about summary refs log tree commit diff stats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/command/commands.c25
-rw-r--r--src/config/tlscerts.c64
-rw-r--r--src/config/tlscerts.h6
-rw-r--r--src/event/server_events.c57
-rw-r--r--src/event/server_events.h3
-rw-r--r--src/ui/console.c22
-rw-r--r--src/ui/ui.h1
-rw-r--r--src/xmpp/connection.c28
-rw-r--r--src/xmpp/xmpp.h3
9 files changed, 98 insertions, 111 deletions
diff --git a/src/command/commands.c b/src/command/commands.c
index d48fbe6d..2c3ee1fa 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -207,24 +207,7 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
         }
         while (curr) {
             TLSCertificate *cert = curr->data;
-            if (cert->fingerprint) {
-                cons_show("Fingerprint  : %s", cert->fingerprint);
-            }
-            if (cert->domain) {
-                cons_show("Domain       : %s", cert->domain);
-            }
-            if (cert->organisation) {
-                cons_show("Organisation : %s", cert->organisation);
-            }
-            if (cert->email) {
-                cons_show("Email        : %s", cert->email);
-            }
-            if (cert->notbefore) {
-                cons_show("Start        : %s", cert->notbefore);
-            }
-            if (cert->notafter) {
-                cons_show("End          : %s", cert->notafter);
-            }
+            cons_show_tlscert(cert);
             cons_show("");
             curr = g_list_next(curr);
         }
@@ -264,9 +247,11 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
             cons_show("No TLS connection established");
             return TRUE;
         }
-        char *cert = jabber_get_tls_peer_cert();
+        TLSCertificate *cert = jabber_get_tls_peer_cert();
         if (cert) {
-            cons_show("TLS certificate fingerprint: %s", cert);
+            cons_show_tlscert(cert);
+            cons_show("");
+            tlscerts_free(cert);
         } else {
             cons_show("Error getting TLS fingerprint.");
         }
diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c
index 299b98cf..15433a92 100644
--- a/src/config/tlscerts.c
+++ b/src/config/tlscerts.c
@@ -119,13 +119,11 @@ tlscerts_list(void)
     int i = 0;
     for (i = 0; i < g_strv_length(groups); i++) {
         char *fingerprint = strdup(groups[i]);
-        char *domain = g_key_file_get_string(tlscerts, fingerprint, "domain", NULL);
-        char *organisation = g_key_file_get_string(tlscerts, fingerprint, "organisation", NULL);
-        char *email = g_key_file_get_string(tlscerts, fingerprint, "email", NULL);
+        char *subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
         char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
         char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
 
-        TLSCertificate *cert = tlscerts_new(fingerprint, domain, organisation, email, notbefore, notafter);
+        TLSCertificate *cert = tlscerts_new(fingerprint, subjectname, notbefore, notafter);
 
         res = g_list_append(res, cert);
     }
@@ -138,30 +136,21 @@ tlscerts_list(void)
 }
 
 TLSCertificate*
-tlscerts_new(const char *const fingerprint, const char *const domain, const char *const organisation,
-    const char *const email, const char *const notbefore, const char *const notafter)
+tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore,
+    const char *const notafter)
 {
     TLSCertificate *cert = malloc(sizeof(TLSCertificate));
+
+    if (subjectname) {
+        cert->subjectname = strdup(subjectname);
+    } else {
+        cert->subjectname = NULL;
+    }
     if (fingerprint) {
         cert->fingerprint = strdup(fingerprint);
     } else {
         cert->fingerprint = NULL;
     }
-    if (domain) {
-        cert->domain = strdup(domain);
-    } else {
-        cert->domain = NULL;
-    }
-    if (organisation) {
-        cert->organisation = strdup(organisation);
-    } else {
-        cert->organisation = NULL;
-    }
-    if (email) {
-        cert->email = strdup(email);
-    } else {
-        cert->email= NULL;
-    }
     if (notbefore) {
         cert->notbefore = strdup(notbefore);
     } else {
@@ -173,6 +162,28 @@ tlscerts_new(const char *const fingerprint, const char *const domain, const char
         cert->notafter = NULL;
     }
 
+    cert->domain = NULL;
+    cert->email = NULL;
+    cert->organisation = NULL;
+    gchar** fields = g_strsplit(subjectname, "/", 0);
+    int i = 0;
+    for (i = 0; i < g_strv_length(fields); i++) {
+        gchar** keyval = g_strsplit(fields[i], "=", 2);
+        if (g_strv_length(keyval) == 2) {
+            if (g_strcmp0(keyval[0], "CN") == 0) {
+                cert->domain = strdup(keyval[1]);
+            }
+            if (g_strcmp0(keyval[0], "O") == 0) {
+                cert->organisation = strdup(keyval[1]);
+            }
+            if (g_strcmp0(keyval[0], "emailAddress") == 0) {
+                cert->email = strdup(keyval[1]);
+            }
+        }
+        g_strfreev(keyval);
+    }
+    g_strfreev(fields);
+
     return cert;
 }
 
@@ -189,14 +200,8 @@ tlscerts_add(TLSCertificate *cert)
 
     autocomplete_add(certs_ac, cert->fingerprint);
 
-    if (cert->domain) {
-        g_key_file_set_string(tlscerts, cert->fingerprint, "domain", cert->domain);
-    }
-    if (cert->organisation) {
-        g_key_file_set_string(tlscerts, cert->fingerprint, "organisation", cert->organisation);
-    }
-    if (cert->email) {
-        g_key_file_set_string(tlscerts, cert->fingerprint, "email", cert->email);
+    if (cert->subjectname) {
+        g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname);
     }
     if (cert->notbefore) {
         g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore);
@@ -237,6 +242,7 @@ void
 tlscerts_free(TLSCertificate *cert)
 {
     if (cert) {
+        free(cert->subjectname);
         free(cert->fingerprint);
         free(cert->domain);
         free(cert->organisation);
diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h
index c3b273e7..e1ab4748 100644
--- a/src/config/tlscerts.h
+++ b/src/config/tlscerts.h
@@ -38,6 +38,7 @@
 typedef struct tls_cert_t {
     char *fingerprint;
     char *domain;
+    char *subjectname;
     char *organisation;
     char *email;
     char *notbefore;
@@ -46,9 +47,8 @@ typedef struct tls_cert_t {
 
 void tlscerts_init(void);
 
-TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const domain,
-    const char *const organisation, const char *const email,
-    const char *const notbefore, const char *const notafter);
+TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const subjectname, const char *const notbefore,
+    const char *const notafter);
 
 void tlscerts_set_current(const char *const fp);
 
diff --git a/src/event/server_events.c b/src/event/server_events.c
index 2663eb09..58add417 100644
--- a/src/event/server_events.c
+++ b/src/event/server_events.c
@@ -716,56 +716,22 @@ sv_ev_muc_occupant_online(const char *const room, const char *const nick, const
 }
 
 int
-sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp,
-    const char *const notbefore, const char *const notafter)
+sv_ev_certfail(const char *const errormsg, TLSCertificate *cert)
 {
     // check profanity trusted certs
-    if (tlscerts_exists(certfp)) {
+    if (tlscerts_exists(cert->fingerprint)) {
         return 1;
     }
 
     // check current cert
     char *current_fp = tlscerts_get_current();
-    if (current_fp && g_strcmp0(current_fp, certfp) == 0) {
+    if (current_fp && g_strcmp0(current_fp, cert->fingerprint) == 0) {
         return 1;
     }
 
-    char *domain = NULL;
-    char *org = NULL;
-    char *email = NULL;
-    gchar** fields = g_strsplit(certname, "/", 0);
-    int i = 0;
-    for (i = 0; i < g_strv_length(fields); i++) {
-        gchar** keyval = g_strsplit(fields[i], "=", 2);
-        if (g_strv_length(keyval) == 2) {
-            if (g_strcmp0(keyval[0], "CN") == 0) {
-                domain = strdup(keyval[1]);
-            }
-            if (g_strcmp0(keyval[0], "O") == 0) {
-                org = strdup(keyval[1]);
-            }
-            if (g_strcmp0(keyval[0], "emailAddress") == 0) {
-                email = strdup(keyval[1]);
-            }
-        }
-        g_strfreev(keyval);
-    }
-    g_strfreev(fields);
-
     cons_show("");
     cons_show_error("TLS certificate verification failed: %s", errormsg);
-    if (domain) {
-        cons_show("  Domain       : %s", domain);
-    }
-    if (org) {
-        cons_show("  Organisation : %s", org);
-    }
-    if (email) {
-        cons_show("  Email        : %s", email);
-    }
-    cons_show("  Fingerprint  : %s", certfp);
-    cons_show("  Start        : %s", notbefore);
-    cons_show("  End          : %s", notafter);
+    cons_show_tlscert(cert);
     cons_show("");
     cons_show("Use '/tls allow' to accept this certificate");
     cons_show("Use '/tls always' to accept this certificate permanently");
@@ -788,28 +754,17 @@ sv_ev_certfail(const char *const errormsg, const char *const certname, const cha
     }
 
     if (g_strcmp0(cmd, "/tls allow") == 0) {
-        tlscerts_set_current(certfp);
+        tlscerts_set_current(cert->fingerprint);
         free(cmd);
-        free(domain);
-        free(org);
-        free(email);
         return 1;
     } else if (g_strcmp0(cmd, "/tls always") == 0) {
-        if (!tlscerts_exists(certfp)) {
-            TLSCertificate *cert = tlscerts_new(certfp, domain, org, email, notbefore, notafter);
+        if (!tlscerts_exists(cert->fingerprint)) {
             tlscerts_add(cert);
-            tlscerts_free(cert);
         }
         free(cmd);
-        free(domain);
-        free(org);
-        free(email);
         return 1;
     } else {
         free(cmd);
-        free(domain);
-        free(org);
-        free(email);
         return 0;
     }
 }
diff --git a/src/event/server_events.h b/src/event/server_events.h
index 73c2ec03..e54e964f 100644
--- a/src/event/server_events.h
+++ b/src/event/server_events.h
@@ -85,8 +85,7 @@ void sv_ev_muc_occupant_online(const char *const room, const char *const nick, c
 void sv_ev_roster_update(const char *const barejid, const char *const name,
     GSList *groups, const char *const subscription, gboolean pending_out);
 void sv_ev_roster_received(void);
-int sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp,
-    const char *const notbefore, const char *const notafter);
+int sv_ev_certfail(const char *const errormsg, TLSCertificate *cert);
 void sv_ev_lastactivity_response(const char *const from, const int seconds, const char *const msg);
 
 #endif
diff --git a/src/ui/console.c b/src/ui/console.c
index 665da9c5..4d4edec0 100644
--- a/src/ui/console.c
+++ b/src/ui/console.c
@@ -189,6 +189,28 @@ cons_show_error(const char *const msg, ...)
 }
 
 void
+cons_show_tlscert(TLSCertificate *cert)
+{
+    if (!cert) {
+        return;
+    }
+
+    cons_show("Certificate:");
+    if (cert->domain) {
+        cons_show("  Domain       : %s", cert->domain);
+    }
+    if (cert->organisation) {
+        cons_show("  Organisation : %s", cert->organisation);
+    }
+    if (cert->email) {
+        cons_show("  Email        : %s", cert->email);
+    }
+    cons_show("  Fingerprint  : %s", cert->fingerprint);
+    cons_show("  Start        : %s", cert->notbefore);
+    cons_show("  End          : %s", cert->notafter);
+}
+
+void
 cons_show_typing(const char *const barejid)
 {
     ProfWin *console = wins_get_console();
diff --git a/src/ui/ui.h b/src/ui/ui.h
index b967ea8b..242772a5 100644
--- a/src/ui/ui.h
+++ b/src/ui/ui.h
@@ -293,6 +293,7 @@ void cons_inpblock_setting(void);
 void cons_show_contact_online(PContact contact, Resource *resource, GDateTime *last_activity);
 void cons_show_contact_offline(PContact contact, char *resource, char *status);
 void cons_theme_colours(void);
+void cons_show_tlscert(TLSCertificate *cert);
 
 // title bar
 void title_bar_set_presence(contact_presence_t presence);
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index 2986b0bc..dce836bc 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -387,16 +387,34 @@ _connection_free_session_data(void)
 
 #ifdef HAVE_LIBMESODE
 static int
-_connection_certfail_cb(const char *const certname, const char *const certfp,
-    char *const notbefore, const char *const notafter, const char *const errormsg)
+_connection_certfail_cb(xmpp_tlscert_t *xmpptlscert, const char *const errormsg)
 {
-    return sv_ev_certfail(errormsg, certname, certfp, notbefore, notafter);
+    char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert);
+    char *fp = xmpp_conn_tlscert_fp(xmpptlscert);
+    char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert);
+    char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert);
+
+    TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter);
+    int res = sv_ev_certfail(errormsg, cert);
+    tlscerts_free(cert);
+
+    return res;
 }
 
-char*
+TLSCertificate*
 jabber_get_tls_peer_cert(void)
 {
-    return xmpp_conn_tls_peer_cert(jabber_conn.conn);
+    xmpp_tlscert_t *xmpptlscert = xmpp_conn_tls_peer_cert(jabber_conn.conn);
+    char *subjectname = xmpp_conn_tlscert_subjectname(xmpptlscert);
+    char *fp = xmpp_conn_tlscert_fp(xmpptlscert);
+    char *notbefore = xmpp_conn_tlscert_notbefore(xmpptlscert);
+    char *notafter = xmpp_conn_tlscert_notafter(xmpptlscert);
+
+    TLSCertificate *cert = tlscerts_new(fp, subjectname, notbefore, notafter);
+
+    xmpp_conn_free_tlscert(jabber_conn.ctx, xmpptlscert);
+
+    return cert;
 }
 #endif
 
diff --git a/src/xmpp/xmpp.h b/src/xmpp/xmpp.h
index 00f83d3f..f52603eb 100644
--- a/src/xmpp/xmpp.h
+++ b/src/xmpp/xmpp.h
@@ -45,6 +45,7 @@
 #endif
 
 #include "config/accounts.h"
+#include "config/tlscerts.h"
 #include "contact.h"
 #include "jid.h"
 #include "tools/autocomplete.h"
@@ -153,7 +154,7 @@ GList* jabber_get_available_resources(void);
 char* jabber_create_uuid(void);
 void jabber_free_uuid(char *uuid);
 #ifdef HAVE_LIBMESODE
-char* jabber_get_tls_peer_cert(void);
+TLSCertificate* jabber_get_tls_peer_cert(void);
 #endif
 gboolean jabber_conn_is_secured(void);
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-07-15 01:25:54 +0000