x509storeissuer: add certificates from the provided directories to the store

Signed-off-by: Eugene Syromiatnikov <[email protected]>

Author: esyr

source/x509storeissuer.c

@@ -7,10 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <dirent.h>
+#include <errno.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
 #ifndef _WIN32
 # include <libgen.h>
 # include <unistd.h>
@@ -254,11 +257,10 @@ main(int argc, char *argv[])
     size_t total_count = 0;
     size_t total_found = 0;
     double avcalltime;
-    char *cert = NULL;
     int ret = EXIT_FAILURE;
-    BIO *bio = NULL;
     int opt;
     int dirs_start;
+    size_t num_certs = 0;
     struct nonce_cfg nonce_cfg;
 
     parse_nonce_cfg(NONCE_CFG, &nonce_cfg);
@@ -309,6 +311,85 @@ main(int argc, char *argv[])
     if (store == NULL || !X509_STORE_set_default_paths(store))
         errx(EXIT_FAILURE, "Failed to create X509_STORE");
 
+    for (int i = dirs_start; i < argc - 1; i++) {
+        char *cert = NULL;
+        BIO *bio = NULL;
+        X509 *x509 = NULL;
+        struct stat st;
+        struct dirent *e;
+        DIR *d = opendir(argv[i]);
+
+        if (d == NULL)
+            err(EXIT_FAILURE, "Could not open \"%s\"", argv[i]);
+
+        while (1) {
+            errno = 0;
+            e = readdir(d);
+
+            if (e == NULL) {
+                if (errno != 0) {
+                    err(EXIT_FAILURE, "An error ocurred while reading directory"
+                                      " \"%s\"", argv[i]);
+                } else {
+                    break;
+                }
+            }
+
+            cert = perflib_mk_file_path(argv[i], e->d_name);
+            if (cert == NULL)
+                errx(EXIT_FAILURE, "Failed to allocate cert name in directory"
+                                   " \"%s\" for entry \"%s\"",
+                                   argv[i], e->d_name);
+
+            if (lstat(cert, &st) < 0) {
+                warn("Got error on lstat(\"%s\")", cert);
+                goto next_file;
+            }
+
+            if (st.st_mode & S_IFMT != S_IFREG) {
+                if (verbosity >= VERBOSITY_DEBUG)
+                    warnx("\"%s\" is not a regular file, skipping", cert);
+                goto next_file;
+            }
+
+            bio = BIO_new_file(cert, "rb");
+            if (bio == NULL)
+                errx(EXIT_FAILURE, "Unable to create BIO for \"%s\"", cert);
+
+            x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+            if (x509 == NULL) {
+                if (verbosity >= VERBOSITY_DEBUG)
+                    warnx("Failed to read certificate from \"%s\", skipping",
+                          cert);
+                goto next_file;
+            } else {
+                if (!X509_STORE_add_cert(store, x509)) {
+                    warnx("Failed to add a certificate from \"%s\""
+                          " to the store\n", cert);
+                    goto next_file;
+                } else {
+                    if (verbosity >= VERBOSITY_DEBUG)
+                        fprintf(stderr, "Successfully added a certificate from"
+                                        " \"%s\" to the store\n", cert);
+                    num_certs++;
+                }
+            }
+
+ next_file:
+            X509_free(x509);
+            x509 = NULL;
+
+            BIO_free(bio);
+            bio = NULL;
+
+            OPENSSL_free(cert);
+            cert = NULL;
+        }
+    }
+
+    if (verbosity >= VERBOSITY_DEBUG_STATS)
+        fprintf(stderr, "Added %zu certificates to the store\n", num_certs);
+
     counts = OPENSSL_malloc(sizeof(size_t) * threadcount);
     if (counts == NULL)
         errx(EXIT_FAILURE, "Failed to create counts array");
@@ -356,8 +437,6 @@ main(int argc, char *argv[])
  err:
     X509_free(x509_nonce);
     X509_STORE_free(store);
-    BIO_free(bio);
-    OPENSSL_free(cert);
     OPENSSL_free(founds);
     OPENSSL_free(counts);
     return ret;