summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Melnikov <alexey.melnikov@isode.com>2012-03-09 20:19:19 (GMT)
committerKevin Smith <git@kismith.co.uk>2012-04-11 10:25:16 (GMT)
commitd5f885dd9aa65d18145a99826a1c30aeb62aca8e (patch)
treebef9f1478f3dcc602d3aa8595ab27eb7356d4da8 /Swiften/TLS/Schannel
parent1e61cace31a3395f5470a03c3bcf2b7f32d79d03 (diff)
downloadswift-contrib-d5f885dd9aa65d18145a99826a1c30aeb62aca8e.zip
swift-contrib-d5f885dd9aa65d18145a99826a1c30aeb62aca8e.tar.bz2
Added support for determining SmartCard Reader associated with a certificate (if any)
This patch implements monitoring for SmartCard ejection. This is done by periodically (currently every second) polling smart card reader for the smart card status. If the smart card status becomes "absent" or "unknown" (an error to query the smartcard), the TLS session is aborted. This usually results in an attempt to reestablish TLS which will pop up "please insert the smart card" dialog. License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Diffstat (limited to 'Swiften/TLS/Schannel')
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.cpp18
-rw-r--r--Swiften/TLS/Schannel/SchannelContext.h6
2 files changed, 21 insertions, 3 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 4f8f36f..8e952ea 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -4,8 +4,10 @@
* See Documentation/Licenses/BSD-simplified.txt for more information.
*/
-#include "Swiften/TLS/Schannel/SchannelContext.h"
-#include "Swiften/TLS/Schannel/SchannelCertificate.h"
+#include <boost/bind.hpp>
+
+#include <Swiften/TLS/Schannel/SchannelContext.h>
+#include <Swiften/TLS/Schannel/SchannelCertificate.h>
#include <Swiften/TLS/CAPICertificate.h>
#include <WinHTTP.h> // For SECURITY_FLAG_IGNORE_CERT_CN_INVALID
@@ -19,6 +21,7 @@ SchannelContext::SchannelContext()
, m_my_cert_store(NULL)
, m_cert_store_name("MY")
, m_cert_name()
+, m_smartcard_reader()
{
m_ctxtFlags = ISC_REQ_ALLOCATE_MEMORY |
ISC_REQ_CONFIDENTIALITY |
@@ -639,10 +642,21 @@ bool SchannelContext::setClientCertificate(CertificateWithKey::ref certificate)
// are valid at this point
m_cert_store_name = capiCertificate->getCertStoreName();
m_cert_name = capiCertificate->getCertName();
+////At the moment this is only useful for logging:
+ m_smartcard_reader = capiCertificate->getSmartCardReaderName();
+
+ capiCertificate->onCertificateCardRemoved.connect(boost::bind(&SchannelContext::handleCertificateCardRemoved, this));
+
return true;
}
//------------------------------------------------------------------------
+void SchannelContext::handleCertificateCardRemoved() {
+ //ToDo: Might want to log the reason ("certificate card ejected")
+ indicateError();
+}
+
+//------------------------------------------------------------------------
Certificate::ref SchannelContext::getPeerCertificate() const
{
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 70b0694..bce7415 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -10,7 +10,7 @@
#include "Swiften/TLS/TLSContext.h"
#include "Swiften/TLS/Schannel/SchannelUtil.h"
-#include <Swiften/TLS/CertificateWithKey.h>
+#include "Swiften/TLS/CertificateWithKey.h"
#include "Swiften/Base/ByteArray.h"
#define SECURITY_WIN32
@@ -62,6 +62,8 @@ namespace Swift
void appendNewData(const SafeByteArray& data);
SECURITY_STATUS validateServerCertificate();
+ void handleCertificateCardRemoved();
+
private:
enum SchannelState
{
@@ -86,5 +88,7 @@ namespace Swift
HCERTSTORE m_my_cert_store;
std::string m_cert_store_name;
std::string m_cert_name;
+////Not needed, most likely
+ std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates
};
}