rsyslog/tools/logsigner.c

/* This is a tool for offline signing logfiles via the guardtime API.
 *
 * NOTE: this currently is only a PoC and WiP! NOT suitable for
 *       production use!
 *
 * Current hardcoded timestamper (use this if you do not have an
 * idea of which one else to use):
 *    http://stamper.guardtime.net/gt-signingservice
 * Check the GuardTime website for the URLs of nearest public services.
 *
 * Copyright 2013 Adiscon GmbH
 *
 * This file is part of rsyslog.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *       -or-
 *       see COPYING.ASL20 in the source distribution
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#ifdef HAVE_CONFIG_H
    #include "config.h"
#endif
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <gt_base.h>
#include <gt_http.h>

#include "librsgt.h"


#if 0
void
outputhash(GTDataHash *hash)
{
	int i;
	for(i = 0 ; i < hash->digest_length ; ++i)
		printf("%2.2x", hash->digest[i]);
	printf("\n");
}

void
timestampIt(GTDataHash *hash)
{
	int r = GT_OK;
	GTTimestamp *timestamp = NULL;
	unsigned char *der = NULL;
	char *sigFile = "logsigner.TIMESTAMP";
	size_t der_len;

	/* Get the timestamp. */
	r = GTHTTP_createTimestampHash(hash,
		"http://stamper.guardtime.net/gt-signingservice", &timestamp);

	if(r != GT_OK) {
		fprintf(stderr, "GTHTTP_createTimestampHash() failed: %d (%s)\n",
				r, GTHTTP_getErrorString(r));
		goto done;
	}

	/* Encode timestamp. */
	r = GTTimestamp_getDEREncoded(timestamp, &der, &der_len);
	if(r != GT_OK) {
		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
				r, GT_getErrorString(r));
		goto done;
	}

	/* Save DER-encoded timestamp to file. */
	r = GT_saveFile(sigFile, der, der_len);
	if(r != GT_OK) {
		fprintf(stderr, "Cannot save timestamp to file %s: %d (%s)\n",
				sigFile, r, GT_getErrorString(r));
		if(r == GT_IO_ERROR) {
			fprintf(stderr, "\t%d (%s)\n", errno, strerror(errno));
		}
		goto done;
	}
	printf("Timestamping succeeded!\n");
done:
	GT_free(der);
	GTTimestamp_free(timestamp);
}


void
sign(const char *buf, const size_t len)
{
	int r;
	GTDataHash *hash = NULL;

	printf("hash for '%s' is ", buf);
	r = GTDataHash_create(GT_HASHALG_SHA256, (const unsigned char*)buf, len, &hash);
	if(r != GT_OK) {
		fprintf(stderr, "GTTDataHash_create() failed: %d (%s)\n",
				r, GT_getErrorString(r));
		goto done;
	}
	outputhash(hash);
	timestampIt(hash); /* of course, this needs to be moved to once at end ;) */
done:	GTDataHash_free(hash);
}
#endif

void processFile(char *name) {
    FILE *fp;
    size_t len;
    char line[64 * 1024 + 1];
    gtctx ctx = NULL;

    ctx = rsgtCtxNew((unsigned char *)"SIGFILE", GT_HASHALG_SHA256);
    sigblkInit(ctx);
    if (!strcmp(name, "-"))
        fp = stdin;
    else
        fp = fopen(name, "r");

    while (1) {
        if (fgets(line, sizeof(line), fp) == NULL) {
            if (!feof(fp)) perror(name);
            break;
        }
        len = strlen(line);
        if (line[len - 1] == '\n') {
            --len;
            line[len] = '\0';
        }
        // sign(line, len);
        sigblkAddRecord(ctx, (unsigned char *)line, len);
    }

    if (fp != stdin) fclose(fp);
    sigblkFinish(ctx);
    rsgtCtxDel(ctx);
}


int main(int argc, char *argv[]) {
    rsgtInit("rsyslog logsigner " VERSION);
    processFile("-");
    rsgtExit();
    return 0;
}