aniani/profanity
1
0
Fork 0
mirror of https://github.com/profanity-im/profanity.git synced 2024-11-03 19:37:16 -05:00
Code

Show current TLS certificate

Browse Source
This commit is contained in:
James Booth 2015-11-10 01:20:40 +00:00
parent bee27f4773
commit 9302188a32
9 changed files with 98 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/command/commands.c
View File

@ -207,24 +207,7 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
} }
while (curr) { while (curr) {
TLSCertificate *cert = curr->data; TLSCertificate *cert = curr->data;
if (cert->fingerprint) { cons_show_tlscert(cert);
cons_show("Fingerprint : %s", cert->fingerprint);
}
if (cert->domain) {
cons_show("Domain : %s", cert->domain);
}
if (cert->organisation) {
cons_show("Organisation : %s", cert->organisation);
}
if (cert->email) {
cons_show("Email : %s", cert->email);
}
if (cert->notbefore) {
cons_show("Start : %s", cert->notbefore);
}
if (cert->notafter) {
cons_show("End : %s", cert->notafter);
}
cons_show(""); cons_show("");
curr = g_list_next(curr); curr = g_list_next(curr);
} }
@ -264,9 +247,11 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
cons_show("No TLS connection established"); cons_show("No TLS connection established");
return TRUE; return TRUE;
} }
char *cert = jabber_get_tls_peer_cert(); TLSCertificate *cert = jabber_get_tls_peer_cert();
if (cert) { if (cert) {
cons_show("TLS certificate fingerprint: %s", cert); cons_show_tlscert(cert);
cons_show("");
tlscerts_free(cert);
} else { } else {
cons_show("Error getting TLS fingerprint."); cons_show("Error getting TLS fingerprint.");
} }

64
src/config/tlscerts.c
View File

@ -119,13 +119,11 @@ tlscerts_list(void)
int i = 0; int i = 0;
for (i = 0; i < g_strv_length(groups); i++) { for (i = 0; i < g_strv_length(groups); i++) {
char *fingerprint = strdup(groups[i]); char *fingerprint = strdup(groups[i]);
char *domain = g_key_file_get_string(tlscerts, fingerprint, "domain", NULL); char *subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
char *organisation = g_key_file_get_string(tlscerts, fingerprint, "organisation", NULL);
char *email = g_key_file_get_string(tlscerts, fingerprint, "email", NULL);
char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL); char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL); char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
TLSCertificate *cert = tlscerts_new(fingerprint, domain, organisation, email, notbefore, notafter); TLSCertificate *cert = tlscerts_new(fingerprint, subjectname, notbefore, notafter);
res = g_list_append(res, cert); res = g_list_append(res, cert);
} }
@ -138,30 +136,21 @@ tlscerts_list(void)
} }
TLSCertificate* TLSCertificate*
tlscerts_new(const char *const fingerprint, const char *const domain, const char *const organisation, tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore,
const char *const email, const char *const notbefore, const char *const notafter) const char *const notafter)
{ {
TLSCertificate *cert = malloc(sizeof(TLSCertificate)); TLSCertificate *cert = malloc(sizeof(TLSCertificate));
if (subjectname) {
cert->subjectname = strdup(subjectname);
} else {
cert->subjectname = NULL;
}
if (fingerprint) { if (fingerprint) {
cert->fingerprint = strdup(fingerprint); cert->fingerprint = strdup(fingerprint);
} else { } else {
cert->fingerprint = NULL; cert->fingerprint = NULL;
} }
if (domain) {
cert->domain = strdup(domain);
} else {
cert->domain = NULL;
}
if (organisation) {
cert->organisation = strdup(organisation);
} else {
cert->organisation = NULL;
}
if (email) {
cert->email = strdup(email);
} else {
cert->email= NULL;
}
if (notbefore) { if (notbefore) {
cert->notbefore = strdup(notbefore); cert->notbefore = strdup(notbefore);
} else { } else {
@ -173,6 +162,28 @@ tlscerts_new(const char *const fingerprint, const char *const domain, const char
cert->notafter = NULL; cert->notafter = NULL;
} }
cert->domain = NULL;
cert->email = NULL;
cert->organisation = NULL;
gchar** fields = g_strsplit(subjectname, "/", 0);
int i = 0;
for (i = 0; i < g_strv_length(fields); i++) {
gchar** keyval = g_strsplit(fields[i], "=", 2);
if (g_strv_length(keyval) == 2) {
if (g_strcmp0(keyval[0], "CN") == 0) {
cert->domain = strdup(keyval[1]);
}
if (g_strcmp0(keyval[0], "O") == 0) {
cert->organisation = strdup(keyval[1]);
}
if (g_strcmp0(keyval[0], "emailAddress") == 0) {
cert->email = strdup(keyval[1]);
}
}
g_strfreev(keyval);
}
g_strfreev(fields);
return cert; return cert;
} }
@ -189,14 +200,8 @@ tlscerts_add(TLSCertificate *cert)
autocomplete_add(certs_ac, cert->fingerprint); autocomplete_add(certs_ac, cert->fingerprint);
if (cert->domain) { if (cert->subjectname) {
g_key_file_set_string(tlscerts, cert->fingerprint, "domain", cert->domain); g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname);
}
if (cert->organisation) {
g_key_file_set_string(tlscerts, cert->fingerprint, "organisation", cert->organisation);
}
if (cert->email) {
g_key_file_set_string(tlscerts, cert->fingerprint, "email", cert->email);
} }
if (cert->notbefore) { if (cert->notbefore) {
g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore); g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore);
@ -237,6 +242,7 @@ void
tlscerts_free(TLSCertificate *cert) tlscerts_free(TLSCertificate *cert)
{ {
if (cert) { if (cert) {
free(cert->subjectname);
free(cert->fingerprint); free(cert->fingerprint);
free(cert->domain); free(cert->domain);
free(cert->organisation); free(cert->organisation);

6
src/config/tlscerts.h
View File

@ -38,6 +38,7 @@
typedef struct tls_cert_t { typedef struct tls_cert_t {
char *fingerprint; char *fingerprint;
char *domain; char *domain;
char *subjectname;
char *organisation; char *organisation;
char *email; char *email;
char *notbefore; char *notbefore;
@ -46,9 +47,8 @@ typedef struct tls_cert_t {
void tlscerts_init(void); void tlscerts_init(void);
TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const domain, TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore,
const char *const organisation, const char *const email, const char *const notafter);
const char *const notbefore, const char *const notafter);
void tlscerts_set_current(const char *const fp); void tlscerts_set_current(const char *const fp);

57
src/event/server_events.c
View File

@ -716,56 +716,22 @@ sv_ev_muc_occupant_online(const char *const room, const char *const nick, const
} }
int int
sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp, sv_ev_certfail(const char *const errormsg, TLSCertificate *cert)
const char *const notbefore, const char *const notafter)
{ {
// check profanity trusted certs // check profanity trusted certs
if (tlscerts_exists(certfp)) { if (tlscerts_exists(cert->fingerprint)) {
return 1; return 1;
} }
// check current cert // check current cert
char *current_fp = tlscerts_get_current(); char *current_fp = tlscerts_get_current();
if (current_fp && g_strcmp0(current_fp, certfp) == 0) { if (current_fp && g_strcmp0(current_fp, cert->fingerprint) == 0) {
return 1; return 1;
} }
char *domain = NULL;
char *org = NULL;
char *email = NULL;
gchar** fields = g_strsplit(certname, "/", 0);
int i = 0;
for (i = 0; i < g_strv_length(fields); i++) {
gchar** keyval = g_strsplit(fields[i], "=", 2);
if (g_strv_length(keyval) == 2) {
if (g_strcmp0(keyval[0], "CN") == 0) {
domain = strdup(keyval[1]);
}
if (g_strcmp0(keyval[0], "O") == 0) {
org = strdup(keyval[1]);
}
if (g_strcmp0(keyval[0], "emailAddress") == 0) {
email = strdup(keyval[1]);
}
}
g_strfreev(keyval);
}
g_strfreev(fields);
cons_show(""); cons_show("");
cons_show_error("TLS certificate verification failed: %s", errormsg); cons_show_error("TLS certificate verification failed: %s", errormsg);
if (domain) { cons_show_tlscert(cert);
cons_show(" Domain : %s", domain);
}
if (org) {
cons_show(" Organisation : %s", org);
}
if (email) {
cons_show(" Email : %s", email);
}
cons_show(" Fingerprint : %s", certfp);
cons_show(" Start : %s", notbefore);
cons_show(" End : %s", notafter);
cons_show(""); cons_show("");
cons_show("Use '/tls allow' to accept this certificate"); cons_show("Use '/tls allow' to accept this certificate");
cons_show("Use '/tls always' to accept this certificate permanently"); cons_show("Use '/tls always' to accept this certificate permanently");
@ -788,28 +754,17 @@ sv_ev_certfail(const char *const errormsg, const char *const certname, const cha
} }
if (g_strcmp0(cmd, "/tls allow") == 0) { if (g_strcmp0(cmd, "/tls allow") == 0) {
tlscerts_set_current(certfp); tlscerts_set_current(cert->fingerprint);
free(cmd); free(cmd);
free(domain);
free(org);
free(email);
return 1; return 1;
} else if (g_strcmp0(cmd, "/tls always") == 0) { } else if (g_strcmp0(cmd, "/tls always") == 0) {
if (!tlscerts_exists(certfp)) { if (!tlscerts_exists(cert->fingerprint)) {
TLSCertificate *cert = tlscerts_new(certfp, domain, org, email, notbefore, notafter);
tlscerts_add(cert); tlscerts_add(cert);
tlscerts_free(cert);
} }
free(cmd); free(cmd);
free(domain);
free(org);
free(email);
return 1; return 1;
} else { } else {
free(cmd); free(cmd);
free(domain);
free(org);
free(email);
return 0; return 0;
} }
} }

3
src/event/server_events.h
View File

@ -85,8 +85,7 @@ void sv_ev_muc_occupant_online(const char *const room, const char *const nick, c
void sv_ev_roster_update(const char *const barejid, const char *const name, void sv_ev_roster_update(const char *const barejid, const char *const name,
GSList *groups, const char *const subscription, gboolean pending_out); GSList *groups, const char *const subscription, gboolean pending_out);
void sv_ev_roster_received(void); void sv_ev_roster_received(void);
int sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp, int sv_ev_certfail(const char *const errormsg, TLSCertificate *cert);
const char *const notbefore, const char *const notafter);
void sv_ev_lastactivity_response(const char *const from, const int seconds, const char *const msg); void sv_ev_lastactivity_response(const char *const from, const int seconds, const char *const msg);
#endif #endif

22
src/ui/console.c
View File

@ -188,6 +188,28 @@ cons_show_error(const char *const msg, ...)
cons_alert(); cons_alert();
} }
void
cons_show_tlscert(TLSCertificate *cert)
{
if (!cert) {
return;
}
cons_show("Certificate:");
if (cert->domain) {
cons_show(" Domain : %s", cert->domain);
}
if (cert->organisation) {
cons_show(" Organisation : %s", cert->organisation);
}
if (cert->email) {
cons_show(" Email : %s", cert->email);
}
cons_show(" Fingerprint : %s", cert->fingerprint);
cons_show(" Start : %s", cert->notbefore);
cons_show(" End : %s", cert->notafter);
}
void void
cons_show_typing(const char *const barejid) cons_show_typing(const char *const barejid)
{ {

1
src/ui/ui.h
View File

@ -293,6 +293,7 @@ void cons_inpblock_setting(void);
void cons_show_contact_online(PContact contact, Resource *resource, GDateTime *last_activity); void cons_show_contact_online(PContact contact, Resource *resource, GDateTime *last_activity);
void cons_show_contact_offline(PContact contact, char *resource, char *status); void cons_show_contact_offline(PContact contact, char *resource, char *status);
void cons_theme_colours(void); void cons_theme_colours(void);
void cons_show_tlscert(TLSCertificate *cert);
// title bar // title bar
void title_bar_set_presence(contact_presence_t presence); void title_bar_set_presence(contact_presence_t presence);

28
src/xmpp/connection.c
View File

@ -387,16 +387,34 @@ _connection_free_session_data(void)
#ifdef HAVE_LIBMESODE #ifdef HAVE_LIBMESODE
static int static int
_connection_certfail_cb(const char *const certname, const char *const certfp, _connection_certfail_cb(xmpp_tlscert_t *xmpptlscert, const char *const errormsg)
char *const notbefore, const char *const notafter, const char *const errormsg)
{ {
return sv_ev_certfail(errormsg, certname, certfp, notbefore, notafter); char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert);
char *fp = xmpp_conn_tlscert_fp(xmpptlscert);
char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert);
char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert);
TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter);
int res = sv_ev_certfail(errormsg, cert);
tlscerts_free(cert);
return res;
} }
char* TLSCertificate*
jabber_get_tls_peer_cert(void) jabber_get_tls_peer_cert(void)
{ {
return xmpp_conn_tls_peer_cert(jabber_conn.conn); xmpp_tlscert_t *xmpptlscert = xmpp_conn_tls_peer_cert(jabber_conn.conn);
char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert);
char *fp = xmpp_conn_tlscert_fp(xmpptlscert);
char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert);
char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert);
TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter);
xmpp_conn_free_tlscert(jabber_conn.ctx, xmpptlscert);
return cert;
} }
#endif #endif

3
src/xmpp/xmpp.h
View File

@ -45,6 +45,7 @@
#endif #endif
#include "config/accounts.h" #include "config/accounts.h"
#include "config/tlscerts.h"
#include "contact.h" #include "contact.h"
#include "jid.h" #include "jid.h"
#include "tools/autocomplete.h" #include "tools/autocomplete.h"
@ -153,7 +154,7 @@ GList* jabber_get_available_resources(void);
char* jabber_create_uuid(void); char* jabber_create_uuid(void);
void jabber_free_uuid(char *uuid); void jabber_free_uuid(char *uuid);
#ifdef HAVE_LIBMESODE #ifdef HAVE_LIBMESODE
char* jabber_get_tls_peer_cert(void); TLSCertificate* jabber_get_tls_peer_cert(void);
#endif #endif
gboolean jabber_conn_is_secured(void); gboolean jabber_conn_is_secured(void);