about summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--src/config/tlscerts.c159
-rw-r--r--src/config/tlscerts.h31
-rw-r--r--src/ui/console.c76
-rw-r--r--src/xmpp/connection.c20
4 files changed, 249 insertions, 37 deletions
diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c
index 15433a92..321e04c7 100644
--- a/src/config/tlscerts.c
+++ b/src/config/tlscerts.c
@@ -119,11 +119,17 @@ tlscerts_list(void)
     int i = 0;
     for (i = 0; i < g_strv_length(groups); i++) {
         char *fingerprint = strdup(groups[i]);
+        int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL);
+        char *serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL);
         char *subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
+        char *issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL);
         char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
         char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
+        char *keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
+        char *signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
 
-        TLSCertificate *cert = tlscerts_new(fingerprint, subjectname, notbefore, notafter);
+        TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
+            notafter, keyalg, signaturealg);
 
         res = g_list_append(res, cert);
     }
@@ -136,20 +142,32 @@ tlscerts_list(void)
 }
 
 TLSCertificate*
-tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore,
-    const char *const notafter)
+tlscerts_new(const char *const fingerprint, int version, const char *const serialnumber, const char *const subjectname,
+    const char *const issuername, const char *const notbefore, const char *const notafter,
+    const char *const key_alg, const char *const signature_alg)
 {
     TLSCertificate *cert = malloc(sizeof(TLSCertificate));
 
+    if (fingerprint) {
+        cert->fingerprint = strdup(fingerprint);
+    } else {
+        cert->fingerprint = NULL;
+    }
+    cert->version = version;
+    if (serialnumber) {
+        cert->serialnumber = strdup(serialnumber);
+    } else {
+        cert->serialnumber = NULL;
+    }
     if (subjectname) {
         cert->subjectname = strdup(subjectname);
     } else {
         cert->subjectname = NULL;
     }
-    if (fingerprint) {
-        cert->fingerprint = strdup(fingerprint);
+    if (issuername) {
+        cert->issuername = strdup(issuername);
     } else {
-        cert->fingerprint = NULL;
+        cert->issuername = NULL;
     }
     if (notbefore) {
         cert->notbefore = strdup(notbefore);
@@ -161,23 +179,94 @@ tlscerts_new(const char *const fingerprint, const char *const subjectname, const
     } else {
         cert->notafter = NULL;
     }
+    if (key_alg) {
+        cert->key_alg = strdup(key_alg);
+    } else {
+        cert->key_alg = NULL;
+    }
+    if (signature_alg) {
+        cert->signature_alg = strdup(signature_alg);
+    } else {
+        cert->signature_alg = NULL;
+    }
 
-    cert->domain = NULL;
-    cert->email = NULL;
-    cert->organisation = NULL;
+    cert->subject_country = NULL;
+    cert->subject_state = NULL;
+    cert->subject_distinguishedname = NULL;
+    cert->subject_serialnumber = NULL;
+    cert->subject_commonname = NULL;
+    cert->subject_organisation = NULL;
+    cert->subject_organisation_unit = NULL;
+    cert->subject_email = NULL;
     gchar** fields = g_strsplit(subjectname, "/", 0);
     int i = 0;
     for (i = 0; i < g_strv_length(fields); i++) {
         gchar** keyval = g_strsplit(fields[i], "=", 2);
         if (g_strv_length(keyval) == 2) {
-            if (g_strcmp0(keyval[0], "CN") == 0) {
-                cert->domain = strdup(keyval[1]);
+            if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) {
+                cert->subject_country = strdup(keyval[1]);
+            }
+            if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) {
+                cert->subject_state = strdup(keyval[1]);
+            }
+            if (g_strcmp0(keyval[0], "dnQualifier") == 0) {
+                cert->subject_distinguishedname = strdup(keyval[1]);
+            }
+            if (g_strcmp0(keyval[0], "serialnumber") == 0) {
+                cert->subject_serialnumber = strdup(keyval[1]);
+            }
+            if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) {
+                cert->subject_commonname = strdup(keyval[1]);
             }
-            if (g_strcmp0(keyval[0], "O") == 0) {
-                cert->organisation = strdup(keyval[1]);
+            if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) {
+                cert->subject_organisation = strdup(keyval[1]);
+            }
+            if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) {
+                cert->subject_organisation_unit = strdup(keyval[1]);
             }
             if (g_strcmp0(keyval[0], "emailAddress") == 0) {
-                cert->email = strdup(keyval[1]);
+                cert->subject_email = strdup(keyval[1]);
+            }
+        }
+        g_strfreev(keyval);
+    }
+    g_strfreev(fields);
+
+    cert->issuer_country = NULL;
+    cert->issuer_state = NULL;
+    cert->issuer_distinguishedname = NULL;
+    cert->issuer_serialnumber = NULL;
+    cert->issuer_commonname = NULL;
+    cert->issuer_organisation = NULL;
+    cert->issuer_organisation_unit = NULL;
+    cert->issuer_email = NULL;
+    fields = g_strsplit(issuername, "/", 0);
+    for (i = 0; i < g_strv_length(fields); i++) {
+        gchar** keyval = g_strsplit(fields[i], "=", 2);
+        if (g_strv_length(keyval) == 2) {
+            if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) {
+                cert->issuer_country = strdup(keyval[1]);
+            }
+            if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) {
+                cert->issuer_state = strdup(keyval[1]);
+            }
+            if (g_strcmp0(keyval[0], "dnQualifier") == 0) {
+                cert->issuer_distinguishedname = strdup(keyval[1]);
+            }
+            if (g_strcmp0(keyval[0], "serialnumber") == 0) {
+                cert->issuer_serialnumber = strdup(keyval[1]);
+            }
+            if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) {
+                cert->issuer_commonname = strdup(keyval[1]);
+            }
+            if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) {
+                cert->issuer_organisation = strdup(keyval[1]);
+            }
+            if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) {
+                cert->issuer_organisation_unit = strdup(keyval[1]);
+            }
+            if (g_strcmp0(keyval[0], "emailAddress") == 0) {
+                cert->issuer_email = strdup(keyval[1]);
             }
         }
         g_strfreev(keyval);
@@ -200,15 +289,28 @@ tlscerts_add(TLSCertificate *cert)
 
     autocomplete_add(certs_ac, cert->fingerprint);
 
+    g_key_file_set_integer(tlscerts, cert->fingerprint, "version", cert->version);
+    if (cert->serialnumber) {
+        g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber);
+    }
     if (cert->subjectname) {
         g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname);
     }
+    if (cert->issuername) {
+        g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername);
+    }
     if (cert->notbefore) {
         g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore);
     }
     if (cert->notafter) {
         g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter);
     }
+    if (cert->key_alg) {
+        g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg);
+    }
+    if (cert->signature_alg) {
+        g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg);
+    }
 
     _save_tlscerts();
 }
@@ -242,13 +344,34 @@ void
 tlscerts_free(TLSCertificate *cert)
 {
     if (cert) {
+        free(cert->serialnumber);
+
         free(cert->subjectname);
-        free(cert->fingerprint);
-        free(cert->domain);
-        free(cert->organisation);
-        free(cert->email);
+        free(cert->subject_country);
+        free(cert->subject_state);
+        free(cert->subject_distinguishedname);
+        free(cert->subject_serialnumber);
+        free(cert->subject_commonname);
+        free(cert->subject_organisation);
+        free(cert->subject_organisation_unit);
+        free(cert->subject_email);
+
+        free(cert->issuername);
+        free(cert->issuer_country);
+        free(cert->issuer_state);
+        free(cert->issuer_distinguishedname);
+        free(cert->issuer_serialnumber);
+        free(cert->issuer_commonname);
+        free(cert->issuer_organisation);
+        free(cert->issuer_organisation_unit);
+        free(cert->issuer_email);
+
         free(cert->notbefore);
         free(cert->notafter);
+        free(cert->fingerprint);
+
+        free(cert->key_alg);
+        free(cert->signature_alg);
     }
 }
 
diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h
index e1ab4748..d0e59218 100644
--- a/src/config/tlscerts.h
+++ b/src/config/tlscerts.h
@@ -36,19 +36,38 @@
 #define TLSCERTS_H
 
 typedef struct tls_cert_t {
-    char *fingerprint;
-    char *domain;
+    int version;
+    char *serialnumber;
     char *subjectname;
-    char *organisation;
-    char *email;
+    char *subject_country;
+    char *subject_state;
+    char *subject_distinguishedname;
+    char *subject_serialnumber;
+    char *subject_commonname;
+    char *subject_organisation;
+    char *subject_organisation_unit;
+    char *subject_email;
+    char *issuername;
+    char *issuer_country;
+    char *issuer_state;
+    char *issuer_distinguishedname;
+    char *issuer_serialnumber;
+    char *issuer_commonname;
+    char *issuer_organisation;
+    char *issuer_organisation_unit;
+    char *issuer_email;
     char *notbefore;
     char *notafter;
+    char *fingerprint;
+    char *key_alg;
+    char *signature_alg;
 } TLSCertificate;
 
 void tlscerts_init(void);
 
-TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore,
-    const char *const notafter);
+TLSCertificate* tlscerts_new(const char *const fingerprint, int version, const char *const serialnumber, const char *const subjectname,
+    const char *const issuername, const char *const notbefore, const char *const notafter,
+    const char *const key_alg, const char *const signature_alg);
 
 void tlscerts_set_current(const char *const fp);
 
diff --git a/src/ui/console.c b/src/ui/console.c
index 4d4edec0..01f05bca 100644
--- a/src/ui/console.c
+++ b/src/ui/console.c
@@ -196,18 +196,76 @@ cons_show_tlscert(TLSCertificate *cert)
     }
 
     cons_show("Certificate:");
-    if (cert->domain) {
-        cons_show("  Domain       : %s", cert->domain);
+
+    cons_show("  Subject:");
+    if (cert->subject_commonname) {
+        cons_show("    Common name        : %s", cert->subject_commonname);
+    }
+    if (cert->subject_distinguishedname) {
+        cons_show("    Distinguished name : %s", cert->subject_distinguishedname);
+    }
+    if (cert->subject_organisation) {
+        cons_show("    Organisation       : %s", cert->subject_organisation);
+    }
+    if (cert->subject_organisation_unit) {
+        cons_show("    Organisation unit  : %s", cert->subject_organisation_unit);
+    }
+    if (cert->subject_email) {
+        cons_show("    Email              : %s", cert->subject_email);
+    }
+    if (cert->subject_state) {
+        cons_show("    State              : %s", cert->subject_state);
+    }
+    if (cert->subject_country) {
+        cons_show("    Country            : %s", cert->subject_country);
+    }
+    if (cert->subject_serialnumber) {
+        cons_show("    Serial number      : %s", cert->subject_serialnumber);
+    }
+
+    cons_show("  Issuer:");
+    if (cert->issuer_commonname) {
+        cons_show("    Common name        : %s", cert->issuer_commonname);
+    }
+    if (cert->issuer_distinguishedname) {
+        cons_show("    Distinguished name : %s", cert->issuer_distinguishedname);
+    }
+    if (cert->issuer_organisation) {
+        cons_show("    Organisation       : %s", cert->issuer_organisation);
     }
-    if (cert->organisation) {
-        cons_show("  Organisation : %s", cert->organisation);
+    if (cert->issuer_organisation_unit) {
+        cons_show("    Organisation unit  : %s", cert->issuer_organisation_unit);
     }
-    if (cert->email) {
-        cons_show("  Email        : %s", cert->email);
+    if (cert->issuer_email) {
+        cons_show("    Email              : %s", cert->issuer_email);
     }
-    cons_show("  Fingerprint  : %s", cert->fingerprint);
-    cons_show("  Start        : %s", cert->notbefore);
-    cons_show("  End          : %s", cert->notafter);
+    if (cert->issuer_state) {
+        cons_show("    State              : %s", cert->issuer_state);
+    }
+    if (cert->issuer_country) {
+        cons_show("    Country            : %s", cert->issuer_country);
+    }
+    if (cert->issuer_serialnumber) {
+        cons_show("    Serial number      : %s", cert->issuer_serialnumber);
+    }
+
+    cons_show("  Version             : %d", cert->version);
+
+    if (cert->serialnumber) {
+        cons_show("  Serial number       : %s", cert->serialnumber);
+    }
+
+    if (cert->key_alg) {
+        cons_show("  Key algorithm       : %s", cert->key_alg);
+    }
+    if (cert->signature_alg) {
+        cons_show("  Signature algorithm : %s", cert->signature_alg);
+    }
+
+    cons_show("  Start               : %s", cert->notbefore);
+    cons_show("  End                 : %s", cert->notafter);
+
+    cons_show("  Fingerprint         : %s", cert->fingerprint);
 }
 
 void
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index dce836bc..dfda571a 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -389,12 +389,18 @@ _connection_free_session_data(void)
 static int
 _connection_certfail_cb(xmpp_tlscert_t *xmpptlscert, const char *const errormsg)
 {
+    int version = xmpp_conn_tlscert_version(xmpptlscert);
+    char *serialnumber = xmpp_conn_tlscert_serialnumber(xmpptlscert);
     char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert);
-    char *fp = xmpp_conn_tlscert_fp(xmpptlscert);
+    char *issuername = xmpp_conn_tlscert_issuername(xmpptlscert);
+    char *fingerprint = xmpp_conn_tlscert_fingerprint(xmpptlscert);
     char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert);
     char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert);
+    char *key_alg = xmpp_conn_tlscert_key_algorithm(xmpptlscert);
+    char *signature_alg = xmpp_conn_tlscert_signature_algorithm(xmpptlscert);
 
-    TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter);
+    TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
+        notafter, key_alg, signature_alg);
     int res = sv_ev_certfail(errormsg, cert);
     tlscerts_free(cert);
 
@@ -405,12 +411,18 @@ TLSCertificate*
 jabber_get_tls_peer_cert(void)
 {
     xmpp_tlscert_t *xmpptlscert = xmpp_conn_tls_peer_cert(jabber_conn.conn);
+    int version = xmpp_conn_tlscert_version(xmpptlscert);
+    char *serialnumber = xmpp_conn_tlscert_serialnumber(xmpptlscert);
     char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert);
-    char *fp = xmpp_conn_tlscert_fp(xmpptlscert);
+    char *issuername = xmpp_conn_tlscert_issuername(xmpptlscert);
+    char *fingerprint = xmpp_conn_tlscert_fingerprint(xmpptlscert);
     char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert);
     char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert);
+    char *key_alg = xmpp_conn_tlscert_key_algorithm(xmpptlscert);
+    char *signature_alg = xmpp_conn_tlscert_signature_algorithm(xmpptlscert);
 
-    TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter);
+    TLSCertificate *cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
+        notafter, key_alg, signature_alg);
 
     xmpp_conn_free_tlscert(jabber_conn.ctx, xmpptlscert);