Commit e5ad0c06 authored by Emmanuel Lepage Vallee's avatar Emmanuel Lepage Vallee Committed by Adrien Béraud

tls: Add a more powerful security validation API (2/2)

This commit add the dbus and sflphone.h methods

Refs #60430

Change-Id: I97ff4ed649866b2230912d0fcac72bf67e2e3803
parent 8fd4c13b
......@@ -630,6 +630,40 @@
</arg>
</method>
<method name="validateCertificate" tp:name-for-bindings="validateCertificate">
<arg type="s" name="accountId" direction="in"></arg>
<arg type="s" name="certificatePath" direction="in">
<tp:docstring>
<p>A certificate path</p>
</tp:docstring>
</arg>
<arg type="s" name="privateKeyPath" direction="in">
<tp:docstring>
<p>An optional path a the private key for the certificate</p>
</tp:docstring>
</arg>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="MapStringString"/>
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate validation</p>
</tp:docstring>
</arg>
</method>
<method name="getCertificateDetails" tp:name-for-bindings="getCertificateDetails">
<arg type="s" name="certificatePath" direction="in">
<tp:docstring>
<p>A certificate path</p>
</tp:docstring>
</arg>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="MapStringString"/>
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate details</p>
</tp:docstring>
</arg>
</method>
<method name="getAddrFromInterfaceName" tp:name-for-bindings="getAddrFromInterfaceName">
<arg type="s" name="interface" direction="in">
</arg>
......
......@@ -302,6 +302,16 @@ std::map<std::string, std::string> DBusConfigurationManager::getTlsSettings()
return sflph_config_get_tls_settings();
}
std::map<std::string, std::string> DBusConfigurationManager::validateCertificate(const std::string& accountId, const std::string& certificate, const std::string& privateKey)
{
return sflph_config_validate_certificate(accountId, certificate, privateKey);
}
std::map<std::string, std::string> DBusConfigurationManager::getCertificateDetails(const std::string& certificate)
{
return sflph_config_get_certificate_details(certificate);
}
void DBusConfigurationManager::setTlsSettings(const std::map< std::string, std::string >& details)
{
sflph_config_set_tls_settings(details);
......
......@@ -134,6 +134,10 @@ class DBusConfigurationManager :
bool checkForPrivateKey(const std::string& pemPath);
bool checkCertificateValidity(const std::string& caPath, const std::string& pemPath);
bool checkHostnameCertificate(const std::string& host, const std::string& port);
std::map<std::string, std::string> validateCertificate(const std::string& accountId,
const std::string& certificate, const std::string& privateKey);
std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
};
#endif // __SFL_DBUSCONFIGURATIONMANAGER_H__
......@@ -38,6 +38,7 @@
#include "account_schema.h"
#include "manager.h"
#if HAVE_TLS
#include "sip/tlsvalidator.h"
#include "sip/tlsvalidation.h"
#endif
#include "logger.h"
......@@ -139,6 +140,29 @@ void ConfigurationManager::setTlsSettings(const std::map<std::string, std::strin
accountsChanged();
}
std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string& accountId,
const std::string& certificate,
const std::string& privateKey)
{
#if HAVE_TLS
TlsValidator validator(certificate,privateKey);
return validator.getSerializedChecks();
#else
SFL_WARN("TLS not supported");
return std::map<std::string, std::string>();
#endif
}
std::map<std::string, std::string> ConfigurationManager::getCertificateDetails(const std::string& certificate)
{
#if HAVE_TLS
TlsValidator validator(certificate,"");
return validator.getSerializedDetails();
#else
SFL_WARN("TLS not supported");
return std::map<std::string, std::string>();
#endif
}
void ConfigurationManager::setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details)
{
......
......@@ -143,6 +143,10 @@ class ConfigurationManager
const std::string& pemPath);
bool checkHostnameCertificate(const std::string& host,
const std::string& port);
std::map<std::string, std::string> validateCertificate(const std::string& accountId,
const std::string& certificate, const std::string& privateKey);
std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
// Signals
public:
......
......@@ -246,6 +246,9 @@ std::map<std::string, std::string> sflph_config_get_hook_settings(void);
void sflph_config_set_hook_settings(const std::map<std::string, std::string>& settings);
std::vector<std::map<std::string, std::string>> sflph_config_get_history(void);
std::map<std::string, std::string> sflph_config_get_tls_settings();
std::map<std::string, std::string> sflph_config_validate_certificate(const std::string& accountId,
const std::string& certificate, const std::string& private_key);
std::map<std::string, std::string> sflph_config_get_certificate_details(const std::string& certificate);
void sflph_config_set_tls_settings(const std::map< std::string, std::string >& settings);
std::map<std::string, std::string> sflph_config_get_ip2ip_details(void);
std::vector<std::map<std::string, std::string>> sflph_config_get_credentials(const std::string& account_id);
......
......@@ -680,6 +680,16 @@ bool sflph_config_check_hostname_certificate(const std::string& host, const std:
return getConfigurationManager()->checkHostnameCertificate(host, port);
}
std::map<std::string, std::string> sflph_config_validate_certificate(const std::string& accountId, const std::string& certificate, const std::string& private_key)
{
return getConfigurationManager()->validateCertificate(accountId,certificate,private_key);
}
std::map<std::string, std::string> sflph_config_get_certificate_details(const std::string& certificate)
{
return getConfigurationManager()->getCertificateDetails(certificate);
}
void sflph_pres_publish(const std::string& account_id, int status, const std::string& note)
{
getPresenceManager()->publish(account_id, status, note);
......
......@@ -21,7 +21,9 @@ libsiplink_la_SOURCES = \
if BUILD_TLS
libsiplink_la_SOURCES += tlsvalidation.c \
tlsvalidation.h
tlsvalidation.h \
tlsvalidator.cpp \
tlsvalidator.h
endif
libsiplink_la_SOURCES+=sippresence.cpp \
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment