diff options
Diffstat (limited to 'verifier.cpp')
-rw-r--r-- | verifier.cpp | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/verifier.cpp b/verifier.cpp index 1dc52a0ef..2101dcb41 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -34,6 +34,7 @@ #include <openssl/obj_mac.h> #include <openssl/pem.h> #include <openssl/rsa.h> +#include <ziparchive/zip_archive.h> #include "asn1_decoder.h" #include "otautil/print_sha1.h" @@ -445,6 +446,60 @@ std::unique_ptr<EC_KEY, ECKEYDeleter> parse_ec_key(FILE* file) { return key; } +static std::vector<Certificate> IterateZipEntriesAndSearchForKeys(const ZipArchiveHandle& handle) { + void* cookie; + ZipString suffix("x509.pem"); + int32_t iter_status = StartIteration(handle, &cookie, nullptr, &suffix); + if (iter_status != 0) { + LOG(ERROR) << "Failed to iterate over entries in the certificate zipfile: " + << ErrorCodeString(iter_status); + return {}; + } + + std::vector<Certificate> result; + + ZipString name; + ZipEntry entry; + while ((iter_status = Next(cookie, &entry, &name)) == 0) { + std::vector<uint8_t> pem_content(entry.uncompressed_length); + if (int32_t extract_status = + ExtractToMemory(handle, &entry, pem_content.data(), pem_content.size()); + extract_status != 0) { + LOG(ERROR) << "Failed to extract " << std::string(name.name, name.name + name.name_length); + return {}; + } + + Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr); + // Aborts the parsing if we fail to load one of the key file. + if (!LoadCertificateFromBuffer(pem_content, &cert)) { + LOG(ERROR) << "Failed to load keys from " + << std::string(name.name, name.name + name.name_length); + return {}; + } + + result.emplace_back(std::move(cert)); + } + + if (iter_status != -1) { + LOG(ERROR) << "Error while iterating over zip entries: " << ErrorCodeString(iter_status); + return {}; + } + + return result; +} + +std::vector<Certificate> LoadKeysFromZipfile(const std::string& zip_name) { + ZipArchiveHandle handle; + if (int32_t open_status = OpenArchive(zip_name.c_str(), &handle); open_status != 0) { + LOG(ERROR) << "Failed to open " << zip_name << ": " << ErrorCodeString(open_status); + return {}; + } + + std::vector<Certificate> result = IterateZipEntriesAndSearchForKeys(handle); + CloseArchive(handle); + return result; +} + bool LoadCertificateFromBuffer(const std::vector<uint8_t>& pem_content, Certificate* cert) { std::unique_ptr<BIO, decltype(&BIO_free)> content( BIO_new_mem_buf(pem_content.data(), pem_content.size()), BIO_free); |