1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /*
3  * Pan - A Newsreader for Gtk+
4  * Copyright (C) 2002-2006  Charles Kerr <charles@rebelbase.com>
5  *
6  * This file
7  * Copyright (C) 2011 Heinrich M�ller <henmull@src.gnome.org>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; version 2 of the License.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, see <http://www.gnu.org/licenses/>.
20  *
21  */
22 
23 #ifndef __CertStore_h__
24 #define __CertStore_h__
25 
26 #ifdef HAVE_GNUTLS
27   #include <gnutls/gnutls.h>
28   #include <gnutls/x509.h>
29 #endif
30 
31 #include <pan/data/data.h>
32 #include <pan/tasks/socket.h>
33 #include <pan/general/debug.h>
34 #include <pan/general/quark.h>
35 #include <pan/general/macros.h>
36 #include <pan/general/worker-pool.h>
37 #include <pan/general/string-view.h>
38 #include <map>
39 #include <iostream>
40 
41 
42 namespace pan
43 {
44   class Data;
45 
46   class CertStore
47   {
48 #ifdef HAVE_GNUTLS
49     public:
50       CertStore (Data& data) ;
51       virtual ~CertStore () ;
52 
53     private:
54       typedef std::set<Quark> certs_t;
55       certs_t _blacklist;
56       typedef std::map<Quark,gnutls_x509_crt_t> certs_m;
57       typedef std::pair<Quark,gnutls_x509_crt_t> certs_p;
58       std::string _path;
59       certs_m _cert_to_server;
60       Data& _data;
61 
62       gnutls_certificate_credentials_t _creds;
63 
64     public:
65 
66       int get_all_certs_from_disk();
67       bool import_from_file (const Quark& server, const char* fn = 0);
68 
in_blacklist(const Quark & s)69       bool in_blacklist (const Quark& s)
70       {
71         return _blacklist.count(s);
72       }
73 
blacklist(const Quark & s)74       void blacklist (const Quark& s)
75       {
76         _blacklist.insert(s);
77       }
78 
whitelist(const Quark & s)79       void whitelist (const Quark& s)
80       {
81         _blacklist.erase(s);
82       }
83 
get_cert_to_server(const Quark & s)84       gnutls_x509_crt_t get_cert_to_server (const Quark& s)
85       {
86         if (_cert_to_server.count(s) > 0)
87           return _cert_to_server[s];
88         return 0;
89       }
90 
91     private:
92       void remove_hard(const Quark& server);
93 
94     public:
95 
96       bool add (gnutls_x509_crt_t, const Quark&) ;
97       void remove (const Quark&);
exist(const Quark & q)98       bool exist (const Quark& q) { return (_cert_to_server.count(q) > 0); }
99 
get_creds()100       gnutls_certificate_credentials_t get_creds() { return _creds; }
101 
102       struct Listener
103       {
~ListenerListener104         virtual ~Listener() {}
105         /* functions that other listeners listen on */
106         virtual void on_verify_cert_failed (gnutls_x509_crt_t cert UNUSED, std::string server UNUSED, int nr UNUSED) = 0;
107         virtual void on_valid_cert_added   (gnutls_x509_crt_t cert UNUSED, std::string server UNUSED) = 0;
108       };
109 
110       typedef std::set<Listener*> listeners_t;
111       listeners_t _listeners;
112 
add_listener(Listener * l)113       void add_listener (Listener * l)    { _listeners.insert(l); }
remove_listener(Listener * l)114       void remove_listener (Listener * l) { _listeners.erase(l);  }
115 
116       /* notify functions for listener list */
verify_failed(gnutls_x509_crt_t c,std::string server,int nr)117       void verify_failed (gnutls_x509_crt_t c, std::string server, int nr)
118       {
119         for (listeners_t::iterator it(_listeners.begin()), end(_listeners.end()); it!=end; ++it)
120           (*it)->on_verify_cert_failed (c, server, nr);
121       }
122 
valid_cert_added(gnutls_x509_crt_t c,std::string server)123       void valid_cert_added (gnutls_x509_crt_t c, std::string server)
124       {
125         for (listeners_t::iterator it(_listeners.begin()), end(_listeners.end()); it!=end; ++it)
126           (*it)->on_valid_cert_added (c, server);
127       }
128 
129     public:
130       void init();
131   };
132 
133   struct mydata_t {
134    gnutls_session_t session;
135    Quark host;
136    Quark hostname_full;
137    CertStore* cs;
138    int always_trust;
139   };
140 #else
141 
142   public:
143     CertStore (Data&) {};
144     virtual ~CertStore () {};
145 
146     void add_listener (void * l) {}
147     void remove_listener (void * l) {}
148     bool in_blacklist (const Quark& s) { return false; }
149 
150     struct Listener
151     {
152       virtual ~Listener() {}
153     };
154   };
155 #endif   // HAVE_GNUTLS
156 }
157 
158 
159 #endif
160 
161