From 7fcb3514a6e781c2165ba5a25d85f22658ec1a7b Mon Sep 17 00:00:00 2001
From: Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com>
Date: Wed, 28 Jan 2015 19:42:12 +0000
Subject: [PATCH] security: Exported DBus constants in a .h
This commit also fix various issues with the TLSValidator:
* Remove dead code (-Wunused)
* Handle exeptions in configurationmanager (runtime assert)
* Add missing construction initializer (-Wuninitialized)
Refs #64785
Change-Id: I315396b2a3a29d097743ce825cda91235a6e7936
---
daemon/bin/Makefile.am | 4 +-
daemon/bin/dbus/Makefile.am | 2 +-
.../dbus/configurationmanager-introspec.xml | 2 +
daemon/bin/dbus/dbuscallmanager.cpp | 2 +-
daemon/bin/dbus/dbusclient.cpp | 2 +-
daemon/bin/dbus/dbusclient.h | 2 +-
daemon/bin/dbus/dbusconfigurationmanager.cpp | 2 +-
daemon/bin/dbus/dbuspresencemanager.cpp | 2 +-
daemon/bin/dbus/dbusvideomanager.cpp | 2 +-
daemon/bin/osxmain.cpp | 2 +-
daemon/globals.mak | 2 +-
daemon/src/Makefile.am | 3 +
daemon/src/client/callmanager.h | 2 +-
daemon/src/client/configurationmanager.cpp | 26 ++-
daemon/src/client/configurationmanager.h | 2 +-
daemon/src/client/presencemanager.h | 2 +-
daemon/src/client/videomanager.h | 2 +-
daemon/src/{public/ring.h => dring/dring.h} | 0
daemon/src/dring/security.h | 111 +++++++++++++
daemon/src/ring_api.cpp | 2 +-
daemon/src/sip/tlsvalidator.cpp | 153 +++++++-----------
21 files changed, 211 insertions(+), 116 deletions(-)
rename daemon/src/{public/ring.h => dring/dring.h} (100%)
create mode 100644 daemon/src/dring/security.h
diff --git a/daemon/bin/Makefile.am b/daemon/bin/Makefile.am
index 6e340d78d3..96b12d76ef 100644
--- a/daemon/bin/Makefile.am
+++ b/daemon/bin/Makefile.am
@@ -9,7 +9,7 @@ if HAVE_OSX
libexec_PROGRAMS = ringcli
ringcli_SOURCES = osxmain.cpp
ringcli_CXXFLAGS = -I$(top_srcdir)/src \
- -I$(top_srcdir)/src/public \
+ -I$(top_srcdir)/src/dring \
-DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\"
ringcli_LDADD = $(top_builddir)/src/libring.la
endif
@@ -22,7 +22,7 @@ libexec_PROGRAMS = dring
dring_SOURCES = main.cpp
dring_CXXFLAGS= -I$(top_srcdir)/src ${DBUSCPP_CFLAGS} \
- -I$(top_srcdir)/src/public \
+ -I$(top_srcdir)/src/dring \
-DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\"
dring_LDADD = dbus/libclient_dbus.la ${DBUSCPP_LIBS} $(top_builddir)/src/libring.la
diff --git a/daemon/bin/dbus/Makefile.am b/daemon/bin/dbus/Makefile.am
index 121fedef3d..965e4588bc 100644
--- a/daemon/bin/dbus/Makefile.am
+++ b/daemon/bin/dbus/Makefile.am
@@ -49,7 +49,7 @@ endif
libclient_dbus_la_CXXFLAGS = -I../ \
-I$(top_srcdir)/src \
- -I$(top_srcdir)/src/public \
+ -I$(top_srcdir)/src/dring \
-DPREFIX=\"$(prefix)\" \
-DPROGSHAREDIR=\"${datadir}/ring\" \
$(DBUSCPP_CFLAGS)
diff --git a/daemon/bin/dbus/configurationmanager-introspec.xml b/daemon/bin/dbus/configurationmanager-introspec.xml
index 68f4431666..c19f3229a2 100644
--- a/daemon/bin/dbus/configurationmanager-introspec.xml
+++ b/daemon/bin/dbus/configurationmanager-introspec.xml
@@ -646,6 +646,7 @@
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate validation</p>
+ The constants used as keys are defined in the "security.h" constants header file
</tp:docstring>
</arg>
</method>
@@ -660,6 +661,7 @@
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate details</p>
+ The constants used as keys are defined in the "security.h" constants header file
</tp:docstring>
</arg>
</method>
diff --git a/daemon/bin/dbus/dbuscallmanager.cpp b/daemon/bin/dbus/dbuscallmanager.cpp
index fdab56216f..1d1d5213ac 100644
--- a/daemon/bin/dbus/dbuscallmanager.cpp
+++ b/daemon/bin/dbus/dbuscallmanager.cpp
@@ -28,7 +28,7 @@
* as that of the covered work.
*/
#include <iostream>
-#include "ring.h"
+#include "dring.h"
#include "dbuscallmanager.h"
diff --git a/daemon/bin/dbus/dbusclient.cpp b/daemon/bin/dbus/dbusclient.cpp
index 9ebc7460d8..777c76b0fe 100644
--- a/daemon/bin/dbus/dbusclient.cpp
+++ b/daemon/bin/dbus/dbusclient.cpp
@@ -31,7 +31,7 @@
#include <iostream>
#include <cstring>
#include <stdexcept>
-#include "ring.h"
+#include "dring.h"
#include "dbusclient.h"
#include "dbus_cpp.h"
diff --git a/daemon/bin/dbus/dbusclient.h b/daemon/bin/dbus/dbusclient.h
index 85077020a6..0aedcae9c2 100644
--- a/daemon/bin/dbus/dbusclient.h
+++ b/daemon/bin/dbus/dbusclient.h
@@ -31,7 +31,7 @@
#ifndef __DBUSCLIENT_H__
#define __DBUSCLIENT_H__
-#include "ring.h"
+#include "dring.h"
#include "noncopyable.h"
class DBusConfigurationManager;
diff --git a/daemon/bin/dbus/dbusconfigurationmanager.cpp b/daemon/bin/dbus/dbusconfigurationmanager.cpp
index ab06d305fe..a0648294a0 100644
--- a/daemon/bin/dbus/dbusconfigurationmanager.cpp
+++ b/daemon/bin/dbus/dbusconfigurationmanager.cpp
@@ -28,7 +28,7 @@
* as that of the covered work.
*/
#include <iostream>
-#include "ring.h"
+#include "dring.h"
#include "dbusconfigurationmanager.h"
diff --git a/daemon/bin/dbus/dbuspresencemanager.cpp b/daemon/bin/dbus/dbuspresencemanager.cpp
index 3ad66fdf46..14f3246830 100644
--- a/daemon/bin/dbus/dbuspresencemanager.cpp
+++ b/daemon/bin/dbus/dbuspresencemanager.cpp
@@ -27,7 +27,7 @@
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
-#include "ring.h"
+#include "dring.h"
#include "dbuspresencemanager.h"
diff --git a/daemon/bin/dbus/dbusvideomanager.cpp b/daemon/bin/dbus/dbusvideomanager.cpp
index 24b1d24004..16596813b0 100644
--- a/daemon/bin/dbus/dbusvideomanager.cpp
+++ b/daemon/bin/dbus/dbusvideomanager.cpp
@@ -27,7 +27,7 @@
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
-#include "ring.h"
+#include "dring.h"
#include "dbusvideomanager.h"
diff --git a/daemon/bin/osxmain.cpp b/daemon/bin/osxmain.cpp
index 3f2c62e048..c98b101ffe 100644
--- a/daemon/bin/osxmain.cpp
+++ b/daemon/bin/osxmain.cpp
@@ -36,7 +36,7 @@
#include <getopt.h>
#include <string>
-#include "ring.h"
+#include "dring.h"
#include "fileutils.h"
static int sflphFlags = 0;
diff --git a/daemon/globals.mak b/daemon/globals.mak
index c6e53e47bb..4ddafaf0fe 100644
--- a/daemon/globals.mak
+++ b/daemon/globals.mak
@@ -26,7 +26,7 @@ AM_CPPFLAGS = \
-I$(src)/src/config \
-I$(src)/src/media \
-I$(src)/test \
- -I$(src)/src/public \
+ -I$(src)/src/dring \
$(SIP_CFLAGS) \
-DPREFIX=\"$(prefix)\" \
-DPROGSHAREDIR=\"${datadir}/ring\" \
diff --git a/daemon/src/Makefile.am b/daemon/src/Makefile.am
index 19237c386c..a21584ca35 100644
--- a/daemon/src/Makefile.am
+++ b/daemon/src/Makefile.am
@@ -133,3 +133,6 @@ libring_la_SOURCES = conference.cpp \
string_utils.cpp \
rw_mutex.h \
ring_api.cpp
+
+nobase_include_HEADERS= dring/dring.h \
+ dring/security.h
diff --git a/daemon/src/client/callmanager.h b/daemon/src/client/callmanager.h
index a9a4f3e5e7..6686a14a74 100644
--- a/daemon/src/client/callmanager.h
+++ b/daemon/src/client/callmanager.h
@@ -40,7 +40,7 @@
#include <vector>
#include <string>
-#include "ring.h"
+#include "dring.h"
namespace ring {
diff --git a/daemon/src/client/configurationmanager.cpp b/daemon/src/client/configurationmanager.cpp
index 5519d0574c..ad04d0429d 100644
--- a/daemon/src/client/configurationmanager.cpp
+++ b/daemon/src/client/configurationmanager.cpp
@@ -45,6 +45,7 @@
#include "fileutils.h"
#include "ip_utils.h"
#include "sip/sipaccount.h"
+#include "security.h"
#include "audio/audiolayer.h"
#include <dirent.h>
@@ -142,13 +143,21 @@ void ConfigurationManager::setTlsSettings(const std::map<std::string, std::strin
accountsChanged();
}
-std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string& accountId,
+std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string&,
const std::string& certificate,
const std::string& privateKey)
{
#if HAVE_TLS && HAVE_DHT
- TlsValidator validator(certificate,privateKey);
- return validator.getSerializedChecks();
+ try {
+ TlsValidator validator(certificate,privateKey);
+ return validator.getSerializedChecks();
+ }
+ catch(const std::runtime_error& e) {
+ std::map<std::string, std::string> res;
+ RING_WARN("Certificate loading failed");
+ res[DRing::Certificate::ChecksNames::EXIST] = DRing::Certificate::CheckValuesNames::FAILED;
+ return res;
+ }
#else
RING_WARN("TLS not supported");
return std::map<std::string, std::string>();
@@ -158,12 +167,17 @@ std::map<std::string, std::string> ConfigurationManager::validateCertificate(con
std::map<std::string, std::string> ConfigurationManager::getCertificateDetails(const std::string& certificate)
{
#if HAVE_TLS && HAVE_DHT
- TlsValidator validator(certificate,"");
- return validator.getSerializedDetails();
+ try {
+ TlsValidator validator(certificate,"");
+ return validator.getSerializedDetails();
+ }
+ catch(const std::runtime_error& e) {
+ RING_WARN("Certificate loading failed");
+ }
#else
RING_WARN("TLS not supported");
- return std::map<std::string, std::string>();
#endif
+ return std::map<std::string, std::string>();
}
void ConfigurationManager::setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details)
diff --git a/daemon/src/client/configurationmanager.h b/daemon/src/client/configurationmanager.h
index 6ea802eb4b..b62bbc2bbd 100644
--- a/daemon/src/client/configurationmanager.h
+++ b/daemon/src/client/configurationmanager.h
@@ -42,7 +42,7 @@
#include <map>
#include <string>
-#include "ring.h"
+#include "dring.h"
namespace ring {
diff --git a/daemon/src/client/presencemanager.h b/daemon/src/client/presencemanager.h
index 0b6ae9052c..ddd24e953e 100644
--- a/daemon/src/client/presencemanager.h
+++ b/daemon/src/client/presencemanager.h
@@ -38,7 +38,7 @@
#include <vector>
#include <string>
-#include "ring.h"
+#include "dring.h"
namespace ring {
diff --git a/daemon/src/client/videomanager.h b/daemon/src/client/videomanager.h
index f653448e4d..d287ca320d 100644
--- a/daemon/src/client/videomanager.h
+++ b/daemon/src/client/videomanager.h
@@ -43,7 +43,7 @@
#include "video/video_base.h"
#include "video/video_input.h"
-#include "ring.h"
+#include "dring.h"
namespace ring {
diff --git a/daemon/src/public/ring.h b/daemon/src/dring/dring.h
similarity index 100%
rename from daemon/src/public/ring.h
rename to daemon/src/dring/dring.h
diff --git a/daemon/src/dring/security.h b/daemon/src/dring/security.h
new file mode 100644
index 0000000000..e92fa4b80b
--- /dev/null
+++ b/daemon/src/dring/security.h
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2015 Savoir-Faire Linux Inc.
+ * Author: Philippe Proulx <philippe.proulx@savoirfairelinux.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Additional permission under GNU GPL version 3 section 7:
+ *
+ * If you modify this program, or any covered work, by linking or
+ * combining it with the OpenSSL project's OpenSSL library (or a
+ * modified version of that library), containing parts covered by the
+ * terms of the OpenSSL or SSLeay licenses, Savoir-Faire Linux Inc.
+ * grants you additional permission to convey the resulting work.
+ * Corresponding Source for a non-source form of such a combination
+ * shall include the source code for the parts of OpenSSL used as well
+ * as that of the covered work.
+ */
+
+namespace DRing {
+
+namespace Certificate {
+
+/**
+* Those constantes are used by the ConfigurationManager.validateCertificate method
+*/
+namespace ChecksNames {
+ constexpr static char* HAS_PRIVATE_KEY = "HAS_PRIVATE_KEY" ;
+ constexpr static char* EXPIRED = "EXPIRED" ;
+ constexpr static char* STRONG_SIGNING = "STRONG_SIGNING" ;
+ constexpr static char* NOT_SELF_SIGNED = "NOT_SELF_SIGNED" ;
+ constexpr static char* KEY_MATCH = "KEY_MATCH" ;
+ constexpr static char* PRIVATE_KEY_STORAGE_PERMISSION = "PRIVATE_KEY_STORAGE_PERMISSION" ;
+ constexpr static char* PUBLIC_KEY_STORAGE_PERMISSION = "PUBLIC_KEY_STORAGE_PERMISSION" ;
+ constexpr static char* PRIVATE_KEY_DIRECTORY_PERMISSIONS = "PRIVATEKEY_DIRECTORY_PERMISSIONS";
+ constexpr static char* PUBLIC_KEY_DIRECTORY_PERMISSIONS = "PUBLICKEY_DIRECTORY_PERMISSIONS" ;
+ constexpr static char* PRIVATE_KEY_STORAGE_LOCATION = "PRIVATE_KEY_STORAGE_LOCATION" ;
+ constexpr static char* PUBLIC_KEY_STORAGE_LOCATION = "PUBLIC_KEY_STORAGE_LOCATION" ;
+ constexpr static char* PRIVATE_KEY_SELINUX_ATTRIBUTES = "PRIVATE_KEY_SELINUX_ATTRIBUTES" ;
+ constexpr static char* PUBLIC_KEY_SELINUX_ATTRIBUTES = "PUBLIC_KEY_SELINUX_ATTRIBUTES" ;
+ constexpr static char* OUTGOING_SERVER = "OUTGOING_SERVER" ;
+ constexpr static char* EXIST = "EXIST" ;
+ constexpr static char* VALID = "VALID" ;
+ constexpr static char* VALID_AUTHORITY = "VALID_AUTHORITY" ;
+ constexpr static char* KNOWN_AUTHORITY = "KNOWN_AUTHORITY" ;
+ constexpr static char* NOT_REVOKED = "NOT_REVOKED" ;
+ constexpr static char* AUTHORITY_MISMATCH = "AUTHORITY_MISMATCH" ;
+ constexpr static char* UNEXPECTED_OWNER = "UNEXPECTED_OWNER" ;
+ constexpr static char* NOT_ACTIVATED = "NOT_ACTIVATED" ;
+} //namespace DRing::Certificate::CheckValuesNames
+
+/**
+* Those constants are used by the ConfigurationManager.getCertificateDetails method
+*/
+namespace DetailsNames {
+ constexpr static char* EXPIRATION_DATE = "EXPIRATION_DATE" ;
+ constexpr static char* ACTIVATION_DATE = "ACTIVATION_DATE" ;
+ constexpr static char* REQUIRE_PRIVATE_KEY_PASSWORD = "REQUIRE_PRIVATE_KEY_PASSWORD" ;
+ constexpr static char* PUBLIC_SIGNATURE = "PUBLIC_SIGNATURE" ;
+ constexpr static char* VERSION_NUMBER = "VERSION_NUMBER" ;
+ constexpr static char* SERIAL_NUMBER = "SERIAL_NUMBER" ;
+ constexpr static char* ISSUER = "ISSUER" ;
+ constexpr static char* SUBJECT_KEY_ALGORITHM = "SUBJECT_KEY_ALGORITHM" ;
+ constexpr static char* CN = "CN" ;
+ constexpr static char* N = "N" ;
+ constexpr static char* O = "O" ;
+ constexpr static char* SIGNATURE_ALGORITHM = "SIGNATURE_ALGORITHM" ;
+ constexpr static char* MD5_FINGERPRINT = "MD5_FINGERPRINT" ;
+ constexpr static char* SHA1_FINGERPRINT = "SHA1_FINGERPRINT" ;
+ constexpr static char* PUBLIC_KEY_ID = "PUBLIC_KEY_ID" ;
+ constexpr static char* ISSUER_DN = "ISSUER_DN" ;
+ constexpr static char* NEXT_EXPECTED_UPDATE_DATE = "NEXT_EXPECTED_UPDATE_DATE" ;
+} //namespace DRing::Certificate::CheckValuesNames
+
+/**
+* Those constants are used by the ConfigurationManager.getCertificateDetails and
+* ConfigurationManager.validateCertificate methods
+*/
+namespace ChecksValuesTypesNames {
+ constexpr static char* BOOLEAN = "BOOLEAN" ;
+ constexpr static char* ISO_DATE = "ISO_DATE" ;
+ constexpr static char* CUSTOM = "CUSTOM" ;
+ constexpr static char* NUMBER = "NUMBER" ;
+} //namespace DRing::Certificate::CheckValuesNames
+
+/**
+* Those constantes are used by the ConfigurationManager.validateCertificate method
+*/
+namespace CheckValuesNames {
+ constexpr static char* PASSED = "PASSED" ;
+ constexpr static char* FAILED = "FAILED" ;
+ constexpr static char* UNSUPPORTED = "UNSUPPORTED";
+ constexpr static char* ISO_DATE = "ISO_DATE" ;
+ constexpr static char* CUSTOM = "CUSTOM" ;
+ constexpr static char* DATE = "DATE" ;
+} //namespace DRing::Certificate::CheckValuesNames
+
+} //namespace DRing::Certificate
+
+} //namespace DRing
\ No newline at end of file
diff --git a/daemon/src/ring_api.cpp b/daemon/src/ring_api.cpp
index 327f3f464a..f1acf44b40 100644
--- a/daemon/src/ring_api.cpp
+++ b/daemon/src/ring_api.cpp
@@ -39,7 +39,7 @@
#include "manager.h"
#include "managerimpl.h"
#include "logger.h"
-#include "ring.h"
+#include "dring.h"
#include "client/callmanager.h"
#include "client/configurationmanager.h"
#include "client/presencemanager.h"
diff --git a/daemon/src/sip/tlsvalidator.cpp b/daemon/src/sip/tlsvalidator.cpp
index c7b1e203f8..a739aea9c8 100644
--- a/daemon/src/sip/tlsvalidator.cpp
+++ b/daemon/src/sip/tlsvalidator.cpp
@@ -40,6 +40,7 @@
#include "fileutils.h"
#include "logger.h"
+#include "security.h"
#include <sstream>
#include <iomanip>
@@ -63,14 +64,16 @@
namespace ring {
+//Map the internal ring Enum class of the exported names
+
const EnumClassNames<TlsValidator::CheckValues> TlsValidator::CheckValuesNames = {{
- /* CheckValues Name */
- /* PASSED */ "PASSED" ,
- /* FAILED */ "FAILED" ,
- /* UNSUPPORTED */ "UNSUPPORTED" ,
- /* ISO_DATE */ "ISO_DATE" ,
- /* CUSTOM */ "CUSTOM" ,
- /* CUSTOM */ "DATE" ,
+ /* CheckValues Name */
+ /* PASSED */ DRing::Certificate::CheckValuesNames::PASSED ,
+ /* FAILED */ DRing::Certificate::CheckValuesNames::FAILED ,
+ /* UNSUPPORTED */ DRing::Certificate::CheckValuesNames::UNSUPPORTED ,
+ /* ISO_DATE */ DRing::Certificate::CheckValuesNames::ISO_DATE ,
+ /* CUSTOM */ DRing::Certificate::CheckValuesNames::CUSTOM ,
+ /* CUSTOM */ DRing::Certificate::CheckValuesNames::DATE ,
}};
const CallbackMatrix1D<TlsValidator::CertificateCheck, TlsValidator, TlsValidator::CheckResult> TlsValidator::checkCallback = {{
@@ -99,7 +102,6 @@ const CallbackMatrix1D<TlsValidator::CertificateCheck, TlsValidator, TlsValidato
/*NOT_ACTIVATED */ &TlsValidator::activated ,
}};
-
const CallbackMatrix1D<TlsValidator::CertificateDetails, TlsValidator, TlsValidator::CheckResult> TlsValidator::getterCallback = {{
/* EXPIRATION_DATE */ &TlsValidator::getExpirationDate ,
/* ACTIVATION_DATE */ &TlsValidator::getActivationDate ,
@@ -135,75 +137,69 @@ const Matrix1D<TlsValidator::CertificateCheck, TlsValidator::CheckValuesType> Tl
/*PUBLIC_KEY_STORAGE_LOCATION */ CheckValuesType::BOOLEAN ,
/*PRIVATE_KEY_SELINUX_ATTRIBUTES */ CheckValuesType::BOOLEAN ,
/*PUBLIC_KEY_SELINUX_ATTRIBUTES */ CheckValuesType::BOOLEAN ,
-// /*REQUIRE_PRIVATE_KEY_PASSWORD */ CheckValuesType::BOOLEAN ,
/*OUTGOING_SERVER */ CheckValuesType::CUSTOM ,
/*EXIST */ CheckValuesType::BOOLEAN ,
/*VALID */ CheckValuesType::BOOLEAN ,
/*VALID_AUTHORITY */ CheckValuesType::BOOLEAN ,
/*KNOWN_AUTHORITY */ CheckValuesType::BOOLEAN ,
/*NOT_REVOKED */ CheckValuesType::BOOLEAN ,
-// /*EXPIRATION_DATE */ CheckValuesType::ISO_DATE,
-// /*ACTIVATION_DATE */ CheckValuesType::ISO_DATE,
/*AUTHORITY_MISMATCH */ CheckValuesType::BOOLEAN ,
/*UNEXPECTED_OWNER */ CheckValuesType::BOOLEAN ,
/*NOT_ACTIVATED */ CheckValuesType::BOOLEAN ,
}};
const EnumClassNames<TlsValidator::CertificateCheck> TlsValidator::CertificateCheckNames = {{
- /* CertificateCheck Name */
- /*HAS_PRIVATE_KEY */ "HAS_PRIVATE_KEY" ,
- /*EXPIRED */ "EXPIRED" ,
- /*STRONG_SIGNING */ "STRONG_SIGNING" ,
- /*NOT_SELF_SIGNED */ "NOT_SELF_SIGNED" ,
- /*KEY_MATCH */ "KEY_MATCH" ,
- /*PRIVATE_KEY_STORAGE_PERMISSION */ "PRIVATE_KEY_STORAGE_PERMISSION" ,
- /*PUBLIC_KEY_STORAGE_PERMISSION */ "PUBLIC_KEY_STORAGE_PERMISSION" ,
- /*PRIVATEKEY_DIRECTORY_PERMISSIONS */ "PRIVATEKEY_DIRECTORY_PERMISSIONS" ,
- /*PUBLICKEY_DIRECTORY_PERMISSIONS */ "PUBLICKEY_DIRECTORY_PERMISSIONS" ,
- /*PRIVATE_KEY_STORAGE_LOCATION */ "PRIVATE_KEY_STORAGE_LOCATION" ,
- /*PUBLIC_KEY_STORAGE_LOCATION */ "PUBLIC_KEY_STORAGE_LOCATION" ,
- /*PRIVATE_KEY_SELINUX_ATTRIBUTES */ "PRIVATE_KEY_SELINUX_ATTRIBUTES" ,
- /*PUBLIC_KEY_SELINUX_ATTRIBUTES */ "PUBLIC_KEY_SELINUX_ATTRIBUTES" ,
-// /*REQUIRE_PRIVATE_KEY_PASSWORD */ "REQUIRE_PRIVATE_KEY_PASSWORD" , // TODO move to certificateDetails()
- /*OUTGOING_SERVER */ "OUTGOING_SERVER" ,
- /*EXIST */ "EXIST" ,
- /*VALID */ "VALID" ,
- /*VALID_AUTHORITY */ "VALID_AUTHORITY" ,
- /*KNOWN_AUTHORITY */ "KNOWN_AUTHORITY" ,
- /*NOT_REVOKED */ "NOT_REVOKED" ,
-// /*EXPIRATION_DATE */ "EXPIRATION_DATE" , // TODO move to certificateDetails()
-// /*ACTIVATION_DATE */ "ACTIVATION_DATE" , // TODO move to certificateDetails()
- /*AUTHORITY_MISMATCH */ "AUTHORITY_MISMATCH" ,
- /*UNEXPECTED_OWNER */ "UNEXPECTED_OWNER" ,
- /*NOT_ACTIVATED */ "NOT_ACTIVATED" ,
+ /* CertificateCheck Name */
+ /*HAS_PRIVATE_KEY */ DRing::Certificate::ChecksNames::HAS_PRIVATE_KEY ,
+ /*EXPIRED */ DRing::Certificate::ChecksNames::EXPIRED ,
+ /*STRONG_SIGNING */ DRing::Certificate::ChecksNames::STRONG_SIGNING ,
+ /*NOT_SELF_SIGNED */ DRing::Certificate::ChecksNames::NOT_SELF_SIGNED ,
+ /*KEY_MATCH */ DRing::Certificate::ChecksNames::KEY_MATCH ,
+ /*PRIVATE_KEY_STORAGE_PERMISSION */ DRing::Certificate::ChecksNames::PRIVATE_KEY_STORAGE_PERMISSION ,
+ /*PUBLIC_KEY_STORAGE_PERMISSION */ DRing::Certificate::ChecksNames::PUBLIC_KEY_STORAGE_PERMISSION ,
+ /*PRIVATEKEY_DIRECTORY_PERMISSIONS */ DRing::Certificate::ChecksNames::PRIVATE_KEY_DIRECTORY_PERMISSIONS ,
+ /*PUBLICKEY_DIRECTORY_PERMISSIONS */ DRing::Certificate::ChecksNames::PUBLIC_KEY_DIRECTORY_PERMISSIONS ,
+ /*PRIVATE_KEY_STORAGE_LOCATION */ DRing::Certificate::ChecksNames::PRIVATE_KEY_STORAGE_LOCATION ,
+ /*PUBLIC_KEY_STORAGE_LOCATION */ DRing::Certificate::ChecksNames::PUBLIC_KEY_STORAGE_LOCATION ,
+ /*PRIVATE_KEY_SELINUX_ATTRIBUTES */ DRing::Certificate::ChecksNames::PRIVATE_KEY_SELINUX_ATTRIBUTES ,
+ /*PUBLIC_KEY_SELINUX_ATTRIBUTES */ DRing::Certificate::ChecksNames::PUBLIC_KEY_SELINUX_ATTRIBUTES ,
+ /*OUTGOING_SERVER */ DRing::Certificate::ChecksNames::OUTGOING_SERVER ,
+ /*EXIST */ DRing::Certificate::ChecksNames::EXIST ,
+ /*VALID */ DRing::Certificate::ChecksNames::VALID ,
+ /*VALID_AUTHORITY */ DRing::Certificate::ChecksNames::VALID_AUTHORITY ,
+ /*KNOWN_AUTHORITY */ DRing::Certificate::ChecksNames::KNOWN_AUTHORITY ,
+ /*NOT_REVOKED */ DRing::Certificate::ChecksNames::NOT_REVOKED ,
+ /*AUTHORITY_MISMATCH */ DRing::Certificate::ChecksNames::AUTHORITY_MISMATCH ,
+ /*UNEXPECTED_OWNER */ DRing::Certificate::ChecksNames::UNEXPECTED_OWNER ,
+ /*NOT_ACTIVATED */ DRing::Certificate::ChecksNames::NOT_ACTIVATED ,
}};
const EnumClassNames<TlsValidator::CertificateDetails> TlsValidator::CertificateDetailsNames = {{
- /* EXPIRATION_DATE */ "EXPIRATION_DATE" ,
- /* ACTIVATION_DATE */ "ACTIVATION_DATE" ,
- /* REQUIRE_PRIVATE_KEY_PASSWORD */ "REQUIRE_PRIVATE_KEY_PASSWORD" ,
- /* PUBLIC_SIGNATURE */ "PUBLIC_SIGNATURE" ,
- /* VERSION_NUMBER */ "VERSION_NUMBER" ,
- /* SERIAL_NUMBER */ "SERIAL_NUMBER" ,
- /* ISSUER */ "ISSUER" ,
- /* SUBJECT_KEY_ALGORITHM */ "SUBJECT_KEY_ALGORITHM" ,
- /* CN */ "CN" ,
- /* N */ "N" ,
- /* O */ "O" ,
- /* SIGNATURE_ALGORITHM */ "SIGNATURE_ALGORITHM" ,
- /* MD5_FINGERPRINT */ "MD5_FINGERPRINT" ,
- /* SHA1_FINGERPRINT */ "SHA1_FINGERPRINT" ,
- /* PUBLIC_KEY_ID */ "PUBLIC_KEY_ID" ,
- /* ISSUER_DN */ "ISSUER_DN" ,
- /* NEXT_EXPECTED_UPDATE_DATE */ "NEXT_EXPECTED_UPDATE_DATE" ,
+ /* EXPIRATION_DATE */ DRing::Certificate::DetailsNames::EXPIRATION_DATE ,
+ /* ACTIVATION_DATE */ DRing::Certificate::DetailsNames::ACTIVATION_DATE ,
+ /* REQUIRE_PRIVATE_KEY_PASSWORD */ DRing::Certificate::DetailsNames::REQUIRE_PRIVATE_KEY_PASSWORD ,
+ /* PUBLIC_SIGNATURE */ DRing::Certificate::DetailsNames::PUBLIC_SIGNATURE ,
+ /* VERSION_NUMBER */ DRing::Certificate::DetailsNames::VERSION_NUMBER ,
+ /* SERIAL_NUMBER */ DRing::Certificate::DetailsNames::SERIAL_NUMBER ,
+ /* ISSUER */ DRing::Certificate::DetailsNames::ISSUER ,
+ /* SUBJECT_KEY_ALGORITHM */ DRing::Certificate::DetailsNames::SUBJECT_KEY_ALGORITHM ,
+ /* CN */ DRing::Certificate::DetailsNames::CN ,
+ /* N */ DRing::Certificate::DetailsNames::N ,
+ /* O */ DRing::Certificate::DetailsNames::O ,
+ /* SIGNATURE_ALGORITHM */ DRing::Certificate::DetailsNames::SIGNATURE_ALGORITHM ,
+ /* MD5_FINGERPRINT */ DRing::Certificate::DetailsNames::MD5_FINGERPRINT ,
+ /* SHA1_FINGERPRINT */ DRing::Certificate::DetailsNames::SHA1_FINGERPRINT ,
+ /* PUBLIC_KEY_ID */ DRing::Certificate::DetailsNames::PUBLIC_KEY_ID ,
+ /* ISSUER_DN */ DRing::Certificate::DetailsNames::ISSUER_DN ,
+ /* NEXT_EXPECTED_UPDATE_DATE */ DRing::Certificate::DetailsNames::NEXT_EXPECTED_UPDATE_DATE ,
}};
const EnumClassNames<const TlsValidator::CheckValuesType> TlsValidator::CheckValuesTypeNames = {{
- /* Type Name */
- /* BOOLEAN */ "BOOLEAN" ,
- /* ISO_DATE */ "ISO_DATE" ,
- /* CUSTOM */ "CUSTOM" ,
- /* NUMBER */ "NUMBER" ,
+ /* Type Name */
+ /* BOOLEAN */ DRing::Certificate::ChecksValuesTypesNames::BOOLEAN ,
+ /* ISO_DATE */ DRing::Certificate::ChecksValuesTypesNames::ISO_DATE ,
+ /* CUSTOM */ DRing::Certificate::ChecksValuesTypesNames::CUSTOM ,
+ /* NUMBER */ DRing::Certificate::ChecksValuesTypesNames::NUMBER ,
}};
const Matrix2D<TlsValidator::CheckValuesType , TlsValidator::CheckValues , bool> TlsValidator::acceptedCheckValuesResult = {{
@@ -216,7 +212,8 @@ const Matrix2D<TlsValidator::CheckValuesType , TlsValidator::CheckValues , bool>
TlsValidator::TlsValidator(const std::string& certificate, const std::string& privatekey) :
-certificatePath_(certificate), privateKeyPath_(privatekey), caCert_(nullptr), caChecked_(false)
+certificatePath_(certificate), privateKeyPath_(privatekey), certificateFound_(false), caCert_(nullptr),
+caChecked_(false)
{
int err = gnutls_global_init();
if (err != GNUTLS_E_SUCCESS)
@@ -225,6 +222,7 @@ certificatePath_(certificate), privateKeyPath_(privatekey), caCert_(nullptr), ca
try {
x509crt_ = {fileutils::loadFile(certificatePath_)};
certificateContent_ = x509crt_.getPacked();
+ certificateFound_ = true;
} catch (const std::exception& e) {
throw TlsValidatorException("Can't load certificate");
}
@@ -351,39 +349,6 @@ void TlsValidator::setCaTlsValidator(const TlsValidator& validator)
caCert_ = (TlsValidator*)(&validator);
}
-/**
- * Print the Subject, the Issuer and the Verification status of a given certificate.
- *
- * @todo Move to "certificateDetails()" once completed
- */
-static int crypto_cert_print_issuer(gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer)
-{
- char name[512];
- char issuer_name[512];
- size_t name_size;
- size_t issuer_name_size;
-
- issuer_name_size = sizeof(issuer_name);
- gnutls_x509_crt_get_issuer_dn(cert, issuer_name,
- &issuer_name_size);
-
- name_size = sizeof(name);
- gnutls_x509_crt_get_dn(cert, name, &name_size);
-
- RING_DBG("Subject: %s", name);
- RING_DBG("Issuer: %s", issuer_name);
-
- if (issuer != nullptr) {
- issuer_name_size = sizeof(issuer_name);
- gnutls_x509_crt_get_dn(issuer, issuer_name, &issuer_name_size);
-
- RING_DBG("Verified against: %s", issuer_name);
- }
-
- return 0;
-}
-
/**
* Helper method to return UNSUPPORTED when an error is detected
*/
@@ -1177,4 +1142,4 @@ TlsValidator::CheckResult TlsValidator::getActivationDate()
return formatDate(expiration);
}
-} // namespace ring
+} //namespace ring
--
GitLab