jami/jami-daemon
1
0
Fork 0
mirror of https://git.jami.net/savoirfairelinux/jami-daemon.git synced 2025-08-12 22:09:25 +08:00
Code Issues Projects Releases Wiki Activity

security: Exported DBus constants in a .h

Browse Source 
This commit also fix various issues with the TLSValidator:

 * Remove dead code (-Wunused)
 * Handle exeptions in configurationmanager (runtime assert)
 * Add missing construction initializer (-Wuninitialized)

Refs #64785

Change-Id: I315396b2a3a29d097743ce825cda91235a6e7936
This commit is contained in:
Emmanuel Lepage Vallee
2015-01-28 19:42:12 +00:00
committed by Guillaume Roguez
parent 84e024aa62
commit 7fcb3514a6
21 changed files with 211 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
daemon/bin/Makefile.am
View File

@ -9,7 +9,7 @@ if HAVE_OSX
libexec_PROGRAMS = ringcli
ringcli_SOURCES = osxmain.cpp
ringcli_CXXFLAGS = -I$(top_srcdir)/src \
-I$(top_srcdir)/src/public \
-I$(top_srcdir)/src/dring \
-DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\"
ringcli_LDADD = $(top_builddir)/src/libring.la
endif
@ -22,7 +22,7 @@ libexec_PROGRAMS = dring
dring_SOURCES = main.cpp
dring_CXXFLAGS= -I$(top_srcdir)/src ${DBUSCPP_CFLAGS} \
-I$(top_srcdir)/src/public \
-I$(top_srcdir)/src/dring \
-DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\"
dring_LDADD = dbus/libclient_dbus.la ${DBUSCPP_LIBS} $(top_builddir)/src/libring.la

2
daemon/bin/dbus/Makefile.am
View File

@ -49,7 +49,7 @@ endif
libclient_dbus_la_CXXFLAGS = -I../ \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/public \
-I$(top_srcdir)/src/dring \
-DPREFIX=\"$(prefix)\" \
-DPROGSHAREDIR=\"${datadir}/ring\" \
$(DBUSCPP_CFLAGS)

2
daemon/bin/dbus/configurationmanager-introspec.xml
View File

@ -646,6 +646,7 @@
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate validation</p>
The constants used as keys are defined in the "security.h" constants header file
</tp:docstring>
</arg>
</method>
@ -660,6 +661,7 @@
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate details</p>
The constants used as keys are defined in the "security.h" constants header file
</tp:docstring>
</arg>
</method>

2
daemon/bin/dbus/dbuscallmanager.cpp
View File

@ -28,7 +28,7 @@
* as that of the covered work.
*/
#include <iostream>
#include "ring.h"
#include "dring.h"
#include "dbuscallmanager.h"

2
daemon/bin/dbus/dbusclient.cpp
View File

@ -31,7 +31,7 @@
#include <iostream>
#include <cstring>
#include <stdexcept>
#include "ring.h"
#include "dring.h"
#include "dbusclient.h"
#include "dbus_cpp.h"

2
daemon/bin/dbus/dbusclient.h
View File

@ -31,7 +31,7 @@
#ifndef __DBUSCLIENT_H__
#define __DBUSCLIENT_H__
#include "ring.h"
#include "dring.h"
#include "noncopyable.h"
class DBusConfigurationManager;

2
daemon/bin/dbus/dbusconfigurationmanager.cpp
View File

@ -28,7 +28,7 @@
* as that of the covered work.
*/
#include <iostream>
#include "ring.h"
#include "dring.h"
#include "dbusconfigurationmanager.h"

2
daemon/bin/dbus/dbuspresencemanager.cpp
View File

@ -27,7 +27,7 @@
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "ring.h"
#include "dring.h"
#include "dbuspresencemanager.h"

2
daemon/bin/dbus/dbusvideomanager.cpp
View File

@ -27,7 +27,7 @@
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "ring.h"
#include "dring.h"
#include "dbusvideomanager.h"

2
daemon/bin/osxmain.cpp
View File

@ -36,7 +36,7 @@
#include <getopt.h>
#include <string>
#include "ring.h"
#include "dring.h"
#include "fileutils.h"
static int sflphFlags = 0;

2
daemon/globals.mak
View File

@ -26,7 +26,7 @@ AM_CPPFLAGS = \
-I$(src)/src/config \
-I$(src)/src/media \
-I$(src)/test \
-I$(src)/src/public \
-I$(src)/src/dring \
$(SIP_CFLAGS) \
-DPREFIX=\"$(prefix)\" \
-DPROGSHAREDIR=\"${datadir}/ring\" \

3
daemon/src/Makefile.am
View File

@ -133,3 +133,6 @@ libring_la_SOURCES = conference.cpp \
string_utils.cpp \
rw_mutex.h \
ring_api.cpp
nobase_include_HEADERS= dring/dring.h \
dring/security.h

2
daemon/src/client/callmanager.h
View File

@ -40,7 +40,7 @@
#include <vector>
#include <string>
#include "ring.h"
#include "dring.h"
namespace ring {

26
daemon/src/client/configurationmanager.cpp
View File

@ -45,6 +45,7 @@
#include "fileutils.h"
#include "ip_utils.h"
#include "sip/sipaccount.h"
#include "security.h"
#include "audio/audiolayer.h"
#include <dirent.h>
@ -142,13 +143,21 @@ void ConfigurationManager::setTlsSettings(const std::map<std::string, std::strin
accountsChanged();
}
std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string& accountId,
std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string&,
const std::string& certificate,
const std::string& privateKey)
{
#if HAVE_TLS && HAVE_DHT
TlsValidator validator(certificate,privateKey);
return validator.getSerializedChecks();
try {
TlsValidator validator(certificate,privateKey);
return validator.getSerializedChecks();
}
catch(const std::runtime_error& e) {
std::map<std::string, std::string> res;
RING_WARN("Certificate loading failed");
res[DRing::Certificate::ChecksNames::EXIST] = DRing::Certificate::CheckValuesNames::FAILED;
return res;
}
#else
RING_WARN("TLS not supported");
return std::map<std::string, std::string>();
@ -158,12 +167,17 @@ std::map<std::string, std::string> ConfigurationManager::validateCertificate(con
std::map<std::string, std::string> ConfigurationManager::getCertificateDetails(const std::string& certificate)
{
#if HAVE_TLS && HAVE_DHT
TlsValidator validator(certificate,"");
return validator.getSerializedDetails();
try {
TlsValidator validator(certificate,"");
return validator.getSerializedDetails();
}
catch(const std::runtime_error& e) {
RING_WARN("Certificate loading failed");
}
#else
RING_WARN("TLS not supported");
return std::map<std::string, std::string>();
#endif
return std::map<std::string, std::string>();
}
void ConfigurationManager::setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details)

2
daemon/src/client/configurationmanager.h
View File

@ -42,7 +42,7 @@
#include <map>
#include <string>
#include "ring.h"
#include "dring.h"
namespace ring {

2
daemon/src/client/presencemanager.h
View File

@ -38,7 +38,7 @@
#include <vector>
#include <string>
#include "ring.h"
#include "dring.h"
namespace ring {

2
daemon/src/client/videomanager.h
View File

@ -43,7 +43,7 @@
#include "video/video_base.h"
#include "video/video_input.h"
#include "ring.h"
#include "dring.h"
namespace ring {

0
daemon/src/public/ring.h → daemon/src/dring/dring.h
View File

111
daemon/src/dring/security.h Normal file
View File

@ -0,0 +1,111 @@
/*
* Copyright (C) 2015 Savoir-Faire Linux Inc.
* Author: Philippe Proulx <philippe.proulx@savoirfairelinux.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify this program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, Savoir-Faire Linux Inc.
* grants you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
namespace DRing {
namespace Certificate {
/**
* Those constantes are used by the ConfigurationManager.validateCertificate method
*/
namespace ChecksNames {
constexpr static char* HAS_PRIVATE_KEY = "HAS_PRIVATE_KEY" ;
constexpr static char* EXPIRED = "EXPIRED" ;
constexpr static char* STRONG_SIGNING = "STRONG_SIGNING" ;
constexpr static char* NOT_SELF_SIGNED = "NOT_SELF_SIGNED" ;
constexpr static char* KEY_MATCH = "KEY_MATCH" ;
constexpr static char* PRIVATE_KEY_STORAGE_PERMISSION = "PRIVATE_KEY_STORAGE_PERMISSION" ;
constexpr static char* PUBLIC_KEY_STORAGE_PERMISSION = "PUBLIC_KEY_STORAGE_PERMISSION" ;
constexpr static char* PRIVATE_KEY_DIRECTORY_PERMISSIONS = "PRIVATEKEY_DIRECTORY_PERMISSIONS";
constexpr static char* PUBLIC_KEY_DIRECTORY_PERMISSIONS = "PUBLICKEY_DIRECTORY_PERMISSIONS" ;
constexpr static char* PRIVATE_KEY_STORAGE_LOCATION = "PRIVATE_KEY_STORAGE_LOCATION" ;
constexpr static char* PUBLIC_KEY_STORAGE_LOCATION = "PUBLIC_KEY_STORAGE_LOCATION" ;
constexpr static char* PRIVATE_KEY_SELINUX_ATTRIBUTES = "PRIVATE_KEY_SELINUX_ATTRIBUTES" ;
constexpr static char* PUBLIC_KEY_SELINUX_ATTRIBUTES = "PUBLIC_KEY_SELINUX_ATTRIBUTES" ;
constexpr static char* OUTGOING_SERVER = "OUTGOING_SERVER" ;
constexpr static char* EXIST = "EXIST" ;
constexpr static char* VALID = "VALID" ;
constexpr static char* VALID_AUTHORITY = "VALID_AUTHORITY" ;
constexpr static char* KNOWN_AUTHORITY = "KNOWN_AUTHORITY" ;
constexpr static char* NOT_REVOKED = "NOT_REVOKED" ;
constexpr static char* AUTHORITY_MISMATCH = "AUTHORITY_MISMATCH" ;
constexpr static char* UNEXPECTED_OWNER = "UNEXPECTED_OWNER" ;
constexpr static char* NOT_ACTIVATED = "NOT_ACTIVATED" ;
} //namespace DRing::Certificate::CheckValuesNames
/**
* Those constants are used by the ConfigurationManager.getCertificateDetails method
*/
namespace DetailsNames {
constexpr static char* EXPIRATION_DATE = "EXPIRATION_DATE" ;
constexpr static char* ACTIVATION_DATE = "ACTIVATION_DATE" ;
constexpr static char* REQUIRE_PRIVATE_KEY_PASSWORD = "REQUIRE_PRIVATE_KEY_PASSWORD" ;
constexpr static char* PUBLIC_SIGNATURE = "PUBLIC_SIGNATURE" ;
constexpr static char* VERSION_NUMBER = "VERSION_NUMBER" ;
constexpr static char* SERIAL_NUMBER = "SERIAL_NUMBER" ;
constexpr static char* ISSUER = "ISSUER" ;
constexpr static char* SUBJECT_KEY_ALGORITHM = "SUBJECT_KEY_ALGORITHM" ;
constexpr static char* CN = "CN" ;
constexpr static char* N = "N" ;
constexpr static char* O = "O" ;
constexpr static char* SIGNATURE_ALGORITHM = "SIGNATURE_ALGORITHM" ;
constexpr static char* MD5_FINGERPRINT = "MD5_FINGERPRINT" ;
constexpr static char* SHA1_FINGERPRINT = "SHA1_FINGERPRINT" ;
constexpr static char* PUBLIC_KEY_ID = "PUBLIC_KEY_ID" ;
constexpr static char* ISSUER_DN = "ISSUER_DN" ;
constexpr static char* NEXT_EXPECTED_UPDATE_DATE = "NEXT_EXPECTED_UPDATE_DATE" ;
} //namespace DRing::Certificate::CheckValuesNames
/**
* Those constants are used by the ConfigurationManager.getCertificateDetails and
* ConfigurationManager.validateCertificate methods
*/
namespace ChecksValuesTypesNames {
constexpr static char* BOOLEAN = "BOOLEAN" ;
constexpr static char* ISO_DATE = "ISO_DATE" ;
constexpr static char* CUSTOM = "CUSTOM" ;
constexpr static char* NUMBER = "NUMBER" ;
} //namespace DRing::Certificate::CheckValuesNames
/**
* Those constantes are used by the ConfigurationManager.validateCertificate method
*/
namespace CheckValuesNames {
constexpr static char* PASSED = "PASSED" ;
constexpr static char* FAILED = "FAILED" ;
constexpr static char* UNSUPPORTED = "UNSUPPORTED";
constexpr static char* ISO_DATE = "ISO_DATE" ;
constexpr static char* CUSTOM = "CUSTOM" ;
constexpr static char* DATE = "DATE" ;
} //namespace DRing::Certificate::CheckValuesNames
} //namespace DRing::Certificate
} //namespace DRing

2
daemon/src/ring_api.cpp
View File

@ -39,7 +39,7 @@
#include "manager.h"
#include "managerimpl.h"
#include "logger.h"
#include "ring.h"
#include "dring.h"
#include "client/callmanager.h"
#include "client/configurationmanager.h"
#include "client/presencemanager.h"

153
daemon/src/sip/tlsvalidator.cpp
View File

@ -40,6 +40,7 @@
#include "fileutils.h"
#include "logger.h"
#include "security.h"
#include <sstream>
#include <iomanip>
@ -63,14 +64,16 @@
namespace ring {
//Map the internal ring Enum class of the exported names
const EnumClassNames<TlsValidator::CheckValues> TlsValidator::CheckValuesNames = {{
/* CheckValues Name */
/* PASSED */ "PASSED" ,
/* FAILED */ "FAILED" ,
/* UNSUPPORTED */ "UNSUPPORTED" ,
/* ISO_DATE */ "ISO_DATE" ,
/* CUSTOM */ "CUSTOM" ,
/* CUSTOM */ "DATE" ,
/* CheckValues Name */
/* PASSED */ DRing::Certificate::CheckValuesNames::PASSED ,
/* FAILED */ DRing::Certificate::CheckValuesNames::FAILED ,
/* UNSUPPORTED */ DRing::Certificate::CheckValuesNames::UNSUPPORTED ,
/* ISO_DATE */ DRing::Certificate::CheckValuesNames::ISO_DATE ,
/* CUSTOM */ DRing::Certificate::CheckValuesNames::CUSTOM ,
/* CUSTOM */ DRing::Certificate::CheckValuesNames::DATE ,
}};
const CallbackMatrix1D<TlsValidator::CertificateCheck, TlsValidator, TlsValidator::CheckResult> TlsValidator::checkCallback = {{
@ -99,7 +102,6 @@ const CallbackMatrix1D<TlsValidator::CertificateCheck, TlsValidator, TlsValidato
/*NOT_ACTIVATED */ &TlsValidator::activated ,
}};
const CallbackMatrix1D<TlsValidator::CertificateDetails, TlsValidator, TlsValidator::CheckResult> TlsValidator::getterCallback = {{
/* EXPIRATION_DATE */ &TlsValidator::getExpirationDate ,
/* ACTIVATION_DATE */ &TlsValidator::getActivationDate ,
@ -135,75 +137,69 @@ const Matrix1D<TlsValidator::CertificateCheck, TlsValidator::CheckValuesType> Tl
/*PUBLIC_KEY_STORAGE_LOCATION */ CheckValuesType::BOOLEAN ,
/*PRIVATE_KEY_SELINUX_ATTRIBUTES */ CheckValuesType::BOOLEAN ,
/*PUBLIC_KEY_SELINUX_ATTRIBUTES */ CheckValuesType::BOOLEAN ,
// /*REQUIRE_PRIVATE_KEY_PASSWORD */ CheckValuesType::BOOLEAN ,
/*OUTGOING_SERVER */ CheckValuesType::CUSTOM ,
/*EXIST */ CheckValuesType::BOOLEAN ,
/*VALID */ CheckValuesType::BOOLEAN ,
/*VALID_AUTHORITY */ CheckValuesType::BOOLEAN ,
/*KNOWN_AUTHORITY */ CheckValuesType::BOOLEAN ,
/*NOT_REVOKED */ CheckValuesType::BOOLEAN ,
// /*EXPIRATION_DATE */ CheckValuesType::ISO_DATE,
// /*ACTIVATION_DATE */ CheckValuesType::ISO_DATE,
/*AUTHORITY_MISMATCH */ CheckValuesType::BOOLEAN ,
/*UNEXPECTED_OWNER */ CheckValuesType::BOOLEAN ,
/*NOT_ACTIVATED */ CheckValuesType::BOOLEAN ,
}};
const EnumClassNames<TlsValidator::CertificateCheck> TlsValidator::CertificateCheckNames = {{
/* CertificateCheck Name */
/*HAS_PRIVATE_KEY */ "HAS_PRIVATE_KEY" ,
/*EXPIRED */ "EXPIRED" ,
/*STRONG_SIGNING */ "STRONG_SIGNING" ,
/*NOT_SELF_SIGNED */ "NOT_SELF_SIGNED" ,
/*KEY_MATCH */ "KEY_MATCH" ,
/*PRIVATE_KEY_STORAGE_PERMISSION */ "PRIVATE_KEY_STORAGE_PERMISSION" ,
/*PUBLIC_KEY_STORAGE_PERMISSION */ "PUBLIC_KEY_STORAGE_PERMISSION" ,
/*PRIVATEKEY_DIRECTORY_PERMISSIONS */ "PRIVATEKEY_DIRECTORY_PERMISSIONS" ,
/*PUBLICKEY_DIRECTORY_PERMISSIONS */ "PUBLICKEY_DIRECTORY_PERMISSIONS" ,
/*PRIVATE_KEY_STORAGE_LOCATION */ "PRIVATE_KEY_STORAGE_LOCATION" ,
/*PUBLIC_KEY_STORAGE_LOCATION */ "PUBLIC_KEY_STORAGE_LOCATION" ,
/*PRIVATE_KEY_SELINUX_ATTRIBUTES */ "PRIVATE_KEY_SELINUX_ATTRIBUTES" ,
/*PUBLIC_KEY_SELINUX_ATTRIBUTES */ "PUBLIC_KEY_SELINUX_ATTRIBUTES" ,
// /*REQUIRE_PRIVATE_KEY_PASSWORD */ "REQUIRE_PRIVATE_KEY_PASSWORD" , // TODO move to certificateDetails()
/*OUTGOING_SERVER */ "OUTGOING_SERVER" ,
/*EXIST */ "EXIST" ,
/*VALID */ "VALID" ,
/*VALID_AUTHORITY */ "VALID_AUTHORITY" ,
/*KNOWN_AUTHORITY */ "KNOWN_AUTHORITY" ,
/*NOT_REVOKED */ "NOT_REVOKED" ,
// /*EXPIRATION_DATE */ "EXPIRATION_DATE" , // TODO move to certificateDetails()
// /*ACTIVATION_DATE */ "ACTIVATION_DATE" , // TODO move to certificateDetails()
/*AUTHORITY_MISMATCH */ "AUTHORITY_MISMATCH" ,
/*UNEXPECTED_OWNER */ "UNEXPECTED_OWNER" ,
/*NOT_ACTIVATED */ "NOT_ACTIVATED" ,
/* CertificateCheck Name */
/*HAS_PRIVATE_KEY */ DRing::Certificate::ChecksNames::HAS_PRIVATE_KEY ,
/*EXPIRED */ DRing::Certificate::ChecksNames::EXPIRED ,
/*STRONG_SIGNING */ DRing::Certificate::ChecksNames::STRONG_SIGNING ,
/*NOT_SELF_SIGNED */ DRing::Certificate::ChecksNames::NOT_SELF_SIGNED ,
/*KEY_MATCH */ DRing::Certificate::ChecksNames::KEY_MATCH ,
/*PRIVATE_KEY_STORAGE_PERMISSION */ DRing::Certificate::ChecksNames::PRIVATE_KEY_STORAGE_PERMISSION ,
/*PUBLIC_KEY_STORAGE_PERMISSION */ DRing::Certificate::ChecksNames::PUBLIC_KEY_STORAGE_PERMISSION ,
/*PRIVATEKEY_DIRECTORY_PERMISSIONS */ DRing::Certificate::ChecksNames::PRIVATE_KEY_DIRECTORY_PERMISSIONS ,
/*PUBLICKEY_DIRECTORY_PERMISSIONS */ DRing::Certificate::ChecksNames::PUBLIC_KEY_DIRECTORY_PERMISSIONS ,
/*PRIVATE_KEY_STORAGE_LOCATION */ DRing::Certificate::ChecksNames::PRIVATE_KEY_STORAGE_LOCATION ,
/*PUBLIC_KEY_STORAGE_LOCATION */ DRing::Certificate::ChecksNames::PUBLIC_KEY_STORAGE_LOCATION ,
/*PRIVATE_KEY_SELINUX_ATTRIBUTES */ DRing::Certificate::ChecksNames::PRIVATE_KEY_SELINUX_ATTRIBUTES ,
/*PUBLIC_KEY_SELINUX_ATTRIBUTES */ DRing::Certificate::ChecksNames::PUBLIC_KEY_SELINUX_ATTRIBUTES ,
/*OUTGOING_SERVER */ DRing::Certificate::ChecksNames::OUTGOING_SERVER ,
/*EXIST */ DRing::Certificate::ChecksNames::EXIST ,
/*VALID */ DRing::Certificate::ChecksNames::VALID ,
/*VALID_AUTHORITY */ DRing::Certificate::ChecksNames::VALID_AUTHORITY ,
/*KNOWN_AUTHORITY */ DRing::Certificate::ChecksNames::KNOWN_AUTHORITY ,
/*NOT_REVOKED */ DRing::Certificate::ChecksNames::NOT_REVOKED ,
/*AUTHORITY_MISMATCH */ DRing::Certificate::ChecksNames::AUTHORITY_MISMATCH ,
/*UNEXPECTED_OWNER */ DRing::Certificate::ChecksNames::UNEXPECTED_OWNER ,
/*NOT_ACTIVATED */ DRing::Certificate::ChecksNames::NOT_ACTIVATED ,
}};
const EnumClassNames<TlsValidator::CertificateDetails> TlsValidator::CertificateDetailsNames = {{
/* EXPIRATION_DATE */ "EXPIRATION_DATE" ,
/* ACTIVATION_DATE */ "ACTIVATION_DATE" ,
/* REQUIRE_PRIVATE_KEY_PASSWORD */ "REQUIRE_PRIVATE_KEY_PASSWORD" ,
/* PUBLIC_SIGNATURE */ "PUBLIC_SIGNATURE" ,
/* VERSION_NUMBER */ "VERSION_NUMBER" ,
/* SERIAL_NUMBER */ "SERIAL_NUMBER" ,
/* ISSUER */ "ISSUER" ,
/* SUBJECT_KEY_ALGORITHM */ "SUBJECT_KEY_ALGORITHM" ,
/* CN */ "CN" ,
/* N */ "N" ,
/* O */ "O" ,
/* SIGNATURE_ALGORITHM */ "SIGNATURE_ALGORITHM" ,
/* MD5_FINGERPRINT */ "MD5_FINGERPRINT" ,
/* SHA1_FINGERPRINT */ "SHA1_FINGERPRINT" ,
/* PUBLIC_KEY_ID */ "PUBLIC_KEY_ID" ,
/* ISSUER_DN */ "ISSUER_DN" ,
/* NEXT_EXPECTED_UPDATE_DATE */ "NEXT_EXPECTED_UPDATE_DATE" ,
/* EXPIRATION_DATE */ DRing::Certificate::DetailsNames::EXPIRATION_DATE ,
/* ACTIVATION_DATE */ DRing::Certificate::DetailsNames::ACTIVATION_DATE ,
/* REQUIRE_PRIVATE_KEY_PASSWORD */ DRing::Certificate::DetailsNames::REQUIRE_PRIVATE_KEY_PASSWORD ,
/* PUBLIC_SIGNATURE */ DRing::Certificate::DetailsNames::PUBLIC_SIGNATURE ,
/* VERSION_NUMBER */ DRing::Certificate::DetailsNames::VERSION_NUMBER ,
/* SERIAL_NUMBER */ DRing::Certificate::DetailsNames::SERIAL_NUMBER ,
/* ISSUER */ DRing::Certificate::DetailsNames::ISSUER ,
/* SUBJECT_KEY_ALGORITHM */ DRing::Certificate::DetailsNames::SUBJECT_KEY_ALGORITHM ,
/* CN */ DRing::Certificate::DetailsNames::CN ,
/* N */ DRing::Certificate::DetailsNames::N ,
/* O */ DRing::Certificate::DetailsNames::O ,
/* SIGNATURE_ALGORITHM */ DRing::Certificate::DetailsNames::SIGNATURE_ALGORITHM ,
/* MD5_FINGERPRINT */ DRing::Certificate::DetailsNames::MD5_FINGERPRINT ,
/* SHA1_FINGERPRINT */ DRing::Certificate::DetailsNames::SHA1_FINGERPRINT ,
/* PUBLIC_KEY_ID */ DRing::Certificate::DetailsNames::PUBLIC_KEY_ID ,
/* ISSUER_DN */ DRing::Certificate::DetailsNames::ISSUER_DN ,
/* NEXT_EXPECTED_UPDATE_DATE */ DRing::Certificate::DetailsNames::NEXT_EXPECTED_UPDATE_DATE ,
}};
const EnumClassNames<const TlsValidator::CheckValuesType> TlsValidator::CheckValuesTypeNames = {{
/* Type Name */
/* BOOLEAN */ "BOOLEAN" ,
/* ISO_DATE */ "ISO_DATE" ,
/* CUSTOM */ "CUSTOM" ,
/* NUMBER */ "NUMBER" ,
/* Type Name */
/* BOOLEAN */ DRing::Certificate::ChecksValuesTypesNames::BOOLEAN ,
/* ISO_DATE */ DRing::Certificate::ChecksValuesTypesNames::ISO_DATE ,
/* CUSTOM */ DRing::Certificate::ChecksValuesTypesNames::CUSTOM ,
/* NUMBER */ DRing::Certificate::ChecksValuesTypesNames::NUMBER ,
}};
const Matrix2D<TlsValidator::CheckValuesType , TlsValidator::CheckValues , bool> TlsValidator::acceptedCheckValuesResult = {{
@ -216,7 +212,8 @@ const Matrix2D<TlsValidator::CheckValuesType , TlsValidator::CheckValues , bool>
TlsValidator::TlsValidator(const std::string& certificate, const std::string& privatekey) :
certificatePath_(certificate), privateKeyPath_(privatekey), caCert_(nullptr), caChecked_(false)
certificatePath_(certificate), privateKeyPath_(privatekey), certificateFound_(false), caCert_(nullptr),
caChecked_(false)
{
int err = gnutls_global_init();
if (err != GNUTLS_E_SUCCESS)
@ -225,6 +222,7 @@ certificatePath_(certificate), privateKeyPath_(privatekey), caCert_(nullptr), ca
try {
x509crt_ = {fileutils::loadFile(certificatePath_)};
certificateContent_ = x509crt_.getPacked();
certificateFound_ = true;
} catch (const std::exception& e) {
throw TlsValidatorException("Can't load certificate");
}
@ -351,39 +349,6 @@ void TlsValidator::setCaTlsValidator(const TlsValidator& validator)
caCert_ = (TlsValidator*)(&validator);
}
/**
* Print the Subject, the Issuer and the Verification status of a given certificate.
*
* @todo Move to "certificateDetails()" once completed
*/
static int crypto_cert_print_issuer(gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer)
{
char name[512];
char issuer_name[512];
size_t name_size;
size_t issuer_name_size;
issuer_name_size = sizeof(issuer_name);
gnutls_x509_crt_get_issuer_dn(cert, issuer_name,
&issuer_name_size);
name_size = sizeof(name);
gnutls_x509_crt_get_dn(cert, name, &name_size);
RING_DBG("Subject: %s", name);
RING_DBG("Issuer: %s", issuer_name);
if (issuer != nullptr) {
issuer_name_size = sizeof(issuer_name);
gnutls_x509_crt_get_dn(issuer, issuer_name, &issuer_name_size);
RING_DBG("Verified against: %s", issuer_name);
}
return 0;
}
/**
* Helper method to return UNSUPPORTED when an error is detected
*/
@ -1177,4 +1142,4 @@ TlsValidator::CheckResult TlsValidator::getActivationDate()
return formatDate(expiration);
}
} // namespace ring
} //namespace ring