Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/TLS
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/TLS')
-rw-r--r--Swiften/TLS/Certificate.cpp8
-rw-r--r--Swiften/TLS/Certificate.h6
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp7
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp8
-rw-r--r--Swiften/TLS/PKCS12Certificate.h3
-rw-r--r--Swiften/TLS/ServerIdentityVerifier.cpp13
-rw-r--r--Swiften/TLS/ServerIdentityVerifier.h4
-rw-r--r--Swiften/TLS/UnitTest/CertificateTest.cpp6
-rw-r--r--Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp40
9 files changed, 60 insertions, 35 deletions
diff --git a/Swiften/TLS/Certificate.cpp b/Swiften/TLS/Certificate.cpp
index a796463..ec268c8 100644
--- a/Swiften/TLS/Certificate.cpp
+++ b/Swiften/TLS/Certificate.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010 Remko Tronçon
+ * Copyright (c) 2010-2013 Remko Tronçon
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
@@ -8,7 +8,7 @@
#include <sstream>
-#include <Swiften/StringCodecs/SHA1.h>
+#include <Swiften/Crypto/CryptoProvider.h>
#include <Swiften/StringCodecs/Hexify.h>
namespace Swift {
@@ -19,8 +19,8 @@ const char* Certificate::ID_ON_DNSSRV_OID = "1.3.6.1.5.5.7.8.7";
Certificate::~Certificate() {
}
-std::string Certificate::getSHA1Fingerprint() const {
- ByteArray hash = SHA1::getHash(toDER());
+std::string Certificate::getSHA1Fingerprint(Certificate::ref certificate, CryptoProvider* crypto) {
+ ByteArray hash = crypto->getSHA1Hash(certificate->toDER());
std::ostringstream s;
for (size_t i = 0; i < hash.size(); ++i) {
if (i > 0) {
diff --git a/Swiften/TLS/Certificate.h b/Swiften/TLS/Certificate.h
index 9aec86c..f558c12 100644
--- a/Swiften/TLS/Certificate.h
+++ b/Swiften/TLS/Certificate.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010 Remko Tronçon
+ * Copyright (c) 2010-2013 Remko Tronçon
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
@@ -13,6 +13,8 @@
#include <Swiften/Base/ByteArray.h>
namespace Swift {
+ class CryptoProvider;
+
class SWIFTEN_API Certificate {
public:
typedef boost::shared_ptr<Certificate> ref;
@@ -32,7 +34,7 @@ namespace Swift {
virtual ByteArray toDER() const = 0;
- virtual std::string getSHA1Fingerprint() const;
+ static std::string getSHA1Fingerprint(Certificate::ref, CryptoProvider* crypto);
protected:
static const char* ID_ON_XMPPADDR_OID;
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp
index 76b8bb9..d654787 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010 Remko Tronçon
+ * Copyright (c) 2010-2013 Remko Tronçon
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
@@ -13,6 +13,9 @@
#include <openssl/x509v3.h>
#pragma GCC diagnostic ignored "-Wold-style-cast"
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#pragma clang diagnostic ignored "-Wcast-align"
+#pragma clang diagnostic ignored "-Wsign-conversion"
namespace Swift {
@@ -55,7 +58,7 @@ void OpenSSLCertificate::parse() {
// Subject name
ByteArray subjectNameData;
subjectNameData.resize(256);
- X509_NAME_oneline(X509_get_subject_name(cert.get()), reinterpret_cast<char*>(vecptr(subjectNameData)), subjectNameData.size());
+ X509_NAME_oneline(X509_get_subject_name(cert.get()), reinterpret_cast<char*>(vecptr(subjectNameData)), static_cast<unsigned int>(subjectNameData.size()));
this->subjectName = byteArrayToString(subjectNameData);
// Common name
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index e8a9019..77f780f 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010 Remko Tronçon
+ * Copyright (c) 2010-2013 Remko Tronçon
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
@@ -25,13 +25,17 @@
#include <Swiften/TLS/PKCS12Certificate.h>
#pragma GCC diagnostic ignored "-Wold-style-cast"
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#pragma clang diagnostic ignored "-Wshorten-64-to-32"
+#pragma clang diagnostic ignored "-Wcast-align"
+#pragma clang diagnostic ignored "-Wsign-conversion"
namespace Swift {
static const int MAX_FINISHED_SIZE = 4096;
static const int SSL_READ_BUFFERSIZE = 8192;
-void freeX509Stack(STACK_OF(X509)* stack) {
+static void freeX509Stack(STACK_OF(X509)* stack) {
sk_X509_free(stack);
}
diff --git a/Swiften/TLS/PKCS12Certificate.h b/Swiften/TLS/PKCS12Certificate.h
index 2f70456..2d4c2e5 100644
--- a/Swiften/TLS/PKCS12Certificate.h
+++ b/Swiften/TLS/PKCS12Certificate.h
@@ -8,13 +8,14 @@
#include <Swiften/Base/SafeByteArray.h>
#include <Swiften/TLS/CertificateWithKey.h>
+#include <boost/filesystem/path.hpp>
namespace Swift {
class PKCS12Certificate : public Swift::CertificateWithKey {
public:
PKCS12Certificate() {}
- PKCS12Certificate(const std::string& filename, const SafeByteArray& password) : password_(password) {
+ PKCS12Certificate(const boost::filesystem::path& filename, const SafeByteArray& password) : password_(password) {
readByteArrayFromFile(data_, filename);
}
diff --git a/Swiften/TLS/ServerIdentityVerifier.cpp b/Swiften/TLS/ServerIdentityVerifier.cpp
index a908ad0..02459b9 100644
--- a/Swiften/TLS/ServerIdentityVerifier.cpp
+++ b/Swiften/TLS/ServerIdentityVerifier.cpp
@@ -9,18 +9,21 @@
#include <boost/algorithm/string.hpp>
#include <Swiften/Base/foreach.h>
-#include <Swiften/IDN/IDNA.h>
+#include <Swiften/IDN/IDNConverter.h>
namespace Swift {
-ServerIdentityVerifier::ServerIdentityVerifier(const JID& jid) {
+ServerIdentityVerifier::ServerIdentityVerifier(const JID& jid, IDNConverter* idnConverter) {
domain = jid.getDomain();
- encodedDomain = IDNA::getEncoded(domain);
+ encodedDomain = idnConverter->getIDNAEncoded(domain);
}
bool ServerIdentityVerifier::certificateVerifies(Certificate::ref certificate) {
bool hasSAN = false;
+ if (certificate == NULL) {
+ return false;
+ }
// DNS names
std::vector<std::string> dnsNames = certificate->getDNSNames();
foreach (const std::string& dnsName, dnsNames) {
@@ -67,8 +70,8 @@ bool ServerIdentityVerifier::matchesDomain(const std::string& s) const {
if (boost::starts_with(s, "*.")) {
std::string matchString(s.substr(2, s.npos));
std::string matchDomain = encodedDomain;
- int dotIndex = matchDomain.find('.');
- if (dotIndex >= 0) {
+ size_t dotIndex = matchDomain.find('.');
+ if (dotIndex != matchDomain.npos) {
matchDomain = matchDomain.substr(dotIndex + 1, matchDomain.npos);
}
return matchString == matchDomain;
diff --git a/Swiften/TLS/ServerIdentityVerifier.h b/Swiften/TLS/ServerIdentityVerifier.h
index 730ee74..4167ce8 100644
--- a/Swiften/TLS/ServerIdentityVerifier.h
+++ b/Swiften/TLS/ServerIdentityVerifier.h
@@ -14,9 +14,11 @@
#include <Swiften/TLS/Certificate.h>
namespace Swift {
+ class IDNConverter;
+
class SWIFTEN_API ServerIdentityVerifier {
public:
- ServerIdentityVerifier(const JID& jid);
+ ServerIdentityVerifier(const JID& jid, IDNConverter* idnConverter);
bool certificateVerifies(Certificate::ref);
diff --git a/Swiften/TLS/UnitTest/CertificateTest.cpp b/Swiften/TLS/UnitTest/CertificateTest.cpp
index 5df5639..3352118 100644
--- a/Swiften/TLS/UnitTest/CertificateTest.cpp
+++ b/Swiften/TLS/UnitTest/CertificateTest.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010 Remko Tronçon
+ * Copyright (c) 2010-2013 Remko Tronçon
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
@@ -12,6 +12,8 @@
#include <Swiften/TLS/Certificate.h>
#include <Swiften/TLS/SimpleCertificate.h>
+#include <Swiften/Crypto/CryptoProvider.h>
+#include <Swiften/Crypto/PlatformCryptoProvider.h>
using namespace Swift;
@@ -25,7 +27,7 @@ class CertificateTest : public CppUnit::TestFixture {
SimpleCertificate::ref testling = boost::make_shared<SimpleCertificate>();
testling->setDER(createByteArray("abcdefg"));
- CPPUNIT_ASSERT_EQUAL(std::string("2f:b5:e1:34:19:fc:89:24:68:65:e7:a3:24:f4:76:ec:62:4e:87:40"), testling->getSHA1Fingerprint());
+ CPPUNIT_ASSERT_EQUAL(std::string("2f:b5:e1:34:19:fc:89:24:68:65:e7:a3:24:f4:76:ec:62:4e:87:40"), Certificate::getSHA1Fingerprint(testling, boost::shared_ptr<CryptoProvider>(PlatformCryptoProvider::create()).get()));
}
};
diff --git a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
index bd68c84..e974eb7 100644
--- a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
+++ b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
@@ -12,6 +12,8 @@
#include <Swiften/TLS/ServerIdentityVerifier.h>
#include <Swiften/TLS/SimpleCertificate.h>
+#include <Swiften/IDN/IDNConverter.h>
+#include <Swiften/IDN/PlatformIDNConverter.h>
using namespace Swift;
@@ -36,8 +38,12 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
CPPUNIT_TEST_SUITE_END();
public:
+ void setUp() {
+ idnConverter = boost::shared_ptr<IDNConverter>(PlatformIDNConverter::create());
+ }
+
void testCertificateVerifies_WithoutMatchingDNSName() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addDNSName("foo.com");
@@ -45,7 +51,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingDNSName() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addDNSName("bar.com");
@@ -53,7 +59,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithSecondMatchingDNSName() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addDNSName("foo.com");
certificate->addDNSName("bar.com");
@@ -62,7 +68,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingInternationalDNSName() {
- ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7on.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7on.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addDNSName("xn--tronon-zua.com");
@@ -70,7 +76,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingDNSNameWithWildcard() {
- ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addDNSName("*.bar.com");
@@ -78,7 +84,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addDNSName("*.bar.com");
@@ -86,7 +92,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents() {
- ServerIdentityVerifier testling(JID("foo@xmpp.im.bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@xmpp.im.bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addDNSName("*.bar.com");
@@ -94,7 +100,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingSRVNameWithoutService() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addSRVName("bar.com");
@@ -102,7 +108,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingSRVNameWithService() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addSRVName("_xmpp-client.bar.com");
@@ -110,7 +116,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard() {
- ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addSRVName("_xmpp-client.*.bar.com");
@@ -118,7 +124,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingSRVNameWithDifferentService() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addSRVName("_xmpp-server.bar.com");
@@ -126,7 +132,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingXmppAddr() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addXMPPAddress("bar.com");
@@ -134,7 +140,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() {
- ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addXMPPAddress("*.bar.com");
@@ -142,7 +148,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingInternationalXmppAddr() {
- ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addXMPPAddress("tron\xc3\xa7.com");
@@ -150,7 +156,7 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingCNWithoutSAN() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addCommonName("bar.com");
@@ -158,13 +164,15 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture {
}
void testCertificateVerifies_WithMatchingCNWithSAN() {
- ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+ ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get());
SimpleCertificate::ref certificate(new SimpleCertificate());
certificate->addSRVName("foo.com");
certificate->addCommonName("bar.com");
CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
}
+
+ boost::shared_ptr<IDNConverter> idnConverter;
};
CPPUNIT_TEST_SUITE_REGISTRATION(ServerIdentityVerifierTest);