Commit f70c9c91 authored by jan.koester's avatar jan.koester
Browse files

remove legacy methods ssl

parent d51f03fa
Loading
Loading
Loading
Loading
+0 −100
Original line number Diff line number Diff line
@@ -4420,106 +4420,6 @@ static bool isOidEcPublicKey(const uint8_t* oid, size_t len) {
    return (len == sizeof(EC_OID) && std::memcmp(oid, EC_OID, len) == 0);
}

bool netplus::ssl::loadServerPrivateKeyDer(const std::string& keyDerPath) {
    try {
        std::vector<uint8_t> der = readFileBytesDer(keyDerPath);
        return loadServerPrivateKey(der);
    } catch (...) {
        throw;
    }
}

bool netplus::ssl::loadServerPrivateKey(const std::vector<uint8_t>& der) {
    try {
        // ✅ Extract RSA key data from DER and load into selected bundle's RSA
        if (_selected_cert_bundle) {
            return _loadRsaFromDer(der, _selected_cert_bundle->rsa_key);
        }
        return false;
    } catch (...) {
        throw;
    }
}

// ✅ Static helper: Extract RSA key from DER bytes and populate rsa object
bool netplus::ssl::_loadRsaFromDer(const std::vector<uint8_t>& derData, netplus::rsa& out_rsa) {
    try {
        // Create a temporary x509cert just for parsing ASN.1
        netplus::x509cert temp_cert;

        netplus::ASN1Node root;
        size_t used = temp_cert.parseInternal(derData.data(), derData.size(), root);
        if (used == 0) {
            netplus::NetException e;
            e[netplus::NetException::Error] << "failed parsing key DER ASN.1";
            throw e;
        }

        std::vector<uint8_t> nBE, eBE, dBE;

        // Detect PKCS#8:
        bool looksPkcs8 =
            (root.tag == 0x30 &&
             root.children.size() >= 3 &&
             root.children[2].tag == 0x04 &&
             root.children[2].data != nullptr &&
             root.children[2].len > 0);

        bool isEcKey = false;
        if (looksPkcs8 && root.children.size() >= 2 && root.children[1].tag == 0x30) {
            const auto& algId = root.children[1];
            if (algId.children.size() >= 1 && algId.children[0].tag == 0x06) {
                const auto& oid = algId.children[0];
                isEcKey = isOidEcPublicKey(oid.data, oid.len);
                if (isEcKey && algId.children.size() >= 2 && algId.children[1].tag == 0x06) {
                    const auto& curveOid = algId.children[1];
                    if (!isOidP256(curveOid.data, curveOid.len)) {
                        isEcKey = false;
                    }
                }
            }
        }

        if (isEcKey) {
            // EC keys not supported in CertificateBundle for now
            // (only RSA for TLS handshake signatures)
            return false;
        }

        bool ok = false;
        if (looksPkcs8) {
            netplus::ASN1Node inner;
            const auto& oct = root.children[2];
            if (temp_cert.parseInternal(oct.data, oct.len, inner) == 0) {
                netplus::NetException e;
                e[netplus::NetException::Error] << "failed parsing PKCS#8 inner private key";
                throw e;
            }
            ok = parsePkcs1RsaPrivateKeyDer(inner, nBE, eBE, dBE);
        } else {
            ok = parsePkcs1RsaPrivateKeyDer(root, nBE, eBE, dBE);
        }

        if (!ok || nBE.empty() || eBE.empty() || dBE.empty()) {
            netplus::NetException e;
            e[netplus::NetException::Error] << "failed extracting RSA key (n/e/d) from DER";
            throw e;
        }

        // Install into output RSA object
        out_rsa.setRsaKeyFromRaw(nBE, eBE, dBE);
        std::cerr << "[SSL] _loadRsaFromDer: Successfully loaded RSA private key" << std::endl;
        return true;

    } catch (netplus::NetException&) {
        throw;
    } catch (...) {
        netplus::NetException e;
        e[netplus::NetException::Error] << "_loadRsaFromDer: unknown exception";
        throw e;
    }
}

bool netplus::ssl::_popHandshakeMsg(std::vector<uint8_t>& out, uint8_t& type) {
    if (_rx_handshake_buf.size() < 4) return false;

+2 −2
Original line number Diff line number Diff line
@@ -109,8 +109,8 @@ int main() {
        netplus::ssl::CertificateBundle bundle1;
        bundle1.cert = cert;
        bundle1.privateKeyDer = std::vector<uint8_t>(test_key_der.begin(), test_key_der.end());
        // Pre-load RSA key into bundle
        if (!netplus::ssl::_loadRsaFromDer(bundle1.privateKeyDer, bundle1.rsa_key)) {
        // Pre-load RSA key into bundle using the rsa::loadRsaFromDerFile static function
        if (!netplus::rsa::loadRsaFromDerFile(bundle1.privateKeyDer, bundle1.rsa_key)) {
             std::cerr << "Failed to load RSA key 1!" << std::endl;
             std::cerr.flush();
             return 1;