Commit 7fcb3514 authored by Emmanuel Lepage Vallee's avatar Emmanuel Lepage Vallee Committed by Guillaume Roguez

security: Exported DBus constants in a .h

This commit also fix various issues with the TLSValidator:

 * Remove dead code (-Wunused)
 * Handle exeptions in configurationmanager (runtime assert)
 * Add missing construction initializer (-Wuninitialized)

Refs #64785

Change-Id: I315396b2a3a29d097743ce825cda91235a6e7936
parent 84e024aa
......@@ -9,7 +9,7 @@ if HAVE_OSX
libexec_PROGRAMS = ringcli
ringcli_SOURCES = osxmain.cpp
ringcli_CXXFLAGS = -I$(top_srcdir)/src \
-I$(top_srcdir)/src/public \
-I$(top_srcdir)/src/dring \
-DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\"
ringcli_LDADD = $(top_builddir)/src/libring.la
endif
......@@ -22,7 +22,7 @@ libexec_PROGRAMS = dring
dring_SOURCES = main.cpp
dring_CXXFLAGS= -I$(top_srcdir)/src ${DBUSCPP_CFLAGS} \
-I$(top_srcdir)/src/public \
-I$(top_srcdir)/src/dring \
-DTOP_BUILDDIR=\"$$(cd "$(top_builddir)"; pwd)\"
dring_LDADD = dbus/libclient_dbus.la ${DBUSCPP_LIBS} $(top_builddir)/src/libring.la
......
......@@ -49,7 +49,7 @@ endif
libclient_dbus_la_CXXFLAGS = -I../ \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/public \
-I$(top_srcdir)/src/dring \
-DPREFIX=\"$(prefix)\" \
-DPROGSHAREDIR=\"${datadir}/ring\" \
$(DBUSCPP_CFLAGS)
......
......@@ -646,6 +646,7 @@
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate validation</p>
The constants used as keys are defined in the "security.h" constants header file
</tp:docstring>
</arg>
</method>
......@@ -660,6 +661,7 @@
<arg type="a{ss}" name="details" direction="out">
<tp:docstring>
<p>A key-value list of all certificate details</p>
The constants used as keys are defined in the "security.h" constants header file
</tp:docstring>
</arg>
</method>
......
......@@ -28,7 +28,7 @@
* as that of the covered work.
*/
#include <iostream>
#include "ring.h"
#include "dring.h"
#include "dbuscallmanager.h"
......
......@@ -31,7 +31,7 @@
#include <iostream>
#include <cstring>
#include <stdexcept>
#include "ring.h"
#include "dring.h"
#include "dbusclient.h"
#include "dbus_cpp.h"
......
......@@ -31,7 +31,7 @@
#ifndef __DBUSCLIENT_H__
#define __DBUSCLIENT_H__
#include "ring.h"
#include "dring.h"
#include "noncopyable.h"
class DBusConfigurationManager;
......
......@@ -28,7 +28,7 @@
* as that of the covered work.
*/
#include <iostream>
#include "ring.h"
#include "dring.h"
#include "dbusconfigurationmanager.h"
......
......@@ -27,7 +27,7 @@
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "ring.h"
#include "dring.h"
#include "dbuspresencemanager.h"
......
......@@ -27,7 +27,7 @@
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "ring.h"
#include "dring.h"
#include "dbusvideomanager.h"
......
......@@ -36,7 +36,7 @@
#include <getopt.h>
#include <string>
#include "ring.h"
#include "dring.h"
#include "fileutils.h"
static int sflphFlags = 0;
......
......@@ -26,7 +26,7 @@ AM_CPPFLAGS = \
-I$(src)/src/config \
-I$(src)/src/media \
-I$(src)/test \
-I$(src)/src/public \
-I$(src)/src/dring \
$(SIP_CFLAGS) \
-DPREFIX=\"$(prefix)\" \
-DPROGSHAREDIR=\"${datadir}/ring\" \
......
......@@ -133,3 +133,6 @@ libring_la_SOURCES = conference.cpp \
string_utils.cpp \
rw_mutex.h \
ring_api.cpp
nobase_include_HEADERS= dring/dring.h \
dring/security.h
......@@ -40,7 +40,7 @@
#include <vector>
#include <string>
#include "ring.h"
#include "dring.h"
namespace ring {
......
......@@ -45,6 +45,7 @@
#include "fileutils.h"
#include "ip_utils.h"
#include "sip/sipaccount.h"
#include "security.h"
#include "audio/audiolayer.h"
#include <dirent.h>
......@@ -142,13 +143,21 @@ void ConfigurationManager::setTlsSettings(const std::map<std::string, std::strin
accountsChanged();
}
std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string& accountId,
std::map<std::string, std::string> ConfigurationManager::validateCertificate(const std::string&,
const std::string& certificate,
const std::string& privateKey)
{
#if HAVE_TLS && HAVE_DHT
TlsValidator validator(certificate,privateKey);
return validator.getSerializedChecks();
try {
TlsValidator validator(certificate,privateKey);
return validator.getSerializedChecks();
}
catch(const std::runtime_error& e) {
std::map<std::string, std::string> res;
RING_WARN("Certificate loading failed");
res[DRing::Certificate::ChecksNames::EXIST] = DRing::Certificate::CheckValuesNames::FAILED;
return res;
}
#else
RING_WARN("TLS not supported");
return std::map<std::string, std::string>();
......@@ -158,12 +167,17 @@ std::map<std::string, std::string> ConfigurationManager::validateCertificate(con
std::map<std::string, std::string> ConfigurationManager::getCertificateDetails(const std::string& certificate)
{
#if HAVE_TLS && HAVE_DHT
TlsValidator validator(certificate,"");
return validator.getSerializedDetails();
try {
TlsValidator validator(certificate,"");
return validator.getSerializedDetails();
}
catch(const std::runtime_error& e) {
RING_WARN("Certificate loading failed");
}
#else
RING_WARN("TLS not supported");
return std::map<std::string, std::string>();
#endif
return std::map<std::string, std::string>();
}
void ConfigurationManager::setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details)
......
......@@ -42,7 +42,7 @@
#include <map>
#include <string>
#include "ring.h"
#include "dring.h"
namespace ring {
......
......@@ -38,7 +38,7 @@
#include <vector>
#include <string>
#include "ring.h"
#include "dring.h"
namespace ring {
......
......@@ -43,7 +43,7 @@
#include "video/video_base.h"
#include "video/video_input.h"
#include "ring.h"
#include "dring.h"
namespace ring {
......
/*
* Copyright (C) 2015 Savoir-Faire Linux Inc.
* Author: Philippe Proulx <philippe.proulx@savoirfairelinux.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify this program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, Savoir-Faire Linux Inc.
* grants you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
namespace DRing {
namespace Certificate {
/**
* Those constantes are used by the ConfigurationManager.validateCertificate method
*/
namespace ChecksNames {
constexpr static char* HAS_PRIVATE_KEY = "HAS_PRIVATE_KEY" ;
constexpr static char* EXPIRED = "EXPIRED" ;
constexpr static char* STRONG_SIGNING = "STRONG_SIGNING" ;
constexpr static char* NOT_SELF_SIGNED = "NOT_SELF_SIGNED" ;
constexpr static char* KEY_MATCH = "KEY_MATCH" ;
constexpr static char* PRIVATE_KEY_STORAGE_PERMISSION = "PRIVATE_KEY_STORAGE_PERMISSION" ;
constexpr static char* PUBLIC_KEY_STORAGE_PERMISSION = "PUBLIC_KEY_STORAGE_PERMISSION" ;
constexpr static char* PRIVATE_KEY_DIRECTORY_PERMISSIONS = "PRIVATEKEY_DIRECTORY_PERMISSIONS";
constexpr static char* PUBLIC_KEY_DIRECTORY_PERMISSIONS = "PUBLICKEY_DIRECTORY_PERMISSIONS" ;
constexpr static char* PRIVATE_KEY_STORAGE_LOCATION = "PRIVATE_KEY_STORAGE_LOCATION" ;
constexpr static char* PUBLIC_KEY_STORAGE_LOCATION = "PUBLIC_KEY_STORAGE_LOCATION" ;
constexpr static char* PRIVATE_KEY_SELINUX_ATTRIBUTES = "PRIVATE_KEY_SELINUX_ATTRIBUTES" ;
constexpr static char* PUBLIC_KEY_SELINUX_ATTRIBUTES = "PUBLIC_KEY_SELINUX_ATTRIBUTES" ;
constexpr static char* OUTGOING_SERVER = "OUTGOING_SERVER" ;
constexpr static char* EXIST = "EXIST" ;
constexpr static char* VALID = "VALID" ;
constexpr static char* VALID_AUTHORITY = "VALID_AUTHORITY" ;
constexpr static char* KNOWN_AUTHORITY = "KNOWN_AUTHORITY" ;
constexpr static char* NOT_REVOKED = "NOT_REVOKED" ;
constexpr static char* AUTHORITY_MISMATCH = "AUTHORITY_MISMATCH" ;
constexpr static char* UNEXPECTED_OWNER = "UNEXPECTED_OWNER" ;
constexpr static char* NOT_ACTIVATED = "NOT_ACTIVATED" ;
} //namespace DRing::Certificate::CheckValuesNames
/**
* Those constants are used by the ConfigurationManager.getCertificateDetails method
*/
namespace DetailsNames {
constexpr static char* EXPIRATION_DATE = "EXPIRATION_DATE" ;
constexpr static char* ACTIVATION_DATE = "ACTIVATION_DATE" ;
constexpr static char* REQUIRE_PRIVATE_KEY_PASSWORD = "REQUIRE_PRIVATE_KEY_PASSWORD" ;
constexpr static char* PUBLIC_SIGNATURE = "PUBLIC_SIGNATURE" ;
constexpr static char* VERSION_NUMBER = "VERSION_NUMBER" ;
constexpr static char* SERIAL_NUMBER = "SERIAL_NUMBER" ;
constexpr static char* ISSUER = "ISSUER" ;
constexpr static char* SUBJECT_KEY_ALGORITHM = "SUBJECT_KEY_ALGORITHM" ;
constexpr static char* CN = "CN" ;
constexpr static char* N = "N" ;
constexpr static char* O = "O" ;
constexpr static char* SIGNATURE_ALGORITHM = "SIGNATURE_ALGORITHM" ;
constexpr static char* MD5_FINGERPRINT = "MD5_FINGERPRINT" ;
constexpr static char* SHA1_FINGERPRINT = "SHA1_FINGERPRINT" ;
constexpr static char* PUBLIC_KEY_ID = "PUBLIC_KEY_ID" ;
constexpr static char* ISSUER_DN = "ISSUER_DN" ;
constexpr static char* NEXT_EXPECTED_UPDATE_DATE = "NEXT_EXPECTED_UPDATE_DATE" ;
} //namespace DRing::Certificate::CheckValuesNames
/**
* Those constants are used by the ConfigurationManager.getCertificateDetails and
* ConfigurationManager.validateCertificate methods
*/
namespace ChecksValuesTypesNames {
constexpr static char* BOOLEAN = "BOOLEAN" ;
constexpr static char* ISO_DATE = "ISO_DATE" ;
constexpr static char* CUSTOM = "CUSTOM" ;
constexpr static char* NUMBER = "NUMBER" ;
} //namespace DRing::Certificate::CheckValuesNames
/**
* Those constantes are used by the ConfigurationManager.validateCertificate method
*/
namespace CheckValuesNames {
constexpr static char* PASSED = "PASSED" ;
constexpr static char* FAILED = "FAILED" ;
constexpr static char* UNSUPPORTED = "UNSUPPORTED";
constexpr static char* ISO_DATE = "ISO_DATE" ;
constexpr static char* CUSTOM = "CUSTOM" ;
constexpr static char* DATE = "DATE" ;
} //namespace DRing::Certificate::CheckValuesNames
} //namespace DRing::Certificate
} //namespace DRing
\ No newline at end of file
......@@ -39,7 +39,7 @@
#include "manager.h"
#include "managerimpl.h"
#include "logger.h"
#include "ring.h"
#include "dring.h"
#include "client/callmanager.h"
#include "client/configurationmanager.h"
#include "client/presencemanager.h"
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment