int openconnect_check_peer_cert_hash(struct openconnect_info *vpninfo,
const char *old_hash)
{
char sha1_text[41];
const char *fingerprint;
if (strchr(old_hash, ':')) {
fingerprint = openconnect_get_peer_cert_hash(vpninfo);
if (!fingerprint)
return -EIO;
} else {
unsigned char *cert;
int len, i;
unsigned char sha1_bin[SHA1_SIZE];
len = openconnect_get_peer_cert_DER(vpninfo, &cert);
if (len < 0)
return len;
if (openconnect_sha1(sha1_bin, cert, len))
return -EIO;
for (i = 0; i < sizeof(sha1_bin); i++)
sprintf(&sha1_text[i*2], "%02x", sha1_bin[i]);
fingerprint = sha1_text;
}
if (strcasecmp(old_hash, fingerprint))
return 1;
return 0;
}
/* special handling: caller-allocated buffer */
JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getPeerCertHash(
JNIEnv *jenv, jobject jobj)
{
struct libctx *ctx = getctx(jenv, jobj);
const char *hash;
jstring jresult = NULL;
if (!ctx)
return NULL;
hash = openconnect_get_peer_cert_hash(ctx->vpninfo);
if (!hash)
return NULL;
jresult = dup_to_jstring(ctx->jenv, hash);
if (!jresult)
OOM(ctx->jenv);
return jresult;
}
QVariantMap OpenconnectAuthWidget::setting() const
{
Q_D(const OpenconnectAuthWidget);
NMStringMap secrets;
QVariantMap secretData;
secrets.unite(d->secrets);
QString host(openconnect_get_hostname(d->vpninfo));
const QString port = QString::number(openconnect_get_port(d->vpninfo));
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GATEWAY), host + ':' + port);
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo)));
openconnect_clear_cookie(d->vpninfo);
#if OPENCONNECT_CHECK_VER(5,0)
const char *fingerprint = openconnect_get_peer_cert_hash(d->vpninfo);
#else
OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo);
char fingerprint[41];
openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint);
#endif
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint));
secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no");
secrets.insert(QLatin1String("save_passwords"), d->ui.chkStorePasswords->isChecked() ? "yes" : "no");
NMStringMap::iterator i = secrets.begin();
while (i != secrets.end()) {
if (i.value().isEmpty()) {
i = secrets.erase(i);
} else {
i++;
}
}
secretData.insert("secrets", QVariant::fromValue<NMStringMap>(secrets));
// These secrets are not officially part of the secrets which would be returned back to NetworkManager. We just
// need to somehow get them to our secret agent which will handle them separately and store them.
if (!d->tmpSecrets.isEmpty()) {
secretData.insert("tmp-secrets", QVariant::fromValue<NMStringMap>(d->tmpSecrets));
}
return secretData;
}
