Show Certificate dialog from certificate error window.

author: Remko Tronçon <git@el-tramo.be> 2012-05-12 18:09:25 (GMT)
committer: Remko Tronçon <git@el-tramo.be> 2012-05-12 18:09:25 (GMT)
commit: 159e773b156f531575d0d7e241e2d20c85ee6d7c (patch)
tree: 9116f69b5f20ec07060b73308427ab524305344f /Swiften
parent: 0f91f88ac69644fb7e7bdbf601b7e098194490fa (diff)
download: swift-contrib-159e773b156f531575d0d7e241e2d20c85ee6d7c.zip
swift-contrib-159e773b156f531575d0d7e241e2d20c85ee6d7c.tar.bz2
4 files changed, 12 insertions, 7 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index 8be8a8c..c2dc3ae 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -365,35 +365,36 @@ void ClientSession::sendCredentials(const SafeByteArray& password) {
 	state = Authenticating;
 	authenticator->setCredentials(localJID.getNode(), password);
 	stream->writeElement(boost::make_shared<AuthRequest>(authenticator->getName(), authenticator->getResponse()));
 }
 
 void ClientSession::handleTLSEncrypted() {
 	checkState(Encrypting);
 
 	Certificate::ref certificate = stream->getPeerCertificate();
+	std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain();
 	boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
 	if (verificationError) {
-		checkTrustOrFinish(certificate, verificationError);
+		checkTrustOrFinish(certificate, certificateChain, verificationError);
 	}
 	else {
 		ServerIdentityVerifier identityVerifier(localJID);
 		if (identityVerifier.certificateVerifies(certificate)) {
 			continueAfterTLSEncrypted();
 		}
 		else {
-			checkTrustOrFinish(certificate, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
+			checkTrustOrFinish(certificate, certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
 		}
 	}
 }
 
-void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) {
-	if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate)) {
+void ClientSession::checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) {
+	if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, certificateChain)) {
 		continueAfterTLSEncrypted();
 	}
 	else {
 		finishSession(error);
 	}
 }
 
 void ClientSession::continueAfterTLSEncrypted() {
 	state = WaitingForStreamStart;
diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h
index b67b23d..9c4b980 100644
--- a/Swiften/Client/ClientSession.h
+++ b/Swiften/Client/ClientSession.h
@@ -148,19 +148,19 @@ namespace Swift {
 			void handleTLSEncrypted();
 
 			bool checkState(State);
 			void continueSessionInitialization();
 
 			void requestAck();
 			void handleStanzaAcked(boost::shared_ptr<Stanza> stanza);
 			void ack(unsigned int handledStanzasCount);
 			void continueAfterTLSEncrypted();
-			void checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error);
+			void checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error);
 
 		private:
 			JID localJID;
 			State state;
 			boost::shared_ptr<SessionStream> stream;
 			bool allowPLAINOverNonTLS;
 			bool useStreamCompression;
 			UseTLS useTLS;
 			bool useAcks;
diff --git a/Swiften/TLS/BlindCertificateTrustChecker.h b/Swiften/TLS/BlindCertificateTrustChecker.h
index 3177322..9ed7ff2 100644
--- a/Swiften/TLS/BlindCertificateTrustChecker.h
+++ b/Swiften/TLS/BlindCertificateTrustChecker.h
@@ -13,14 +13,14 @@ namespace Swift {
 	 * A certificate trust checker that trusts any ceritficate.
 	 *
 	 * This can be used to ignore any TLS certificate errors occurring 
 	 * during connection.
 	 *
 	 * \see Client::setAlwaysTrustCertificates()
 	 */
 	class BlindCertificateTrustChecker : public CertificateTrustChecker {
 		public:
-			virtual bool isCertificateTrusted(Certificate::ref) {
+			virtual bool isCertificateTrusted(Certificate::ref, const std::vector<Certificate::ref>&) {
 				return true;
 			}
 	};
 }
diff --git a/Swiften/TLS/CertificateTrustChecker.h b/Swiften/TLS/CertificateTrustChecker.h
index 06c0c32..91cc530 100644
--- a/Swiften/TLS/CertificateTrustChecker.h
+++ b/Swiften/TLS/CertificateTrustChecker.h
@@ -4,26 +4,30 @@
  * See Documentation/Licenses/GPLv3.txt for more information.
  */
 
 #pragma once
 
 #include <boost/shared_ptr.hpp>
 
 #include <string>
 #include <Swiften/TLS/Certificate.h>
+#include <vector>
 
 namespace Swift {
 	/**
 	 * A class to implement a check for certificate trust.
 	 */
 	class CertificateTrustChecker {
 		public:
 			virtual ~CertificateTrustChecker();
 
 			/**
 			 * This method is called to find out whether a certificate is
 			 * trusted. This usually happens when a certificate's validation
 			 * fails, to check whether to proceed with the connection or not.
+			 *
+			 * certificateChain contains the chain of certificates, if available.
+			 * This chain includes certificate.
 			 */
-			virtual bool isCertificateTrusted(Certificate::ref certificate) = 0;
+			virtual bool isCertificateTrusted(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain) = 0;
 	};
 }
author	Remko Tronçon <git@el-tramo.be>	2012-05-12 18:09:25 (GMT)
committer	Remko Tronçon <git@el-tramo.be>	2012-05-12 18:09:25 (GMT)
commit	159e773b156f531575d0d7e241e2d20c85ee6d7c (patch)
tree	9116f69b5f20ec07060b73308427ab524305344f /Swiften
parent	0f91f88ac69644fb7e7bdbf601b7e098194490fa (diff)
download	swift-contrib-159e773b156f531575d0d7e241e2d20c85ee6d7c.zip swift-contrib-159e773b156f531575d0d7e241e2d20c85ee6d7c.tar.bz2