Make x509 certificates an opaque type

src/file_analysis/analyzer/x509/CMakeLists.txt

@@ -6,5 +6,5 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
 
 bro_plugin_begin(Bro X509)
 bro_plugin_cc(X509.cc Plugin.cc ../../Analyzer.cc)
-bro_plugin_bif(events.bif types.bif)
+bro_plugin_bif(events.bif types.bif functions.bif)
 bro_plugin_end()

src/file_analysis/analyzer/x509/Plugin.cc

@@ -7,4 +7,5 @@ BRO_PLUGIN_BEGIN(Bro, X509)
 	BRO_PLUGIN_FILE_ANALYZER("X509", X509);
 	BRO_PLUGIN_BIF_FILE(events);
 	BRO_PLUGIN_BIF_FILE(types);	
+	BRO_PLUGIN_BIF_FILE(functions);
 BRO_PLUGIN_END

src/file_analysis/analyzer/x509/X509.cc

@@ -17,6 +17,8 @@
 
 using namespace file_analysis;
 
+IMPLEMENT_SERIAL(X509Val, SER_X509_VAL);
+
 file_analysis::X509::X509(RecordVal* args, file_analysis::File* file)
     : file_analysis::Analyzer(file_mgr->GetComponentTag("X509"), args, file)
 	{
@@ -444,3 +446,65 @@ double file_analysis::X509::get_time_from_asn1(const ASN1_TIME * atime)
 	return lResult;
 }
 
+X509Val::X509Val(::X509* arg_certificate) : OpaqueVal(x509_opaque_type)
+	{
+	certificate = arg_certificate;
+	}
+
+X509Val::X509Val() : OpaqueVal(x509_opaque_type)
+	{
+	certificate = 0;
+	}
+
+X509Val::~X509Val()
+	{
+	if ( certificate )
+		X509_free(certificate);
+	}
+
+::X509* X509Val::GetCertificate() const
+	{
+	return certificate;
+	}
+
+bool X509Val::DoSerialize(SerialInfo* info) const
+	{
+	DO_SERIALIZE(SER_X509_VAL, X509Val);
+
+	unsigned char *buf = NULL;
+
+	int length = i2d_X509(certificate, &buf);
+
+	if ( length < 0 ) 
+		return false;
+
+	bool res = SERIALIZE_STR(reinterpret_cast<const char*>(buf), length);
+
+	OPENSSL_free(buf);
+	return res;
+	}
+
+bool X509Val::DoUnserialize(UnserialInfo* info)
+	{
+	DO_UNSERIALIZE(OpaqueVal)
+
+	int length;
+	unsigned char *certbuf, *opensslbuf;
+
+	if ( ! UNSERIALIZE_STR(reinterpret_cast<char **>(&certbuf), &length) )
+		return false;
+
+	opensslbuf = certbuf; // OpenSSL likes to shift pointers around. really.
+	certificate = d2i_X509(NULL, const_cast<const unsigned char**>(&opensslbuf), length);
+	delete[] certbuf;
+
+	if ( !certificate ) 
+		return false;
+
+	return true;
+	}
+
+
+
+
+

src/file_analysis/analyzer/x509/X509.h

@@ -39,6 +39,50 @@ private:
 	std::string cert_data;
 };
 
+/**
+ * This class wraps an OpenSSL X509 data structure. 
+ *
+ * We need these to be able to pass OpenSSL pointers around in Bro
+ * script-land. Otherwise, we cannot verify certificates from Bro 
+ * scriptland
+ */
+class X509Val : public OpaqueVal {
+public:
+	/**
+	 * Construct an X509Val.
+	 *
+	 * @param certificate specifies the wrapped OpenSSL certificate
+	 *
+	 * @return A newly initialized X509Val
+	 */
+	X509Val(::X509* certificate);
+
+	/**
+	 * Destructor.
+	 */
+	~X509Val();
+
+	/**
+	 * Get the wrapped X509 certificate. Please take care, that the
+	 * internal OpenSSL reference counting stays the same.
+	 *
+	 * @return The wrapped OpenSSL X509 certificate
+	 */
+	::X509* GetCertificate() const;
+
+protected:
+	/**
+	 * Construct an empty X509Val. Only used for deserialization
+	 */
+	X509Val();
+
+private:
+	::X509* certificate; // the wrapped certificate
+
+	DECLARE_SERIAL(X509Val);
+};
+
 }
 
+
 #endif