Store certificates and private keys as PEM files instead of storing them in config file. Added functions to generate proper pairing request.

Signed-off-by: Matt Colyer <matt@colyer.name>
author: Jonathan Beck 2008-08-04 22:31:43 +0200
committer: Matt Colyer 2008-08-05 23:28:10 -0700
commit: 4b558a53f61005b0ca49665d2da92303f6e14872 (patch)
tree: 3631ebdcfbf681a239bde3192172d3014b56322b /src/lockdown.c
parent: 20a6f8797add1a44aa6ea2cc1d089122d1f39be3 (diff)
download: libimobiledevice-4b558a53f61005b0ca49665d2da92303f6e14872.tar.gz
libimobiledevice-4b558a53f61005b0ca49665d2da92303f6e14872.tar.bz2
1 files changed, 21 insertions, 14 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index d5149a9..095b2b4 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -263,8 +263,8 @@ int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char
        /* Setup Pair request plist */
        dict = add_child_to_plist(plist, "dict", "\n", NULL, 0);
-        add_key_str_dict_element(plist, dict, "Key", "PairRecord", 1);
+        dictRecord = add_key_dict_node(plist, dict, "PairRecord", "\n", 1);
-        dictRecord = add_child_to_plist(plist, "dict", "\n", NULL, 1);
+        //dictRecord = add_child_to_plist(plist, "dict", "\n", NULL, 1);
        add_key_data_dict_element(plist, dictRecord, "DeviceCertificate", device_cert_b64, 2);
        add_key_data_dict_element(plist, dictRecord, "HostCertificate", host_cert_b64, 2);
        add_key_str_dict_element(plist, dictRecord, "HostID", host_id, 2);
@@ -273,6 +273,8 @@ int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char
        xmlDocDumpMemory(plist, (xmlChar**)&XML_content, &length);
+        printf("XML Pairing request : %s\n",XML_content);
        /* send to iPhone */
        bytes = lockdownd_send(control, XML_content, length);
        
@@ -366,34 +368,34 @@ int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char *
                gnutls_datum_t essentially_null = {strdup("abababababababab"), strlen("abababababababab")};
        
                gnutls_x509_privkey_t fake_privkey, root_privkey;
-                gnutls_x509_crt_t dev_cert, root_cert;
+                gnutls_x509_crt_t dev_cert, root_cert, host_cert;
        
                gnutls_x509_privkey_init(&fake_privkey);
                gnutls_x509_crt_init(&dev_cert);
                gnutls_x509_crt_init(&root_cert);
+                gnutls_x509_crt_init(&host_cert);
                if ( GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null) ) {
                
                        gnutls_x509_privkey_init(&root_privkey);
                        
-                        /* get certificate stored in config */
+                        /* get root cert */
-                        *host_cert_b64 = get_host_certificate();
-                        *root_cert_b64 = get_root_certificate();
                        gnutls_datum_t pem_root_cert = {NULL, 0};
-                        pem_root_cert.data = g_base64_decode (*root_cert_b64, &pem_root_cert.size);
+                        ret = get_root_certificate(&pem_root_cert);
                        ret = gnutls_x509_crt_import (root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM);
-                        gnutls_free(pem_root_cert.data);
+                        
+                        /* get host cert */
+                        gnutls_datum_t pem_host_cert = {NULL, 0};
+                        ret = get_host_certificate(&pem_host_cert);
+                        ret = gnutls_x509_crt_import (host_cert, &pem_host_cert, GNUTLS_X509_FMT_PEM);
+                        
                        /* get root private key */
-                        char *root_priv_b64 = get_root_private_key();
                        gnutls_datum_t pem_root_priv = {NULL, 0};
-                        pem_root_priv.data = g_base64_decode (root_priv_b64, &pem_root_priv.size);
+                        ret = get_root_private_key(&pem_root_priv);
                        ret = gnutls_x509_privkey_import (root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM);
-                        gnutls_free(pem_root_priv.data);
+                        
                        /* generate device certificate */
                        
@@ -418,8 +420,13 @@ int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char *
                                /* now encode certificates for output */
                                *device_cert_b64 = g_base64_encode(dev_pem.data, dev_pem.size);
+                                *host_cert_b64 = g_base64_encode(pem_host_cert.data, pem_host_cert.size);
+                                *root_cert_b64 = g_base64_encode(pem_root_cert.data, pem_root_cert.size);
                                ret = 1;
                        }
+                        gnutls_free(pem_root_priv.data);
+                        gnutls_free(pem_root_cert.data);
+                        gnutls_free(pem_host_cert.data);
                }
        }
author	Jonathan Beck	2008-08-04 22:31:43 +0200
committer	Matt Colyer	2008-08-05 23:28:10 -0700
commit	4b558a53f61005b0ca49665d2da92303f6e14872 (patch)
tree	3631ebdcfbf681a239bde3192172d3014b56322b /src/lockdown.c
parent	20a6f8797add1a44aa6ea2cc1d089122d1f39be3 (diff)
download	libimobiledevice-4b558a53f61005b0ca49665d2da92303f6e14872.tar.gz libimobiledevice-4b558a53f61005b0ca49665d2da92303f6e14872.tar.bz2

diff --git a/src/lockdown.c b/src/lockdown.c index d5149a9..095b2b4 100644 --- a/src/lockdown.c +++ b/src/lockdown.c
@@ -263,8 +263,8 @@ int lockdownd_pair_device(lockdownd_client control, char public_key_b64, char
263		263
264	/* Setup Pair request plist */	264	/* Setup Pair request plist */
265	dict = add_child_to_plist(plist, "dict", "\n", NULL, 0);	265	dict = add_child_to_plist(plist, "dict", "\n", NULL, 0);
266	add_key_str_dict_element(plist, dict, "Key", "PairRecord", 1);	266	dictRecord = add_key_dict_node(plist, dict, "PairRecord", "\n", 1);
267	dictRecord = add_child_to_plist(plist, "dict", "\n", NULL, 1);	267	//dictRecord = add_child_to_plist(plist, "dict", "\n", NULL, 1);
268	add_key_data_dict_element(plist, dictRecord, "DeviceCertificate", device_cert_b64, 2);	268	add_key_data_dict_element(plist, dictRecord, "DeviceCertificate", device_cert_b64, 2);
269	add_key_data_dict_element(plist, dictRecord, "HostCertificate", host_cert_b64, 2);	269	add_key_data_dict_element(plist, dictRecord, "HostCertificate", host_cert_b64, 2);
270	add_key_str_dict_element(plist, dictRecord, "HostID", host_id, 2);	270	add_key_str_dict_element(plist, dictRecord, "HostID", host_id, 2);
@@ -273,6 +273,8 @@ int lockdownd_pair_device(lockdownd_client control, char public_key_b64, char
273		273
274	xmlDocDumpMemory(plist, (xmlChar**)&XML_content, &length);	274	xmlDocDumpMemory(plist, (xmlChar**)&XML_content, &length);
275		275
		276	printf("XML Pairing request : %s\n",XML_content);
		277
276	/* send to iPhone */	278	/* send to iPhone */
277	bytes = lockdownd_send(control, XML_content, length);	279	bytes = lockdownd_send(control, XML_content, length);
278		280
@@ -366,34 +368,34 @@ int lockdownd_gen_pair_cert(char public_key_b64, char device_cert_b64, char
366	gnutls_datum_t essentially_null = {strdup("abababababababab"), strlen("abababababababab")};	368	gnutls_datum_t essentially_null = {strdup("abababababababab"), strlen("abababababababab")};
367		369
368	gnutls_x509_privkey_t fake_privkey, root_privkey;	370	gnutls_x509_privkey_t fake_privkey, root_privkey;
369	gnutls_x509_crt_t dev_cert, root_cert;	371	gnutls_x509_crt_t dev_cert, root_cert, host_cert;
370		372
371	gnutls_x509_privkey_init(&fake_privkey);	373	gnutls_x509_privkey_init(&fake_privkey);
372	gnutls_x509_crt_init(&dev_cert);	374	gnutls_x509_crt_init(&dev_cert);
373	gnutls_x509_crt_init(&root_cert);	375	gnutls_x509_crt_init(&root_cert);
		376	gnutls_x509_crt_init(&host_cert);
374		377
375	if ( GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null) ) {	378	if ( GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null) ) {
376		379
377	gnutls_x509_privkey_init(&root_privkey);	380	gnutls_x509_privkey_init(&root_privkey);
378		381
379	/* get certificate stored in config */	382	/* get root cert */
380	*host_cert_b64 = get_host_certificate();
381	*root_cert_b64 = get_root_certificate();
382
383	gnutls_datum_t pem_root_cert = {NULL, 0};	383	gnutls_datum_t pem_root_cert = {NULL, 0};
384	pem_root_cert.data = g_base64_decode (*root_cert_b64, &pem_root_cert.size);	384	ret = get_root_certificate(&pem_root_cert);
385
386	ret = gnutls_x509_crt_import (root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM);	385	ret = gnutls_x509_crt_import (root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM);
387	gnutls_free(pem_root_cert.data);	386
388		387
		388	/* get host cert */
		389	gnutls_datum_t pem_host_cert = {NULL, 0};
		390	ret = get_host_certificate(&pem_host_cert);
		391	ret = gnutls_x509_crt_import (host_cert, &pem_host_cert, GNUTLS_X509_FMT_PEM);
		392
389		393
390	/* get root private key */	394	/* get root private key */
391	char *root_priv_b64 = get_root_private_key();
392	gnutls_datum_t pem_root_priv = {NULL, 0};	395	gnutls_datum_t pem_root_priv = {NULL, 0};
393	pem_root_priv.data = g_base64_decode (root_priv_b64, &pem_root_priv.size);	396	ret = get_root_private_key(&pem_root_priv);
394
395	ret = gnutls_x509_privkey_import (root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM);	397	ret = gnutls_x509_privkey_import (root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM);
396	gnutls_free(pem_root_priv.data);	398
397		399
398	/* generate device certificate */	400	/* generate device certificate */
399		401
@@ -418,8 +420,13 @@ int lockdownd_gen_pair_cert(char public_key_b64, char device_cert_b64, char
418		420
419	/* now encode certificates for output */	421	/* now encode certificates for output */
420	*device_cert_b64 = g_base64_encode(dev_pem.data, dev_pem.size);	422	*device_cert_b64 = g_base64_encode(dev_pem.data, dev_pem.size);
		423	*host_cert_b64 = g_base64_encode(pem_host_cert.data, pem_host_cert.size);
		424	*root_cert_b64 = g_base64_encode(pem_root_cert.data, pem_root_cert.size);
421	ret = 1;	425	ret = 1;
422	}	426	}
		427	gnutls_free(pem_root_priv.data);
		428	gnutls_free(pem_root_cert.data);
		429	gnutls_free(pem_host_cert.data);
423	}	430	}
424	}	431	}
425		432