aniani/profanity
1
0
Fork 0
mirror of https://github.com/profanity-im/profanity.git synced 2024-09-15 19:38:07 -04:00
Code

Show summary of trusted certificates, add /tls cert <fingerprint>

Browse Source 
fixes #676
This commit is contained in:
James Booth 2015-11-22 19:53:41 +00:00
parent 216493ef07
commit bf1e7efe23
7 changed files with 91 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/command/command.c
View File

@ -206,7 +206,7 @@ static struct cmd_t command_defs[] =
"/tls allow", "/tls allow",
"/tls always", "/tls always",
"/tls deny", "/tls deny",
"/tls cert", "/tls cert [<fingerprint>]",
"/tls trust", "/tls trust",
"/tls trusted", "/tls trusted",
"/tls revoke <fingerprint>", "/tls revoke <fingerprint>",
@ -221,8 +221,9 @@ static struct cmd_t command_defs[] =
{ "always", "Always allow connections with TLS certificate." }, { "always", "Always allow connections with TLS certificate." },
{ "deny", "Abort connection." }, { "deny", "Abort connection." },
{ "cert", "Show the current TLS certificate." }, { "cert", "Show the current TLS certificate." },
{ "cert <fingerprint>", "Show details of trusted certificate." },
{ "trust", "Add the current TLS certificate to manually trusted certiciates." }, { "trust", "Add the current TLS certificate to manually trusted certiciates." },
{ "trusted", "List manually trusted certificates (with '/tls always' or '/tls trust')." }, { "trusted", "List summary of manually trusted certificates (with '/tls always' or '/tls trust')." },
{ "revoke <fingerprint>", "Remove a manually trusted certificate." }, { "revoke <fingerprint>", "Remove a manually trusted certificate." },
{ "certpath", "Show the trusted certificate path." }, { "certpath", "Show the trusted certificate path." },
{ "certpath set <path>", "Specify filesystem path containing trusted certificates." }, { "certpath set <path>", "Specify filesystem path containing trusted certificates." },
@ -3877,6 +3878,11 @@ _tls_autocomplete(ProfWin *window, const char *const input)
return result; return result;
} }
result = autocomplete_param_with_func(input, "/tls cert", tlscerts_complete);
if (result) {
return result;
}
result = autocomplete_param_with_ac(input, "/tls certpath", tls_certpath_ac, TRUE); result = autocomplete_param_with_ac(input, "/tls certpath", tls_certpath_ac, TRUE);
if (result) { if (result) {
return result; return result;

13
src/command/commands.c
View File

@ -236,7 +236,7 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
} }
while (curr) { while (curr) {
TLSCertificate *cert = curr->data; TLSCertificate *cert = curr->data;
cons_show_tlscert(cert); cons_show_tlscert_summary(cert);
cons_show(""); cons_show("");
curr = g_list_next(curr); curr = g_list_next(curr);
} }
@ -267,6 +267,16 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
return _cmd_set_boolean_preference(args[1], command, "TLS titlebar indicator", PREF_TLS_SHOW); return _cmd_set_boolean_preference(args[1], command, "TLS titlebar indicator", PREF_TLS_SHOW);
} else if (g_strcmp0(args[0], "cert") == 0) { } else if (g_strcmp0(args[0], "cert") == 0) {
#ifdef HAVE_LIBMESODE #ifdef HAVE_LIBMESODE
if (args[1]) {
TLSCertificate *cert = tlscerts_get_trusted(args[1]);
if (!cert) {
cons_show("No such certificate.");
} else {
cons_show_tlscert(cert);
tlscerts_free(cert);
}
return TRUE;
} else {
jabber_conn_status_t conn_status = jabber_get_connection_status(); jabber_conn_status_t conn_status = jabber_get_connection_status();
if (conn_status != JABBER_CONNECTED) { if (conn_status != JABBER_CONNECTED) {
cons_show("You are not currently connected."); cons_show("You are not currently connected.");
@ -285,6 +295,7 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
cons_show(""); cons_show("");
tlscerts_free(cert); tlscerts_free(cert);
return TRUE; return TRUE;
}
#else #else
cons_show("Certificate fetching not supported."); cons_show("Certificate fetching not supported.");
return TRUE; return TRUE;

39
src/config/tlscerts.c
View File

@ -131,6 +131,15 @@ tlscerts_list(void)
TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore, TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
notafter, keyalg, signaturealg); notafter, keyalg, signaturealg);
free(fingerprint);
free(serialnumber);
free(subjectname);
free(issuername);
free(notbefore);
free(notafter);
free(keyalg);
free(signaturealg);
res = g_list_append(res, cert); res = g_list_append(res, cert);
} }
@ -328,6 +337,36 @@ tlscerts_revoke(const char *const fingerprint)
return result; return result;
} }
TLSCertificate*
tlscerts_get_trusted(const char * const fingerprint)
{
if (!g_key_file_has_group(tlscerts, fingerprint)) {
return NULL;
}
int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL);
char *serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL);
char *subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
char *issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL);
char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
char *keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
char *signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
notafter, keyalg, signaturealg);
free(serialnumber);
free(subjectname);
free(issuername);
free(notbefore);
free(notafter);
free(keyalg);
free(signaturealg);
return cert;
}
char* char*
tlscerts_complete(const char *const prefix) tlscerts_complete(const char *const prefix)
{ {

2
src/config/tlscerts.h
View File

@ -81,6 +81,8 @@ void tlscerts_add(TLSCertificate *cert);
gboolean tlscerts_revoke(const char *const fingerprint); gboolean tlscerts_revoke(const char *const fingerprint);
TLSCertificate* tlscerts_get_trusted(const char *const fingerprint);
void tlscerts_free(TLSCertificate *cert); void tlscerts_free(TLSCertificate *cert);
GList* tlscerts_list(void); GList* tlscerts_list(void);

12
src/ui/console.c
View File

@ -188,6 +188,18 @@ cons_show_error(const char *const msg, ...)
cons_alert(); cons_alert();
} }
void
cons_show_tlscert_summary(TLSCertificate *cert)
{
if (!cert) {
return;
}
cons_show("Subject : %s", cert->subject_commonname);
cons_show("Issuer : %s", cert->issuer_commonname);
cons_show("Fingerprint : %s", cert->fingerprint);
}
void void
cons_show_tlscert(TLSCertificate *cert) cons_show_tlscert(TLSCertificate *cert)
{ {

1
src/ui/ui.h
View File

@ -293,6 +293,7 @@ void cons_show_contact_online(PContact contact, Resource *resource, GDateTime *l
void cons_show_contact_offline(PContact contact, char *resource, char *status); void cons_show_contact_offline(PContact contact, char *resource, char *status);
void cons_theme_colours(void); void cons_theme_colours(void);
void cons_show_tlscert(TLSCertificate *cert); void cons_show_tlscert(TLSCertificate *cert);
void cons_show_tlscert_summary(TLSCertificate *cert);
// title bar // title bar
void title_bar_set_presence(contact_presence_t presence); void title_bar_set_presence(contact_presence_t presence);

2
tests/unittests/ui/stub_ui.c
View File

@ -271,7 +271,7 @@ TLSCertificate* jabber_get_tls_peer_cert(void)
return NULL; return NULL;
} }
void cons_show_tlscert(TLSCertificate *cert) {} void cons_show_tlscert(TLSCertificate *cert) {}
void cons_show_tlscert_summary(TLSCertificate *cert) {}
void ui_prune_wins(void) {} void ui_prune_wins(void) {}