Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Server names can be Unicode now

Browse Source
This commit is contained in:
Simon Rozman 2016-08-23 14:42:11 +02:00
parent 59768e8097
commit f39cb94ee5
7 changed files with 3255 additions and 3262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/TLS/include/Config.h
View File

@ -167,7 +167,7 @@ namespace eap
public: public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::string> m_server_names; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
// Following members are used for session resumptions. They are not exported/imported to XML. // Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID sanitizing_blob m_session_id; ///< TLS session ID

13
lib/TLS/src/Config.cpp
View File

@ -161,10 +161,8 @@ void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
} }
// <ServerName> // <ServerName>
for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) { for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
wstring str; if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
} }
} }
@ -231,12 +229,7 @@ void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
pXmlListServerIDs->get_item(j, &pXmlElServerID); pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID; bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID); pXmlElServerID->get_text(&bstrServerID);
m_server_names.push_back(wstring(bstrServerID));
// Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies.
string str;
WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL);
m_server_names.push_back(str);
} }
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names); m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);

18
lib/TLS/src/Method.cpp
View File

@ -1166,8 +1166,8 @@ void eap::method_tls::verify_server_trust() const
assert(!m_server_cert_chain.empty()); assert(!m_server_cert_chain.empty());
const cert_context &cert = m_server_cert_chain.front(); const cert_context &cert = m_server_cert_chain.front();
string subj; wstring subj;
if (!CertGetNameStringA(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, subj)) if (!CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, subj))
throw win_runtime_error(__FUNCTION__ " Error retrieving server's certificate subject name."); throw win_runtime_error(__FUNCTION__ " Error retrieving server's certificate subject name.");
const config_provider &cfg_prov(m_cfg.m_providers.front()); const config_provider &cfg_prov(m_cfg.m_providers.front());
@ -1176,29 +1176,29 @@ void eap::method_tls::verify_server_trust() const
if (!cfg_method->m_server_names.empty()) { if (!cfg_method->m_server_names.empty()) {
// Check server name. // Check server name.
for (list<string>::const_iterator s = cfg_method->m_server_names.cbegin(), s_end = cfg_method->m_server_names.cend();; ++s) { for (list<wstring>::const_iterator s = cfg_method->m_server_names.cbegin(), s_end = cfg_method->m_server_names.cend();; ++s) {
if (s != s_end) { if (s != s_end) {
const char const wchar_t
*a = s->c_str(), *a = s->c_str(),
*b = subj.c_str(); *b = subj.c_str();
size_t size_t
len_a = s->length(), len_a = s->length(),
len_b = subj.length(); len_b = subj.length();
if (_stricmp(a, b) == 0 || // Direct match if (_wcsicmp(a, b) == 0 || // Direct match
a[0] == '*' && len_b + 1 >= len_a && _stricmp(a + 1, b + len_b - (len_a - 1)) == 0) // "*..." wildchar match a[0] == '*' && len_b + 1 >= len_a && _wcsicmp(a + 1, b + len_b - (len_a - 1)) == 0) // "*..." wildchar match
{ {
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED, event_data(subj), event_data::blank); m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED1, event_data(subj), event_data::blank);
break; break;
} }
} else } else
throw win_runtime_error(ERROR_INVALID_DOMAINNAME, string_printf(__FUNCTION__ " Server name %s is not on the list of trusted server names.", subj.c_str()).c_str()); throw win_runtime_error(ERROR_INVALID_DOMAINNAME, string_printf(__FUNCTION__ " Server name %ls is not on the list of trusted server names.", subj.c_str()).c_str());
} }
} }
if (cert->pCertInfo->Issuer.cbData == cert->pCertInfo->Subject.cbData && if (cert->pCertInfo->Issuer.cbData == cert->pCertInfo->Subject.cbData &&
memcmp(cert->pCertInfo->Issuer.pbData, cert->pCertInfo->Subject.pbData, cert->pCertInfo->Issuer.cbData) == 0) memcmp(cert->pCertInfo->Issuer.pbData, cert->pCertInfo->Subject.pbData, cert->pCertInfo->Issuer.cbData) == 0)
throw com_runtime_error(CRYPT_E_SELF_SIGNED, string_printf(__FUNCTION__ " Server is using a self-signed certificate %s. Cannot trust it.", subj.c_str()).c_str()); throw com_runtime_error(CRYPT_E_SELF_SIGNED, string_printf(__FUNCTION__ " Server is using a self-signed certificate %ls. Cannot trust it.", subj.c_str()).c_str());
// Create temporary certificate store of our trusted root CAs. // Create temporary certificate store of our trusted root CAs.
cert_store store; cert_store store;

20
lib/TLS_UI/include/TLS_UI.h
View File

@ -119,7 +119,7 @@ public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxHostNameValidator(std::string *val = NULL); wxHostNameValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
@ -149,10 +149,10 @@ public:
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
@ -165,7 +165,7 @@ public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNValidator(std::string *val = NULL); wxFQDNValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
@ -195,10 +195,10 @@ public:
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
@ -211,7 +211,7 @@ public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNListValidator(std::list<std::string> *val = NULL); wxFQDNListValidator(std::list<std::wstring> *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
@ -241,10 +241,10 @@ public:
/// ///
/// Parses FQDN list value /// Parses FQDN list value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected: protected:
std::list<std::string> *m_val; ///< Pointer to variable to receive control's parsed value std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
}; };
@ -311,7 +311,7 @@ protected:
eap::config_method_tls &m_cfg; ///< TLS configuration eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
std::list<std::string> m_server_names_val; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
}; };

2
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@ -74,7 +74,7 @@ wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 ); sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 ); m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed") ); m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 ); sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );

2
lib/TLS_UI/res/wxTLS_UI.fbp
View File

@ -870,7 +870,7 @@
<property name="style"></property> <property name="style"></property>
<property name="subclass"></property> <property name="subclass"></property>
<property name="toolbar_pane">0</property> <property name="toolbar_pane">0</property>
<property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; &quot;*&quot; wildchar allowed</property> <property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; &quot;*&quot; wildchar allowed; Unicode characters allowed</property>
<property name="validator_data_type"></property> <property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property> <property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property> <property name="validator_type">wxDefaultValidator</property>

20
lib/TLS_UI/src/TLS_UI.cpp
View File

@ -46,7 +46,7 @@ wxCertificateClientData::~wxCertificateClientData()
wxIMPLEMENT_DYNAMIC_CLASS(wxHostNameValidator, wxValidator); wxIMPLEMENT_DYNAMIC_CLASS(wxHostNameValidator, wxValidator);
wxHostNameValidator::wxHostNameValidator(std::string *val) : wxHostNameValidator::wxHostNameValidator(std::wstring *val) :
m_val(val), m_val(val),
wxValidator() wxValidator()
{ {
@ -98,7 +98,7 @@ bool wxHostNameValidator::TransferFromWindow()
} }
bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out) bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
{ {
const wxStringCharType *buf = val_in; const wxStringCharType *buf = val_in;
@ -108,7 +108,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
// End of host name found. // End of host name found.
if (val_out) val_out->assign(val_in.c_str() + i_start, i - i_start); if (val_out) val_out->assign(val_in.c_str() + i_start, i - i_start);
return true; return true;
} else if (_tcschr(wxT("abcdefghijklmnopqrstuvwxyz0123456789-*"), buf[i])) { } else if (buf[i] == _T('-') || buf[i] == _T('_') || buf[i] == _T('*') || _istalnum(buf[i])) {
// Valid character found. // Valid character found.
i++; i++;
} else { } else {
@ -129,7 +129,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNValidator, wxValidator); wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNValidator, wxValidator);
wxFQDNValidator::wxFQDNValidator(std::string *val) : wxFQDNValidator::wxFQDNValidator(std::wstring *val) :
m_val(val), m_val(val),
wxValidator() wxValidator()
{ {
@ -181,7 +181,7 @@ bool wxFQDNValidator::TransferFromWindow()
} }
bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out) bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
{ {
const wxStringCharType *buf = val_in; const wxStringCharType *buf = val_in;
@ -210,7 +210,7 @@ bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end
wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNListValidator, wxValidator); wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNListValidator, wxValidator);
wxFQDNListValidator::wxFQDNListValidator(std::list<std::string> *val) : wxFQDNListValidator::wxFQDNListValidator(std::list<std::wstring> *val) :
m_val(val), m_val(val),
wxValidator() wxValidator()
{ {
@ -246,7 +246,7 @@ bool wxFQDNListValidator::TransferToWindow()
if (m_val) { if (m_val) {
wxString str; wxString str;
for (std::list<std::string>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) { for (std::list<std::wstring>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
if (!str.IsEmpty()) str += wxT("; "); if (!str.IsEmpty()) str += wxT("; ");
str += *name; str += *name;
} }
@ -267,11 +267,11 @@ bool wxFQDNListValidator::TransferFromWindow()
} }
bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out) bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out)
{ {
const wxStringCharType *buf = val_in; const wxStringCharType *buf = val_in;
std::string _fqdn, *fqdn = val_out ? &_fqdn : NULL; std::wstring _fqdn, *fqdn = val_out ? &_fqdn : NULL;
std::list<std::string> _val_out; std::list<std::wstring> _val_out;
size_t i = i_start; size_t i = i_start;
for (;;) { for (;;) {