MAKFC_CString GenerateKeyName(const MAKFC_CString &sLogin)
{
if ( MAKFC_CString::IsUin( sLogin ) )
{
return sLogin;
}
auto sResult = (GetProtocolName() + L"_" + sLogin);
return sResult;
}
int CTlsSocket::ContinueHandshake()
{
m_pOwner->LogMessage(Debug_Verbose, _T("CTlsSocket::ContinueHandshake()"));
wxASSERT(m_session);
wxASSERT(m_tlsState == handshake);
int res = gnutls_handshake(m_session);
while (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED)
{
if ( gnutls_record_get_direction(m_session) != 1 || !m_canWriteToSocket )
break;
res = gnutls_handshake(m_session);
}
if (!res)
{
m_pOwner->LogMessage(Debug_Info, _T("TLS Handshake successful"));
if (ResumedSession())
m_pOwner->LogMessage(Debug_Info, _T("TLS Session resumed"));
const wxString protocol = GetProtocolName();
const wxString keyExchange = GetKeyExchange();
const wxString cipherName = GetCipherName();
const wxString macName = GetMacName();
m_pOwner->LogMessage(Debug_Info, _T("Protocol: %s, Key exchange: %s, Cipher: %s, MAC: %s"), protocol.c_str(), keyExchange.c_str(), cipherName.c_str(), macName.c_str());
res = VerifyCertificate();
if (res != FZ_REPLY_OK)
return res;
if (m_shutdown_requested)
{
int error = Shutdown();
if (!error || error != EAGAIN)
{
CSocketEvent *evt = new CSocketEvent(m_pEvtHandler, this, CSocketEvent::close);
CSocketEventDispatcher::Get().SendEvent(evt);
}
}
return FZ_REPLY_OK;
}
else if (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED)
return FZ_REPLY_WOULDBLOCK;
Failure(res, ECONNABORTED);
return FZ_REPLY_ERROR;
}
int CTlsSocket::ContinueHandshake()
{
m_pOwner->LogMessage(MessageType::Debug_Verbose, _T("CTlsSocket::ContinueHandshake()"));
wxASSERT(m_session);
wxASSERT(m_tlsState == TlsState::handshake);
int res = gnutls_handshake(m_session);
while (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) {
if (!(gnutls_record_get_direction(m_session) ? m_canWriteToSocket : m_canReadFromSocket)) {
break;
}
res = gnutls_handshake(m_session);
}
if (!res) {
m_pOwner->LogMessage(MessageType::Debug_Info, _T("TLS Handshake successful"));
if (ResumedSession())
m_pOwner->LogMessage(MessageType::Debug_Info, _T("TLS Session resumed"));
const wxString protocol = GetProtocolName();
const wxString keyExchange = GetKeyExchange();
const wxString cipherName = GetCipherName();
const wxString macName = GetMacName();
m_pOwner->LogMessage(MessageType::Debug_Info, _T("Protocol: %s, Key exchange: %s, Cipher: %s, MAC: %s"), protocol, keyExchange, cipherName, macName);
res = VerifyCertificate();
if (res != FZ_REPLY_OK)
return res;
if (m_shutdown_requested) {
int error = Shutdown();
if (!error || error != EAGAIN) {
m_pEvtHandler->send_event<CSocketEvent>(this, SocketEventType::close, 0);
}
}
return FZ_REPLY_OK;
}
else if (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED)
return FZ_REPLY_WOULDBLOCK;
Failure(res, true);
return FZ_REPLY_ERROR;
}
void CClient::WriteXml(std::ofstream &xmlFile)
{
xmlFile << "<NODE>" << std::endl;
xmlFile << "\t<Callsign>" << m_Callsign << "</Callsign>" << std::endl;
xmlFile << "\t<IP>" << m_Ip << "</IP>" << std::endl;
xmlFile << "\t<LinkedModule>" << m_ReflectorModule << "</LinkedModule>" << std::endl;
xmlFile << "\t<Protocol>" << GetProtocolName() << "</Protocol>" << std::endl;
char mbstr[100];
if (std::strftime(mbstr, sizeof(mbstr), "%A %c", std::localtime(&m_ConnectTime)))
{
xmlFile << "\t<ConnectTime>" << mbstr << "</ConnectTime>" << std::endl;
}
if (std::strftime(mbstr, sizeof(mbstr), "%A %c", std::localtime(&m_LastHeardTime)))
{
xmlFile << "\t<LastHeardTime>" << mbstr << "</LastHeardTime>" << std::endl;
}
xmlFile << "</NODE>" << std::endl;
}
int CTlsSocket::VerifyCertificate()
{
if (m_tlsState != handshake)
{
m_pOwner->LogMessage(::Debug_Warning, _T("VerifyCertificate called at wrong time"));
return FZ_REPLY_ERROR;
}
m_tlsState = verifycert;
if (gnutls_certificate_type_get(m_session) != GNUTLS_CRT_X509)
{
m_pOwner->LogMessage(::Error, _("Unsupported certificate type"));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
unsigned int status = 0;
if (gnutls_certificate_verify_peers2(m_session, &status) < 0)
{
m_pOwner->LogMessage(::Error, _("Failed to verify peer certificate"));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
if (status & GNUTLS_CERT_REVOKED)
{
m_pOwner->LogMessage(::Error, _("Beware! Certificate has been revoked"));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
if (status & GNUTLS_CERT_SIGNER_NOT_CA)
{
m_pOwner->LogMessage(::Error, _("Incomplete chain, top certificate is not self-signed certificate authority certificate"));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
if (m_require_root_trust && status & GNUTLS_CERT_SIGNER_NOT_FOUND)
{
m_pOwner->LogMessage(::Error, _("Root certificate is not trusted"));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
unsigned int cert_list_size;
const gnutls_datum_t* cert_list = gnutls_certificate_get_peers(m_session, &cert_list_size);
if (!cert_list || !cert_list_size)
{
m_pOwner->LogMessage(::Error, _("gnutls_certificate_get_peers returned no certificates"));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
if (m_implicitTrustedCert.data)
{
if (m_implicitTrustedCert.size != cert_list[0].size ||
memcmp(m_implicitTrustedCert.data, cert_list[0].data, cert_list[0].size))
{
m_pOwner->LogMessage(::Error, _("Primary connection and data connection certificates don't match."));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
TrustCurrentCert(true);
if (m_tlsState != conn)
return FZ_REPLY_ERROR;
return FZ_REPLY_OK;
}
std::vector<CCertificate> certificates;
for (unsigned int i = 0; i < cert_list_size; i++)
{
CCertificate cert;
if (ExtractCert(cert_list, cert))
certificates.push_back(cert);
else
{
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
++cert_list;
}
CCertificateNotification *pNotification = new CCertificateNotification(
m_pOwner->GetCurrentServer()->GetHost(),
m_pOwner->GetCurrentServer()->GetPort(),
GetProtocolName(),
GetKeyExchange(),
GetCipherName(),
GetMacName(),
certificates);
m_pOwner->SendAsyncRequest(pNotification);
m_pOwner->LogMessage(Status, _("Verifying certificate..."));
return FZ_REPLY_WOULDBLOCK;
}
bool ExportManager::Export(IExport::ExportType type)
{
exp = NULL;
UINT cp;
std::wstring encoding;
bool isBin = false;
switch(type) {
case IExport::Txt:
exp = new TxtExport();
cp = Options::instance->codepageTxt;
encoding = Options::instance->encodingTxt;
isFlat = true;
break;
case IExport::PlainHtml:
exp = new PlainHtmlExport();
cp = Options::instance->codepageHtml1;
encoding = Options::instance->encodingHtml1;
break;
case IExport::RichHtml:
exp = new RichHtmlExport();
cp = Options::instance->codepageHtml2;
encoding = Options::instance->encodingHtml2;
break;
case IExport::Binary:
exp = new BinaryExport();
cp = CP_UTF8;
encoding = L"UTF8";
isFlat = true;
oldOnTop = true;
isBin = true;
break;
case IExport::Dat:
exp = new DatExport();
cp = CP_UTF8;
encoding = L"UTF8";
isFlat = true;
oldOnTop = true;
isBin = true;
break;
default:
return false;
}
std::wstring fileName;
if (file.empty())
fileName = GetFile(exp->GetExt(), hwnd, false);
else
fileName = ReplaceExt(file, exp->GetExt());
if (fileName.empty())
return false;
std::wofstream* stream;
if (!isBin) {
stream = new std::wofstream (fileName.c_str());
if (!stream->is_open())
return false;
std::locale filelocale(std::locale(), new codecvt_CodePage<wchar_t>(cp));
stream->imbue(filelocale);
exp->SetStream(stream);
}
else {
std::ofstream* cstream = new std::ofstream (fileName.c_str(), std::ios_base::binary);
if (!cstream->is_open())
return false;
stream = (std::wofstream*)cstream;
exp->SetStream(stream);
}
exp->WriteHeader(fileName, GetFilterName(), GetMyName(), GetMyId(), GetContactName(), GetProtocolName(), GetContactId(), GetBaseProtocol(), encoding);
RefreshEventList();
exp->WriteFooter();
if (!isBin) {
stream->close();
delete stream;
}
else {
std::ofstream* cstream = (std::ofstream*)stream;
cstream->close();
delete cstream;
}
delete exp;
return true;
}
