From e5ad0c065e43fbd6478b249af1fdc0633426b19d Mon Sep 17 00:00:00 2001
From: Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com>
Date: Fri, 21 Nov 2014 14:26:21 -0500
Subject: [PATCH] tls: Add a more powerful security validation API (2/2)
This commit add the dbus and sflphone.h methods
Refs #60430
Change-Id: I97ff4ed649866b2230912d0fcac72bf67e2e3803
---
.../dbus/configurationmanager-introspec.xml | 34 +++++++++++++++++++
daemon/bin/dbus/dbusconfigurationmanager.cpp | 10 ++++++
daemon/bin/dbus/dbusconfigurationmanager.h | 4 +++
daemon/src/client/configurationmanager.cpp | 24 +++++++++++++
daemon/src/client/configurationmanager.h | 4 +++
daemon/src/sflphone.h | 3 ++
daemon/src/sflphone_api.cpp | 10 ++++++
daemon/src/sip/Makefile.am | 4 ++-
8 files changed, 92 insertions(+), 1 deletion(-)
diff --git a/daemon/bin/dbus/configurationmanager-introspec.xml b/daemon/bin/dbus/configurationmanager-introspec.xml
index c420070439..7b65a53e9d 100644
--- a/daemon/bin/dbus/configurationmanager-introspec.xml
+++ b/daemon/bin/dbus/configurationmanager-introspec.xml
@@ -630,6 +630,40 @@
</arg>
</method>
+ <method name="validateCertificate" tp:name-for-bindings="validateCertificate">
+ <arg type="s" name="accountId" direction="in"></arg>
+ <arg type="s" name="certificatePath" direction="in">
+ <tp:docstring>
+ <p>A certificate path</p>
+ </tp:docstring>
+ </arg>
+ <arg type="s" name="privateKeyPath" direction="in">
+ <tp:docstring>
+ <p>An optional path a the private key for the certificate</p>
+ </tp:docstring>
+ </arg>
+ <annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="MapStringString"/>
+ <arg type="a{ss}" name="details" direction="out">
+ <tp:docstring>
+ <p>A key-value list of all certificate validation</p>
+ </tp:docstring>
+ </arg>
+ </method>
+
+ <method name="getCertificateDetails" tp:name-for-bindings="getCertificateDetails">
+ <arg type="s" name="certificatePath" direction="in">
+ <tp:docstring>
+ <p>A certificate path</p>
+ </tp:docstring>
+ </arg>
+ <annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="MapStringString"/>
+ <arg type="a{ss}" name="details" direction="out">
+ <tp:docstring>
+ <p>A key-value list of all certificate details</p>
+ </tp:docstring>
+ </arg>
+ </method>
+
<method name="getAddrFromInterfaceName" tp:name-for-bindings="getAddrFromInterfaceName">
<arg type="s" name="interface" direction="in">
</arg>
diff --git a/daemon/bin/dbus/dbusconfigurationmanager.cpp b/daemon/bin/dbus/dbusconfigurationmanager.cpp
index cf52399c44..3e4fac6ddf 100644
--- a/daemon/bin/dbus/dbusconfigurationmanager.cpp
+++ b/daemon/bin/dbus/dbusconfigurationmanager.cpp
@@ -302,6 +302,16 @@ std::map<std::string, std::string> DBusConfigurationManager::getTlsSettings()
return sflph_config_get_tls_settings();
}
+std::map<std::string, std::string> DBusConfigurationManager::validateCertificate(const std::string& accountId, const std::string& certificate, const std::string& privateKey)
+{
+ return sflph_config_validate_certificate(accountId, certificate, privateKey);
+}
+
+std::map<std::string, std::string> DBusConfigurationManager::getCertificateDetails(const std::string& certificate)
+{
+ return sflph_config_get_certificate_details(certificate);
+}
+
void DBusConfigurationManager::setTlsSettings(const std::map< std::string, std::string >& details)
{
sflph_config_set_tls_settings(details);
diff --git a/daemon/bin/dbus/dbusconfigurationmanager.h b/daemon/bin/dbus/dbusconfigurationmanager.h
index dfea930cdf..eec0ef8db8 100644
--- a/daemon/bin/dbus/dbusconfigurationmanager.h
+++ b/daemon/bin/dbus/dbusconfigurationmanager.h
@@ -134,6 +134,10 @@ class DBusConfigurationManager :
bool checkForPrivateKey(const std::string& pemPath);
bool checkCertificateValidity(const std::string& caPath, const std::string& pemPath);
bool checkHostnameCertificate(const std::string& host, const std::string& port);
+ std::map<std::string, std::string> validateCertificate(const std::string& accountId,
+ const std::string& certificate, const std::string& privateKey);
+ std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
+
};
#endif // __SFL_DBUSCONFIGURATIONMANAGER_H__
diff --git a/daemon/src/client/configurationmanager.cpp b/daemon/src/client/configurationmanager.cpp
index ef53e412f0..9b11dd6b72 100644
--- a/daemon/src/client/configurationmanager.cpp
+++ b/daemon/src/client/configurationmanager.cpp
@@ -38,6 +38,7 @@
#include "account_schema.h"
#include "manager.h"
#if HAVE_TLS
+#include "sip/tlsvalidator.h"
#include "sip/tlsvalidation.h"
#endif
#include "logger.h"
@@ -139,6 +140,29 @@ void ConfigurationManager::setTlsSettings(const std::map<std::string, std::strin
accountsChanged();
}
+std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string& accountId,
+ const std::string& certificate,
+ const std::string& privateKey)
+{
+#if HAVE_TLS
+ TlsValidator validator(certificate,privateKey);
+ return validator.getSerializedChecks();
+#else
+ SFL_WARN("TLS not supported");
+ return std::map<std::string, std::string>();
+#endif
+}
+
+std::map<std::string, std::string> ConfigurationManager::getCertificateDetails(const std::string& certificate)
+{
+#if HAVE_TLS
+ TlsValidator validator(certificate,"");
+ return validator.getSerializedDetails();
+#else
+ SFL_WARN("TLS not supported");
+ return std::map<std::string, std::string>();
+#endif
+}
void ConfigurationManager::setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details)
{
diff --git a/daemon/src/client/configurationmanager.h b/daemon/src/client/configurationmanager.h
index 481f47a649..fe27c6946f 100644
--- a/daemon/src/client/configurationmanager.h
+++ b/daemon/src/client/configurationmanager.h
@@ -143,6 +143,10 @@ class ConfigurationManager
const std::string& pemPath);
bool checkHostnameCertificate(const std::string& host,
const std::string& port);
+ std::map<std::string, std::string> validateCertificate(const std::string& accountId,
+ const std::string& certificate, const std::string& privateKey);
+ std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
+
// Signals
public:
diff --git a/daemon/src/sflphone.h b/daemon/src/sflphone.h
index d3f544a798..c35ffe6952 100644
--- a/daemon/src/sflphone.h
+++ b/daemon/src/sflphone.h
@@ -246,6 +246,9 @@ std::map<std::string, std::string> sflph_config_get_hook_settings(void);
void sflph_config_set_hook_settings(const std::map<std::string, std::string>& settings);
std::vector<std::map<std::string, std::string>> sflph_config_get_history(void);
std::map<std::string, std::string> sflph_config_get_tls_settings();
+std::map<std::string, std::string> sflph_config_validate_certificate(const std::string& accountId,
+ const std::string& certificate, const std::string& private_key);
+std::map<std::string, std::string> sflph_config_get_certificate_details(const std::string& certificate);
void sflph_config_set_tls_settings(const std::map< std::string, std::string >& settings);
std::map<std::string, std::string> sflph_config_get_ip2ip_details(void);
std::vector<std::map<std::string, std::string>> sflph_config_get_credentials(const std::string& account_id);
diff --git a/daemon/src/sflphone_api.cpp b/daemon/src/sflphone_api.cpp
index e8e8beadef..2f72699ca7 100644
--- a/daemon/src/sflphone_api.cpp
+++ b/daemon/src/sflphone_api.cpp
@@ -680,6 +680,16 @@ bool sflph_config_check_hostname_certificate(const std::string& host, const std:
return getConfigurationManager()->checkHostnameCertificate(host, port);
}
+std::map<std::string, std::string> sflph_config_validate_certificate(const std::string& accountId, const std::string& certificate, const std::string& private_key)
+{
+ return getConfigurationManager()->validateCertificate(accountId,certificate,private_key);
+}
+
+std::map<std::string, std::string> sflph_config_get_certificate_details(const std::string& certificate)
+{
+ return getConfigurationManager()->getCertificateDetails(certificate);
+}
+
void sflph_pres_publish(const std::string& account_id, int status, const std::string& note)
{
getPresenceManager()->publish(account_id, status, note);
diff --git a/daemon/src/sip/Makefile.am b/daemon/src/sip/Makefile.am
index ff06b1b040..bdc2e3171d 100644
--- a/daemon/src/sip/Makefile.am
+++ b/daemon/src/sip/Makefile.am
@@ -21,7 +21,9 @@ libsiplink_la_SOURCES = \
if BUILD_TLS
libsiplink_la_SOURCES += tlsvalidation.c \
- tlsvalidation.h
+ tlsvalidation.h \
+ tlsvalidator.cpp \
+ tlsvalidator.h
endif
libsiplink_la_SOURCES+=sippresence.cpp \
--
GitLab