From 0bb596e14a34cacbe58da3bed62371bc17e53f11 Mon Sep 17 00:00:00 2001 From: James Booth Date: Tue, 10 Nov 2015 22:46:48 +0000 Subject: [PATCH] Added extra fields to TLSCertificate --- src/config/tlscerts.c | 159 +++++++++++++++++++++++++++++++++++++----- src/config/tlscerts.h | 31 ++++++-- src/ui/console.c | 76 +++++++++++++++++--- src/xmpp/connection.c | 20 ++++-- 4 files changed, 249 insertions(+), 37 deletions(-) diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c index 15433a92..321e04c7 100644 --- a/src/config/tlscerts.c +++ b/src/config/tlscerts.c @@ -119,11 +119,17 @@ tlscerts_list(void) int i = 0; for (i = 0; i < g_strv_length(groups); i++) { char *fingerprint = strdup(groups[i]); + int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL); + char *serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL); char *subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL); + char *issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL); char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL); char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL); + char *keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL); + char *signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL); - TLSCertificate *cert = tlscerts_new(fingerprint, subjectname, notbefore, notafter); + TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore, + notafter, keyalg, signaturealg); res = g_list_append(res, cert); } @@ -136,20 +142,32 @@ tlscerts_list(void) } TLSCertificate* -tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore, - const char *const notafter) +tlscerts_new(const char *const fingerprint, int version, const char *const serialnumber, const char *const subjectname, + const char *const issuername, const char *const notbefore, const char *const notafter, + const char *const key_alg, const char *const signature_alg) { TLSCertificate *cert = malloc(sizeof(TLSCertificate)); + if (fingerprint) { + cert->fingerprint = strdup(fingerprint); + } else { + cert->fingerprint = NULL; + } + cert->version = version; + if (serialnumber) { + cert->serialnumber = strdup(serialnumber); + } else { + cert->serialnumber = NULL; + } if (subjectname) { cert->subjectname = strdup(subjectname); } else { cert->subjectname = NULL; } - if (fingerprint) { - cert->fingerprint = strdup(fingerprint); + if (issuername) { + cert->issuername = strdup(issuername); } else { - cert->fingerprint = NULL; + cert->issuername = NULL; } if (notbefore) { cert->notbefore = strdup(notbefore); @@ -161,23 +179,94 @@ tlscerts_new(const char *const fingerprint, const char *const subjectname, const } else { cert->notafter = NULL; } + if (key_alg) { + cert->key_alg = strdup(key_alg); + } else { + cert->key_alg = NULL; + } + if (signature_alg) { + cert->signature_alg = strdup(signature_alg); + } else { + cert->signature_alg = NULL; + } - cert->domain = NULL; - cert->email = NULL; - cert->organisation = NULL; + cert->subject_country = NULL; + cert->subject_state = NULL; + cert->subject_distinguishedname = NULL; + cert->subject_serialnumber = NULL; + cert->subject_commonname = NULL; + cert->subject_organisation = NULL; + cert->subject_organisation_unit = NULL; + cert->subject_email = NULL; gchar** fields = g_strsplit(subjectname, "/", 0); int i = 0; for (i = 0; i < g_strv_length(fields); i++) { gchar** keyval = g_strsplit(fields[i], "=", 2); if (g_strv_length(keyval) == 2) { - if (g_strcmp0(keyval[0], "CN") == 0) { - cert->domain = strdup(keyval[1]); + if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) { + cert->subject_country = strdup(keyval[1]); } - if (g_strcmp0(keyval[0], "O") == 0) { - cert->organisation = strdup(keyval[1]); + if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) { + cert->subject_state = strdup(keyval[1]); + } + if (g_strcmp0(keyval[0], "dnQualifier") == 0) { + cert->subject_distinguishedname = strdup(keyval[1]); + } + if (g_strcmp0(keyval[0], "serialnumber") == 0) { + cert->subject_serialnumber = strdup(keyval[1]); + } + if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) { + cert->subject_commonname = strdup(keyval[1]); + } + if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) { + cert->subject_organisation = strdup(keyval[1]); + } + if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) { + cert->subject_organisation_unit = strdup(keyval[1]); } if (g_strcmp0(keyval[0], "emailAddress") == 0) { - cert->email = strdup(keyval[1]); + cert->subject_email = strdup(keyval[1]); + } + } + g_strfreev(keyval); + } + g_strfreev(fields); + + cert->issuer_country = NULL; + cert->issuer_state = NULL; + cert->issuer_distinguishedname = NULL; + cert->issuer_serialnumber = NULL; + cert->issuer_commonname = NULL; + cert->issuer_organisation = NULL; + cert->issuer_organisation_unit = NULL; + cert->issuer_email = NULL; + fields = g_strsplit(issuername, "/", 0); + for (i = 0; i < g_strv_length(fields); i++) { + gchar** keyval = g_strsplit(fields[i], "=", 2); + if (g_strv_length(keyval) == 2) { + if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) { + cert->issuer_country = strdup(keyval[1]); + } + if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) { + cert->issuer_state = strdup(keyval[1]); + } + if (g_strcmp0(keyval[0], "dnQualifier") == 0) { + cert->issuer_distinguishedname = strdup(keyval[1]); + } + if (g_strcmp0(keyval[0], "serialnumber") == 0) { + cert->issuer_serialnumber = strdup(keyval[1]); + } + if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) { + cert->issuer_commonname = strdup(keyval[1]); + } + if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) { + cert->issuer_organisation = strdup(keyval[1]); + } + if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) { + cert->issuer_organisation_unit = strdup(keyval[1]); + } + if (g_strcmp0(keyval[0], "emailAddress") == 0) { + cert->issuer_email = strdup(keyval[1]); } } g_strfreev(keyval); @@ -200,15 +289,28 @@ tlscerts_add(TLSCertificate *cert) autocomplete_add(certs_ac, cert->fingerprint); + g_key_file_set_integer(tlscerts, cert->fingerprint, "version", cert->version); + if (cert->serialnumber) { + g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber); + } if (cert->subjectname) { g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname); } + if (cert->issuername) { + g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername); + } if (cert->notbefore) { g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore); } if (cert->notafter) { g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter); } + if (cert->key_alg) { + g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg); + } + if (cert->signature_alg) { + g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg); + } _save_tlscerts(); } @@ -242,13 +344,34 @@ void tlscerts_free(TLSCertificate *cert) { if (cert) { + free(cert->serialnumber); + free(cert->subjectname); - free(cert->fingerprint); - free(cert->domain); - free(cert->organisation); - free(cert->email); + free(cert->subject_country); + free(cert->subject_state); + free(cert->subject_distinguishedname); + free(cert->subject_serialnumber); + free(cert->subject_commonname); + free(cert->subject_organisation); + free(cert->subject_organisation_unit); + free(cert->subject_email); + + free(cert->issuername); + free(cert->issuer_country); + free(cert->issuer_state); + free(cert->issuer_distinguishedname); + free(cert->issuer_serialnumber); + free(cert->issuer_commonname); + free(cert->issuer_organisation); + free(cert->issuer_organisation_unit); + free(cert->issuer_email); + free(cert->notbefore); free(cert->notafter); + free(cert->fingerprint); + + free(cert->key_alg); + free(cert->signature_alg); } } diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h index e1ab4748..d0e59218 100644 --- a/src/config/tlscerts.h +++ b/src/config/tlscerts.h @@ -36,19 +36,38 @@ #define TLSCERTS_H typedef struct tls_cert_t { - char *fingerprint; - char *domain; + int version; + char *serialnumber; char *subjectname; - char *organisation; - char *email; + char *subject_country; + char *subject_state; + char *subject_distinguishedname; + char *subject_serialnumber; + char *subject_commonname; + char *subject_organisation; + char *subject_organisation_unit; + char *subject_email; + char *issuername; + char *issuer_country; + char *issuer_state; + char *issuer_distinguishedname; + char *issuer_serialnumber; + char *issuer_commonname; + char *issuer_organisation; + char *issuer_organisation_unit; + char *issuer_email; char *notbefore; char *notafter; + char *fingerprint; + char *key_alg; + char *signature_alg; } TLSCertificate; void tlscerts_init(void); -TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore, - const char *const notafter); +TLSCertificate* tlscerts_new(const char *const fingerprint, int version, const char *const serialnumber, const char *const subjectname, + const char *const issuername, const char *const notbefore, const char *const notafter, + const char *const key_alg, const char *const signature_alg); void tlscerts_set_current(const char *const fp); diff --git a/src/ui/console.c b/src/ui/console.c index 4d4edec0..01f05bca 100644 --- a/src/ui/console.c +++ b/src/ui/console.c @@ -196,18 +196,76 @@ cons_show_tlscert(TLSCertificate *cert) } cons_show("Certificate:"); - if (cert->domain) { - cons_show(" Domain : %s", cert->domain); + + cons_show(" Subject:"); + if (cert->subject_commonname) { + cons_show(" Common name : %s", cert->subject_commonname); } - if (cert->organisation) { - cons_show(" Organisation : %s", cert->organisation); + if (cert->subject_distinguishedname) { + cons_show(" Distinguished name : %s", cert->subject_distinguishedname); } - if (cert->email) { - cons_show(" Email : %s", cert->email); + if (cert->subject_organisation) { + cons_show(" Organisation : %s", cert->subject_organisation); } - cons_show(" Fingerprint : %s", cert->fingerprint); - cons_show(" Start : %s", cert->notbefore); - cons_show(" End : %s", cert->notafter); + if (cert->subject_organisation_unit) { + cons_show(" Organisation unit : %s", cert->subject_organisation_unit); + } + if (cert->subject_email) { + cons_show(" Email : %s", cert->subject_email); + } + if (cert->subject_state) { + cons_show(" State : %s", cert->subject_state); + } + if (cert->subject_country) { + cons_show(" Country : %s", cert->subject_country); + } + if (cert->subject_serialnumber) { + cons_show(" Serial number : %s", cert->subject_serialnumber); + } + + cons_show(" Issuer:"); + if (cert->issuer_commonname) { + cons_show(" Common name : %s", cert->issuer_commonname); + } + if (cert->issuer_distinguishedname) { + cons_show(" Distinguished name : %s", cert->issuer_distinguishedname); + } + if (cert->issuer_organisation) { + cons_show(" Organisation : %s", cert->issuer_organisation); + } + if (cert->issuer_organisation_unit) { + cons_show(" Organisation unit : %s", cert->issuer_organisation_unit); + } + if (cert->issuer_email) { + cons_show(" Email : %s", cert->issuer_email); + } + if (cert->issuer_state) { + cons_show(" State : %s", cert->issuer_state); + } + if (cert->issuer_country) { + cons_show(" Country : %s", cert->issuer_country); + } + if (cert->issuer_serialnumber) { + cons_show(" Serial number : %s", cert->issuer_serialnumber); + } + + cons_show(" Version : %d", cert->version); + + if (cert->serialnumber) { + cons_show(" Serial number : %s", cert->serialnumber); + } + + if (cert->key_alg) { + cons_show(" Key algorithm : %s", cert->key_alg); + } + if (cert->signature_alg) { + cons_show(" Signature algorithm : %s", cert->signature_alg); + } + + cons_show(" Start : %s", cert->notbefore); + cons_show(" End : %s", cert->notafter); + + cons_show(" Fingerprint : %s", cert->fingerprint); } void diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c index dce836bc..dfda571a 100644 --- a/src/xmpp/connection.c +++ b/src/xmpp/connection.c @@ -389,12 +389,18 @@ _connection_free_session_data(void) static int _connection_certfail_cb(xmpp_tlscert_t *xmpptlscert, const char *const errormsg) { + int version = xmpp_conn_tlscert_version(xmpptlscert); + char *serialnumber = xmpp_conn_tlscert_serialnumber(xmpptlscert); char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert); - char *fp = xmpp_conn_tlscert_fp(xmpptlscert); + char *issuername = xmpp_conn_tlscert_issuername(xmpptlscert); + char *fingerprint = xmpp_conn_tlscert_fingerprint(xmpptlscert); char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert); char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert); + char *key_alg = xmpp_conn_tlscert_key_algorithm(xmpptlscert); + char *signature_alg = xmpp_conn_tlscert_signature_algorithm(xmpptlscert); - TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter); + TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore, + notafter, key_alg, signature_alg); int res = sv_ev_certfail(errormsg, cert); tlscerts_free(cert); @@ -405,12 +411,18 @@ TLSCertificate* jabber_get_tls_peer_cert(void) { xmpp_tlscert_t *xmpptlscert = xmpp_conn_tls_peer_cert(jabber_conn.conn); + int version = xmpp_conn_tlscert_version(xmpptlscert); + char *serialnumber = xmpp_conn_tlscert_serialnumber(xmpptlscert); char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert); - char *fp = xmpp_conn_tlscert_fp(xmpptlscert); + char *issuername = xmpp_conn_tlscert_issuername(xmpptlscert); + char *fingerprint = xmpp_conn_tlscert_fingerprint(xmpptlscert); char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert); char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert); + char *key_alg = xmpp_conn_tlscert_key_algorithm(xmpptlscert); + char *signature_alg = xmpp_conn_tlscert_signature_algorithm(xmpptlscert); - TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter); + TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore, + notafter, key_alg, signature_alg); xmpp_conn_free_tlscert(jabber_conn.ctx, xmpptlscert);