + virtual std::string storeId(); + + // validate a cert chain + virtual bool validate(const LLCertificateChain& cert_chain) const; +}; + +// LLSecAPIBasicCredential class +class LLSecAPIBasicCredential : public LLCredential +{ +public: + LLSecAPIBasicCredential(const std::string& grid) : LLCredential(grid) {} + virtual ~LLSecAPIBasicCredential() {} + // return a value representing the user id, (could be guid, name, whatever) + virtual std::string userID() const; + + // printible string identifying the credential. + virtual std::string asString() const; +}; + // LLSecAPIBasicHandler Class // Interface handler class for the various security storage handlers. class LLSecAPIBasicHandler : public LLSecAPIHandler { public: - LLSecAPIBasicHandler(const std::string& protected_data_filename); + LLSecAPIBasicHandler(const std::string& protected_data_filename, + const std::string& legacy_password_path); LLSecAPIBasicHandler(); virtual ~LLSecAPIBasicHandler(); @@ -102,12 +158,32 @@ public: // retrieve protected data virtual LLSD getProtectedData(const std::string& data_type, const std::string& data_id); + + // delete a protected data item from the store + virtual void deleteProtectedData(const std::string& data_type, + const std::string& data_id); + + // credential management routines + + virtual LLPointer createCredential(const std::string& grid, + const LLSD& identifier, + const LLSD& authenticator); + + virtual LLPointer loadCredential(const std::string& grid); + + virtual void saveCredential(LLPointer cred, bool save_authenticator); + + virtual void deleteCredential(LLPointer cred); + protected: void _readProtectedData(); void _writeProtectedData(); - + std::string _legacyLoadPassword(); + std::string mProtectedDataFilename; LLSD mProtectedDataMap; + + std::string mLegacyPasswordPath; }; #endif // LLSECHANDLER_BASIC -- cgit v1.2.3 From 9e89819d55a3b6ee7fc56f3efb36f273e4e05c83 Mon Sep 17 00:00:00 2001 From: Roxanne Skelly Date: Wed, 8 Jul 2009 00:45:17 +0000 Subject: DEV-34822 - merge with 1.23 certificate notification code -r 118191 ignore-dead-branch --- indra/newview/llsechandler_basic.h | 149 +++++++++++++++++++++++++++++-------- 1 file changed, 120 insertions(+), 29 deletions(-) (limited to 'indra/newview/llsechandler_basic.h') diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index 5d81b6e190..e041322260 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -57,59 +57,147 @@ public: virtual ~LLBasicCertificate(); - virtual std::string getPem(); - virtual std::vector getBinary(); - virtual LLSD getLLSD(); + virtual std::string getPem() const; + virtual std::vector getBinary() const; + virtual LLSD getLLSD() const; - virtual X509* getOpenSSLX509(); + virtual X509* getOpenSSLX509() const; + + // set llsd elements for testing + void setLLSD(const std::string name, const LLSD& value) { mLLSDInfo[name] = value; } protected: + // certificates are stored as X509 objects, as validation and // other functionality is via openssl X509* mCert; + + LLSD& _initLLSD(); + LLSD mLLSDInfo; }; -// class LLCertificateStore -// represents a store of certificates, typically a store of root CA -// certificates. The store can be persisted, and can be used to validate -// a cert chain -// -class LLBasicCertificateStore : public LLCertificateStore + +// class LLBasicCertificateVector +// Class representing a list of certificates +// This implementation uses a stl vector of certificates. +class LLBasicCertificateVector : virtual public LLCertificateVector { + public: - LLBasicCertificateStore(const std::string& filename); - LLBasicCertificateStore(const X509_STORE* store); - virtual ~LLBasicCertificateStore(); + LLBasicCertificateVector() {} - virtual X509_STORE* getOpenSSLX509Store(); // return an openssl X509_STORE - // for this store + virtual ~LLBasicCertificateVector() {} - // add a copy of a cert to the store - virtual void append(const LLCertificate& cert); + // Implementation of the basic iterator implementation. + // The implementation uses a vector iterator derived from + // the vector in the LLBasicCertificateVector class + class BasicIteratorImpl : public iterator_impl + { + public: + BasicIteratorImpl(std::vector >::iterator _iter) { mIter = _iter;} + virtual ~BasicIteratorImpl() {}; + // seek forward or back. Used by the operator++/operator-- implementations + virtual void seek(bool incr) + { + if(incr) + { + mIter++; + } + else + { + mIter--; + } + } + // create a copy of the iterator implementation class, used by the iterator copy constructor + virtual LLPointer clone() const + { + return new BasicIteratorImpl(mIter); + } + + virtual bool equals(const LLPointer& _iter) const + { + const BasicIteratorImpl *rhs_iter = dynamic_cast(_iter.get()); + return (mIter == rhs_iter->mIter); + } + virtual LLPointer get() + { + return *mIter; + } + protected: + friend class LLBasicCertificateVector; + std::vector >::iterator mIter; + }; - // add a copy of a cert to the store - virtual void insert(const int index, const LLCertificate& cert); + // numeric index of the vector + virtual LLPointer operator[](int _index) { return mCerts[_index];} - // remove a certificate from the store - virtual void remove(int index); + // Iteration + virtual iterator begin() { return iterator(new BasicIteratorImpl(mCerts.begin())); } + + virtual iterator end() { return iterator(new BasicIteratorImpl(mCerts.end())); } + + // find a cert given params + virtual iterator find(const LLSD& params); - // return a certificate at the index - virtual LLPointer operator[](int index); // return the number of certs in the store - virtual int len() const; + virtual int size() const { return mCerts.size(); } + + // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first + virtual void add(LLPointer cert) { insert(end(), cert); } - // load the store from a persisted location - virtual void load(const std::string& store_id); + // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first + virtual void insert(iterator _iter, LLPointer cert); + + // remove a certificate from the store + virtual LLPointer erase(iterator _iter); + +protected: + std::vector >mCerts; +}; + +// class LLCertificateStore +// represents a store of certificates, typically a store of root CA +// certificates. The store can be persisted, and can be used to validate +// a cert chain +// +class LLBasicCertificateStore : virtual public LLBasicCertificateVector, public LLCertificateStore +{ +public: + LLBasicCertificateStore(const std::string& filename); + void load_from_file(const std::string& filename); + + virtual ~LLBasicCertificateStore(); // persist the store virtual void save(); // return the store id - virtual std::string storeId(); + virtual std::string storeId() const; - // validate a cert chain - virtual bool validate(const LLCertificateChain& cert_chain) const; +protected: + std::vector >mCerts; + std::string mFilename; }; +// class LLCertificateChain +// Class representing a chain of certificates in order, with the +// first element being the child cert. +class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public LLCertificateChain +{ + +public: + LLBasicCertificateChain(const X509_STORE_CTX * store); + + virtual ~LLBasicCertificateChain() {} + + // validate a certificate chain against a certificate store, using the + // given validation policy. + virtual void validate(int validation_policy, + LLPointer ca_store, + const LLSD& validation_params); +}; + + + // LLSecAPIBasicCredential class class LLSecAPIBasicCredential : public LLCredential { @@ -182,10 +270,13 @@ protected: std::string mProtectedDataFilename; LLSD mProtectedDataMap; + LLPointer mStore; std::string mLegacyPasswordPath; }; +bool valueCompareLLSD(const LLSD& lhs, const LLSD& rhs); + #endif // LLSECHANDLER_BASIC -- cgit v1.2.3 From 73e86b0bed548b2aaba8d92837e562d6d753808a Mon Sep 17 00:00:00 2001 From: Karen Lahey Date: Thu, 15 Oct 2009 16:52:03 -0700 Subject: MAC Address Change no longer causes viewer to die cr:Roxie --- indra/newview/llsechandler_basic.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'indra/newview/llsechandler_basic.h') diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index e041322260..4bbb73f062 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -221,6 +221,8 @@ public: const std::string& legacy_password_path); LLSecAPIBasicHandler(); + void init(); + virtual ~LLSecAPIBasicHandler(); // instantiate a certificate from a pem string -- cgit v1.2.3