bool CVerifyCertDialog::IsTrusted(CCertificateNotification const& notification)
{
LoadTrustedCerts();
unsigned int len;
CCertificate cert = notification.GetCertificates()[0];
const unsigned char* data = cert.GetRawData(len);
return IsTrusted(notification.GetHost(), notification.GetPort(), data, len, false);
}
void CVerifyCertDialog::SetPermanentlyTrusted(CCertificateNotification const& notification)
{
const CCertificate certificate = notification.GetCertificates()[0];
unsigned int len;
const unsigned char* const data = certificate.GetRawData(len);
CReentrantInterProcessMutexLocker mutex(MUTEX_TRUSTEDCERTS);
LoadTrustedCerts();
if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) {
return;
}
t_certData cert;
cert.host = notification.GetHost();
cert.port = notification.GetPort();
cert.len = len;
cert.data = new unsigned char[len];
memcpy(cert.data, data, len);
m_trustedCerts.push_back(cert);
if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2) {
return;
}
TiXmlElement* pElement = m_xmlFile.GetElement();
if (!pElement) {
return;
}
TiXmlElement* pCerts = pElement->FirstChildElement("TrustedCerts");
if (!pCerts)
pCerts = pElement->LinkEndChild(new TiXmlElement("TrustedCerts"))->ToElement();
TiXmlElement* pCert = pCerts->LinkEndChild(new TiXmlElement("Certificate"))->ToElement();
AddTextElement(pCert, "Data", ConvertHexToString(data, len));
wxLongLong time = certificate.GetActivationTime().GetTicks();
AddTextElement(pCert, "ActivationTime", time.ToString());
time = certificate.GetExpirationTime().GetTicks();
AddTextElement(pCert, "ExpirationTime", time.ToString());
AddTextElement(pCert, "Host", notification.GetHost());
AddTextElement(pCert, "Port", notification.GetPort());
m_xmlFile.Save(true);
}
bool CVerifyCertDialog::IsTrusted(CCertificateNotification const& notification)
{
if (notification.GetAlgorithmWarnings() != 0) {
// These certs are never trusted.
return false;
}
LoadTrustedCerts();
unsigned int len;
CCertificate cert = notification.GetCertificates()[0];
const unsigned char* data = cert.GetRawData(len);
return IsTrusted(notification.GetHost(), notification.GetPort(), data, len, false);
}
void CVerifyCertDialog::SetPermanentlyTrusted(CCertificateNotification const& notification)
{
const CCertificate certificate = notification.GetCertificates()[0];
unsigned int len;
const unsigned char* const data = certificate.GetRawData(len);
CReentrantInterProcessMutexLocker mutex(MUTEX_TRUSTEDCERTS);
LoadTrustedCerts();
if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) {
return;
}
t_certData cert;
cert.host = notification.GetHost();
cert.port = notification.GetPort();
cert.len = len;
cert.data = new unsigned char[len];
memcpy(cert.data, data, len);
m_trustedCerts.push_back(cert);
if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2) {
return;
}
auto element = m_xmlFile.GetElement();
if (!element) {
return;
}
auto certs = element.child("TrustedCerts");
if (!certs)
certs = element.append_child("TrustedCerts");
auto xCert = certs.append_child("Certificate");
AddTextElement(xCert, "Data", ConvertHexToString(data, len));
AddTextElement(xCert, "ActivationTime", static_cast<int64_t>(certificate.GetActivationTime().get_time_t()));
AddTextElement(xCert, "ExpirationTime", static_cast<int64_t>(certificate.GetExpirationTime().get_time_t()));
AddTextElement(xCert, "Host", notification.GetHost());
AddTextElement(xCert, "Port", notification.GetPort());
m_xmlFile.Save(true);
}
void CVerifyCertDialog::ShowVerificationDialog(CCertificateNotification& notification, bool displayOnly /*=false*/)
{
LoadTrustedCerts();
m_pDlg = new wxDialogEx;
if (displayOnly)
m_pDlg->Load(0, _T("ID_DISPLAYCERT"));
else {
m_pDlg->Load(0, _T("ID_VERIFYCERT"));
m_pDlg->WrapText(m_pDlg, XRCID("ID_DESC"), 400);
if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2)
XRCCTRL(*m_pDlg, "ID_ALWAYS", wxCheckBox)->Hide();
}
m_certificates = notification.GetCertificates();
if (m_certificates.size() == 1) {
XRCCTRL(*m_pDlg, "ID_CHAIN_DESC", wxStaticText)->Hide();
XRCCTRL(*m_pDlg, "ID_CHAIN", wxChoice)->Hide();
}
else {
wxChoice* pChoice = XRCCTRL(*m_pDlg, "ID_CHAIN", wxChoice);
for (unsigned int i = 0; i < m_certificates.size(); ++i) {
pChoice->Append(wxString::Format(_T("%d"), i));
}
pChoice->SetSelection(0);
pChoice->Connect(wxEVT_COMMAND_CHOICE_SELECTED, wxCommandEventHandler(CVerifyCertDialog::OnCertificateChoice), 0, this);
}
m_pDlg->SetChildLabel(XRCID("ID_HOST"), wxString::Format(_T("%s:%d"), notification.GetHost(), notification.GetPort()));
m_pSubjectSizer = XRCCTRL(*m_pDlg, "ID_SUBJECT_DUMMY", wxStaticText)->GetContainingSizer();
m_pSubjectSizer->Clear(true);
m_pIssuerSizer = XRCCTRL(*m_pDlg, "ID_ISSUER_DUMMY", wxStaticText)->GetContainingSizer();
m_pIssuerSizer->Clear(true);
wxSize minSize(0, 0);
for (unsigned int i = 0; i < m_certificates.size(); ++i) {
DisplayCert(m_pDlg, m_certificates[i]);
m_pDlg->Layout();
m_pDlg->GetSizer()->Fit(m_pDlg);
minSize.IncTo(m_pDlg->GetSizer()->GetMinSize());
}
m_pDlg->GetSizer()->SetMinSize(minSize);
bool warning = DisplayCert(m_pDlg, m_certificates[0]);
m_pDlg->SetChildLabel(XRCID("ID_PROTOCOL"), notification.GetProtocol());
m_pDlg->SetChildLabel(XRCID("ID_KEYEXCHANGE"), notification.GetKeyExchange());
m_pDlg->SetChildLabel(XRCID("ID_CIPHER"), notification.GetSessionCipher());
m_pDlg->SetChildLabel(XRCID("ID_MAC"), notification.GetSessionMac());
if (warning) {
XRCCTRL(*m_pDlg, "ID_IMAGE", wxStaticBitmap)->SetBitmap(wxArtProvider::GetBitmap(wxART_WARNING));
if (!displayOnly)
XRCCTRL(*m_pDlg, "ID_ALWAYS", wxCheckBox)->Enable(false);
}
m_pDlg->GetSizer()->Fit(m_pDlg);
m_pDlg->GetSizer()->SetSizeHints(m_pDlg);
int res = m_pDlg->ShowModal();
if (!displayOnly) {
if (res == wxID_OK) {
wxASSERT(!IsTrusted(notification));
notification.m_trusted = true;
if (!warning && XRCCTRL(*m_pDlg, "ID_ALWAYS", wxCheckBox)->GetValue())
SetPermanentlyTrusted(notification);
else {
t_certData cert;
cert.host = notification.GetHost();
cert.port = notification.GetPort();
const unsigned char* data = m_certificates[0].GetRawData(cert.len);
cert.data = new unsigned char[cert.len];
memcpy(cert.data, data, cert.len);
m_sessionTrustedCerts.push_back(cert);
}
}
else
notification.m_trusted = false;
}
delete m_pDlg;
m_pDlg = 0;
}
