summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Swift/Controllers/MainController.cpp48
-rw-r--r--Swift/Controllers/UIInterfaces/LoginWindow.h12
-rw-r--r--Swift/QtUI/QtLoginWindow.cpp12
-rw-r--r--Swift/QtUI/QtLoginWindow.h2
4 files changed, 44 insertions, 30 deletions
diff --git a/Swift/Controllers/MainController.cpp b/Swift/Controllers/MainController.cpp
index f4fdff6..74e381a 100644
--- a/Swift/Controllers/MainController.cpp
+++ b/Swift/Controllers/MainController.cpp
@@ -409,6 +409,7 @@ void MainController::handleDisconnected(const boost::optional<ClientError>& erro
}
else if (error) {
String message;
+ String certificateErrorMessage;
switch(error->getType()) {
case ClientError::UnknownError: message = "Unknown Error"; break;
case ClientError::DomainNameResolveError: message = "Unable to find server"; break;
@@ -428,26 +429,35 @@ void MainController::handleDisconnected(const boost::optional<ClientError>& erro
case ClientError::ClientCertificateLoadError: message = "Error loading certificate (Invalid password?)"; break;
case ClientError::ClientCertificateError: message = "Certificate not authorized"; break;
- case ClientError::UnknownCertificateError:
- case ClientError::CertificateExpiredError:
- case ClientError::CertificateNotYetValidError:
- case ClientError::CertificateSelfSignedError:
- case ClientError::CertificateRejectedError:
- case ClientError::CertificateUntrustedError:
- case ClientError::InvalidCertificatePurposeError:
- case ClientError::CertificatePathLengthExceededError:
- case ClientError::InvalidCertificateSignatureError:
- case ClientError::InvalidCAError:
- case ClientError::InvalidServerIdentityError:
- // FIXME: Popup a dialog
- message = "Certificate error (" + boost::lexical_cast<std::string>(error->getType()) + ")";
- if (loginWindow_->askUserToTrustCertificatePermanently(message)) {
- // FIXME: Only do this if the user accepts the certificate
- certificateStorage_->addCertificate(certificateTrustChecker_->getLastCertificate());
- }
- break;
+ case ClientError::UnknownCertificateError: certificateErrorMessage = "Unknown certificate"; break;
+ case ClientError::CertificateExpiredError: certificateErrorMessage = "Certificate has expired"; break;
+ case ClientError::CertificateNotYetValidError: certificateErrorMessage = "Certificate is not yet valid"; break;
+ case ClientError::CertificateSelfSignedError: certificateErrorMessage = "Certificate is self-signed"; break;
+ case ClientError::CertificateRejectedError: certificateErrorMessage = "Certificate has been rejected"; break;
+ case ClientError::CertificateUntrustedError: certificateErrorMessage = "Certificate is not trusted"; break;
+ case ClientError::InvalidCertificatePurposeError: certificateErrorMessage = "Certificate cannot be used for encryptig your connection"; break;
+ case ClientError::CertificatePathLengthExceededError: certificateErrorMessage = "Certificate path length constraint exceeded"; break;
+ case ClientError::InvalidCertificateSignatureError: certificateErrorMessage = "Invalid certificate signature"; break;
+ case ClientError::InvalidCAError: certificateErrorMessage = "Invalid Certificate Authority"; break;
+ case ClientError::InvalidServerIdentityError: certificateErrorMessage = "Certificate does not match the host identity"; break;
+
+ }
+ bool forceReconnectAfterCertificateTrust = false;
+ if (!certificateErrorMessage.isEmpty()) {
+ Certificate::ref certificate = certificateTrustChecker_->getLastCertificate();
+ if (loginWindow_->askUserToTrustCertificatePermanently(certificateErrorMessage, certificate)) {
+ certificateStorage_->addCertificate(certificate);
+ forceReconnectAfterCertificateTrust = true;
+ }
+ else {
+ message = "Certificate error";
+ }
+ }
+
+ if (forceReconnectAfterCertificateTrust) {
+ performLoginFromCachedCredentials();
}
- if (!rosterController_) { //hasn't been logged in yet
+ else if (!rosterController_) { //hasn't been logged in yet
signOut();
loginWindow_->setMessage(message);
} else {
diff --git a/Swift/Controllers/UIInterfaces/LoginWindow.h b/Swift/Controllers/UIInterfaces/LoginWindow.h
index e9ea92f..a25cdb9 100644
--- a/Swift/Controllers/UIInterfaces/LoginWindow.h
+++ b/Swift/Controllers/UIInterfaces/LoginWindow.h
@@ -4,14 +4,14 @@
* See Documentation/Licenses/GPLv3.txt for more information.
*/
-#ifndef SWIFTEN_LoginWindow_H
-#define SWIFTEN_LoginWindow_H
-
-#include "Swiften/Base/String.h"
+#pragma once
#include "Swiften/Base/boost_bsignals.h"
#include <boost/shared_ptr.hpp>
+#include <Swiften/Base/String.h>
+#include <Swiften/TLS/Certificate.h>
+
namespace Swift {
class MainWindow;
class LoginWindow {
@@ -27,11 +27,9 @@ namespace Swift {
virtual void setLoginAutomatically(bool loginAutomatically) = 0;
virtual void quit() = 0;
/** Blocking request whether a cert should be permanently trusted.*/
- virtual bool askUserToTrustCertificatePermanently(const String& message) = 0;
+ virtual bool askUserToTrustCertificatePermanently(const String& message, Certificate::ref) = 0;
boost::signal<void ()> onCancelLoginRequest;
boost::signal<void ()> onQuitRequest;
};
}
-#endif
-
diff --git a/Swift/QtUI/QtLoginWindow.cpp b/Swift/QtUI/QtLoginWindow.cpp
index 42641ba..c1f4f24 100644
--- a/Swift/QtUI/QtLoginWindow.cpp
+++ b/Swift/QtUI/QtLoginWindow.cpp
@@ -391,12 +391,18 @@ void QtLoginWindow::moveEvent(QMoveEvent*) {
emit geometryChanged();
}
-bool QtLoginWindow::askUserToTrustCertificatePermanently(const String& message) {
+bool QtLoginWindow::askUserToTrustCertificatePermanently(const String& message, Certificate::ref certificate) {
QMessageBox dialog(this);
- dialog.setText("Invalid server certificate.");
- dialog.setInformativeText("The certificate presented by the server is not valid. " + P2QSTRING(message) + " Would you like to permanently trust this certificate? This must only be done if you know it is correct.");
+
+ dialog.setText("The certificate presented by the server is not valid.");
+ dialog.setInformativeText(P2QSTRING(message) + "\n\nWould you like to permanently trust this certificate? This must only be done if you know it is correct.");
+
+ QString detailedText = "Subject: " + P2QSTRING(certificate->getSubjectName());
+ dialog.setDetailedText(detailedText);
+
dialog.setStandardButtons(QMessageBox::Yes | QMessageBox::No);
dialog.setDefaultButton(QMessageBox::No);
+
return dialog.exec() == QMessageBox::Yes;
}
diff --git a/Swift/QtUI/QtLoginWindow.h b/Swift/QtUI/QtLoginWindow.h
index 3978d73..0efd377 100644
--- a/Swift/QtUI/QtLoginWindow.h
+++ b/Swift/QtUI/QtLoginWindow.h
@@ -39,7 +39,7 @@ namespace Swift {
static QRect defaultPosition();
void setGentleGeometry(const QRect&);
void selectUser(const String& user);
- bool askUserToTrustCertificatePermanently(const String& message);
+ bool askUserToTrustCertificatePermanently(const String& message, Certificate::ref certificate);
virtual void quit();