summaryrefslogtreecommitdiffstats
path: root/src/lockdown.c
diff options
context:
space:
mode:
authorGravatar Jonathan Beck2008-08-04 22:31:43 +0200
committerGravatar Matt Colyer2008-08-05 23:28:10 -0700
commit4b558a53f61005b0ca49665d2da92303f6e14872 (patch)
tree3631ebdcfbf681a239bde3192172d3014b56322b /src/lockdown.c
parent20a6f8797add1a44aa6ea2cc1d089122d1f39be3 (diff)
downloadlibimobiledevice-4b558a53f61005b0ca49665d2da92303f6e14872.tar.gz
libimobiledevice-4b558a53f61005b0ca49665d2da92303f6e14872.tar.bz2
Store certificates and private keys as PEM files instead of storing them in config file. Added functions to generate proper pairing request.
Signed-off-by: Matt Colyer <matt@colyer.name>
Diffstat (limited to 'src/lockdown.c')
-rw-r--r--src/lockdown.c35
1 files changed, 21 insertions, 14 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index d5149a9..095b2b4 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -263,8 +263,8 @@ int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char
/* Setup Pair request plist */
dict = add_child_to_plist(plist, "dict", "\n", NULL, 0);
- add_key_str_dict_element(plist, dict, "Key", "PairRecord", 1);
- dictRecord = add_child_to_plist(plist, "dict", "\n", NULL, 1);
+ dictRecord = add_key_dict_node(plist, dict, "PairRecord", "\n", 1);
+ //dictRecord = add_child_to_plist(plist, "dict", "\n", NULL, 1);
add_key_data_dict_element(plist, dictRecord, "DeviceCertificate", device_cert_b64, 2);
add_key_data_dict_element(plist, dictRecord, "HostCertificate", host_cert_b64, 2);
add_key_str_dict_element(plist, dictRecord, "HostID", host_id, 2);
@@ -273,6 +273,8 @@ int lockdownd_pair_device(lockdownd_client *control, char *public_key_b64, char
xmlDocDumpMemory(plist, (xmlChar**)&XML_content, &length);
+ printf("XML Pairing request : %s\n",XML_content);
+
/* send to iPhone */
bytes = lockdownd_send(control, XML_content, length);
@@ -366,34 +368,34 @@ int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char *
gnutls_datum_t essentially_null = {strdup("abababababababab"), strlen("abababababababab")};
gnutls_x509_privkey_t fake_privkey, root_privkey;
- gnutls_x509_crt_t dev_cert, root_cert;
+ gnutls_x509_crt_t dev_cert, root_cert, host_cert;
gnutls_x509_privkey_init(&fake_privkey);
gnutls_x509_crt_init(&dev_cert);
gnutls_x509_crt_init(&root_cert);
+ gnutls_x509_crt_init(&host_cert);
if ( GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null) ) {
gnutls_x509_privkey_init(&root_privkey);
- /* get certificate stored in config */
- *host_cert_b64 = get_host_certificate();
- *root_cert_b64 = get_root_certificate();
-
+ /* get root cert */
gnutls_datum_t pem_root_cert = {NULL, 0};
- pem_root_cert.data = g_base64_decode (*root_cert_b64, &pem_root_cert.size);
-
+ ret = get_root_certificate(&pem_root_cert);
ret = gnutls_x509_crt_import (root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM);
- gnutls_free(pem_root_cert.data);
+
+ /* get host cert */
+ gnutls_datum_t pem_host_cert = {NULL, 0};
+ ret = get_host_certificate(&pem_host_cert);
+ ret = gnutls_x509_crt_import (host_cert, &pem_host_cert, GNUTLS_X509_FMT_PEM);
+
/* get root private key */
- char *root_priv_b64 = get_root_private_key();
gnutls_datum_t pem_root_priv = {NULL, 0};
- pem_root_priv.data = g_base64_decode (root_priv_b64, &pem_root_priv.size);
-
+ ret = get_root_private_key(&pem_root_priv);
ret = gnutls_x509_privkey_import (root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM);
- gnutls_free(pem_root_priv.data);
+
/* generate device certificate */
@@ -418,8 +420,13 @@ int lockdownd_gen_pair_cert(char *public_key_b64, char **device_cert_b64, char *
/* now encode certificates for output */
*device_cert_b64 = g_base64_encode(dev_pem.data, dev_pem.size);
+ *host_cert_b64 = g_base64_encode(pem_host_cert.data, pem_host_cert.size);
+ *root_cert_b64 = g_base64_encode(pem_root_cert.data, pem_root_cert.size);
ret = 1;
}
+ gnutls_free(pem_root_priv.data);
+ gnutls_free(pem_root_cert.data);
+ gnutls_free(pem_host_cert.data);
}
}