diff --git a/daemon/bin/Makefile.am b/daemon/bin/Makefile.am index 6e340d78d3332e6ddd5f5bf843a58a868d2343c5..96b12d76efd87a6c1e2930889a545f335815f35c 100644 --- a/daemon/bin/Makefile.am +++ b/daemon/bin/Makefile.am @@ -9,7 +9,7 @@ if HAVE_OSX libexec_PROGRAMS = ringcli ringcli_SOURCES = osxmain.cpp ringcli_CXXFLAGS = -I$(top_srcdir)/src \ - -I$(top_srcdir)/src/public \ + -I$(top_srcdir)/src/dring \ -DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\" ringcli_LDADD = $(top_builddir)/src/libring.la endif @@ -22,7 +22,7 @@ libexec_PROGRAMS = dring dring_SOURCES = main.cpp dring_CXXFLAGS= -I$(top_srcdir)/src ${DBUSCPP_CFLAGS} \ - -I$(top_srcdir)/src/public \ + -I$(top_srcdir)/src/dring \ -DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\" dring_LDADD = dbus/libclient_dbus.la ${DBUSCPP_LIBS} $(top_builddir)/src/libring.la diff --git a/daemon/bin/dbus/Makefile.am b/daemon/bin/dbus/Makefile.am index 121fedef3df7df10a0c54a8a67653280b47d9716..965e4588bc316d7f324848ea68e0ff07aae69d34 100644 --- a/daemon/bin/dbus/Makefile.am +++ b/daemon/bin/dbus/Makefile.am @@ -49,7 +49,7 @@ endif libclient_dbus_la_CXXFLAGS = -I../ \ -I$(top_srcdir)/src \ - -I$(top_srcdir)/src/public \ + -I$(top_srcdir)/src/dring \ -DPREFIX=\"$(prefix)\" \ -DPROGSHAREDIR=\"${datadir}/ring\" \ $(DBUSCPP_CFLAGS) diff --git a/daemon/bin/dbus/configurationmanager-introspec.xml b/daemon/bin/dbus/configurationmanager-introspec.xml index 68f443166638d87b64afdf266724db42b3808bd4..c19f3229a2f000649ee33b9d3946d7616a960e4f 100644 --- a/daemon/bin/dbus/configurationmanager-introspec.xml +++ b/daemon/bin/dbus/configurationmanager-introspec.xml @@ -646,6 +646,7 @@ <arg type="a{ss}" name="details" direction="out"> <tp:docstring> <p>A key-value list of all certificate validation</p> + The constants used as keys are defined in the "security.h" constants header file </tp:docstring> </arg> </method> @@ -660,6 +661,7 @@ <arg type="a{ss}" name="details" direction="out"> <tp:docstring> <p>A key-value list of all certificate details</p> + The constants used as keys are defined in the "security.h" constants header file </tp:docstring> </arg> </method> diff --git a/daemon/bin/dbus/dbuscallmanager.cpp b/daemon/bin/dbus/dbuscallmanager.cpp index fdab56216f6db47bd5f084cfee4a70134ab4444f..1d1d5213aca2cccdef01f26ce9021fccaad688ab 100644 --- a/daemon/bin/dbus/dbuscallmanager.cpp +++ b/daemon/bin/dbus/dbuscallmanager.cpp @@ -28,7 +28,7 @@ * as that of the covered work. */ #include <iostream> -#include "ring.h" +#include "dring.h" #include "dbuscallmanager.h" diff --git a/daemon/bin/dbus/dbusclient.cpp b/daemon/bin/dbus/dbusclient.cpp index 9ebc7460d8a0546c4a9a337b1dcdfa4a037e3fe6..777c76b0fe26932b3e8e7add2a57f8f7f190e3a9 100644 --- a/daemon/bin/dbus/dbusclient.cpp +++ b/daemon/bin/dbus/dbusclient.cpp @@ -31,7 +31,7 @@ #include <iostream> #include <cstring> #include <stdexcept> -#include "ring.h" +#include "dring.h" #include "dbusclient.h" #include "dbus_cpp.h" diff --git a/daemon/bin/dbus/dbusclient.h b/daemon/bin/dbus/dbusclient.h index 85077020a6a85dbf53625c0ffae4a7d6fb136531..0aedcae9c2a96d5ee70d8aef9052f20e48a388a9 100644 --- a/daemon/bin/dbus/dbusclient.h +++ b/daemon/bin/dbus/dbusclient.h @@ -31,7 +31,7 @@ #ifndef __DBUSCLIENT_H__ #define __DBUSCLIENT_H__ -#include "ring.h" +#include "dring.h" #include "noncopyable.h" class DBusConfigurationManager; diff --git a/daemon/bin/dbus/dbusconfigurationmanager.cpp b/daemon/bin/dbus/dbusconfigurationmanager.cpp index ab06d305fe1d59d264cfd4f366a514e9d1ca7283..a0648294a0c867b58a9223f84e7a6df4bef8c71d 100644 --- a/daemon/bin/dbus/dbusconfigurationmanager.cpp +++ b/daemon/bin/dbus/dbusconfigurationmanager.cpp @@ -28,7 +28,7 @@ * as that of the covered work. */ #include <iostream> -#include "ring.h" +#include "dring.h" #include "dbusconfigurationmanager.h" diff --git a/daemon/bin/dbus/dbuspresencemanager.cpp b/daemon/bin/dbus/dbuspresencemanager.cpp index 3ad66fdf463f567acccbdc57b1c821ed4fdee7ac..14f3246830a61f5cbb63d26482f3421938072298 100644 --- a/daemon/bin/dbus/dbuspresencemanager.cpp +++ b/daemon/bin/dbus/dbuspresencemanager.cpp @@ -27,7 +27,7 @@ * shall include the source code for the parts of OpenSSL used as well * as that of the covered work. */ -#include "ring.h" +#include "dring.h" #include "dbuspresencemanager.h" diff --git a/daemon/bin/dbus/dbusvideomanager.cpp b/daemon/bin/dbus/dbusvideomanager.cpp index 24b1d2400447ec48f250d7b9ba6e970a07916e27..16596813b08ef3d50b591061db7c87f9c374f40d 100644 --- a/daemon/bin/dbus/dbusvideomanager.cpp +++ b/daemon/bin/dbus/dbusvideomanager.cpp @@ -27,7 +27,7 @@ * shall include the source code for the parts of OpenSSL used as well * as that of the covered work. */ -#include "ring.h" +#include "dring.h" #include "dbusvideomanager.h" diff --git a/daemon/bin/osxmain.cpp b/daemon/bin/osxmain.cpp index 3f2c62e0482f52cc321aac1e732810acd57625a8..c98b101ffe330fe3f3040491b0c278a57fb6be35 100644 --- a/daemon/bin/osxmain.cpp +++ b/daemon/bin/osxmain.cpp @@ -36,7 +36,7 @@ #include <getopt.h> #include <string> -#include "ring.h" +#include "dring.h" #include "fileutils.h" static int sflphFlags = 0; diff --git a/daemon/globals.mak b/daemon/globals.mak index c6e53e47bb0f85af1d0394d3808623fcc819df8f..4ddafaf0fe88d259e877c44034ffc631d7cb1dc5 100644 --- a/daemon/globals.mak +++ b/daemon/globals.mak @@ -26,7 +26,7 @@ AM_CPPFLAGS = \ -I$(src)/src/config \ -I$(src)/src/media \ -I$(src)/test \ - -I$(src)/src/public \ + -I$(src)/src/dring \ $(SIP_CFLAGS) \ -DPREFIX=\"$(prefix)\" \ -DPROGSHAREDIR=\"${datadir}/ring\" \ diff --git a/daemon/src/Makefile.am b/daemon/src/Makefile.am index 19237c386cd09e9d4d1c7814c9977c3610dea63e..a21584ca3577f4efe33212b9c420348e9e7ece17 100644 --- a/daemon/src/Makefile.am +++ b/daemon/src/Makefile.am @@ -133,3 +133,6 @@ libring_la_SOURCES = conference.cpp \ string_utils.cpp \ rw_mutex.h \ ring_api.cpp + +nobase_include_HEADERS= dring/dring.h \ + dring/security.h diff --git a/daemon/src/client/callmanager.h b/daemon/src/client/callmanager.h index a9a4f3e5e7cacac8973b3c079bc7798057047177..6686a14a74fde3dc81c697cca9c2be81f29202d1 100644 --- a/daemon/src/client/callmanager.h +++ b/daemon/src/client/callmanager.h @@ -40,7 +40,7 @@ #include <vector> #include <string> -#include "ring.h" +#include "dring.h" namespace ring { diff --git a/daemon/src/client/configurationmanager.cpp b/daemon/src/client/configurationmanager.cpp index 5519d0574c7f000eafc9ca66c7b701c40f35eebe..ad04d0429d90806bf2481a362c2f93aebf8786e1 100644 --- a/daemon/src/client/configurationmanager.cpp +++ b/daemon/src/client/configurationmanager.cpp @@ -45,6 +45,7 @@ #include "fileutils.h" #include "ip_utils.h" #include "sip/sipaccount.h" +#include "security.h" #include "audio/audiolayer.h" #include <dirent.h> @@ -142,13 +143,21 @@ void ConfigurationManager::setTlsSettings(const std::map<std::string, std::strin accountsChanged(); } -std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string& accountId, +std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string&, const std::string& certificate, const std::string& privateKey) { #if HAVE_TLS && HAVE_DHT - TlsValidator validator(certificate,privateKey); - return validator.getSerializedChecks(); + try { + TlsValidator validator(certificate,privateKey); + return validator.getSerializedChecks(); + } + catch(const std::runtime_error& e) { + std::map<std::string, std::string> res; + RING_WARN("Certificate loading failed"); + res[DRing::Certificate::ChecksNames::EXIST] = DRing::Certificate::CheckValuesNames::FAILED; + return res; + } #else RING_WARN("TLS not supported"); return std::map<std::string, std::string>(); @@ -158,12 +167,17 @@ std::map<std::string, std::string> ConfigurationManager::validateCertificate(con std::map<std::string, std::string> ConfigurationManager::getCertificateDetails(const std::string& certificate) { #if HAVE_TLS && HAVE_DHT - TlsValidator validator(certificate,""); - return validator.getSerializedDetails(); + try { + TlsValidator validator(certificate,""); + return validator.getSerializedDetails(); + } + catch(const std::runtime_error& e) { + RING_WARN("Certificate loading failed"); + } #else RING_WARN("TLS not supported"); - return std::map<std::string, std::string>(); #endif + return std::map<std::string, std::string>(); } void ConfigurationManager::setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details) diff --git a/daemon/src/client/configurationmanager.h b/daemon/src/client/configurationmanager.h index 6ea802eb4bee2ce92fb65796488ca50aebc541a1..b62bbc2bbdf34b1c296c5be4f1b5d03a94e753b8 100644 --- a/daemon/src/client/configurationmanager.h +++ b/daemon/src/client/configurationmanager.h @@ -42,7 +42,7 @@ #include <map> #include <string> -#include "ring.h" +#include "dring.h" namespace ring { diff --git a/daemon/src/client/presencemanager.h b/daemon/src/client/presencemanager.h index 0b6ae9052c9395e8017f42a0c7d52d22326b7b55..ddd24e953e1dc0d5a1a0336d1f44d4ad41aedbb8 100644 --- a/daemon/src/client/presencemanager.h +++ b/daemon/src/client/presencemanager.h @@ -38,7 +38,7 @@ #include <vector> #include <string> -#include "ring.h" +#include "dring.h" namespace ring { diff --git a/daemon/src/client/videomanager.h b/daemon/src/client/videomanager.h index f653448e4d4df6518e4bfc275537f9647b0c6f5f..d287ca320d3708a07927182f472ffdcad5ec2d0e 100644 --- a/daemon/src/client/videomanager.h +++ b/daemon/src/client/videomanager.h @@ -43,7 +43,7 @@ #include "video/video_base.h" #include "video/video_input.h" -#include "ring.h" +#include "dring.h" namespace ring { diff --git a/daemon/src/public/ring.h b/daemon/src/dring/dring.h similarity index 100% rename from daemon/src/public/ring.h rename to daemon/src/dring/dring.h diff --git a/daemon/src/dring/security.h b/daemon/src/dring/security.h new file mode 100644 index 0000000000000000000000000000000000000000..e92fa4b80b6c2eecd4aca15a6a88e4519b033a42 --- /dev/null +++ b/daemon/src/dring/security.h @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2015 Savoir-Faire Linux Inc. + * Author: Philippe Proulx <philippe.proulx@savoirfairelinux.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Additional permission under GNU GPL version 3 section 7: + * + * If you modify this program, or any covered work, by linking or + * combining it with the OpenSSL project's OpenSSL library (or a + * modified version of that library), containing parts covered by the + * terms of the OpenSSL or SSLeay licenses, Savoir-Faire Linux Inc. + * grants you additional permission to convey the resulting work. + * Corresponding Source for a non-source form of such a combination + * shall include the source code for the parts of OpenSSL used as well + * as that of the covered work. + */ + +namespace DRing { + +namespace Certificate { + +/** +* Those constantes are used by the ConfigurationManager.validateCertificate method +*/ +namespace ChecksNames { + constexpr static char* HAS_PRIVATE_KEY = "HAS_PRIVATE_KEY" ; + constexpr static char* EXPIRED = "EXPIRED" ; + constexpr static char* STRONG_SIGNING = "STRONG_SIGNING" ; + constexpr static char* NOT_SELF_SIGNED = "NOT_SELF_SIGNED" ; + constexpr static char* KEY_MATCH = "KEY_MATCH" ; + constexpr static char* PRIVATE_KEY_STORAGE_PERMISSION = "PRIVATE_KEY_STORAGE_PERMISSION" ; + constexpr static char* PUBLIC_KEY_STORAGE_PERMISSION = "PUBLIC_KEY_STORAGE_PERMISSION" ; + constexpr static char* PRIVATE_KEY_DIRECTORY_PERMISSIONS = "PRIVATEKEY_DIRECTORY_PERMISSIONS"; + constexpr static char* PUBLIC_KEY_DIRECTORY_PERMISSIONS = "PUBLICKEY_DIRECTORY_PERMISSIONS" ; + constexpr static char* PRIVATE_KEY_STORAGE_LOCATION = "PRIVATE_KEY_STORAGE_LOCATION" ; + constexpr static char* PUBLIC_KEY_STORAGE_LOCATION = "PUBLIC_KEY_STORAGE_LOCATION" ; + constexpr static char* PRIVATE_KEY_SELINUX_ATTRIBUTES = "PRIVATE_KEY_SELINUX_ATTRIBUTES" ; + constexpr static char* PUBLIC_KEY_SELINUX_ATTRIBUTES = "PUBLIC_KEY_SELINUX_ATTRIBUTES" ; + constexpr static char* OUTGOING_SERVER = "OUTGOING_SERVER" ; + constexpr static char* EXIST = "EXIST" ; + constexpr static char* VALID = "VALID" ; + constexpr static char* VALID_AUTHORITY = "VALID_AUTHORITY" ; + constexpr static char* KNOWN_AUTHORITY = "KNOWN_AUTHORITY" ; + constexpr static char* NOT_REVOKED = "NOT_REVOKED" ; + constexpr static char* AUTHORITY_MISMATCH = "AUTHORITY_MISMATCH" ; + constexpr static char* UNEXPECTED_OWNER = "UNEXPECTED_OWNER" ; + constexpr static char* NOT_ACTIVATED = "NOT_ACTIVATED" ; +} //namespace DRing::Certificate::CheckValuesNames + +/** +* Those constants are used by the ConfigurationManager.getCertificateDetails method +*/ +namespace DetailsNames { + constexpr static char* EXPIRATION_DATE = "EXPIRATION_DATE" ; + constexpr static char* ACTIVATION_DATE = "ACTIVATION_DATE" ; + constexpr static char* REQUIRE_PRIVATE_KEY_PASSWORD = "REQUIRE_PRIVATE_KEY_PASSWORD" ; + constexpr static char* PUBLIC_SIGNATURE = "PUBLIC_SIGNATURE" ; + constexpr static char* VERSION_NUMBER = "VERSION_NUMBER" ; + constexpr static char* SERIAL_NUMBER = "SERIAL_NUMBER" ; + constexpr static char* ISSUER = "ISSUER" ; + constexpr static char* SUBJECT_KEY_ALGORITHM = "SUBJECT_KEY_ALGORITHM" ; + constexpr static char* CN = "CN" ; + constexpr static char* N = "N" ; + constexpr static char* O = "O" ; + constexpr static char* SIGNATURE_ALGORITHM = "SIGNATURE_ALGORITHM" ; + constexpr static char* MD5_FINGERPRINT = "MD5_FINGERPRINT" ; + constexpr static char* SHA1_FINGERPRINT = "SHA1_FINGERPRINT" ; + constexpr static char* PUBLIC_KEY_ID = "PUBLIC_KEY_ID" ; + constexpr static char* ISSUER_DN = "ISSUER_DN" ; + constexpr static char* NEXT_EXPECTED_UPDATE_DATE = "NEXT_EXPECTED_UPDATE_DATE" ; +} //namespace DRing::Certificate::CheckValuesNames + +/** +* Those constants are used by the ConfigurationManager.getCertificateDetails and +* ConfigurationManager.validateCertificate methods +*/ +namespace ChecksValuesTypesNames { + constexpr static char* BOOLEAN = "BOOLEAN" ; + constexpr static char* ISO_DATE = "ISO_DATE" ; + constexpr static char* CUSTOM = "CUSTOM" ; + constexpr static char* NUMBER = "NUMBER" ; +} //namespace DRing::Certificate::CheckValuesNames + +/** +* Those constantes are used by the ConfigurationManager.validateCertificate method +*/ +namespace CheckValuesNames { + constexpr static char* PASSED = "PASSED" ; + constexpr static char* FAILED = "FAILED" ; + constexpr static char* UNSUPPORTED = "UNSUPPORTED"; + constexpr static char* ISO_DATE = "ISO_DATE" ; + constexpr static char* CUSTOM = "CUSTOM" ; + constexpr static char* DATE = "DATE" ; +} //namespace DRing::Certificate::CheckValuesNames + +} //namespace DRing::Certificate + +} //namespace DRing \ No newline at end of file diff --git a/daemon/src/ring_api.cpp b/daemon/src/ring_api.cpp index 327f3f464ac4bc168fa0164292f21d805c73a088..f1acf44b40269f4d4741f80bb75a673afcd5a532 100644 --- a/daemon/src/ring_api.cpp +++ b/daemon/src/ring_api.cpp @@ -39,7 +39,7 @@ #include "manager.h" #include "managerimpl.h" #include "logger.h" -#include "ring.h" +#include "dring.h" #include "client/callmanager.h" #include "client/configurationmanager.h" #include "client/presencemanager.h" diff --git a/daemon/src/sip/tlsvalidator.cpp b/daemon/src/sip/tlsvalidator.cpp index c7b1e203f81528516d8f31f99cfa11c7f101330c..a739aea9c865c9f0f22cdaa39ea10afa2f4849cf 100644 --- a/daemon/src/sip/tlsvalidator.cpp +++ b/daemon/src/sip/tlsvalidator.cpp @@ -40,6 +40,7 @@ #include "fileutils.h" #include "logger.h" +#include "security.h" #include <sstream> #include <iomanip> @@ -63,14 +64,16 @@ namespace ring { +//Map the internal ring Enum class of the exported names + const EnumClassNames<TlsValidator::CheckValues> TlsValidator::CheckValuesNames = {{ - /* CheckValues Name */ - /* PASSED */ "PASSED" , - /* FAILED */ "FAILED" , - /* UNSUPPORTED */ "UNSUPPORTED" , - /* ISO_DATE */ "ISO_DATE" , - /* CUSTOM */ "CUSTOM" , - /* CUSTOM */ "DATE" , + /* CheckValues Name */ + /* PASSED */ DRing::Certificate::CheckValuesNames::PASSED , + /* FAILED */ DRing::Certificate::CheckValuesNames::FAILED , + /* UNSUPPORTED */ DRing::Certificate::CheckValuesNames::UNSUPPORTED , + /* ISO_DATE */ DRing::Certificate::CheckValuesNames::ISO_DATE , + /* CUSTOM */ DRing::Certificate::CheckValuesNames::CUSTOM , + /* CUSTOM */ DRing::Certificate::CheckValuesNames::DATE , }}; const CallbackMatrix1D<TlsValidator::CertificateCheck, TlsValidator, TlsValidator::CheckResult> TlsValidator::checkCallback = {{ @@ -99,7 +102,6 @@ const CallbackMatrix1D<TlsValidator::CertificateCheck, TlsValidator, TlsValidato /*NOT_ACTIVATED */ &TlsValidator::activated , }}; - const CallbackMatrix1D<TlsValidator::CertificateDetails, TlsValidator, TlsValidator::CheckResult> TlsValidator::getterCallback = {{ /* EXPIRATION_DATE */ &TlsValidator::getExpirationDate , /* ACTIVATION_DATE */ &TlsValidator::getActivationDate , @@ -135,75 +137,69 @@ const Matrix1D<TlsValidator::CertificateCheck, TlsValidator::CheckValuesType> Tl /*PUBLIC_KEY_STORAGE_LOCATION */ CheckValuesType::BOOLEAN , /*PRIVATE_KEY_SELINUX_ATTRIBUTES */ CheckValuesType::BOOLEAN , /*PUBLIC_KEY_SELINUX_ATTRIBUTES */ CheckValuesType::BOOLEAN , -// /*REQUIRE_PRIVATE_KEY_PASSWORD */ CheckValuesType::BOOLEAN , /*OUTGOING_SERVER */ CheckValuesType::CUSTOM , /*EXIST */ CheckValuesType::BOOLEAN , /*VALID */ CheckValuesType::BOOLEAN , /*VALID_AUTHORITY */ CheckValuesType::BOOLEAN , /*KNOWN_AUTHORITY */ CheckValuesType::BOOLEAN , /*NOT_REVOKED */ CheckValuesType::BOOLEAN , -// /*EXPIRATION_DATE */ CheckValuesType::ISO_DATE, -// /*ACTIVATION_DATE */ CheckValuesType::ISO_DATE, /*AUTHORITY_MISMATCH */ CheckValuesType::BOOLEAN , /*UNEXPECTED_OWNER */ CheckValuesType::BOOLEAN , /*NOT_ACTIVATED */ CheckValuesType::BOOLEAN , }}; const EnumClassNames<TlsValidator::CertificateCheck> TlsValidator::CertificateCheckNames = {{ - /* CertificateCheck Name */ - /*HAS_PRIVATE_KEY */ "HAS_PRIVATE_KEY" , - /*EXPIRED */ "EXPIRED" , - /*STRONG_SIGNING */ "STRONG_SIGNING" , - /*NOT_SELF_SIGNED */ "NOT_SELF_SIGNED" , - /*KEY_MATCH */ "KEY_MATCH" , - /*PRIVATE_KEY_STORAGE_PERMISSION */ "PRIVATE_KEY_STORAGE_PERMISSION" , - /*PUBLIC_KEY_STORAGE_PERMISSION */ "PUBLIC_KEY_STORAGE_PERMISSION" , - /*PRIVATEKEY_DIRECTORY_PERMISSIONS */ "PRIVATEKEY_DIRECTORY_PERMISSIONS" , - /*PUBLICKEY_DIRECTORY_PERMISSIONS */ "PUBLICKEY_DIRECTORY_PERMISSIONS" , - /*PRIVATE_KEY_STORAGE_LOCATION */ "PRIVATE_KEY_STORAGE_LOCATION" , - /*PUBLIC_KEY_STORAGE_LOCATION */ "PUBLIC_KEY_STORAGE_LOCATION" , - /*PRIVATE_KEY_SELINUX_ATTRIBUTES */ "PRIVATE_KEY_SELINUX_ATTRIBUTES" , - /*PUBLIC_KEY_SELINUX_ATTRIBUTES */ "PUBLIC_KEY_SELINUX_ATTRIBUTES" , -// /*REQUIRE_PRIVATE_KEY_PASSWORD */ "REQUIRE_PRIVATE_KEY_PASSWORD" , // TODO move to certificateDetails() - /*OUTGOING_SERVER */ "OUTGOING_SERVER" , - /*EXIST */ "EXIST" , - /*VALID */ "VALID" , - /*VALID_AUTHORITY */ "VALID_AUTHORITY" , - /*KNOWN_AUTHORITY */ "KNOWN_AUTHORITY" , - /*NOT_REVOKED */ "NOT_REVOKED" , -// /*EXPIRATION_DATE */ "EXPIRATION_DATE" , // TODO move to certificateDetails() -// /*ACTIVATION_DATE */ "ACTIVATION_DATE" , // TODO move to certificateDetails() - /*AUTHORITY_MISMATCH */ "AUTHORITY_MISMATCH" , - /*UNEXPECTED_OWNER */ "UNEXPECTED_OWNER" , - /*NOT_ACTIVATED */ "NOT_ACTIVATED" , + /* CertificateCheck Name */ + /*HAS_PRIVATE_KEY */ DRing::Certificate::ChecksNames::HAS_PRIVATE_KEY , + /*EXPIRED */ DRing::Certificate::ChecksNames::EXPIRED , + /*STRONG_SIGNING */ DRing::Certificate::ChecksNames::STRONG_SIGNING , + /*NOT_SELF_SIGNED */ DRing::Certificate::ChecksNames::NOT_SELF_SIGNED , + /*KEY_MATCH */ DRing::Certificate::ChecksNames::KEY_MATCH , + /*PRIVATE_KEY_STORAGE_PERMISSION */ DRing::Certificate::ChecksNames::PRIVATE_KEY_STORAGE_PERMISSION , + /*PUBLIC_KEY_STORAGE_PERMISSION */ DRing::Certificate::ChecksNames::PUBLIC_KEY_STORAGE_PERMISSION , + /*PRIVATEKEY_DIRECTORY_PERMISSIONS */ DRing::Certificate::ChecksNames::PRIVATE_KEY_DIRECTORY_PERMISSIONS , + /*PUBLICKEY_DIRECTORY_PERMISSIONS */ DRing::Certificate::ChecksNames::PUBLIC_KEY_DIRECTORY_PERMISSIONS , + /*PRIVATE_KEY_STORAGE_LOCATION */ DRing::Certificate::ChecksNames::PRIVATE_KEY_STORAGE_LOCATION , + /*PUBLIC_KEY_STORAGE_LOCATION */ DRing::Certificate::ChecksNames::PUBLIC_KEY_STORAGE_LOCATION , + /*PRIVATE_KEY_SELINUX_ATTRIBUTES */ DRing::Certificate::ChecksNames::PRIVATE_KEY_SELINUX_ATTRIBUTES , + /*PUBLIC_KEY_SELINUX_ATTRIBUTES */ DRing::Certificate::ChecksNames::PUBLIC_KEY_SELINUX_ATTRIBUTES , + /*OUTGOING_SERVER */ DRing::Certificate::ChecksNames::OUTGOING_SERVER , + /*EXIST */ DRing::Certificate::ChecksNames::EXIST , + /*VALID */ DRing::Certificate::ChecksNames::VALID , + /*VALID_AUTHORITY */ DRing::Certificate::ChecksNames::VALID_AUTHORITY , + /*KNOWN_AUTHORITY */ DRing::Certificate::ChecksNames::KNOWN_AUTHORITY , + /*NOT_REVOKED */ DRing::Certificate::ChecksNames::NOT_REVOKED , + /*AUTHORITY_MISMATCH */ DRing::Certificate::ChecksNames::AUTHORITY_MISMATCH , + /*UNEXPECTED_OWNER */ DRing::Certificate::ChecksNames::UNEXPECTED_OWNER , + /*NOT_ACTIVATED */ DRing::Certificate::ChecksNames::NOT_ACTIVATED , }}; const EnumClassNames<TlsValidator::CertificateDetails> TlsValidator::CertificateDetailsNames = {{ - /* EXPIRATION_DATE */ "EXPIRATION_DATE" , - /* ACTIVATION_DATE */ "ACTIVATION_DATE" , - /* REQUIRE_PRIVATE_KEY_PASSWORD */ "REQUIRE_PRIVATE_KEY_PASSWORD" , - /* PUBLIC_SIGNATURE */ "PUBLIC_SIGNATURE" , - /* VERSION_NUMBER */ "VERSION_NUMBER" , - /* SERIAL_NUMBER */ "SERIAL_NUMBER" , - /* ISSUER */ "ISSUER" , - /* SUBJECT_KEY_ALGORITHM */ "SUBJECT_KEY_ALGORITHM" , - /* CN */ "CN" , - /* N */ "N" , - /* O */ "O" , - /* SIGNATURE_ALGORITHM */ "SIGNATURE_ALGORITHM" , - /* MD5_FINGERPRINT */ "MD5_FINGERPRINT" , - /* SHA1_FINGERPRINT */ "SHA1_FINGERPRINT" , - /* PUBLIC_KEY_ID */ "PUBLIC_KEY_ID" , - /* ISSUER_DN */ "ISSUER_DN" , - /* NEXT_EXPECTED_UPDATE_DATE */ "NEXT_EXPECTED_UPDATE_DATE" , + /* EXPIRATION_DATE */ DRing::Certificate::DetailsNames::EXPIRATION_DATE , + /* ACTIVATION_DATE */ DRing::Certificate::DetailsNames::ACTIVATION_DATE , + /* REQUIRE_PRIVATE_KEY_PASSWORD */ DRing::Certificate::DetailsNames::REQUIRE_PRIVATE_KEY_PASSWORD , + /* PUBLIC_SIGNATURE */ DRing::Certificate::DetailsNames::PUBLIC_SIGNATURE , + /* VERSION_NUMBER */ DRing::Certificate::DetailsNames::VERSION_NUMBER , + /* SERIAL_NUMBER */ DRing::Certificate::DetailsNames::SERIAL_NUMBER , + /* ISSUER */ DRing::Certificate::DetailsNames::ISSUER , + /* SUBJECT_KEY_ALGORITHM */ DRing::Certificate::DetailsNames::SUBJECT_KEY_ALGORITHM , + /* CN */ DRing::Certificate::DetailsNames::CN , + /* N */ DRing::Certificate::DetailsNames::N , + /* O */ DRing::Certificate::DetailsNames::O , + /* SIGNATURE_ALGORITHM */ DRing::Certificate::DetailsNames::SIGNATURE_ALGORITHM , + /* MD5_FINGERPRINT */ DRing::Certificate::DetailsNames::MD5_FINGERPRINT , + /* SHA1_FINGERPRINT */ DRing::Certificate::DetailsNames::SHA1_FINGERPRINT , + /* PUBLIC_KEY_ID */ DRing::Certificate::DetailsNames::PUBLIC_KEY_ID , + /* ISSUER_DN */ DRing::Certificate::DetailsNames::ISSUER_DN , + /* NEXT_EXPECTED_UPDATE_DATE */ DRing::Certificate::DetailsNames::NEXT_EXPECTED_UPDATE_DATE , }}; const EnumClassNames<const TlsValidator::CheckValuesType> TlsValidator::CheckValuesTypeNames = {{ - /* Type Name */ - /* BOOLEAN */ "BOOLEAN" , - /* ISO_DATE */ "ISO_DATE" , - /* CUSTOM */ "CUSTOM" , - /* NUMBER */ "NUMBER" , + /* Type Name */ + /* BOOLEAN */ DRing::Certificate::ChecksValuesTypesNames::BOOLEAN , + /* ISO_DATE */ DRing::Certificate::ChecksValuesTypesNames::ISO_DATE , + /* CUSTOM */ DRing::Certificate::ChecksValuesTypesNames::CUSTOM , + /* NUMBER */ DRing::Certificate::ChecksValuesTypesNames::NUMBER , }}; const Matrix2D<TlsValidator::CheckValuesType , TlsValidator::CheckValues , bool> TlsValidator::acceptedCheckValuesResult = {{ @@ -216,7 +212,8 @@ const Matrix2D<TlsValidator::CheckValuesType , TlsValidator::CheckValues , bool> TlsValidator::TlsValidator(const std::string& certificate, const std::string& privatekey) : -certificatePath_(certificate), privateKeyPath_(privatekey), caCert_(nullptr), caChecked_(false) +certificatePath_(certificate), privateKeyPath_(privatekey), certificateFound_(false), caCert_(nullptr), +caChecked_(false) { int err = gnutls_global_init(); if (err != GNUTLS_E_SUCCESS) @@ -225,6 +222,7 @@ certificatePath_(certificate), privateKeyPath_(privatekey), caCert_(nullptr), ca try { x509crt_ = {fileutils::loadFile(certificatePath_)}; certificateContent_ = x509crt_.getPacked(); + certificateFound_ = true; } catch (const std::exception& e) { throw TlsValidatorException("Can't load certificate"); } @@ -351,39 +349,6 @@ void TlsValidator::setCaTlsValidator(const TlsValidator& validator) caCert_ = (TlsValidator*)(&validator); } -/** - * Print the Subject, the Issuer and the Verification status of a given certificate. - * - * @todo Move to "certificateDetails()" once completed - */ -static int crypto_cert_print_issuer(gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer) -{ - char name[512]; - char issuer_name[512]; - size_t name_size; - size_t issuer_name_size; - - issuer_name_size = sizeof(issuer_name); - gnutls_x509_crt_get_issuer_dn(cert, issuer_name, - &issuer_name_size); - - name_size = sizeof(name); - gnutls_x509_crt_get_dn(cert, name, &name_size); - - RING_DBG("Subject: %s", name); - RING_DBG("Issuer: %s", issuer_name); - - if (issuer != nullptr) { - issuer_name_size = sizeof(issuer_name); - gnutls_x509_crt_get_dn(issuer, issuer_name, &issuer_name_size); - - RING_DBG("Verified against: %s", issuer_name); - } - - return 0; -} - /** * Helper method to return UNSUPPORTED when an error is detected */ @@ -1177,4 +1142,4 @@ TlsValidator::CheckResult TlsValidator::getActivationDate() return formatDate(expiration); } -} // namespace ring +} //namespace ring