1
0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-03-12 04:36:29 -07:00

More certificate plumbing.

This commit is contained in:
Adam Ierymenko 2020-07-28 14:38:41 -07:00
parent 95d7970f34
commit becc4aa8ea
No known key found for this signature in database
GPG Key ID: C8877CF2D7A5D7F3
7 changed files with 129 additions and 5 deletions

@ -8,7 +8,7 @@ import (
func main() {
runtime.GOMAXPROCS(1)
debug.SetGCPercent(15)
debug.SetGCPercent(10)
if !TestCertificate() {
os.Exit(1)

@ -413,6 +413,7 @@ ZT_PeerList *Node::peers() const
Utils::zero(buf, bufSize);
ZT_PeerList *pl = reinterpret_cast<ZT_PeerList *>(buf);
buf += sizeof(ZT_PeerList);
pl->freeFunction = reinterpret_cast<void (*)(const void *)>(free);
pl->peers = reinterpret_cast<ZT_Peer *>(buf);
buf += sizeof(ZT_Peer) * peers.size();
ZT_Path *peerPath = reinterpret_cast<ZT_Path *>(buf);
@ -496,6 +497,7 @@ ZT_VirtualNetworkList *Node::networks() const
if (!buf)
return nullptr;
ZT_VirtualNetworkList *nl = (ZT_VirtualNetworkList *)buf; // NOLINT(modernize-use-auto,hicpp-use-auto)
nl->freeFunction = reinterpret_cast<void (*)(const void *)>(free);
nl->networks = (ZT_VirtualNetworkConfig *)(buf + sizeof(ZT_VirtualNetworkList));
nl->networkCount = 0;
@ -584,6 +586,39 @@ ZT_CertificateError Node::addCertificate(
return RR->topology->addCertificate(tptr, c, now, localTrust, true, true, true);
}
struct p_certificateListInternal
{
Vector< SharedPtr< const Certificate > > c;
Vector< unsigned int > t;
};
static void p_freeCertificateList(const void *cl)
{
if (cl) {
reinterpret_cast<const p_certificateListInternal *>(reinterpret_cast<const uint8_t *>(cl) + sizeof(ZT_CertificateList))->~p_certificateListInternal();
free(const_cast<void *>(cl));
}
}
ZT_CertificateList *Node::listCertificates()
{
ZT_CertificateList *const cl = (ZT_CertificateList *)malloc(sizeof(ZT_CertificateList) + sizeof(p_certificateListInternal));
if (!cl)
return nullptr;
p_certificateListInternal *const clint = reinterpret_cast<p_certificateListInternal *>(reinterpret_cast<uint8_t *>(cl) + sizeof(ZT_CertificateList));
new (clint) p_certificateListInternal;
RR->topology->allCerts(clint->c, clint->t);
cl->freeFunction = p_freeCertificateList;
static_assert(sizeof(SharedPtr< const Certificate >) == sizeof(void *), "SharedPtr<> is not just a wrapped pointer");
cl->certs = reinterpret_cast<const ZT_Certificate **>(clint->c.data());
cl->localTrust = clint->t.data();
cl->certCount = (unsigned long)clint->c.size();
return cl;
}
int Node::sendUserMessage(
void *tptr,
uint64_t dest,
@ -840,10 +875,15 @@ void ZT_freeBuffer(void *b)
delete _ZT_PTRTOBUF(b);
}
void ZT_freeQueryResult(void *qr)
struct p_queryResultBase
{
if (qr)
free(qr);
void (*freeFunction)(const void *);
};
void ZT_freeQueryResult(const void *qr)
{
if ((qr) && (reinterpret_cast<const p_queryResultBase *>(qr)->freeFunction))
reinterpret_cast<const p_queryResultBase *>(qr)->freeFunction(qr);
}
enum ZT_ResultCode ZT_Node_new(ZT_Node **node, void *uptr, void *tptr, const struct ZT_Node_Callbacks *callbacks, int64_t now)
@ -1066,6 +1106,15 @@ enum ZT_CertificateError ZT_Node_addCertificate(
}
}
ZT_SDK_API ZT_CertificateList *ZT_Node_listCertificates(ZT_Node *node)
{
try {
return reinterpret_cast<ZeroTier::Node *>(node)->listCertificates();
} catch (...) {
return nullptr;
}
}
void ZT_Node_setNetworkUserPtr(ZT_Node *node, uint64_t nwid, void *ptr)
{
try {

@ -147,6 +147,8 @@ public:
const void *certData,
unsigned int certSize);
ZT_CertificateList *listCertificates();
int sendUserMessage(
void *tptr,
uint64_t dest,

@ -242,6 +242,18 @@ ZT_CertificateError Topology::addCertificate(void *tPtr, const Certificate &cert
return ZT_CERTIFICATE_ERROR_NONE;
}
void Topology::allCerts(Vector< SharedPtr<const Certificate> > &c,Vector< unsigned int > &t) const noexcept
{
Mutex::Lock l(m_certs_l);
const unsigned long cs = (unsigned long)m_certs.size();
c.reserve(cs);
t.reserve(cs);
for(Map< SHA384Hash, p_CertEntry >::const_iterator i(m_certs.begin());i!=m_certs.end();++i) {
c.push_back(i->second.certificate);
t.push_back(i->second.localTrust);
}
}
struct p_RootRankingComparisonOperator
{
ZT_INLINE bool operator()(const SharedPtr< Peer > &a, const SharedPtr< Peer > &b) const noexcept

@ -142,6 +142,14 @@ public:
*/
ZT_CertificateError addCertificate(void *tPtr, const Certificate &cert, const int64_t now, unsigned int localTrust, bool writeToLocalStore, bool refreshRootSets = true, bool verify = true);
/**
* Fill vectors with all certificates and their corresponding local trust flags
*
* @param c Certificate vector
* @param t Local trust vector
*/
void allCerts(Vector< SharedPtr<const Certificate> > &c,Vector< unsigned int > &t) const noexcept;
private:
void m_rankRoots(int64_t now);
void m_eraseCertificate(void *tPtr, const SharedPtr< const Certificate > &cert, const SHA384Hash *uniqueIdHash);

@ -618,6 +618,32 @@ typedef struct
unsigned int signatureSize;
} ZT_Certificate;
/**
* A list of certificates
*/
typedef struct
{
/**
* Function that is called to free this list (called by ZT_freeQueryResult)
*/
void (*freeFunction)(const void *);
/**
* Array of pointers to certificates
*/
const ZT_Certificate *const *certs;
/**
* Array of local trust flags for each certificate
*/
const unsigned int *localTrust;
/**
* Number of certificates
*/
unsigned long certCount;
} ZT_CertificateList;
/**
* Credential type IDs
*/
@ -1429,6 +1455,7 @@ typedef struct
*/
typedef struct
{
void (*freeFunction)(const void *);
ZT_VirtualNetworkConfig *networks;
unsigned long networkCount;
} ZT_VirtualNetworkList;
@ -1616,6 +1643,7 @@ typedef struct
*/
typedef struct
{
void (*freeFunction)(const void *);
ZT_Peer *peers;
unsigned long peerCount;
} ZT_PeerList;
@ -2003,7 +2031,7 @@ ZT_SDK_API void ZT_freeBuffer(void *b);
*
* @param qr Query result buffer
*/
ZT_SDK_API void ZT_freeQueryResult(void *qr);
ZT_SDK_API void ZT_freeQueryResult(const void *qr);
/* ---------------------------------------------------------------------------------------------------------------- */
@ -2392,6 +2420,14 @@ ZT_SDK_API enum ZT_CertificateError ZT_Node_addCertificate(
const void *certData,
unsigned int certSize);
/**
* List certificates installed in this node's trust store
*
* @param node Node instance
* @return List of certificates or NULL on error
*/
ZT_SDK_API ZT_CertificateList *ZT_Node_listCertificates(ZT_Node *node);
/**
* Send a VERB_USER_MESSAGE to another ZeroTier node
*

@ -541,6 +541,23 @@ func (n *Node) TryPeer(fpOrAddress interface{}, ep *Endpoint, retries int) bool
return C.ZT_Node_tryPeer(n.zn, nil, fp.cFingerprint(), &ep.cep, C.int(retries)) != 0
}
// ListCertificates lists certificates and their corresponding local trust flags.
func (n *Node) ListCertificates() (certs []*Certificate, localTrust []uint, err error) {
cl := C.ZT_Node_listCertificates(n.zn)
if cl != nil {
for i := uintptr(0); i < uintptr(cl.certCount); i++ {
c := newCertificateFromCCertificate(unsafe.Pointer(uintptr(unsafe.Pointer(cl.certs)) + (i * pointerSize)))
if c != nil {
lt := *((*C.uint)(unsafe.Pointer(uintptr(unsafe.Pointer(cl.localTrust)) + (i * C.sizeof_int))))
certs = append(certs, c)
localTrust = append(localTrust, uint(lt))
}
}
C.ZT_freeQueryResult(unsafe.Pointer(cl))
}
return
}
// --------------------------------------------------------------------------------------------------------------------
func (n *Node) runMaintenance() {