search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updated Czech translation
[nijm-empathy.git] / libempathy / empathy-tls-verifier.c
bloba8306bb569ea50f187b4ed615a69f58eaf8dd46a
1 /*
2 * empathy-tls-verifier.c - Source for EmpathyTLSVerifier
3 * Copyright (C) 2010 Collabora Ltd.
4 * Copyright (C) 2017 Red Hat, Inc.
5 * @author Cosimo Cecchi <cosimo.cecchi@collabora.co.uk>
6 * @author Debarshi Ray <debarshir@gnome.org>
7 * @author Stef Walter <stefw@collabora.co.uk>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #include "config.h"
25 #include "empathy-tls-verifier.h"
26
27 #include <gcr/gcr.h>
28
29 #include "empathy-utils.h"
30
31 #define DEBUG_FLAG EMPATHY_DEBUG_TLS
32 #include "empathy-debug.h"
33
34 G_DEFINE_TYPE (EmpathyTLSVerifier, empathy_tls_verifier,
35 G_TYPE_OBJECT)
36
37 #define GET_PRIV(obj) EMPATHY_GET_PRIV (obj, EmpathyTLSVerifier);
38
39 enum {
40 PROP_TLS_CERTIFICATE = 1,
41 PROP_HOSTNAME,
42 PROP_REFERENCE_IDENTITIES,
43
44 LAST_PROPERTY,
45 };
46
47 typedef struct {
48 GTlsCertificate *g_certificate;
49 GTlsDatabase *database;
50 TpTLSCertificate *certificate;
51 gchar *hostname;
52 gchar **reference_identities;
53
54 GSimpleAsyncResult *verify_result;
55 GHashTable *details;
56
57 gboolean dispose_run;
58 } EmpathyTLSVerifierPriv;
59
60 static GTlsCertificate *
61 tls_certificate_new_from_der (GPtrArray *data, GError **error)
62 {
63 GTlsBackend *tls_backend;
64 GTlsCertificate *cert = NULL;
65 GTlsCertificate *issuer = NULL;
66 GTlsCertificate *retval = NULL;
67 GType tls_certificate_type;
68 gint i;
69
70 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
71
72 tls_backend = g_tls_backend_get_default ();
73 tls_certificate_type = g_tls_backend_get_certificate_type (tls_backend);
74
75 for (i = (gint) data->len - 1; i >= 0; --i)
76 {
77 GArray *cert_data;
78
79 cert_data = g_ptr_array_index (data, i);
80 cert = g_initable_new (tls_certificate_type,
81 NULL,
82 error,
83 "certificate", (GByteArray *) cert_data,
84 "issuer", issuer,
85 NULL);
86
87 if (cert == NULL)
88 goto out;
89
90 g_clear_object (&issuer);
91 issuer = g_object_ref (cert);
92 g_clear_object (&cert);
93 }
94
95 g_assert_null (cert);
96 g_assert_true (G_IS_TLS_CERTIFICATE (issuer));
97
98 retval = g_object_ref (issuer);
99
100 out:
101 g_clear_object (&cert);
102 g_clear_object (&issuer);
103 return retval;
104 }
105
106 static TpTLSCertificateRejectReason
107 verification_output_to_reason (GTlsCertificateFlags flags)
108 {
109 TpTLSCertificateRejectReason retval;
110
111 g_assert (flags != 0);
112
113 switch (flags)
114 {
115 case G_TLS_CERTIFICATE_UNKNOWN_CA:
116 retval = TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED;
117 break;
118 case G_TLS_CERTIFICATE_BAD_IDENTITY:
119 retval = TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH;
120 break;
121 case G_TLS_CERTIFICATE_NOT_ACTIVATED:
122 retval = TP_TLS_CERTIFICATE_REJECT_REASON_NOT_ACTIVATED;
123 break;
124 case G_TLS_CERTIFICATE_EXPIRED:
125 retval = TP_TLS_CERTIFICATE_REJECT_REASON_EXPIRED;
126 break;
127 case G_TLS_CERTIFICATE_REVOKED:
128 retval = TP_TLS_CERTIFICATE_REJECT_REASON_REVOKED;
129 break;
130 case G_TLS_CERTIFICATE_INSECURE:
131 retval = TP_TLS_CERTIFICATE_REJECT_REASON_INSECURE;
132 break;
133 case G_TLS_CERTIFICATE_GENERIC_ERROR:
134 default:
135 retval = TP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN;
136 break;
137 }
138
139 return retval;
140 }
141
142 static void
143 complete_verification (EmpathyTLSVerifier *self)
144 {
145 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
146
147 DEBUG ("Verification successful, completing...");
148
149 g_simple_async_result_complete_in_idle (priv->verify_result);
150
151 g_clear_object (&priv->g_certificate);
152 tp_clear_object (&priv->verify_result);
153 }
154
155 static void
156 abort_verification (EmpathyTLSVerifier *self,
157 TpTLSCertificateRejectReason reason)
158 {
159 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
160
161 DEBUG ("Verification error %u, aborting...", reason);
162
163 g_simple_async_result_set_error (priv->verify_result,
164 G_IO_ERROR, reason, "TLS verification failed with reason %u",
165 reason);
166 g_simple_async_result_complete_in_idle (priv->verify_result);
167
168 g_clear_object (&priv->g_certificate);
169 tp_clear_object (&priv->verify_result);
170 }
171
172 static void
173 debug_certificate (GcrCertificate *cert)
174 {
175 gchar *subject = gcr_certificate_get_subject_dn (cert);
176 DEBUG ("Certificate: %s", subject);
177 g_free (subject);
178 }
179
180 static void
181 verify_chain_cb (GObject *object,
182 GAsyncResult *res,
183 gpointer user_data)
184 {
185 GError *error = NULL;
186
187 GTlsCertificateFlags flags;
188 GTlsDatabase *tls_database = G_TLS_DATABASE (object);
189 gint i;
190 EmpathyTLSVerifier *self = EMPATHY_TLS_VERIFIER (user_data);
191 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
192
193 /* FIXME: g_tls_database_verify_chain doesn't set the GError if the
194 * certificate chain couldn't be verified. See:
195 * https://bugzilla.gnome.org/show_bug.cgi?id=780310
196 */
197 flags = g_tls_database_verify_chain_finish (tls_database, res, &error);
198 if (flags != 0)
199 {
200 TpTLSCertificateRejectReason reason;
201
202 /* We don't pass the identity to g_tls_database_verify. */
203 g_assert_false (flags & G_TLS_CERTIFICATE_BAD_IDENTITY);
204
205 reason = verification_output_to_reason (flags);
206 DEBUG ("Certificate verification gave flags %d with reason %u",
207 (gint) flags,
208 reason);
209
210 abort_verification (self, reason);
211 g_clear_error (&error);
212 goto out;
213 }
214
215 for (i = 0; priv->reference_identities[i] != NULL; i++)
216 {
217 GSocketConnectable *identity = NULL;
218
219 identity = g_network_address_new (priv->reference_identities[i], 0);
220 flags = g_tls_certificate_verify (priv->g_certificate, identity, NULL);
221
222 g_object_unref (identity);
223 if (flags == 0)
224 break;
225 }
226
227 if (flags != 0)
228 {
229 TpTLSCertificateRejectReason reason;
230
231 g_assert_cmpint (flags, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
232
233 reason = verification_output_to_reason (flags);
234 DEBUG ("Certificate verification gave flags %d with reason %u",
235 (gint) flags,
236 reason);
237
238 /* FIXME: We don't set "certificate-hostname" because
239 * GTlsCertificate doesn't expose the hostname used in the
240 * certificate. We will temporarily lose some verbosity in
241 * EmpathyTLSDialog, but that's balanced by no longer
242 * relying on a specific encryption library.
243 */
244 tp_asv_set_string (priv->details, "expected-hostname", priv->hostname);
245
246 DEBUG ("Hostname mismatch: expected %s", priv->hostname);
247
248 abort_verification (self, reason);
249 goto out;
250 }
251
252 DEBUG ("Verified certificate chain");
253 complete_verification (self);
254
255 out:
256 /* Matches ref when starting verify chain */
257 g_object_unref (self);
258 }
259
260 static void
261 is_certificate_pinned_cb (GObject *object,
262 GAsyncResult *res,
263 gpointer user_data)
264 {
265 GError *error = NULL;
266 GPtrArray *cert_data;
267 EmpathyTLSVerifier *self = EMPATHY_TLS_VERIFIER (user_data);
268 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
269
270 if (gcr_trust_is_certificate_pinned_finish (res, &error))
271 {
272 DEBUG ("Found pinned certificate for %s", priv->hostname);
273 complete_verification (self);
274 goto out;
275 }
276
277 /* error is set only when there is an actual failure. It won't be
278 * set, if it successfully determined that the ceritificate was not
279 * pinned. */
280 if (error != NULL)
281 {
282 DEBUG ("Failed to determine if certificate is pinned: %s",
283 error->message);
284 g_clear_error (&error);
285 }
286
287 cert_data = tp_tls_certificate_get_cert_data (priv->certificate);
288 priv->g_certificate = tls_certificate_new_from_der (cert_data, &error);
289 if (error != NULL)
290 {
291 DEBUG ("Verification of certificate chain failed: %s", error->message);
292
293 abort_verification (self, TP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN);
294 g_clear_error (&error);
295 goto out;
296 }
297
298 DEBUG ("Performing verification");
299
300 g_tls_database_verify_chain_async (priv->database,
301 priv->g_certificate,
302 G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
303 NULL,
304 NULL,
305 G_TLS_DATABASE_VERIFY_NONE,
306 NULL,
307 verify_chain_cb,
308 g_object_ref (self));
309
310 out:
311 /* Matches ref when starting is certificate pinned */
312 g_object_unref (self);
313 }
314
315 static void
316 empathy_tls_verifier_get_property (GObject *object,
317 guint property_id,
318 GValue *value,
319 GParamSpec *pspec)
320 {
321 EmpathyTLSVerifierPriv *priv = GET_PRIV (object);
322
323 switch (property_id)
324 {
325 case PROP_TLS_CERTIFICATE:
326 g_value_set_object (value, priv->certificate);
327 break;
328 case PROP_HOSTNAME:
329 g_value_set_string (value, priv->hostname);
330 break;
331 case PROP_REFERENCE_IDENTITIES:
332 g_value_set_boxed (value, priv->reference_identities);
333 break;
334 default:
335 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
336 break;
337 }
338 }
339
340 static void
341 empathy_tls_verifier_set_property (GObject *object,
342 guint property_id,
343 const GValue *value,
344 GParamSpec *pspec)
345 {
346 EmpathyTLSVerifierPriv *priv = GET_PRIV (object);
347
348 switch (property_id)
349 {
350 case PROP_TLS_CERTIFICATE:
351 priv->certificate = g_value_dup_object (value);
352 break;
353 case PROP_HOSTNAME:
354 priv->hostname = g_value_dup_string (value);
355 break;
356 case PROP_REFERENCE_IDENTITIES:
357 priv->reference_identities = g_value_dup_boxed (value);
358 break;
359 default:
360 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
361 break;
362 }
363 }
364
365 static void
366 empathy_tls_verifier_dispose (GObject *object)
367 {
368 EmpathyTLSVerifierPriv *priv = GET_PRIV (object);
369
370 if (priv->dispose_run)
371 return;
372
373 priv->dispose_run = TRUE;
374
375 g_clear_object (&priv->g_certificate);
376 g_clear_object (&priv->database);
377 tp_clear_object (&priv->certificate);
378
379 G_OBJECT_CLASS (empathy_tls_verifier_parent_class)->dispose (object);
380 }
381
382 static void
383 empathy_tls_verifier_finalize (GObject *object)
384 {
385 EmpathyTLSVerifierPriv *priv = GET_PRIV (object);
386
387 DEBUG ("%p", object);
388
389 tp_clear_boxed (G_TYPE_HASH_TABLE, &priv->details);
390 g_free (priv->hostname);
391 g_strfreev (priv->reference_identities);
392
393 G_OBJECT_CLASS (empathy_tls_verifier_parent_class)->finalize (object);
394 }
395
396 static void
397 empathy_tls_verifier_init (EmpathyTLSVerifier *self)
398 {
399 EmpathyTLSVerifierPriv *priv;
400 GTlsBackend *tls_backend;
401
402 priv = self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
403 EMPATHY_TYPE_TLS_VERIFIER, EmpathyTLSVerifierPriv);
404 priv->details = tp_asv_new (NULL, NULL);
405
406 tls_backend = g_tls_backend_get_default ();
407 priv->database = g_tls_backend_get_default_database (tls_backend);
408 }
409
410 static void
411 empathy_tls_verifier_class_init (EmpathyTLSVerifierClass *klass)
412 {
413 GParamSpec *pspec;
414 GObjectClass *oclass = G_OBJECT_CLASS (klass);
415
416 g_type_class_add_private (klass, sizeof (EmpathyTLSVerifierPriv));
417
418 oclass->set_property = empathy_tls_verifier_set_property;
419 oclass->get_property = empathy_tls_verifier_get_property;
420 oclass->finalize = empathy_tls_verifier_finalize;
421 oclass->dispose = empathy_tls_verifier_dispose;
422
423 pspec = g_param_spec_object ("certificate", "The TpTLSCertificate",
424 "The TpTLSCertificate to be verified.",
425 TP_TYPE_TLS_CERTIFICATE,
426 G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
427 g_object_class_install_property (oclass, PROP_TLS_CERTIFICATE, pspec);
428
429 pspec = g_param_spec_string ("hostname", "The hostname",
430 "The hostname which is certified by the certificate.",
431 NULL,
432 G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
433 g_object_class_install_property (oclass, PROP_HOSTNAME, pspec);
434
435 pspec = g_param_spec_boxed ("reference-identities",
436 "The reference identities",
437 "The certificate should certify one of these identities.",
438 G_TYPE_STRV,
439 G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
440 g_object_class_install_property (oclass, PROP_REFERENCE_IDENTITIES, pspec);
441 }
442
443 EmpathyTLSVerifier *
444 empathy_tls_verifier_new (TpTLSCertificate *certificate,
445 const gchar *hostname,
446 const gchar **reference_identities)
447 {
448 g_assert (TP_IS_TLS_CERTIFICATE (certificate));
449 g_assert (hostname != NULL);
450 g_assert (reference_identities != NULL);
451
452 return g_object_new (EMPATHY_TYPE_TLS_VERIFIER,
453 "certificate", certificate,
454 "hostname", hostname,
455 "reference-identities", reference_identities,
456 NULL);
457 }
458
459 void
460 empathy_tls_verifier_verify_async (EmpathyTLSVerifier *self,
461 GAsyncReadyCallback callback,
462 gpointer user_data)
463 {
464 GcrCertificate *cert;
465 GPtrArray *cert_data;
466 GArray *data;
467 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
468
469 DEBUG ("Starting verification");
470
471 g_return_if_fail (priv->verify_result == NULL);
472 g_return_if_fail (priv->g_certificate == NULL);
473
474 cert_data = tp_tls_certificate_get_cert_data (priv->certificate);
475 g_return_if_fail (cert_data);
476
477 priv->verify_result = g_simple_async_result_new (G_OBJECT (self),
478 callback, user_data, NULL);
479
480 /* The first certificate in the chain is for the host */
481 data = g_ptr_array_index (cert_data, 0);
482 cert = gcr_simple_certificate_new ((gpointer) data->data,
483 (gsize) data->len);
484
485 DEBUG ("Checking if certificate is pinned:");
486 debug_certificate (cert);
487
488 gcr_trust_is_certificate_pinned_async (cert,
489 GCR_PURPOSE_SERVER_AUTH,
490 priv->hostname,
491 NULL,
492 is_certificate_pinned_cb,
493 g_object_ref (self));
494
495 g_object_unref (cert);
496 }
497
498 gboolean
499 empathy_tls_verifier_verify_finish (EmpathyTLSVerifier *self,
500 GAsyncResult *res,
501 TpTLSCertificateRejectReason *reason,
502 GHashTable **details,
503 GError **error)
504 {
505 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
506
507 if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res),
508 error))
509 {
510 if (reason != NULL)
511 *reason = (*error)->code;
512
513 if (details != NULL)
514 {
515 *details = tp_asv_new (NULL, NULL);
516 tp_g_hash_table_update (*details, priv->details,
517 (GBoxedCopyFunc) g_strdup,
518 (GBoxedCopyFunc) tp_g_value_slice_dup);
519 }
520
521 return FALSE;
522 }
523
524 if (reason != NULL)
525 *reason = TP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN;
526
527 return TRUE;
528 }
529
530 void empathy_tls_verifier_set_database (EmpathyTLSVerifier *self,
531 GTlsDatabase *database)
532 {
533 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
534
535 g_return_if_fail (EMPATHY_IS_TLS_VERIFIER (self));
536 g_return_if_fail (G_IS_TLS_DATABASE (database));
537
538 if (database == priv->database)
539 return;
540
541 g_clear_object (&priv->database);
542 priv->database = g_object_ref (database);
543 }
544
545 void
546 empathy_tls_verifier_store_exception (EmpathyTLSVerifier *self)
547 {
548 GArray *data;
549 GcrCertificate *cert;
550 GPtrArray *cert_data;
551 GError *error = NULL;
552 EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
553
554 cert_data = tp_tls_certificate_get_cert_data (priv->certificate);
555 g_return_if_fail (cert_data);
556
557 if (!cert_data->len)
558 {
559 DEBUG ("No certificate to pin.");
560 return;
561 }
562
563 /* The first certificate in the chain is for the host */
564 data = g_ptr_array_index (cert_data, 0);
565 cert = gcr_simple_certificate_new ((gpointer)data->data, data->len);
566
567 DEBUG ("Storing pinned certificate:");
568 debug_certificate (cert);
569
570 if (!gcr_trust_add_pinned_certificate (cert, GCR_PURPOSE_SERVER_AUTH,
571 priv->hostname, NULL, &error))
572 DEBUG ("Can't store the pinned certificate: %s", error->message);
573
574 g_object_unref (cert);
575 }
Personal Empathy clone for development