diff options
author | Christian Grothoff <christian@grothoff.org> | 2014-06-07 17:11:29 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2014-06-07 17:11:29 +0000 |
commit | e88cc91be7df92b75430d4748fd201eb03013675 (patch) | |
tree | 25281eb34e119a50d00f80e5581c66e6aec66651 /src/namestore/plugin_gtk_namestore_tlsa.c | |
parent | f4e7725e74414142e9813247401892c1befa2c51 (diff) | |
download | gnunet-gtk-e88cc91be7df92b75430d4748fd201eb03013675.tar.gz gnunet-gtk-e88cc91be7df92b75430d4748fd201eb03013675.zip |
finishing TLSA validation logic
Diffstat (limited to 'src/namestore/plugin_gtk_namestore_tlsa.c')
-rw-r--r-- | src/namestore/plugin_gtk_namestore_tlsa.c | 82 |
1 files changed, 64 insertions, 18 deletions
diff --git a/src/namestore/plugin_gtk_namestore_tlsa.c b/src/namestore/plugin_gtk_namestore_tlsa.c index 2228831d..19f88d11 100644 --- a/src/namestore/plugin_gtk_namestore_tlsa.c +++ b/src/namestore/plugin_gtk_namestore_tlsa.c | |||
@@ -31,6 +31,7 @@ | |||
31 | #include "gnunet_gtk_namestore_plugin.h" | 31 | #include "gnunet_gtk_namestore_plugin.h" |
32 | #include <gnutls/gnutls.h> | 32 | #include <gnutls/gnutls.h> |
33 | #include <gnutls/x509.h> | 33 | #include <gnutls/x509.h> |
34 | #include <gnutls/abstract.h> | ||
34 | 35 | ||
35 | 36 | ||
36 | /** | 37 | /** |
@@ -445,19 +446,18 @@ tlsa_validate (void *cls, | |||
445 | GtkTextIter ti_start; | 446 | GtkTextIter ti_start; |
446 | GtkTextIter ti_end; | 447 | GtkTextIter ti_end; |
447 | gnutls_datum_t datum; | 448 | gnutls_datum_t datum; |
448 | gnutls_pkcs7_t pkcs7; | 449 | gnutls_x509_crt_t cert; |
450 | gnutls_pubkey_t pk; | ||
449 | int ret; | 451 | int ret; |
450 | unsigned int matching_type; | 452 | unsigned int matching_type; |
453 | unsigned int selector; | ||
454 | int err; | ||
451 | 455 | ||
452 | fprintf (stderr, | ||
453 | "Validating...\n"); | ||
454 | cb = GTK_COMBO_BOX (gtk_builder_get_object (builder, | 456 | cb = GTK_COMBO_BOX (gtk_builder_get_object (builder, |
455 | "edit_dialog_protocol_combobox")); | 457 | "edit_dialog_protocol_combobox")); |
456 | if (! gtk_combo_box_get_active_iter (cb, | 458 | if (! gtk_combo_box_get_active_iter (cb, |
457 | &iter)) | 459 | &iter)) |
458 | { | 460 | { |
459 | fprintf (stderr, | ||
460 | "No protocol selected...\n"); | ||
461 | return GNUNET_SYSERR; | 461 | return GNUNET_SYSERR; |
462 | } | 462 | } |
463 | 463 | ||
@@ -479,31 +479,74 @@ tlsa_validate (void *cls, | |||
479 | bin)) | 479 | bin)) |
480 | { | 480 | { |
481 | /* not hex */ | 481 | /* not hex */ |
482 | fprintf (stderr, | 482 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
483 | "Certificate value is not in hex...\n"); | 483 | _("Certificate value is not in hex...\n")); |
484 | return GNUNET_SYSERR; | 484 | return GNUNET_SYSERR; |
485 | } | 485 | } |
486 | matching_type = get_selected_radio_value (builder, | 486 | matching_type = get_selected_radio_value (builder, |
487 | matching_type_buttons); | 487 | matching_type_buttons); |
488 | 488 | selector = get_selected_radio_value (builder, | |
489 | selector_buttons); | ||
489 | switch (matching_type) | 490 | switch (matching_type) |
490 | { | 491 | { |
491 | case 0: /* exact match */ | 492 | case 0: /* exact match */ |
492 | datum.size = sizeof (bin); | 493 | datum.size = sizeof (bin); |
493 | datum.data = bin; | 494 | datum.data = bin; |
494 | gnutls_pkcs7_init (&pkcs7); | 495 | switch (selector) |
495 | if (GNUTLS_E_SUCCESS != | ||
496 | gnutls_pkcs7_import (pkcs7, | ||
497 | &datum, | ||
498 | GNUTLS_X509_FMT_DER)) | ||
499 | { | 496 | { |
500 | fprintf (stderr, | 497 | case 0: /* full Cert */ |
501 | "Certificate value is not PKCS7...\n"); | 498 | if (GNUTLS_E_SUCCESS != |
499 | (err = gnutls_x509_crt_init (&cert))) | ||
500 | { | ||
501 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
502 | _("Failed to initialize CERT: %s\n"), | ||
503 | gnutls_strerror_name (err)); | ||
504 | ret = GNUNET_SYSERR; | ||
505 | break; | ||
506 | } | ||
507 | if (GNUTLS_E_SUCCESS != | ||
508 | (err = gnutls_x509_crt_import (cert, | ||
509 | &datum, | ||
510 | GNUTLS_X509_FMT_DER))) | ||
511 | { | ||
512 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
513 | _("Failed to parse CERT: %s\n"), | ||
514 | gnutls_strerror_name (err)); | ||
515 | ret = GNUNET_SYSERR; | ||
516 | } | ||
517 | else | ||
518 | ret = GNUNET_OK; | ||
519 | gnutls_x509_crt_deinit (cert); | ||
520 | break; | ||
521 | case 1: /* subject public key only */ | ||
522 | if (GNUTLS_E_SUCCESS != | ||
523 | (err = gnutls_pubkey_init (&pk))) | ||
524 | { | ||
525 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
526 | _("Failed to initialize PK: %s\n"), | ||
527 | gnutls_strerror_name (err)); | ||
528 | ret = GNUNET_SYSERR; | ||
529 | break; | ||
530 | } | ||
531 | if (GNUTLS_E_SUCCESS != | ||
532 | (err = gnutls_pubkey_import (pk, | ||
533 | &datum, | ||
534 | GNUTLS_X509_FMT_DER))) | ||
535 | { | ||
536 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
537 | _("Failed to parse PK: %s\n"), | ||
538 | gnutls_strerror_name (err)); | ||
539 | ret = GNUNET_SYSERR; | ||
540 | } | ||
541 | else | ||
542 | ret = GNUNET_OK; | ||
543 | gnutls_pubkey_deinit (pk); | ||
544 | break; | ||
545 | default: | ||
546 | GNUNET_break (0); | ||
502 | ret = GNUNET_SYSERR; | 547 | ret = GNUNET_SYSERR; |
548 | break; | ||
503 | } | 549 | } |
504 | else | ||
505 | ret = GNUNET_OK; | ||
506 | gnutls_pkcs7_deinit (pkcs7); | ||
507 | break; | 550 | break; |
508 | case 1: /* SHA-256 hash */ | 551 | case 1: /* SHA-256 hash */ |
509 | ret = (256 / 8 == slen / 2) ? GNUNET_OK : GNUNET_SYSERR; | 552 | ret = (256 / 8 == slen / 2) ? GNUNET_OK : GNUNET_SYSERR; |
@@ -513,6 +556,7 @@ tlsa_validate (void *cls, | |||
513 | break; | 556 | break; |
514 | default: | 557 | default: |
515 | GNUNET_break (0); | 558 | GNUNET_break (0); |
559 | ret = GNUNET_SYSERR; | ||
516 | break; | 560 | break; |
517 | } | 561 | } |
518 | } | 562 | } |
@@ -593,6 +637,7 @@ libgnunet_plugin_gtk_namestore_tlsa_init (void *cls) | |||
593 | { NULL, NULL } | 637 | { NULL, NULL } |
594 | }; | 638 | }; |
595 | 639 | ||
640 | gnutls_global_init (); | ||
596 | plugin = GNUNET_new (struct GNUNET_GTK_NAMESTORE_PluginFunctions); | 641 | plugin = GNUNET_new (struct GNUNET_GTK_NAMESTORE_PluginFunctions); |
597 | plugin->cls = env; | 642 | plugin->cls = env; |
598 | plugin->dialog_glade_filename = "gnunet_namestore_edit_tlsa.glade"; | 643 | plugin->dialog_glade_filename = "gnunet_namestore_edit_tlsa.glade"; |
@@ -619,6 +664,7 @@ libgnunet_plugin_gtk_namestore_tlsa_done (void *cls) | |||
619 | struct GNUNET_GTK_NAMESTORE_PluginFunctions *plugin = cls; | 664 | struct GNUNET_GTK_NAMESTORE_PluginFunctions *plugin = cls; |
620 | 665 | ||
621 | GNUNET_free (plugin); | 666 | GNUNET_free (plugin); |
667 | gnutls_global_deinit (); | ||
622 | return NULL; | 668 | return NULL; |
623 | } | 669 | } |
624 | 670 | ||