mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 12:33:44 +02:00
Some minor reorg.
This commit is contained in:
parent
ecb09aa2e1
commit
8d2a0f764b
7 changed files with 96 additions and 36 deletions
|
@ -57,8 +57,8 @@ Commands:
|
||||||
locator <locator> Explicitly update peer locator
|
locator <locator> Explicitly update peer locator
|
||||||
roots List root peers
|
roots List root peers
|
||||||
root [command] - Root management commands
|
root [command] - Root management commands
|
||||||
add <identity | url> [endpoint] Add a root or a root set
|
add <identity | url> [endpoint] Add a root or a set of roots
|
||||||
remove <address | url | serial> Remove a root or root set
|
remove <address | url | serial> Remove a root or set of roots
|
||||||
set [option] [value] - Get or set a core config option
|
set [option] [value] - Get or set a core config option
|
||||||
port <port> Primary P2P port
|
port <port> Primary P2P port
|
||||||
secondaryport <port/0> Secondary P2P port (0 to disable)
|
secondaryport <port/0> Secondary P2P port (0 to disable)
|
||||||
|
|
|
@ -199,4 +199,17 @@ bool Dictionary::decode(const void *data, unsigned int len)
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char *Dictionary::arraySubscript(char buf[256],const char *name,const unsigned long sub) noexcept
|
||||||
|
{
|
||||||
|
for(unsigned int i=0;i<(256 - 17);++i) {
|
||||||
|
if ((buf[i] = name[i]) == 0) {
|
||||||
|
buf[i++] = '#';
|
||||||
|
Utils::hex(sub, buf + i);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
buf[0] = 0;
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
|
||||||
} // namespace ZeroTier
|
} // namespace ZeroTier
|
||||||
|
|
|
@ -370,18 +370,7 @@ public:
|
||||||
return mlen;
|
return mlen;
|
||||||
}
|
}
|
||||||
|
|
||||||
static ZT_INLINE char *arraySubscript(char buf[256],const char *name,const unsigned long sub) noexcept
|
static char *arraySubscript(char buf[256],const char *name,const unsigned long sub) noexcept;
|
||||||
{
|
|
||||||
for(unsigned int i=0;i<(256 - 17);++i) {
|
|
||||||
if ((buf[i] = name[i]) == 0) {
|
|
||||||
buf[i++] = '#';
|
|
||||||
Utils::hex(sub, buf + i);
|
|
||||||
return buf;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
buf[0] = 0;
|
|
||||||
return buf;
|
|
||||||
}
|
|
||||||
|
|
||||||
private:
|
private:
|
||||||
template< typename V >
|
template< typename V >
|
||||||
|
|
|
@ -21,8 +21,10 @@ void IdentificationCertificate::clear()
|
||||||
Utils::zero< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this);
|
Utils::zero< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this);
|
||||||
m_identities.clear();
|
m_identities.clear();
|
||||||
m_locators.clear();
|
m_locators.clear();
|
||||||
|
m_strings.clear();
|
||||||
m_nodes.clear();
|
m_nodes.clear();
|
||||||
m_networks.clear();
|
m_networks.clear();
|
||||||
|
m_updateUrls.clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
IdentificationCertificate &IdentificationCertificate::operator=(const ZT_IdentificationCertificate &apiCert)
|
IdentificationCertificate &IdentificationCertificate::operator=(const ZT_IdentificationCertificate &apiCert)
|
||||||
|
@ -54,6 +56,11 @@ IdentificationCertificate &IdentificationCertificate::operator=(const Identifica
|
||||||
for (unsigned int i = 0; i < cert.subject.networkCount; ++i)
|
for (unsigned int i = 0; i < cert.subject.networkCount; ++i)
|
||||||
addSubjectNetwork(cert.subject.networks[i].id, cert.subject.networks[i].controller);
|
addSubjectNetwork(cert.subject.networks[i].id, cert.subject.networks[i].controller);
|
||||||
|
|
||||||
|
if (cert.updateUrls) {
|
||||||
|
for (unsigned int i = 0; i < cert.updateUrlCount; ++i)
|
||||||
|
addUpdateUrl(cert.updateUrls[i]);
|
||||||
|
}
|
||||||
|
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -84,6 +91,14 @@ ZT_IdentificationCertificate_Network *IdentificationCertificate::addSubjectNetwo
|
||||||
return &(m_networks.back());
|
return &(m_networks.back());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void IdentificationCertificate::addUpdateUrl(const char *url)
|
||||||
|
{
|
||||||
|
m_strings.push_back(url);
|
||||||
|
m_updateUrls.push_back(m_strings.back().c_str());
|
||||||
|
this->updateUrls = m_updateUrls.data();
|
||||||
|
this->updateUrlCount = (unsigned int)m_updateUrls.size();
|
||||||
|
}
|
||||||
|
|
||||||
Vector< uint8_t > IdentificationCertificate::encode(const bool omitSignature) const
|
Vector< uint8_t > IdentificationCertificate::encode(const bool omitSignature) const
|
||||||
{
|
{
|
||||||
char tmp[256];
|
char tmp[256];
|
||||||
|
@ -137,6 +152,12 @@ Vector< uint8_t > IdentificationCertificate::encode(const bool omitSignature) co
|
||||||
d.add("iN.e", this->issuerName.email);
|
d.add("iN.e", this->issuerName.email);
|
||||||
d.add("iN.ur", this->issuerName.url);
|
d.add("iN.ur", this->issuerName.url);
|
||||||
|
|
||||||
|
d.add("uU[]", (uint64_t)this->updateUrlCount);
|
||||||
|
if (this->updateUrls) {
|
||||||
|
for (unsigned int i = 0; i < this->updateUrlCount; ++i)
|
||||||
|
d.add(Dictionary::arraySubscript(tmp, "uU[]", i), this->updateUrls[i]);
|
||||||
|
}
|
||||||
|
|
||||||
if ((!omitSignature) && (this->signatureSize > 0) && (this->signatureSize <= sizeof(this->signature)))
|
if ((!omitSignature) && (this->signatureSize > 0) && (this->signatureSize <= sizeof(this->signature)))
|
||||||
d["si"].assign(this->signature, this->signature + this->signatureSize);
|
d["si"].assign(this->signature, this->signature + this->signatureSize);
|
||||||
|
|
||||||
|
@ -146,7 +167,7 @@ Vector< uint8_t > IdentificationCertificate::encode(const bool omitSignature) co
|
||||||
|
|
||||||
bool IdentificationCertificate::decode(const Vector< uint8_t > &data)
|
bool IdentificationCertificate::decode(const Vector< uint8_t > &data)
|
||||||
{
|
{
|
||||||
char tmp[256];
|
char tmp[256], tmp2[ZT_IDENTIFICATION_CERTIFICATE_MAX_STRING_LENGTH + 1];
|
||||||
|
|
||||||
clear();
|
clear();
|
||||||
|
|
||||||
|
@ -226,6 +247,14 @@ bool IdentificationCertificate::decode(const Vector< uint8_t > &data)
|
||||||
d.getS("iN.e", this->issuerName.email, sizeof(this->issuerName.email));
|
d.getS("iN.e", this->issuerName.email, sizeof(this->issuerName.email));
|
||||||
d.getS("iN.ur", this->issuerName.url, sizeof(this->issuerName.url));
|
d.getS("iN.ur", this->issuerName.url, sizeof(this->issuerName.url));
|
||||||
|
|
||||||
|
cnt = (unsigned int)d.getUI("uU[]");
|
||||||
|
for (unsigned int i = 0; i < cnt; ++i) {
|
||||||
|
const char *const url = d.getS(Dictionary::arraySubscript(tmp, "uU[]", i), tmp2, sizeof(tmp2));
|
||||||
|
if (url)
|
||||||
|
addUpdateUrl(tmp2);
|
||||||
|
else return false;
|
||||||
|
}
|
||||||
|
|
||||||
const Vector< uint8_t > &sig = d["si"];
|
const Vector< uint8_t > &sig = d["si"];
|
||||||
if (sig.size() > sizeof(this->signature))
|
if (sig.size() > sizeof(this->signature))
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -62,6 +62,7 @@ public:
|
||||||
void clear();
|
void clear();
|
||||||
|
|
||||||
IdentificationCertificate &operator=(const ZT_IdentificationCertificate &apiCert);
|
IdentificationCertificate &operator=(const ZT_IdentificationCertificate &apiCert);
|
||||||
|
|
||||||
IdentificationCertificate &operator=(const IdentificationCertificate &cert);
|
IdentificationCertificate &operator=(const IdentificationCertificate &cert);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -90,6 +91,13 @@ public:
|
||||||
*/
|
*/
|
||||||
ZT_IdentificationCertificate_Network *addSubjectNetwork(const uint64_t id, const ZT_Fingerprint &controller);
|
ZT_IdentificationCertificate_Network *addSubjectNetwork(const uint64_t id, const ZT_Fingerprint &controller);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add an update URL to the updateUrls list
|
||||||
|
*
|
||||||
|
* @param url Update URL
|
||||||
|
*/
|
||||||
|
void addUpdateUrl(const char *url);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Marshal this certificate in binary form
|
* Marshal this certificate in binary form
|
||||||
*
|
*
|
||||||
|
@ -124,20 +132,26 @@ public:
|
||||||
*/
|
*/
|
||||||
bool verify() const;
|
bool verify() const;
|
||||||
|
|
||||||
ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)Utils::loadAsIsEndian<uint32_t>(this->serialNo); }
|
ZT_INLINE unsigned long hashCode() const noexcept
|
||||||
|
{ return (unsigned long)Utils::loadAsIsEndian< uint32_t >(this->serialNo); }
|
||||||
|
|
||||||
ZT_INLINE bool operator==(const ZT_IdentificationCertificate &c) const noexcept
|
ZT_INLINE bool operator==(const ZT_IdentificationCertificate &c) const noexcept
|
||||||
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) == 0; }
|
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) == 0; }
|
||||||
|
|
||||||
ZT_INLINE bool operator!=(const ZT_IdentificationCertificate &c) const noexcept
|
ZT_INLINE bool operator!=(const ZT_IdentificationCertificate &c) const noexcept
|
||||||
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) != 0; }
|
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) != 0; }
|
||||||
|
|
||||||
ZT_INLINE bool operator<(const ZT_IdentificationCertificate &c) const noexcept
|
ZT_INLINE bool operator<(const ZT_IdentificationCertificate &c) const noexcept
|
||||||
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) < 0; }
|
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) < 0; }
|
||||||
|
|
||||||
ZT_INLINE bool operator<=(const ZT_IdentificationCertificate &c) const noexcept
|
ZT_INLINE bool operator<=(const ZT_IdentificationCertificate &c) const noexcept
|
||||||
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) <= 0; }
|
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) <= 0; }
|
||||||
|
|
||||||
ZT_INLINE bool operator>(const ZT_IdentificationCertificate &c) const noexcept
|
ZT_INLINE bool operator>(const ZT_IdentificationCertificate &c) const noexcept
|
||||||
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) > 0; }
|
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) > 0; }
|
||||||
|
|
||||||
ZT_INLINE bool operator>=(const ZT_IdentificationCertificate &c) const noexcept
|
ZT_INLINE bool operator>=(const ZT_IdentificationCertificate &c) const noexcept
|
||||||
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) >= 0; }
|
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) >= 0; }
|
||||||
|
|
||||||
private:
|
private:
|
||||||
// These hold any identity or locator objects that are owned by and should
|
// These hold any identity or locator objects that are owned by and should
|
||||||
|
@ -145,10 +159,12 @@ private:
|
||||||
// change.
|
// change.
|
||||||
List< Identity > m_identities;
|
List< Identity > m_identities;
|
||||||
List< Locator > m_locators;
|
List< Locator > m_locators;
|
||||||
|
List< String > m_strings;
|
||||||
|
|
||||||
// These are stored in a vector because the memory needs to be contiguous.
|
// These are stored in a vector because the memory needs to be contiguous.
|
||||||
Vector< ZT_IdentificationCertificate_Node > m_nodes;
|
Vector< ZT_IdentificationCertificate_Node > m_nodes;
|
||||||
Vector< ZT_IdentificationCertificate_Network > m_networks;
|
Vector< ZT_IdentificationCertificate_Network > m_networks;
|
||||||
|
Vector< const char * > m_updateUrls;
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace ZeroTier
|
} // namespace ZeroTier
|
||||||
|
|
|
@ -319,9 +319,7 @@ static ZT_INLINE char *stok(char *str, const char *delim, char **saveptr) noexce
|
||||||
}
|
}
|
||||||
|
|
||||||
static ZT_INLINE unsigned int strToUInt(const char *s) noexcept
|
static ZT_INLINE unsigned int strToUInt(const char *s) noexcept
|
||||||
{
|
{ return (unsigned int)strtoul(s, nullptr, 10); }
|
||||||
return (unsigned int)strtoul(s, nullptr, 10);
|
|
||||||
}
|
|
||||||
|
|
||||||
static ZT_INLINE unsigned long long hexStrToU64(const char *s) noexcept
|
static ZT_INLINE unsigned long long hexStrToU64(const char *s) noexcept
|
||||||
{
|
{
|
||||||
|
|
|
@ -302,6 +302,11 @@ typedef struct
|
||||||
*/
|
*/
|
||||||
#define ZT_IDENTIFICATION_CERTIFICATE_MAX_SIGNATURE_SIZE 256
|
#define ZT_IDENTIFICATION_CERTIFICATE_MAX_SIGNATURE_SIZE 256
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Flag indicating that the nodes in the subject are a set of roots
|
||||||
|
*/
|
||||||
|
#define ZT_IDENTIFICATION_CERTIFICATE_FLAG_ROOT_SET 0x0000000000000001ULL
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Information about a real world entity.
|
* Information about a real world entity.
|
||||||
*/
|
*/
|
||||||
|
@ -362,16 +367,16 @@ typedef struct
|
||||||
*/
|
*/
|
||||||
ZT_IdentificationCertificate_Node *nodes;
|
ZT_IdentificationCertificate_Node *nodes;
|
||||||
|
|
||||||
/**
|
|
||||||
* Number of nodes
|
|
||||||
*/
|
|
||||||
unsigned int nodeCount;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Networks owned by this entity
|
* Networks owned by this entity
|
||||||
*/
|
*/
|
||||||
ZT_IdentificationCertificate_Network *networks;
|
ZT_IdentificationCertificate_Network *networks;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Number of nodes
|
||||||
|
*/
|
||||||
|
unsigned int nodeCount;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Number of networks
|
* Number of networks
|
||||||
*/
|
*/
|
||||||
|
@ -413,15 +418,15 @@ typedef struct
|
||||||
unsigned int maxPathLength;
|
unsigned int maxPathLength;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Flags (for future use, currently zero).
|
* Flags indicating certificate usage and any other attributes.
|
||||||
*
|
|
||||||
* This could be used to implement key usage flags similar to X509 if
|
|
||||||
* these are needed.
|
|
||||||
*/
|
*/
|
||||||
uint64_t flags;
|
uint64_t flags;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Valid time range: not before, not after.
|
* Valid time range: not before, not after.
|
||||||
|
*
|
||||||
|
* In ZeroTier the not before field is also the certificate issued time
|
||||||
|
* and timestamp.
|
||||||
*/
|
*/
|
||||||
int64_t validity[2];
|
int64_t validity[2];
|
||||||
|
|
||||||
|
@ -441,14 +446,24 @@ typedef struct
|
||||||
ZT_IdentificationCertificate_Name issuerName;
|
ZT_IdentificationCertificate_Name issuerName;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Signature by issuer (algorithm determined by identity type).
|
* URLs that can be consulted for updates to this certificate.
|
||||||
*/
|
*/
|
||||||
uint8_t signature[ZT_IDENTIFICATION_CERTIFICATE_MAX_SIGNATURE_SIZE];
|
const char *const *updateUrls;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Number of update URLs
|
||||||
|
*/
|
||||||
|
unsigned int updateUrlCount;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Size of signature in bytes.
|
* Size of signature in bytes.
|
||||||
*/
|
*/
|
||||||
unsigned int signatureSize;
|
unsigned int signatureSize;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Signature by issuer (algorithm determined by identity type).
|
||||||
|
*/
|
||||||
|
uint8_t signature[ZT_IDENTIFICATION_CERTIFICATE_MAX_SIGNATURE_SIZE];
|
||||||
} ZT_IdentificationCertificate;
|
} ZT_IdentificationCertificate;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Add table
Reference in a new issue