tls: Add a more powerful security validation API (2/2)

This commit add the dbus and sflphone.h methods Refs #60430 Change-Id: I97ff4ed649866b2230912d0fcac72bf67e2e3803

tls: Add a more powerful security validation API (2/2)
This commit add the dbus and sflphone.h methods Refs #60430 Change-Id: I97ff4ed649866b2230912d0fcac72bf67e2e3803
e5ad0c06 · Emmanuel Lepage Vallee · Adrien Béraud · 8fd4c13b · e5ad0c06 · e5ad0c06
Commit e5ad0c06 authored Nov 21, 2014 by Emmanuel Lepage Vallee Committed by Adrien Béraud Nov 24, 2014
8 changed files
--- a/daemon/bin/dbus/configurationmanager-introspec.xml
+++ b/daemon/bin/dbus/configurationmanager-introspec.xml
@@ -630,6 +630,40 @@
           </arg>
       </method>

+       <method name="validateCertificate" tp:name-for-bindings="validateCertificate">
+           <arg type="s" name="accountId" direction="in"></arg>
+           <arg type="s" name="certificatePath" direction="in">
+              <tp:docstring>
+               <p>A certificate path</p>
+              </tp:docstring>
+           </arg>
+           <arg type="s" name="privateKeyPath" direction="in">
+              <tp:docstring>
+               <p>An optional path a the private key for the certificate</p>
+              </tp:docstring>
+           </arg>
+           <annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="MapStringString"/>
+           <arg type="a{ss}" name="details" direction="out">
+              <tp:docstring>
+               <p>A key-value list of all certificate validation</p>
+              </tp:docstring>
+           </arg>
+       </method>
+
+       <method name="getCertificateDetails" tp:name-for-bindings="getCertificateDetails">
+           <arg type="s" name="certificatePath" direction="in">
+              <tp:docstring>
+               <p>A certificate path</p>
+              </tp:docstring>
+           </arg>
+           <annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="MapStringString"/>
+           <arg type="a{ss}" name="details" direction="out">
+              <tp:docstring>
+               <p>A key-value list of all certificate details</p>
+              </tp:docstring>
+           </arg>
+       </method>
+
       <method name="getAddrFromInterfaceName" tp:name-for-bindings="getAddrFromInterfaceName">
           <arg type="s" name="interface" direction="in">
           </arg>

--- a/daemon/bin/dbus/dbusconfigurationmanager.cpp
+++ b/daemon/bin/dbus/dbusconfigurationmanager.cpp
@@ -302,6 +302,16 @@ std::map<std::string, std::string> DBusConfigurationManager::getTlsSettings()
    return sflph_config_get_tls_settings();
 }

+std::map<std::string, std::string> DBusConfigurationManager::validateCertificate(const std::string& accountId, const std::string& certificate, const std::string& privateKey)
+{
+   return sflph_config_validate_certificate(accountId, certificate, privateKey);
+}
+
+std::map<std::string, std::string> DBusConfigurationManager::getCertificateDetails(const std::string& certificate)
+{
+    return sflph_config_get_certificate_details(certificate);
+}
+
 void DBusConfigurationManager::setTlsSettings(const std::map< std::string, std::string >& details)
 {
    sflph_config_set_tls_settings(details);

--- a/daemon/bin/dbus/dbusconfigurationmanager.h
+++ b/daemon/bin/dbus/dbusconfigurationmanager.h
@@ -134,6 +134,10 @@ class DBusConfigurationManager :
        bool checkForPrivateKey(const std::string& pemPath);
        bool checkCertificateValidity(const std::string& caPath, const std::string& pemPath);
        bool checkHostnameCertificate(const  std::string& host, const std::string& port);
+        std::map<std::string, std::string> validateCertificate(const std::string& accountId,
+            const std::string& certificate, const std::string& privateKey);
+        std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
+
 };

 #endif // __SFL_DBUSCONFIGURATIONMANAGER_H__
--- a/daemon/src/client/configurationmanager.cpp
+++ b/daemon/src/client/configurationmanager.cpp
@@ -38,6 +38,7 @@
 #include "account_schema.h"
 #include "manager.h"
 #if HAVE_TLS
+#include "sip/tlsvalidator.h"
 #include "sip/tlsvalidation.h"
 #endif
 #include "logger.h"
@@ -139,6 +140,29 @@ void ConfigurationManager::setTlsSettings(const std::map<std::string, std::strin
    accountsChanged();
 }

+std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string& accountId,
+                                                                             const std::string& certificate,
+                                                                             const std::string& privateKey)
+{
+#if HAVE_TLS
+    TlsValidator validator(certificate,privateKey);
+    return validator.getSerializedChecks();
+#else
+    SFL_WARN("TLS not supported");
+    return std::map<std::string, std::string>();
+#endif
+}
+
+std::map<std::string, std::string> ConfigurationManager::getCertificateDetails(const std::string& certificate)
+{
+#if HAVE_TLS
+    TlsValidator validator(certificate,"");
+    return validator.getSerializedDetails();
+#else
+    SFL_WARN("TLS not supported");
+    return std::map<std::string, std::string>();
+#endif
+}

 void ConfigurationManager::setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details)
 {

--- a/daemon/src/client/configurationmanager.h
+++ b/daemon/src/client/configurationmanager.h
@@ -143,6 +143,10 @@ class ConfigurationManager
                                      const std::string& pemPath);
        bool checkHostnameCertificate(const std::string& host,
                                      const std::string& port);
+        std::map<std::string, std::string> validateCertificate(const std::string& accountId,
+            const std::string& certificate, const std::string& privateKey);
+        std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
+

    // Signals
    public:

--- a/daemon/src/sflphone.h
+++ b/daemon/src/sflphone.h
@@ -246,6 +246,9 @@ std::map<std::string, std::string> sflph_config_get_hook_settings(void);
 void sflph_config_set_hook_settings(const std::map<std::string, std::string>& settings);
 std::vector<std::map<std::string, std::string>> sflph_config_get_history(void);
 std::map<std::string, std::string> sflph_config_get_tls_settings();
+std::map<std::string, std::string> sflph_config_validate_certificate(const std::string& accountId,
+    const std::string& certificate, const std::string& private_key);
+std::map<std::string, std::string> sflph_config_get_certificate_details(const std::string& certificate);
 void sflph_config_set_tls_settings(const std::map< std::string, std::string >& settings);
 std::map<std::string, std::string> sflph_config_get_ip2ip_details(void);
 std::vector<std::map<std::string, std::string>> sflph_config_get_credentials(const std::string& account_id);

--- a/daemon/src/sflphone_api.cpp
+++ b/daemon/src/sflphone_api.cpp
@@ -680,6 +680,16 @@ bool sflph_config_check_hostname_certificate(const std::string& host, const std:
    return getConfigurationManager()->checkHostnameCertificate(host, port);
 }

+std::map<std::string, std::string> sflph_config_validate_certificate(const std::string& accountId, const std::string& certificate, const std::string& private_key)
+{
+    return getConfigurationManager()->validateCertificate(accountId,certificate,private_key);
+}
+
+std::map<std::string, std::string> sflph_config_get_certificate_details(const std::string& certificate)
+{
+    return getConfigurationManager()->getCertificateDetails(certificate);
+}
+
 void sflph_pres_publish(const std::string& account_id, int status, const std::string& note)
 {
    getPresenceManager()->publish(account_id, status, note);

--- a/daemon/src/sip/Makefile.am
+++ b/daemon/src/sip/Makefile.am
@@ -21,7 +21,9 @@ libsiplink_la_SOURCES = \

 if BUILD_TLS
 libsiplink_la_SOURCES += tlsvalidation.c \
-                         tlsvalidation.h
+                         tlsvalidation.h \
+                         tlsvalidator.cpp \
+                         tlsvalidator.h
 endif

 libsiplink_la_SOURCES+=sippresence.cpp \