MAKFC_CString GenerateKeyName(const MAKFC_CString &sLogin) { if ( MAKFC_CString::IsUin( sLogin ) ) { return sLogin; } auto sResult = (GetProtocolName() + L"_" + sLogin); return sResult; }
int CTlsSocket::ContinueHandshake() { m_pOwner->LogMessage(Debug_Verbose, _T("CTlsSocket::ContinueHandshake()")); wxASSERT(m_session); wxASSERT(m_tlsState == handshake); int res = gnutls_handshake(m_session); while (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) { if ( gnutls_record_get_direction(m_session) != 1 || !m_canWriteToSocket ) break; res = gnutls_handshake(m_session); } if (!res) { m_pOwner->LogMessage(Debug_Info, _T("TLS Handshake successful")); if (ResumedSession()) m_pOwner->LogMessage(Debug_Info, _T("TLS Session resumed")); const wxString protocol = GetProtocolName(); const wxString keyExchange = GetKeyExchange(); const wxString cipherName = GetCipherName(); const wxString macName = GetMacName(); m_pOwner->LogMessage(Debug_Info, _T("Protocol: %s, Key exchange: %s, Cipher: %s, MAC: %s"), protocol.c_str(), keyExchange.c_str(), cipherName.c_str(), macName.c_str()); res = VerifyCertificate(); if (res != FZ_REPLY_OK) return res; if (m_shutdown_requested) { int error = Shutdown(); if (!error || error != EAGAIN) { CSocketEvent *evt = new CSocketEvent(m_pEvtHandler, this, CSocketEvent::close); CSocketEventDispatcher::Get().SendEvent(evt); } } return FZ_REPLY_OK; } else if (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) return FZ_REPLY_WOULDBLOCK; Failure(res, ECONNABORTED); return FZ_REPLY_ERROR; }
int CTlsSocket::ContinueHandshake() { m_pOwner->LogMessage(MessageType::Debug_Verbose, _T("CTlsSocket::ContinueHandshake()")); wxASSERT(m_session); wxASSERT(m_tlsState == TlsState::handshake); int res = gnutls_handshake(m_session); while (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) { if (!(gnutls_record_get_direction(m_session) ? m_canWriteToSocket : m_canReadFromSocket)) { break; } res = gnutls_handshake(m_session); } if (!res) { m_pOwner->LogMessage(MessageType::Debug_Info, _T("TLS Handshake successful")); if (ResumedSession()) m_pOwner->LogMessage(MessageType::Debug_Info, _T("TLS Session resumed")); const wxString protocol = GetProtocolName(); const wxString keyExchange = GetKeyExchange(); const wxString cipherName = GetCipherName(); const wxString macName = GetMacName(); m_pOwner->LogMessage(MessageType::Debug_Info, _T("Protocol: %s, Key exchange: %s, Cipher: %s, MAC: %s"), protocol, keyExchange, cipherName, macName); res = VerifyCertificate(); if (res != FZ_REPLY_OK) return res; if (m_shutdown_requested) { int error = Shutdown(); if (!error || error != EAGAIN) { m_pEvtHandler->send_event<CSocketEvent>(this, SocketEventType::close, 0); } } return FZ_REPLY_OK; } else if (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) return FZ_REPLY_WOULDBLOCK; Failure(res, true); return FZ_REPLY_ERROR; }
void CClient::WriteXml(std::ofstream &xmlFile) { xmlFile << "<NODE>" << std::endl; xmlFile << "\t<Callsign>" << m_Callsign << "</Callsign>" << std::endl; xmlFile << "\t<IP>" << m_Ip << "</IP>" << std::endl; xmlFile << "\t<LinkedModule>" << m_ReflectorModule << "</LinkedModule>" << std::endl; xmlFile << "\t<Protocol>" << GetProtocolName() << "</Protocol>" << std::endl; char mbstr[100]; if (std::strftime(mbstr, sizeof(mbstr), "%A %c", std::localtime(&m_ConnectTime))) { xmlFile << "\t<ConnectTime>" << mbstr << "</ConnectTime>" << std::endl; } if (std::strftime(mbstr, sizeof(mbstr), "%A %c", std::localtime(&m_LastHeardTime))) { xmlFile << "\t<LastHeardTime>" << mbstr << "</LastHeardTime>" << std::endl; } xmlFile << "</NODE>" << std::endl; }
int CTlsSocket::VerifyCertificate() { if (m_tlsState != handshake) { m_pOwner->LogMessage(::Debug_Warning, _T("VerifyCertificate called at wrong time")); return FZ_REPLY_ERROR; } m_tlsState = verifycert; if (gnutls_certificate_type_get(m_session) != GNUTLS_CRT_X509) { m_pOwner->LogMessage(::Error, _("Unsupported certificate type")); Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } unsigned int status = 0; if (gnutls_certificate_verify_peers2(m_session, &status) < 0) { m_pOwner->LogMessage(::Error, _("Failed to verify peer certificate")); Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } if (status & GNUTLS_CERT_REVOKED) { m_pOwner->LogMessage(::Error, _("Beware! Certificate has been revoked")); Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } if (status & GNUTLS_CERT_SIGNER_NOT_CA) { m_pOwner->LogMessage(::Error, _("Incomplete chain, top certificate is not self-signed certificate authority certificate")); Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } if (m_require_root_trust && status & GNUTLS_CERT_SIGNER_NOT_FOUND) { m_pOwner->LogMessage(::Error, _("Root certificate is not trusted")); Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } unsigned int cert_list_size; const gnutls_datum_t* cert_list = gnutls_certificate_get_peers(m_session, &cert_list_size); if (!cert_list || !cert_list_size) { m_pOwner->LogMessage(::Error, _("gnutls_certificate_get_peers returned no certificates")); Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } if (m_implicitTrustedCert.data) { if (m_implicitTrustedCert.size != cert_list[0].size || memcmp(m_implicitTrustedCert.data, cert_list[0].data, cert_list[0].size)) { m_pOwner->LogMessage(::Error, _("Primary connection and data connection certificates don't match.")); Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } TrustCurrentCert(true); if (m_tlsState != conn) return FZ_REPLY_ERROR; return FZ_REPLY_OK; } std::vector<CCertificate> certificates; for (unsigned int i = 0; i < cert_list_size; i++) { CCertificate cert; if (ExtractCert(cert_list, cert)) certificates.push_back(cert); else { Failure(0, ECONNABORTED); return FZ_REPLY_ERROR; } ++cert_list; } CCertificateNotification *pNotification = new CCertificateNotification( m_pOwner->GetCurrentServer()->GetHost(), m_pOwner->GetCurrentServer()->GetPort(), GetProtocolName(), GetKeyExchange(), GetCipherName(), GetMacName(), certificates); m_pOwner->SendAsyncRequest(pNotification); m_pOwner->LogMessage(Status, _("Verifying certificate...")); return FZ_REPLY_WOULDBLOCK; }
bool ExportManager::Export(IExport::ExportType type) { exp = NULL; UINT cp; std::wstring encoding; bool isBin = false; switch(type) { case IExport::Txt: exp = new TxtExport(); cp = Options::instance->codepageTxt; encoding = Options::instance->encodingTxt; isFlat = true; break; case IExport::PlainHtml: exp = new PlainHtmlExport(); cp = Options::instance->codepageHtml1; encoding = Options::instance->encodingHtml1; break; case IExport::RichHtml: exp = new RichHtmlExport(); cp = Options::instance->codepageHtml2; encoding = Options::instance->encodingHtml2; break; case IExport::Binary: exp = new BinaryExport(); cp = CP_UTF8; encoding = L"UTF8"; isFlat = true; oldOnTop = true; isBin = true; break; case IExport::Dat: exp = new DatExport(); cp = CP_UTF8; encoding = L"UTF8"; isFlat = true; oldOnTop = true; isBin = true; break; default: return false; } std::wstring fileName; if (file.empty()) fileName = GetFile(exp->GetExt(), hwnd, false); else fileName = ReplaceExt(file, exp->GetExt()); if (fileName.empty()) return false; std::wofstream* stream; if (!isBin) { stream = new std::wofstream (fileName.c_str()); if (!stream->is_open()) return false; std::locale filelocale(std::locale(), new codecvt_CodePage<wchar_t>(cp)); stream->imbue(filelocale); exp->SetStream(stream); } else { std::ofstream* cstream = new std::ofstream (fileName.c_str(), std::ios_base::binary); if (!cstream->is_open()) return false; stream = (std::wofstream*)cstream; exp->SetStream(stream); } exp->WriteHeader(fileName, GetFilterName(), GetMyName(), GetMyId(), GetContactName(), GetProtocolName(), GetContactId(), GetBaseProtocol(), encoding); RefreshEventList(); exp->WriteFooter(); if (!isBin) { stream->close(); delete stream; } else { std::ofstream* cstream = (std::ofstream*)stream; cstream->close(); delete cstream; } delete exp; return true; }