1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* 3 * Pan - A Newsreader for Gtk+ 4 * Copyright (C) 2002-2006 Charles Kerr <charles@rebelbase.com> 5 * 6 * This file 7 * Copyright (C) 2011 Heinrich M�ller <henmull@src.gnome.org> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; version 2 of the License. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, see <http://www.gnu.org/licenses/>. 20 * 21 */ 22 23 #ifndef __CertStore_h__ 24 #define __CertStore_h__ 25 26 #ifdef HAVE_GNUTLS 27 #include <gnutls/gnutls.h> 28 #include <gnutls/x509.h> 29 #endif 30 31 #include <pan/data/data.h> 32 #include <pan/tasks/socket.h> 33 #include <pan/general/debug.h> 34 #include <pan/general/quark.h> 35 #include <pan/general/macros.h> 36 #include <pan/general/worker-pool.h> 37 #include <pan/general/string-view.h> 38 #include <map> 39 #include <iostream> 40 41 42 namespace pan 43 { 44 class Data; 45 46 class CertStore 47 { 48 #ifdef HAVE_GNUTLS 49 public: 50 CertStore (Data& data) ; 51 virtual ~CertStore () ; 52 53 private: 54 typedef std::set<Quark> certs_t; 55 certs_t _blacklist; 56 typedef std::map<Quark,gnutls_x509_crt_t> certs_m; 57 typedef std::pair<Quark,gnutls_x509_crt_t> certs_p; 58 std::string _path; 59 certs_m _cert_to_server; 60 Data& _data; 61 62 gnutls_certificate_credentials_t _creds; 63 64 public: 65 66 int get_all_certs_from_disk(); 67 bool import_from_file (const Quark& server, const char* fn = 0); 68 in_blacklist(const Quark & s)69 bool in_blacklist (const Quark& s) 70 { 71 return _blacklist.count(s); 72 } 73 blacklist(const Quark & s)74 void blacklist (const Quark& s) 75 { 76 _blacklist.insert(s); 77 } 78 whitelist(const Quark & s)79 void whitelist (const Quark& s) 80 { 81 _blacklist.erase(s); 82 } 83 get_cert_to_server(const Quark & s)84 gnutls_x509_crt_t get_cert_to_server (const Quark& s) 85 { 86 if (_cert_to_server.count(s) > 0) 87 return _cert_to_server[s]; 88 return 0; 89 } 90 91 private: 92 void remove_hard(const Quark& server); 93 94 public: 95 96 bool add (gnutls_x509_crt_t, const Quark&) ; 97 void remove (const Quark&); exist(const Quark & q)98 bool exist (const Quark& q) { return (_cert_to_server.count(q) > 0); } 99 get_creds()100 gnutls_certificate_credentials_t get_creds() { return _creds; } 101 102 struct Listener 103 { ~ListenerListener104 virtual ~Listener() {} 105 /* functions that other listeners listen on */ 106 virtual void on_verify_cert_failed (gnutls_x509_crt_t cert UNUSED, std::string server UNUSED, int nr UNUSED) = 0; 107 virtual void on_valid_cert_added (gnutls_x509_crt_t cert UNUSED, std::string server UNUSED) = 0; 108 }; 109 110 typedef std::set<Listener*> listeners_t; 111 listeners_t _listeners; 112 add_listener(Listener * l)113 void add_listener (Listener * l) { _listeners.insert(l); } remove_listener(Listener * l)114 void remove_listener (Listener * l) { _listeners.erase(l); } 115 116 /* notify functions for listener list */ verify_failed(gnutls_x509_crt_t c,std::string server,int nr)117 void verify_failed (gnutls_x509_crt_t c, std::string server, int nr) 118 { 119 for (listeners_t::iterator it(_listeners.begin()), end(_listeners.end()); it!=end; ++it) 120 (*it)->on_verify_cert_failed (c, server, nr); 121 } 122 valid_cert_added(gnutls_x509_crt_t c,std::string server)123 void valid_cert_added (gnutls_x509_crt_t c, std::string server) 124 { 125 for (listeners_t::iterator it(_listeners.begin()), end(_listeners.end()); it!=end; ++it) 126 (*it)->on_valid_cert_added (c, server); 127 } 128 129 public: 130 void init(); 131 }; 132 133 struct mydata_t { 134 gnutls_session_t session; 135 Quark host; 136 Quark hostname_full; 137 CertStore* cs; 138 int always_trust; 139 }; 140 #else 141 142 public: 143 CertStore (Data&) {}; 144 virtual ~CertStore () {}; 145 146 void add_listener (void * l) {} 147 void remove_listener (void * l) {} 148 bool in_blacklist (const Quark& s) { return false; } 149 150 struct Listener 151 { 152 virtual ~Listener() {} 153 }; 154 }; 155 #endif // HAVE_GNUTLS 156 } 157 158 159 #endif 160 161