-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor pem #605
refactor pem #605
Changes from 11 commits
65131c0
3d5efe4
38c68f2
6c7f86e
a5465b6
63d58a3
21f4060
fb30c96
0a8af82
3a53cd0
86187b2
f287efe
844611e
095679c
6e626ab
a74eaab
8484bc2
85b96d1
899cc46
c1e677a
265cc7f
45f7ef0
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,7 @@ | ||
# IDE Artifacts | ||
.metadata | ||
.build | ||
.vscode | ||
.idea | ||
*.d | ||
Debug | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
#ifndef AWS_IO_PEM_H | ||
#define AWS_IO_PEM_H | ||
|
||
/** | ||
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* SPDX-License-Identifier: Apache-2.0. | ||
*/ | ||
#include <aws/io/io.h> | ||
|
||
AWS_EXTERN_C_BEGIN | ||
|
||
enum aws_pem_object_type { | ||
AWS_PEM_TYPE_UNKNOWN = 0, | ||
AWS_PEM_TYPE_X509_OLD, | ||
AWS_PEM_TYPE_X509, | ||
graebm marked this conversation as resolved.
Show resolved
Hide resolved
|
||
AWS_PEM_TYPE_X509_TRUSTED, | ||
AWS_PEM_TYPE_X509_REQ_OLD, | ||
AWS_PEM_TYPE_X509_REQ, | ||
AWS_PEM_TYPE_X509_CRL, | ||
AWS_PEM_TYPE_EVP_PKEY, | ||
AWS_PEM_TYPE_PUBLIC_PKCS8, | ||
AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, | ||
AWS_PEM_TYPE_PUBLIC_RSA_PKCS1, | ||
AWS_PEM_TYPE_PRIVATE_DSA_PKCS1, | ||
AWS_PEM_TYPE_PUBLIC_DSA_PKCS1, | ||
AWS_PEM_TYPE_PKCS7, | ||
AWS_PEM_TYPE_PKCS7_SIGNED_DATA, | ||
AWS_PEM_TYPE_PRIVATE_PKCS8_ENCRYPTED, | ||
AWS_PEM_TYPE_PRIVATE_PKCS8, | ||
AWS_PEM_TYPE_DH_PARAMETERS, | ||
AWS_PEM_TYPE_DH_PARAMETERS_X942, | ||
AWS_PEM_TYPE_SSL_SESSION_PARAMETERS, | ||
AWS_PEM_TYPE_DSA_PARAMETERS, | ||
AWS_PEM_TYPE_ECDSA_PUBLIC, | ||
AWS_PEM_TYPE_EC_PARAMETERS, | ||
AWS_PEM_TYPE_EC_PRIVATE, | ||
AWS_PEM_TYPE_PARAMETERS, | ||
AWS_PEM_TYPE_CMS, | ||
AWS_PEM_TYPE_SM2_PARAMETERS | ||
}; | ||
|
||
/* | ||
* Describes PEM object decoded from file. | ||
* data points to raw data bytes of object (decoding will do additional base 64 | ||
* decoding for each object). | ||
* type will be set to object type or to AWS_PEM_TYPE_UNKNOWN if it could not | ||
* figure out type. | ||
* type_buf are the types bytes, i.e. the string between -----BEGIN and ----- | ||
*/ | ||
struct aws_pem_object { | ||
graebm marked this conversation as resolved.
Show resolved
Hide resolved
|
||
enum aws_pem_object_type type; | ||
struct aws_byte_buf type_buf; | ||
DmitriyMusatkin marked this conversation as resolved.
Show resolved
Hide resolved
|
||
struct aws_byte_buf data; | ||
}; | ||
|
||
/** | ||
* Cleans up and securely zeroes out the outputs of 'aws_decode_pem_to_object_list()' | ||
* and 'aws_read_and_decode_pem_file_to_object_list()' | ||
*/ | ||
AWS_IO_API void aws_pem_objects_clean_up(struct aws_array_list *pem_objects); | ||
DmitriyMusatkin marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
/** | ||
* Decodes PEM data and reads objects sequentially adding them to pem_objects. | ||
* If it comes across an object it cannot read, list of all object read until | ||
* that point is returned. | ||
* If no objects can be read PEM or objects could not be base 64 decoded, | ||
* AWS_ERROR_PEM_MALFORMED_OBJECT is raised. | ||
* out_pem_objects stores aws_pem_object struct by value. | ||
* Caller must initialize out_pem_objects before calling the function. | ||
* This code is slow, and it allocates, so please try | ||
* not to call this in the middle of something that needs to be fast or resource sensitive. | ||
*/ | ||
AWS_IO_API int aws_decode_pem_to_object_list( | ||
struct aws_allocator *alloc, | ||
struct aws_byte_cursor pem_cursor, | ||
struct aws_array_list *out_pem_objects); | ||
|
||
/** | ||
* Decodes PEM data from file and reads objects sequentially adding them to pem_objects. | ||
* If it comes across an object it cannot read, list of all object read until | ||
* that point is returned. | ||
* If no objects can be read PEM or objects could not be base 64 decoded, | ||
* AWS_ERROR_PEM_MALFORMED_OBJECT is raised. | ||
* out_pem_objects stores aws_pem_object struct by value. | ||
* Caller must initialize out_pem_objects before calling the function. | ||
* This code is slow, and it allocates, so please try | ||
* not to call this in the middle of something that needs to be fast or resource sensitive. | ||
*/ | ||
AWS_IO_API int aws_read_and_decode_pem_file_to_object_list( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. debatable: would it be simpler if these functions were alternate array-list initializers? I can't imagine this function ever being used without the user needing to initialize the list first. Like:
Or call it "pem_objects" instead of "array_list" (I like this idea best)?
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Current names were mostly based on existing names for internal function with a modification to refer to elements as pem objects instead of cert_or_key. I think original code wanted array to be initialized outside of the call because the caller might have better context on how many elements are there in the pem file. But in practice the answer to that is either probably just one or probably many, so initializing outside was not super helpful. Moved array init inside of the function. |
||
struct aws_allocator *allocator, | ||
const char *filename, | ||
struct aws_array_list *out_pem_objects); | ||
|
||
AWS_EXTERN_C_END | ||
#endif /* AWS_IO_PEM_H */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you expect other systems to use a different error if the objects themselves are all valid, but the "document" itself is malformed due to missing required objects?
If we fear people will re-use this error-code for bad documents, give it a more generic name like
AWS_ERROR_PEM_MALFORMED
. But if you want distinct error-codes to be created for malformed documents of a specific type, then this is goodThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let me just make it generic AWS_ERROR_PEM_MALFORMED. i dont think its worth distinguishing that its individual objects that are malformed