core_rpc_server: new file: rpc_ssl.fingerprint

author: Jeffrey Ryan <jeffreyryan@tutanota.com> 2022-05-19 15:27:30 -0500
committer: jeffro256 <jeffro256@tutanota.com> 2023-07-02 19:38:51 -0500
commit: 70bbd2536b0eb005458f7dee419eef503ff9e0cb (patch)
tree: bd821c083bc992dbb457670cff6ac3d5a93b1947 /src
parent: Merge pull request #8842 (diff)
download: monero-70bbd2536b0eb005458f7dee419eef503ff9e0cb.tar.xz
2 files changed, 29 insertions, 25 deletions
diff --git a/src/gen_ssl_cert/gen_ssl_cert.cpp b/src/gen_ssl_cert/gen_ssl_cert.cpp
index e695df727..b25d9a73d 100644
--- a/src/gen_ssl_cert/gen_ssl_cert.cpp
+++ b/src/gen_ssl_cert/gen_ssl_cert.cpp
@@ -65,29 +65,6 @@ namespace
   const command_line::arg_descriptor<bool> arg_prompt_for_passphrase = {"prompt-for-passphrase", gencert::tr("Prompt for a passphrase with which to encrypt the private key"), false};
 }
 
-// adapted from openssl's apps/x509.c
-static std::string get_fingerprint(X509 *cert, const EVP_MD *fdig)
-{
-  unsigned int j;
-  unsigned int n;
-  unsigned char md[EVP_MAX_MD_SIZE];
-  std::string fingerprint;
-
-  if (!X509_digest(cert, fdig, md, &n))
-  {
-    tools::fail_msg_writer() << tr("Failed to create fingerprint: ") << ERR_reason_error_string(ERR_get_error());
-    return fingerprint;
-  }
-  fingerprint.resize(n * 3 - 1);
-  char *out = &fingerprint[0];
-  for (j = 0; j < n; ++j)
-  {
-    snprintf(out, 3 + (j + 1 < n), "%02X%s", md[j], (j + 1 == n) ? "" : ":");
-    out += 3;
-  }
-  return fingerprint;
-}
-
 int main(int argc, char* argv[])
 {
   TRY_ENTRY();
@@ -246,7 +223,7 @@ int main(int argc, char* argv[])
 
   tools::success_msg_writer() << tr("New certificate created:");
   tools::success_msg_writer() << tr("Certificate: ") << certificate_filename;
-  tools::success_msg_writer() << tr("SHA-256 Fingerprint: ") << get_fingerprint(cert, EVP_sha256());
+  tools::success_msg_writer() << tr("SHA-256 Fingerprint: ") << epee::net_utils::get_hr_ssl_fingerprint(cert);
   tools::success_msg_writer() << tr("Private key: ") << private_key_filename << " (" << (private_key_passphrase.empty() ? "unencrypted" : "encrypted") << ")";
 
   return 0;
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index cb347110d..0adf0b65e 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -352,6 +352,7 @@ namespace cryptonote
     const auto ssl_base_path = (boost::filesystem::path{data_dir} / "rpc_ssl").string();
     const bool ssl_cert_file_exists = boost::filesystem::exists(ssl_base_path + ".crt");
     const bool ssl_pkey_file_exists = boost::filesystem::exists(ssl_base_path + ".key");
+    const bool ssl_fp_file_exists = boost::filesystem::exists(ssl_base_path + ".fingerprint");
     if (store_ssl_key)
     {
       // .key files are often given different read permissions as their corresponding .crt files.
@@ -361,13 +362,39 @@ namespace cryptonote
         MFATAL("Certificate (.crt) and private key (.key) files must both exist or both not exist at path: " << ssl_base_path);
         return false;
       }
+      else if (!ssl_cert_file_exists && ssl_fp_file_exists) // only fingerprint file is present
+      {
+        MFATAL("Fingerprint file is present while certificate (.crt) and private key (.key) files are not at path: " << ssl_base_path);
+        return false;
+      }
       else if (ssl_cert_file_exists) { // and ssl_pkey_file_exists
         // load key from previous run, password prompted by OpenSSL
         store_ssl_key = false;
         rpc_config->ssl_options.auth =
           epee::net_utils::ssl_authentication_t{ssl_base_path + ".key", ssl_base_path + ".crt"};
+
+        // Since the .fingerprint file was added afterwards, sometimes the other 2 are present, and .fingerprint isn't
+        // In that case, generate the .fingerprint file from the existing .crt file
+        if (!ssl_fp_file_exists)
+        {
+          try
+          {
+            std::string fingerprint = epee::net_utils::get_hr_ssl_fingerprint_from_file(ssl_base_path + ".crt");
+            if (!epee::file_io_utils::save_string_to_file(ssl_base_path + ".fingerprint", fingerprint))
+            {
+              MWARNING("Could not save SSL fingerprint to file '" << ssl_base_path << ".fingerprint'");
+            }
+            const auto fp_perms = boost::filesystem::owner_read | boost::filesystem::group_read | boost::filesystem::others_read;
+            boost::filesystem::permissions(ssl_base_path + ".fingerprint", fp_perms);
+          }
+          catch (const std::exception& e)
+          {
+            // Do nothing. The fingerprint file is helpful, but not at all necessary.
+            MWARNING("While trying to store SSL fingerprint file, got error (ignoring): " << e.what());
+          }
+        }
       }
-    }
+    } // if (store_ssl_key)
 
     auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); };
     const bool inited = epee::http_server_impl_base<core_rpc_server, connection_context>::init(
author	Jeffrey Ryan <jeffreyryan@tutanota.com>	2022-05-19 15:27:30 -0500
committer	jeffro256 <jeffro256@tutanota.com>	2023-07-02 19:38:51 -0500
commit	70bbd2536b0eb005458f7dee419eef503ff9e0cb (patch)
tree	bd821c083bc992dbb457670cff6ac3d5a93b1947 /src
parent	Merge pull request #8842 (diff)
download	monero-70bbd2536b0eb005458f7dee419eef503ff9e0cb.tar.xz