static void
ft_handler_populate_outgoing_request (EmpathyFTHandler *handler)
{
guint contact_handle;
EmpathyFTHandlerPriv *priv = handler->priv;
gchar *uri;
contact_handle = tp_contact_get_handle (priv->contact);
uri = g_file_get_uri (priv->gfile);
priv->request = tp_asv_new (
TP_PROP_CHANNEL_CHANNEL_TYPE, G_TYPE_STRING,
TP_IFACE_CHANNEL_TYPE_FILE_TRANSFER,
TP_PROP_CHANNEL_TARGET_HANDLE_TYPE, G_TYPE_UINT,
TP_HANDLE_TYPE_CONTACT,
TP_PROP_CHANNEL_TARGET_HANDLE, G_TYPE_UINT,
contact_handle,
TP_PROP_CHANNEL_TYPE_FILE_TRANSFER_CONTENT_TYPE, G_TYPE_STRING,
priv->content_type,
TP_PROP_CHANNEL_TYPE_FILE_TRANSFER_FILENAME, G_TYPE_STRING,
priv->filename,
TP_PROP_CHANNEL_TYPE_FILE_TRANSFER_SIZE, G_TYPE_UINT64,
priv->total_bytes,
TP_PROP_CHANNEL_TYPE_FILE_TRANSFER_DATE, G_TYPE_UINT64,
priv->mtime,
TP_PROP_CHANNEL_TYPE_FILE_TRANSFER_URI, G_TYPE_STRING, uri,
NULL);
if (priv->service_name != NULL)
tp_asv_set_string (priv->request, TP_PROP_CHANNEL_INTERFACE_FILE_TRANSFER_METADATA_SERVICE_NAME, priv->service_name);
if (priv->description != NULL)
tp_asv_set_string (priv->request, TP_PROP_CHANNEL_TYPE_FILE_TRANSFER_DESCRIPTION, priv->description);
g_free (uri);
}
static gboolean
handle_subject (WockyNode *parent_node,
GHashTable *mail)
{
gboolean dirty = FALSE;
WockyNode *node;
node = wocky_node_get_child (parent_node, "subject");
if (node != NULL)
{
if (tp_strdiff (node->content, tp_asv_get_string (mail, "subject")))
{
dirty = TRUE;
tp_asv_set_string (mail, "subject", node->content);
}
}
return dirty;
}
static void
change_current_state (GabbleServerSaslChannel *self,
TpSASLStatus status,
const gchar *dbus_error,
const gchar *debug_message)
{
self->priv->sasl_status = status;
g_free (self->priv->sasl_error);
self->priv->sasl_error = g_strdup (dbus_error);
g_hash_table_remove_all (self->priv->sasl_error_details);
if (debug_message != NULL)
tp_asv_set_string (self->priv->sasl_error_details, "debug-message",
debug_message);
tp_svc_channel_interface_sasl_authentication_emit_sasl_status_changed (
self, self->priv->sasl_status,
self->priv->sasl_error,
self->priv->sasl_error_details);
}
static gboolean
hash_job_done (gpointer user_data)
{
HashingData *hash_data = user_data;
EmpathyFTHandler *handler = hash_data->handler;
EmpathyFTHandlerPriv *priv;
GError *error = NULL;
DEBUG ("Closing stream after hashing.");
priv = GET_PRIV (handler);
if (hash_data->error != NULL)
{
error = hash_data->error;
hash_data->error = NULL;
goto cleanup;
}
DEBUG ("Got file hash %s", g_checksum_get_string (hash_data->checksum));
if (empathy_ft_handler_is_incoming (handler))
{
if (g_strcmp0 (g_checksum_get_string (hash_data->checksum),
priv->content_hash))
{
DEBUG ("Hash mismatch when checking incoming handler: "
"received %s, calculated %s", priv->content_hash,
g_checksum_get_string (hash_data->checksum));
error = g_error_new_literal (EMPATHY_FT_ERROR_QUARK,
EMPATHY_FT_ERROR_HASH_MISMATCH,
_("File transfer completed, but the file was corrupted"));
goto cleanup;
}
else
{
DEBUG ("Hash verification matched, received %s, calculated %s",
priv->content_hash,
g_checksum_get_string (hash_data->checksum));
}
}
else
{
/* set the checksum in the request...
* org.freedesktop.Telepathy.Channel.Type.FileTransfer.ContentHash
*/
tp_asv_set_string (priv->request,
TP_PROP_CHANNEL_TYPE_FILE_TRANSFER_CONTENT_HASH,
g_checksum_get_string (hash_data->checksum));
}
cleanup:
if (error != NULL)
{
emit_error_signal (handler, error);
g_clear_error (&error);
}
else
{
g_signal_emit (handler, signals[HASHING_DONE], 0);
if (!empathy_ft_handler_is_incoming (handler))
/* the request is complete now, push it to the dispatcher */
ft_handler_push_to_dispatcher (handler);
}
hash_data_free (hash_data);
return FALSE;
}
static void real_start_verification(HevImpathyTLSVerifier *self)
{
HevImpathyTLSVerifierPrivate *priv =
HEV_IMPATHY_TLS_VERIFIER_GET_PRIVATE(self);
gnutls_x509_crt_t first_cert = 0, last_cert = 0;
gint idx = 0;
gboolean res = FALSE;
gint num_certs = 0;
TpTLSCertificateRejectReason reason =
TP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN;
g_debug("%s:%d[%s]", __FILE__, __LINE__, __FUNCTION__);
/* check if the certificate matches the hostname first. */
first_cert = g_ptr_array_index(priv->cert_chain, 0);
if(0 == gnutls_x509_crt_check_hostname(first_cert, priv->hostname))
{
gchar *certified_hostname = NULL;
reason = TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH;
certified_hostname =
(gchar *)hev_impathy_get_x509_certificate_hostname(first_cert);
tp_asv_set_string(priv->details,
"expected-hostname", priv->hostname);
tp_asv_set_string(priv->details,
"certificate-hostname", certified_hostname);
g_free(certified_hostname);
goto out;
}
num_certs = priv->cert_chain->len;
if(0 < priv->trusted_ca_list->len)
{
/* if the last certificate is self-signed, and we have a list of
* trusted CAs, ignore it, as we want to check the chain against our
* trusted CAs list first.
* if we have only one certificate in the chain, don't ignore it though,
* as it's the CA certificate itself.
*/
last_cert = g_ptr_array_index(priv->cert_chain, num_certs - 1);
if((0<gnutls_x509_crt_check_issuer(last_cert, last_cert)) &&
(1<num_certs))
num_certs --;
}
for (idx = 1; idx < num_certs; idx++)
{
res = verify_certificate(self,
g_ptr_array_index(priv->cert_chain, idx-1),
g_ptr_array_index(priv->cert_chain, idx), &reason);
if(!res)
{
abort_verification(self, reason);
return;
}
}
res = verify_last_certificate(self,
g_ptr_array_index(priv->cert_chain,
num_certs - 1), &reason);
out:
if(!res)
{
abort_verification(self, reason);
return;
}
complete_verification(self);
}
static void
perform_verification (EmpathyTLSVerifier *self,
GcrCertificateChain *chain)
{
gboolean ret = FALSE;
EmpTLSCertificateRejectReason reason =
EMP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN;
gnutls_x509_crt_t *list, *anchors;
guint n_list, n_anchors;
guint verify_output;
gint res;
gint i;
gboolean matched = FALSE;
EmpathyTLSVerifierPriv *priv = GET_PRIV (self);
DEBUG ("Performing verification");
debug_certificate_chain (chain);
list = anchors = NULL;
n_list = n_anchors = 0;
/*
* If the first certificate is an pinned certificate then we completely
* ignore the rest of the verification process.
*/
if (gcr_certificate_chain_get_status (chain) == GCR_CERTIFICATE_CHAIN_PINNED)
{
DEBUG ("Found pinned certificate for %s", priv->hostname);
complete_verification (self);
goto out;
}
build_certificate_list_for_gnutls (chain, &list, &n_list,
&anchors, &n_anchors);
if (list == NULL || n_list == 0) {
g_warn_if_reached ();
abort_verification (self, EMP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN);
goto out;
}
verify_output = 0;
res = gnutls_x509_crt_list_verify (list, n_list, anchors, n_anchors,
NULL, 0, 0, &verify_output);
ret = verification_output_to_reason (res, verify_output, &reason);
DEBUG ("Certificate verification gave result %d with reason %u", ret,
reason);
if (!ret) {
abort_verification (self, reason);
goto out;
}
/* now check if the certificate matches one of the reference identities. */
if (priv->reference_identities != NULL)
{
for (i = 0, matched = FALSE; priv->reference_identities[i] != NULL; ++i)
{
if (gnutls_x509_crt_check_hostname (list[0],
priv->reference_identities[i]) == 1)
{
matched = TRUE;
break;
}
}
}
if (!matched)
{
gchar *certified_hostname;
certified_hostname = empathy_get_x509_certificate_hostname (list[0]);
tp_asv_set_string (priv->details,
"expected-hostname", priv->hostname);
tp_asv_set_string (priv->details,
"certificate-hostname", certified_hostname);
DEBUG ("Hostname mismatch: got %s but expected %s",
certified_hostname, priv->hostname);
g_free (certified_hostname);
abort_verification (self,
EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
goto out;
}
DEBUG ("Hostname matched");
complete_verification (self);
out:
free_certificate_list_for_gnutls (list, n_list);
free_certificate_list_for_gnutls (anchors, n_anchors);
}
