Show summary of trusted certificates, add /tls cert <fingerprint>

fixes #676
2024-06-16 21:35:24 +00:00 · 2015-11-22 19:53:41 +00:00 · 2015-11-22 19:53:41 +00:00 · bf1e7efe23
commit bf1e7efe23
parent 216493ef07
7 changed files with 91 additions and 20 deletions
--- a/src/command/command.c
+++ b/src/command/command.c
@ -206,7 +206,7 @@ static struct cmd_t command_defs[] =
            "/tls allow",
            "/tls always",
            "/tls deny",
-            "/tls cert",
+            "/tls cert [<fingerprint>]",
            "/tls trust",
            "/tls trusted",
            "/tls revoke <fingerprint>",
@ -221,8 +221,9 @@ static struct cmd_t command_defs[] =
            { "always",               "Always allow connections with TLS certificate." },
            { "deny",                 "Abort connection." },
            { "cert",                 "Show the current TLS certificate." },
+            { "cert <fingerprint>",   "Show details of trusted certificate." },
            { "trust",                "Add the current TLS certificate to manually trusted certiciates." },
-            { "trusted",              "List manually trusted certificates (with '/tls always' or '/tls trust')." },
+            { "trusted",              "List summary of manually trusted certificates (with '/tls always' or '/tls trust')." },
            { "revoke <fingerprint>", "Remove a manually trusted certificate." },
            { "certpath",             "Show the trusted certificate path." },
            { "certpath set <path>",  "Specify filesystem path containing trusted certificates." },
@ -3877,6 +3878,11 @@ _tls_autocomplete(ProfWin *window, const char *const input)
        return result;
    }

+    result = autocomplete_param_with_func(input, "/tls cert", tlscerts_complete);
+    if (result) {
+        return result;
+    }
+
    result = autocomplete_param_with_ac(input, "/tls certpath", tls_certpath_ac, TRUE);
    if (result) {
        return result;
--- a/src/command/commands.c
+++ b/src/command/commands.c
@ -236,7 +236,7 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
        }
        while (curr) {
            TLSCertificate *cert = curr->data;
-            cons_show_tlscert(cert);
+            cons_show_tlscert_summary(cert);
            cons_show("");
            curr = g_list_next(curr);
        }
@ -267,24 +267,35 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
        return _cmd_set_boolean_preference(args[1], command, "TLS titlebar indicator", PREF_TLS_SHOW);
    } else if (g_strcmp0(args[0], "cert") == 0) {
 #ifdef HAVE_LIBMESODE
-        jabber_conn_status_t conn_status = jabber_get_connection_status();
-        if (conn_status != JABBER_CONNECTED) {
-            cons_show("You are not currently connected.");
+        if (args[1]) {
+            TLSCertificate *cert = tlscerts_get_trusted(args[1]);
+            if (!cert) {
+                cons_show("No such certificate.");
+            } else {
+                cons_show_tlscert(cert);
+                tlscerts_free(cert);
+            }
+            return TRUE;
+        } else {
+            jabber_conn_status_t conn_status = jabber_get_connection_status();
+            if (conn_status != JABBER_CONNECTED) {
+                cons_show("You are not currently connected.");
+                return TRUE;
+            }
+            if (!jabber_conn_is_secured()) {
+                cons_show("No TLS connection established");
+                return TRUE;
+            }
+            TLSCertificate *cert = jabber_get_tls_peer_cert();
+            if (!cert) {
+                cons_show("Error getting TLS certificate.");
+                return TRUE;
+            }
+            cons_show_tlscert(cert);
+            cons_show("");
+            tlscerts_free(cert);
            return TRUE;
        }
-        if (!jabber_conn_is_secured()) {
-            cons_show("No TLS connection established");
-            return TRUE;
-        }
-        TLSCertificate *cert = jabber_get_tls_peer_cert();
-        if (!cert) {
-            cons_show("Error getting TLS certificate.");
-            return TRUE;
-        }
-        cons_show_tlscert(cert);
-        cons_show("");
-        tlscerts_free(cert);
-        return TRUE;
 #else
        cons_show("Certificate fetching not supported.");
        return TRUE;
--- a/src/config/tlscerts.c
+++ b/src/config/tlscerts.c
@ -131,6 +131,15 @@ tlscerts_list(void)
        TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
            notafter, keyalg, signaturealg);

+        free(fingerprint);
+        free(serialnumber);
+        free(subjectname);
+        free(issuername);
+        free(notbefore);
+        free(notafter);
+        free(keyalg);
+        free(signaturealg);
+
        res = g_list_append(res, cert);
    }

@ -328,6 +337,36 @@ tlscerts_revoke(const char *const fingerprint)
    return result;
 }

+TLSCertificate*
+tlscerts_get_trusted(const char * const fingerprint)
+{
+    if (!g_key_file_has_group(tlscerts, fingerprint)) {
+        return NULL;
+    }
+
+    int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL);
+    char *serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL);
+    char *subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
+    char *issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL);
+    char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
+    char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
+    char *keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
+    char *signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
+
+    TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
+        notafter, keyalg, signaturealg);
+
+    free(serialnumber);
+    free(subjectname);
+    free(issuername);
+    free(notbefore);
+    free(notafter);
+    free(keyalg);
+    free(signaturealg);
+
+    return cert;
+}
+
 char*
 tlscerts_complete(const char *const prefix)
 {
--- a/src/config/tlscerts.h
+++ b/src/config/tlscerts.h
@ -81,6 +81,8 @@ void tlscerts_add(TLSCertificate *cert);

 gboolean tlscerts_revoke(const char *const fingerprint);

+TLSCertificate* tlscerts_get_trusted(const char *const fingerprint);
+
 void tlscerts_free(TLSCertificate *cert);

 GList* tlscerts_list(void);
--- a/src/ui/console.c
+++ b/src/ui/console.c
@ -188,6 +188,18 @@ cons_show_error(const char *const msg, ...)
    cons_alert();
 }

+void
+cons_show_tlscert_summary(TLSCertificate *cert)
+{
+    if (!cert) {
+        return;
+    }
+
+    cons_show("Subject     : %s", cert->subject_commonname);
+    cons_show("Issuer      : %s", cert->issuer_commonname);
+    cons_show("Fingerprint : %s", cert->fingerprint);
+}
+
 void
 cons_show_tlscert(TLSCertificate *cert)
 {
--- a/src/ui/ui.h
+++ b/src/ui/ui.h
@ -293,6 +293,7 @@ void cons_show_contact_online(PContact contact, Resource *resource, GDateTime *l
 void cons_show_contact_offline(PContact contact, char *resource, char *status);
 void cons_theme_colours(void);
 void cons_show_tlscert(TLSCertificate *cert);
+void cons_show_tlscert_summary(TLSCertificate *cert);

 // title bar
 void title_bar_set_presence(contact_presence_t presence);
--- a/tests/unittests/ui/stub_ui.c
+++ b/tests/unittests/ui/stub_ui.c
@ -271,7 +271,7 @@ TLSCertificate* jabber_get_tls_peer_cert(void)
    return NULL;
 }
 void cons_show_tlscert(TLSCertificate *cert) {}
-
+void cons_show_tlscert_summary(TLSCertificate *cert) {}

 void ui_prune_wins(void) {}