Commit f8258757 authored by Guillaume Roguez's avatar Guillaume Roguez

dring: remove dead/deprecated API (TLS validation)

Refs #65511

Change-Id: Ic9026eea08456f6d94e93edbbc6ea13b3aea3735
parent 8f3f8223
......@@ -716,31 +716,5 @@
<arg type="a{ss}" name="shortcutsMap" direction="in">
</arg>
</method>
<!-- Security Methods -->
<method name="checkForPrivateKey" tp:name-for-bindings="checkForPrivateKey">
<arg type="s" name="pemPath" direction="in">
</arg>
<arg type="b" name="containPrivateKey" direction="out">
</arg>
</method>
<method name="checkCertificateValidity" tp:name-for-bindings="checkCertificateValidity">
<arg type="s" name="caPath" direction="in">
</arg>
<arg type="s" name="pemPath" direction="in">
</arg>
<arg type="b" name="isValid" direction="out">
</arg>
</method>
<method name="checkHostnameCertificate" tp:name-for-bindings="checkHostnameCertificate">
<arg type="s" name="host" direction="in">
</arg>
<arg type="s" name="port" direction="in">
</arg>
<arg type="b" name="isValid" direction="out">
</arg>
</method>
</interface>
</node>
......@@ -371,18 +371,3 @@ double DBusConfigurationManager::getVolume(const std::string& device)
{
return ring_config_get_volume(device);
}
bool DBusConfigurationManager::checkForPrivateKey(const std::string& pemPath)
{
return ring_config_check_for_private_key(pemPath);
}
bool DBusConfigurationManager::checkCertificateValidity(const std::string& caPath, const std::string& pemPath)
{
return ring_config_check_certificate_validity(caPath, pemPath);
}
bool DBusConfigurationManager::checkHostnameCertificate(const std::string& host, const std::string& port)
{
return ring_config_check_hostname_certificate(host, port);
}
......@@ -132,9 +132,6 @@ class DBusConfigurationManager :
void setShortcuts(const std::map<std::string, std::string> &shortcutsMap);
void setVolume(const std::string& device, const double& value);
double getVolume(const std::string& device);
bool checkForPrivateKey(const std::string& pemPath);
bool checkCertificateValidity(const std::string& caPath, const std::string& pemPath);
bool checkHostnameCertificate(const std::string& host, const std::string& port);
std::map<std::string, std::string> validateCertificate(const std::string& accountId,
const std::string& certificate, const std::string& privateKey);
std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
......
......@@ -39,7 +39,6 @@
#include "manager.h"
#if HAVE_TLS && HAVE_DHT
#include "sip/tlsvalidator.h"
#include "sip/tlsvalidation.h"
#endif
#include "logger.h"
#include "fileutils.h"
......@@ -617,41 +616,6 @@ void ConfigurationManager::setCredentials(const std::string& accountID,
sipaccount->setCredentials(details);
}
bool ConfigurationManager::checkForPrivateKey(const std::string& pemPath)
{
#if HAVE_TLS && HAVE_DHT
return containsPrivateKey(pemPath.c_str()) == 0;
#else
RING_WARN("TLS not supported");
return false;
#endif
}
bool ConfigurationManager::checkCertificateValidity(const std::string& caPath,
const std::string& pemPath)
{
#if HAVE_TLS && HAVE_DHT
return certificateIsValid(caPath.size() > 0 ? caPath.c_str() : NULL,
pemPath.c_str()) == 0;
#else
RING_WARN("TLS not supported");
return false;
#endif
}
bool ConfigurationManager::checkHostnameCertificate(const std::string& host,
const std::string& port)
{
#if HAVE_TLS && HAVE_DHT
return verifyHostnameCertificate(host.c_str(),
strtol(port.c_str(), NULL, 10)) == 0;
#else
RING_WARN("TLS not supported");
return false;
#endif
}
void ConfigurationManager::volumeChanged(const std::string& device, double value)
{
if (evHandlers_.on_volume_change) {
......
......@@ -141,11 +141,6 @@ class ConfigurationManager
/*
* Security
*/
bool checkForPrivateKey(const std::string& pemPath);
bool checkCertificateValidity(const std::string& caPath,
const std::string& pemPath);
bool checkHostnameCertificate(const std::string& host,
const std::string& port);
std::map<std::string, std::string> validateCertificate(const std::string& accountId,
const std::string& certificate, const std::string& privateKey);
std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
......
......@@ -261,9 +261,6 @@ std::map<std::string, std::string> ring_config_get_shortcuts();
void ring_config_set_shortcuts(const std::map<std::string, std::string>& shortcuts);
void ring_config_set_volume(const std::string& device, double value);
double ring_config_get_volume(const std::string& device);
bool ring_config_check_for_private_key(const std::string& pem_path);
bool ring_config_check_certificate_validity(const std::string& ca_path, const std::string& pem_path);
bool ring_config_check_hostname_certificate(const std::string& host, const std::string& port);
/* presence API */
void ring_pres_publish(const std::string& account_id, int status, const std::string& note);
......
......@@ -670,21 +670,6 @@ double ring_config_get_volume(const std::string& device)
return getConfigurationManager()->getVolume(device);
}
bool ring_config_check_for_private_key(const std::string& pem_path)
{
return getConfigurationManager()->checkForPrivateKey(pem_path);
}
bool ring_config_check_certificate_validity(const std::string& ca_path, const std::string& pem_path)
{
return getConfigurationManager()->checkCertificateValidity(ca_path, pem_path);
}
bool ring_config_check_hostname_certificate(const std::string& host, const std::string& port)
{
return getConfigurationManager()->checkHostnameCertificate(host, port);
}
std::map<std::string, std::string> ring_config_validate_certificate(const std::string& accountId, const std::string& certificate, const std::string& private_key)
{
return getConfigurationManager()->validateCertificate(accountId,certificate,private_key);
......
......@@ -20,8 +20,6 @@ libsiplink_la_SOURCES = \
sip_utils.h
if BUILD_TLS
libsiplink_la_SOURCES += tlsvalidation.c \
tlsvalidation.h
# These files depend on opendht
if USE_DHT
libsiplink_la_SOURCES += tlsvalidator.cpp \
......
This diff is collapsed.
/*
* Copyright (C) 2004-2015 Savoir-Faire Linux Inc.
*
* Author: Alexandre Lision <alexandre.lision@savoirfairelinux.com>
* Vittorio Giovara <vittorio.giovara@savoirfairelinux.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef SECURITY_EVALUATOR_H
#define SECURITY_EVALUATOR_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdint.h>
/**
* Check if the given .pem contains a valid private key.
*
* @return 0 if success, -1 otherwise
*/
int containsPrivateKey(const char *pemPath);
/**
* Check if the given .pem contains a valid certificate.
*
* @return 0 if success, -1 otherwise
*/
int certificateIsValid(const char *caPath,
const char *pemPath);
/**
* Verify that the local hostname points to a valid SSL server by
* establishing a connection to it and by validating its certificate.
*
* @param host the DNS domain address that the certificate should feature
* @return 0 if success, -1 otherwise
*/
int verifyHostnameCertificate(const char *host,
const uint16_t port);
#ifdef __cplusplus
}
#endif
#endif
......@@ -421,6 +421,7 @@ unsigned int TlsValidator::compareToCa()
return caValidationOutput_;
}
#if 0 // disabled, see .h for reason
/**
* Verify if a hostname is valid
*
......@@ -661,6 +662,7 @@ out:
close(sockfd);
return res;
}
#endif
/**
* Check if the Validator have access to a private key
......
......@@ -140,7 +140,8 @@ public:
* @param certificate The certificate path
* @param privatekey An optional private key file path
*/
TlsValidator(const std::string& certificate, const std::string& privatekey);
TlsValidator(const std::string& certificate,
const std::string& privatekey = "");
~TlsValidator();
......@@ -247,8 +248,8 @@ private:
// Helper
unsigned int compareToCa();
// TODO remove
public:
#if 0 // TODO reimplement this method. do not use it as it
/**
* Verify that the local hostname points to a valid SSL server by
* establishing a connection to it and by validating its certificate.
......@@ -258,6 +259,7 @@ public:
*/
static int verifyHostnameCertificate(const std::string& host,
const uint16_t port);
#endif
}; // TlsValidator
......
......@@ -36,7 +36,7 @@
#include "test_utils.h"
#include "logger.h"
#include "sip/tlsvalidation.h"
#include "sip/tlsvalidator.h"
namespace ring { namespace test {
......@@ -81,19 +81,4 @@ void TlsTest::testCertificate()
CPPUNIT_ASSERT(certificateIsValid(NULL, expiredCertificate) != 0);
}
void TlsTest::testHostname()
{
TITLE();
const char *correctUrl = "casecurity.org";
const char *wrongUrl = "www..com";
CPPUNIT_ASSERT(verifyHostnameCertificate(correctUrl, 443) == 0);
CPPUNIT_ASSERT(verifyHostnameCertificate(correctUrl, 80) != 0);
CPPUNIT_ASSERT(verifyHostnameCertificate(correctUrl, 0) != 0);
CPPUNIT_ASSERT(verifyHostnameCertificate(wrongUrl, 443) != 0);
CPPUNIT_ASSERT(verifyHostnameCertificate(NULL, 443) != 0);
}
}} // namespace ring::test
......@@ -622,31 +622,5 @@
<arg type="a{ss}" name="shortcutsMap" direction="in">
</arg>
</method>
<!-- Security Methods -->
<method name="checkForPrivateKey" tp:name-for-bindings="checkForPrivateKey">
<arg type="s" name="pemPath" direction="in">
</arg>
<arg type="b" name="containPrivateKey" direction="out">
</arg>
</method>
<method name="checkCertificateValidity" tp:name-for-bindings="checkCertificateValidity">
<arg type="s" name="caPath" direction="in">
</arg>
<arg type="s" name="pemPath" direction="in">
</arg>
<arg type="b" name="isValid" direction="out">
</arg>
</method>
<method name="checkHostnameCertificate" tp:name-for-bindings="checkHostnameCertificate">
<arg type="s" name="host" direction="in">
</arg>
<arg type="s" name="port" direction="in">
</arg>
<arg type="b" name="isValid" direction="out">
</arg>
</method>
</interface>
</node>
......@@ -2129,23 +2129,15 @@ dbus_get_tls_settings_default(void)
gboolean
dbus_check_certificate(const gchar *capath, const gchar *certpath)
{
GError *error = NULL;
gboolean result;
cx_ring_Ring_ConfigurationManager_check_certificate_validity(config_proxy, capath, certpath, &result, &error);
check_error(error);
return result;
/* deprecated */
return FALSE;
}
gboolean
dbus_certificate_contains_private_key(const gchar *filepath)
{
GError *error = NULL;
gboolean result;
cx_ring_Ring_ConfigurationManager_check_for_private_key(config_proxy, filepath, &result, &error);
check_error(error);
return result;
/* deprecated */
return FALSE;
}
gchar *
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment