1
0
Fork 0

Show summary of trusted certificates, add /tls cert <fingerprint>

fixes #676
This commit is contained in:
James Booth 2015-11-22 19:53:41 +00:00
parent 216493ef07
commit bf1e7efe23
7 changed files with 91 additions and 20 deletions

View File

@ -206,7 +206,7 @@ static struct cmd_t command_defs[] =
"/tls allow",
"/tls always",
"/tls deny",
"/tls cert",
"/tls cert [<fingerprint>]",
"/tls trust",
"/tls trusted",
"/tls revoke <fingerprint>",
@ -221,8 +221,9 @@ static struct cmd_t command_defs[] =
{ "always", "Always allow connections with TLS certificate." },
{ "deny", "Abort connection." },
{ "cert", "Show the current TLS certificate." },
{ "cert <fingerprint>", "Show details of trusted certificate." },
{ "trust", "Add the current TLS certificate to manually trusted certiciates." },
{ "trusted", "List manually trusted certificates (with '/tls always' or '/tls trust')." },
{ "trusted", "List summary of manually trusted certificates (with '/tls always' or '/tls trust')." },
{ "revoke <fingerprint>", "Remove a manually trusted certificate." },
{ "certpath", "Show the trusted certificate path." },
{ "certpath set <path>", "Specify filesystem path containing trusted certificates." },
@ -3877,6 +3878,11 @@ _tls_autocomplete(ProfWin *window, const char *const input)
return result;
}
result = autocomplete_param_with_func(input, "/tls cert", tlscerts_complete);
if (result) {
return result;
}
result = autocomplete_param_with_ac(input, "/tls certpath", tls_certpath_ac, TRUE);
if (result) {
return result;

View File

@ -236,7 +236,7 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
}
while (curr) {
TLSCertificate *cert = curr->data;
cons_show_tlscert(cert);
cons_show_tlscert_summary(cert);
cons_show("");
curr = g_list_next(curr);
}
@ -267,24 +267,35 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
return _cmd_set_boolean_preference(args[1], command, "TLS titlebar indicator", PREF_TLS_SHOW);
} else if (g_strcmp0(args[0], "cert") == 0) {
#ifdef HAVE_LIBMESODE
jabber_conn_status_t conn_status = jabber_get_connection_status();
if (conn_status != JABBER_CONNECTED) {
cons_show("You are not currently connected.");
if (args[1]) {
TLSCertificate *cert = tlscerts_get_trusted(args[1]);
if (!cert) {
cons_show("No such certificate.");
} else {
cons_show_tlscert(cert);
tlscerts_free(cert);
}
return TRUE;
} else {
jabber_conn_status_t conn_status = jabber_get_connection_status();
if (conn_status != JABBER_CONNECTED) {
cons_show("You are not currently connected.");
return TRUE;
}
if (!jabber_conn_is_secured()) {
cons_show("No TLS connection established");
return TRUE;
}
TLSCertificate *cert = jabber_get_tls_peer_cert();
if (!cert) {
cons_show("Error getting TLS certificate.");
return TRUE;
}
cons_show_tlscert(cert);
cons_show("");
tlscerts_free(cert);
return TRUE;
}
if (!jabber_conn_is_secured()) {
cons_show("No TLS connection established");
return TRUE;
}
TLSCertificate *cert = jabber_get_tls_peer_cert();
if (!cert) {
cons_show("Error getting TLS certificate.");
return TRUE;
}
cons_show_tlscert(cert);
cons_show("");
tlscerts_free(cert);
return TRUE;
#else
cons_show("Certificate fetching not supported.");
return TRUE;

View File

@ -131,6 +131,15 @@ tlscerts_list(void)
TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
notafter, keyalg, signaturealg);
free(fingerprint);
free(serialnumber);
free(subjectname);
free(issuername);
free(notbefore);
free(notafter);
free(keyalg);
free(signaturealg);
res = g_list_append(res, cert);
}
@ -328,6 +337,36 @@ tlscerts_revoke(const char *const fingerprint)
return result;
}
TLSCertificate*
tlscerts_get_trusted(const char * const fingerprint)
{
if (!g_key_file_has_group(tlscerts, fingerprint)) {
return NULL;
}
int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL);
char *serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL);
char *subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
char *issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL);
char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
char *keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
char *signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
notafter, keyalg, signaturealg);
free(serialnumber);
free(subjectname);
free(issuername);
free(notbefore);
free(notafter);
free(keyalg);
free(signaturealg);
return cert;
}
char*
tlscerts_complete(const char *const prefix)
{

View File

@ -81,6 +81,8 @@ void tlscerts_add(TLSCertificate *cert);
gboolean tlscerts_revoke(const char *const fingerprint);
TLSCertificate* tlscerts_get_trusted(const char *const fingerprint);
void tlscerts_free(TLSCertificate *cert);
GList* tlscerts_list(void);

View File

@ -188,6 +188,18 @@ cons_show_error(const char *const msg, ...)
cons_alert();
}
void
cons_show_tlscert_summary(TLSCertificate *cert)
{
if (!cert) {
return;
}
cons_show("Subject : %s", cert->subject_commonname);
cons_show("Issuer : %s", cert->issuer_commonname);
cons_show("Fingerprint : %s", cert->fingerprint);
}
void
cons_show_tlscert(TLSCertificate *cert)
{

View File

@ -293,6 +293,7 @@ void cons_show_contact_online(PContact contact, Resource *resource, GDateTime *l
void cons_show_contact_offline(PContact contact, char *resource, char *status);
void cons_theme_colours(void);
void cons_show_tlscert(TLSCertificate *cert);
void cons_show_tlscert_summary(TLSCertificate *cert);
// title bar
void title_bar_set_presence(contact_presence_t presence);

View File

@ -271,7 +271,7 @@ TLSCertificate* jabber_get_tls_peer_cert(void)
return NULL;
}
void cons_show_tlscert(TLSCertificate *cert) {}
void cons_show_tlscert_summary(TLSCertificate *cert) {}
void ui_prune_wins(void) {}