bool CVerifyCertDialog::DisplayCert(wxDialogEx* pDlg, const CCertificate& cert)
{
bool warning = false;
if (cert.GetActivationTime().IsValid()) {
if (cert.GetActivationTime() > wxDateTime::Now()) {
pDlg->SetChildLabel(XRCID("ID_ACTIVATION_TIME"), wxString::Format(_("%s - Not yet valid!"), cert.GetActivationTime().FormatDate()));
warning = true;
}
else
pDlg->SetChildLabel(XRCID("ID_ACTIVATION_TIME"), cert.GetActivationTime().FormatDate());
}
else {
warning = true;
pDlg->SetChildLabel(XRCID("ID_ACTIVATION_TIME"), _("Invalid date"));
}
if (cert.GetExpirationTime().IsValid()) {
if (cert.GetExpirationTime() < wxDateTime::Now()) {
pDlg->SetChildLabel(XRCID("ID_EXPIRATION_TIME"), wxString::Format(_("%s - Certificate expired!"), cert.GetExpirationTime().FormatDate()));
warning = true;
}
else
pDlg->SetChildLabel(XRCID("ID_EXPIRATION_TIME"), cert.GetExpirationTime().FormatDate());
}
else {
warning = true;
pDlg->SetChildLabel(XRCID("ID_EXPIRATION_TIME"), _("Invalid date"));
}
if (!cert.GetSerial().empty())
pDlg->SetChildLabel(XRCID("ID_SERIAL"), cert.GetSerial());
else
pDlg->SetChildLabel(XRCID("ID_SERIAL"), _("None"));
pDlg->SetChildLabel(XRCID("ID_PKALGO"), wxString::Format(_("%s with %d bits"), cert.GetPkAlgoName(), cert.GetPkAlgoBits()));
pDlg->SetChildLabel(XRCID("ID_SIGNALGO"), cert.GetSignatureAlgorithm());
wxString const& sha256 = cert.GetFingerPrintSHA256();
pDlg->SetChildLabel(XRCID("ID_FINGERPRINT_SHA256"), sha256.Left(sha256.size() / 2 + 1) + _T("\n") + sha256.Mid(sha256.size() / 2 + 1));
pDlg->SetChildLabel(XRCID("ID_FINGERPRINT_SHA1"), cert.GetFingerPrintSHA1());
ParseDN(XRCCTRL(*pDlg, "ID_ISSUER_BOX", wxStaticBox), cert.GetIssuer(), m_pIssuerSizer);
auto subjectBox = XRCCTRL(*pDlg, "ID_SUBJECT_BOX", wxStaticBox);
ParseDN(subjectBox, cert.GetSubject(), m_pSubjectSizer);
auto const& altNames = cert.GetAltSubjectNames();
if (!altNames.empty()) {
wxString str;
for (auto const& altName : altNames) {
str += altName + _T("\n");
}
str.RemoveLast();
m_pSubjectSizer->Add(new wxStaticText(subjectBox, wxID_ANY, wxPLURAL("Alternative name:", "Alternative names:", altNames.size())));
m_pSubjectSizer->Add(new wxStaticText(subjectBox, wxID_ANY, str));
}
return warning;
}
void CVerifyCertDialog::SetPermanentlyTrusted(CCertificateNotification const& notification)
{
const CCertificate certificate = notification.GetCertificates()[0];
unsigned int len;
const unsigned char* const data = certificate.GetRawData(len);
CReentrantInterProcessMutexLocker mutex(MUTEX_TRUSTEDCERTS);
LoadTrustedCerts();
if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) {
return;
}
t_certData cert;
cert.host = notification.GetHost();
cert.port = notification.GetPort();
cert.len = len;
cert.data = new unsigned char[len];
memcpy(cert.data, data, len);
m_trustedCerts.push_back(cert);
if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2) {
return;
}
TiXmlElement* pElement = m_xmlFile.GetElement();
if (!pElement) {
return;
}
TiXmlElement* pCerts = pElement->FirstChildElement("TrustedCerts");
if (!pCerts)
pCerts = pElement->LinkEndChild(new TiXmlElement("TrustedCerts"))->ToElement();
TiXmlElement* pCert = pCerts->LinkEndChild(new TiXmlElement("Certificate"))->ToElement();
AddTextElement(pCert, "Data", ConvertHexToString(data, len));
wxLongLong time = certificate.GetActivationTime().GetTicks();
AddTextElement(pCert, "ActivationTime", time.ToString());
time = certificate.GetExpirationTime().GetTicks();
AddTextElement(pCert, "ExpirationTime", time.ToString());
AddTextElement(pCert, "Host", notification.GetHost());
AddTextElement(pCert, "Port", notification.GetPort());
m_xmlFile.Save(true);
}
void CVerifyCertDialog::SetPermanentlyTrusted(CCertificateNotification const& notification)
{
const CCertificate certificate = notification.GetCertificates()[0];
unsigned int len;
const unsigned char* const data = certificate.GetRawData(len);
CReentrantInterProcessMutexLocker mutex(MUTEX_TRUSTEDCERTS);
LoadTrustedCerts();
if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) {
return;
}
t_certData cert;
cert.host = notification.GetHost();
cert.port = notification.GetPort();
cert.len = len;
cert.data = new unsigned char[len];
memcpy(cert.data, data, len);
m_trustedCerts.push_back(cert);
if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2) {
return;
}
auto element = m_xmlFile.GetElement();
if (!element) {
return;
}
auto certs = element.child("TrustedCerts");
if (!certs)
certs = element.append_child("TrustedCerts");
auto xCert = certs.append_child("Certificate");
AddTextElement(xCert, "Data", ConvertHexToString(data, len));
AddTextElement(xCert, "ActivationTime", static_cast<int64_t>(certificate.GetActivationTime().get_time_t()));
AddTextElement(xCert, "ExpirationTime", static_cast<int64_t>(certificate.GetExpirationTime().get_time_t()));
AddTextElement(xCert, "Host", notification.GetHost());
AddTextElement(xCert, "Port", notification.GetPort());
m_xmlFile.Save(true);
}
bool CVerifyCertDialog::DisplayCert(wxDialogEx* pDlg, const CCertificate& cert)
{
bool warning = false;
if (cert.GetActivationTime().empty()) {
if (cert.GetActivationTime() > fz::datetime::now()) {
pDlg->SetChildLabel(XRCID("ID_ACTIVATION_TIME"), wxString::Format(_("%s - Not yet valid!"), CTimeFormat::Format(cert.GetActivationTime())));
xrc_call(*pDlg, "ID_ACTIVATION_TIME", &wxWindow::SetForegroundColour, wxColour(255, 0, 0));
warning = true;
}
else
pDlg->SetChildLabel(XRCID("ID_ACTIVATION_TIME"), CTimeFormat::Format(cert.GetActivationTime()));
}
else {
warning = true;
pDlg->SetChildLabel(XRCID("ID_ACTIVATION_TIME"), _("Invalid date"));
}
if (cert.GetExpirationTime().empty()) {
if (cert.GetExpirationTime() < fz::datetime::now()) {
pDlg->SetChildLabel(XRCID("ID_EXPIRATION_TIME"), wxString::Format(_("%s - Certificate expired!"), CTimeFormat::Format(cert.GetExpirationTime())));
xrc_call(*pDlg, "ID_EXPIRATION_TIME", &wxWindow::SetForegroundColour, wxColour(255, 0, 0));
warning = true;
}
else
pDlg->SetChildLabel(XRCID("ID_EXPIRATION_TIME"), CTimeFormat::Format(cert.GetExpirationTime()));
}
else {
warning = true;
pDlg->SetChildLabel(XRCID("ID_EXPIRATION_TIME"), _("Invalid date"));
}
if (!cert.GetSerial().empty())
pDlg->SetChildLabel(XRCID("ID_SERIAL"), cert.GetSerial());
else
pDlg->SetChildLabel(XRCID("ID_SERIAL"), _("None"));
pDlg->SetChildLabel(XRCID("ID_PKALGO"), wxString::Format(_("%s with %d bits"), cert.GetPkAlgoName(), cert.GetPkAlgoBits()));
pDlg->SetChildLabel(XRCID("ID_SIGNALGO"), cert.GetSignatureAlgorithm());
wxString const& sha256 = cert.GetFingerPrintSHA256();
pDlg->SetChildLabel(XRCID("ID_FINGERPRINT_SHA256"), sha256.Left(sha256.size() / 2 + 1) + _T("\n") + sha256.Mid(sha256.size() / 2 + 1));
pDlg->SetChildLabel(XRCID("ID_FINGERPRINT_SHA1"), cert.GetFingerPrintSHA1());
ParseDN(XRCCTRL(*pDlg, "ID_ISSUER_BOX", wxStaticBox), cert.GetIssuer(), m_pIssuerSizer);
auto subjectPanel = XRCCTRL(*pDlg, "ID_SUBJECT_PANEL", wxScrolledWindow);
subjectPanel->Freeze();
ParseDN(subjectPanel, cert.GetSubject(), m_pSubjectSizer);
auto const& altNames = cert.GetAltSubjectNames();
if (!altNames.empty()) {
wxString str;
for (auto const& altName : altNames) {
str += altName + _T("\n");
}
str.RemoveLast();
m_pSubjectSizer->Add(new wxStaticText(subjectPanel, wxID_ANY, wxPLURAL("Alternative name:", "Alternative names:", altNames.size())));
m_pSubjectSizer->Add(new wxStaticText(subjectPanel, wxID_ANY, str));
}
m_pSubjectSizer->Fit(subjectPanel);
wxSize min = m_pSubjectSizer->CalcMin();
int const maxHeight = (line_height_ + m_pDlg->ConvertDialogToPixels(wxPoint(0, 1)).y) * 15;
if (min.y >= maxHeight) {
min.y = maxHeight;
min.x += wxSystemSettings::GetMetric(wxSYS_VSCROLL_X);
}
// Add extra safety margin to prevent squishing on OS X.
min.x += 2;
subjectPanel->SetMinSize(min);
subjectPanel->Thaw();
return warning;
}