bool CVerifyCertDialog::IsTrusted(CCertificateNotification const& notification) { LoadTrustedCerts(); unsigned int len; CCertificate cert = notification.GetCertificates()[0]; const unsigned char* data = cert.GetRawData(len); return IsTrusted(notification.GetHost(), notification.GetPort(), data, len, false); }
bool CVerifyCertDialog::IsTrusted(CCertificateNotification const& notification) { if (notification.GetAlgorithmWarnings() != 0) { // These certs are never trusted. return false; } LoadTrustedCerts(); unsigned int len; CCertificate cert = notification.GetCertificates()[0]; const unsigned char* data = cert.GetRawData(len); return IsTrusted(notification.GetHost(), notification.GetPort(), data, len, false); }
void CVerifyCertDialog::SetPermanentlyTrusted(CCertificateNotification const& notification) { const CCertificate certificate = notification.GetCertificates()[0]; unsigned int len; const unsigned char* const data = certificate.GetRawData(len); CReentrantInterProcessMutexLocker mutex(MUTEX_TRUSTEDCERTS); LoadTrustedCerts(); if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) { return; } t_certData cert; cert.host = notification.GetHost(); cert.port = notification.GetPort(); cert.len = len; cert.data = new unsigned char[len]; memcpy(cert.data, data, len); m_trustedCerts.push_back(cert); if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2) { return; } TiXmlElement* pElement = m_xmlFile.GetElement(); if (!pElement) { return; } TiXmlElement* pCerts = pElement->FirstChildElement("TrustedCerts"); if (!pCerts) pCerts = pElement->LinkEndChild(new TiXmlElement("TrustedCerts"))->ToElement(); TiXmlElement* pCert = pCerts->LinkEndChild(new TiXmlElement("Certificate"))->ToElement(); AddTextElement(pCert, "Data", ConvertHexToString(data, len)); wxLongLong time = certificate.GetActivationTime().GetTicks(); AddTextElement(pCert, "ActivationTime", time.ToString()); time = certificate.GetExpirationTime().GetTicks(); AddTextElement(pCert, "ExpirationTime", time.ToString()); AddTextElement(pCert, "Host", notification.GetHost()); AddTextElement(pCert, "Port", notification.GetPort()); m_xmlFile.Save(true); }
void CVerifyCertDialog::SetPermanentlyTrusted(CCertificateNotification const& notification) { const CCertificate certificate = notification.GetCertificates()[0]; unsigned int len; const unsigned char* const data = certificate.GetRawData(len); CReentrantInterProcessMutexLocker mutex(MUTEX_TRUSTEDCERTS); LoadTrustedCerts(); if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) { return; } t_certData cert; cert.host = notification.GetHost(); cert.port = notification.GetPort(); cert.len = len; cert.data = new unsigned char[len]; memcpy(cert.data, data, len); m_trustedCerts.push_back(cert); if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2) { return; } auto element = m_xmlFile.GetElement(); if (!element) { return; } auto certs = element.child("TrustedCerts"); if (!certs) certs = element.append_child("TrustedCerts"); auto xCert = certs.append_child("Certificate"); AddTextElement(xCert, "Data", ConvertHexToString(data, len)); AddTextElement(xCert, "ActivationTime", static_cast<int64_t>(certificate.GetActivationTime().get_time_t())); AddTextElement(xCert, "ExpirationTime", static_cast<int64_t>(certificate.GetExpirationTime().get_time_t())); AddTextElement(xCert, "Host", notification.GetHost()); AddTextElement(xCert, "Port", notification.GetPort()); m_xmlFile.Save(true); }
void CVerifyCertDialog::ShowVerificationDialog(CCertificateNotification& notification, bool displayOnly /*=false*/) { LoadTrustedCerts(); m_pDlg = new wxDialogEx; if (displayOnly) m_pDlg->Load(0, _T("ID_DISPLAYCERT")); else { m_pDlg->Load(0, _T("ID_VERIFYCERT")); m_pDlg->WrapText(m_pDlg, XRCID("ID_DESC"), 400); if (COptions::Get()->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) == 2) XRCCTRL(*m_pDlg, "ID_ALWAYS", wxCheckBox)->Hide(); } m_certificates = notification.GetCertificates(); if (m_certificates.size() == 1) { XRCCTRL(*m_pDlg, "ID_CHAIN_DESC", wxStaticText)->Hide(); XRCCTRL(*m_pDlg, "ID_CHAIN", wxChoice)->Hide(); } else { wxChoice* pChoice = XRCCTRL(*m_pDlg, "ID_CHAIN", wxChoice); for (unsigned int i = 0; i < m_certificates.size(); ++i) { pChoice->Append(wxString::Format(_T("%d"), i)); } pChoice->SetSelection(0); pChoice->Connect(wxEVT_COMMAND_CHOICE_SELECTED, wxCommandEventHandler(CVerifyCertDialog::OnCertificateChoice), 0, this); } m_pDlg->SetChildLabel(XRCID("ID_HOST"), wxString::Format(_T("%s:%d"), notification.GetHost(), notification.GetPort())); m_pSubjectSizer = XRCCTRL(*m_pDlg, "ID_SUBJECT_DUMMY", wxStaticText)->GetContainingSizer(); m_pSubjectSizer->Clear(true); m_pIssuerSizer = XRCCTRL(*m_pDlg, "ID_ISSUER_DUMMY", wxStaticText)->GetContainingSizer(); m_pIssuerSizer->Clear(true); wxSize minSize(0, 0); for (unsigned int i = 0; i < m_certificates.size(); ++i) { DisplayCert(m_pDlg, m_certificates[i]); m_pDlg->Layout(); m_pDlg->GetSizer()->Fit(m_pDlg); minSize.IncTo(m_pDlg->GetSizer()->GetMinSize()); } m_pDlg->GetSizer()->SetMinSize(minSize); bool warning = DisplayCert(m_pDlg, m_certificates[0]); m_pDlg->SetChildLabel(XRCID("ID_PROTOCOL"), notification.GetProtocol()); m_pDlg->SetChildLabel(XRCID("ID_KEYEXCHANGE"), notification.GetKeyExchange()); m_pDlg->SetChildLabel(XRCID("ID_CIPHER"), notification.GetSessionCipher()); m_pDlg->SetChildLabel(XRCID("ID_MAC"), notification.GetSessionMac()); if (warning) { XRCCTRL(*m_pDlg, "ID_IMAGE", wxStaticBitmap)->SetBitmap(wxArtProvider::GetBitmap(wxART_WARNING)); if (!displayOnly) XRCCTRL(*m_pDlg, "ID_ALWAYS", wxCheckBox)->Enable(false); } m_pDlg->GetSizer()->Fit(m_pDlg); m_pDlg->GetSizer()->SetSizeHints(m_pDlg); int res = m_pDlg->ShowModal(); if (!displayOnly) { if (res == wxID_OK) { wxASSERT(!IsTrusted(notification)); notification.m_trusted = true; if (!warning && XRCCTRL(*m_pDlg, "ID_ALWAYS", wxCheckBox)->GetValue()) SetPermanentlyTrusted(notification); else { t_certData cert; cert.host = notification.GetHost(); cert.port = notification.GetPort(); const unsigned char* data = m_certificates[0].GetRawData(cert.len); cert.data = new unsigned char[cert.len]; memcpy(cert.data, data, cert.len); m_sessionTrustedCerts.push_back(cert); } } else notification.m_trusted = false; } delete m_pDlg; m_pDlg = 0; }