Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Server names can be Unicode now

Browse Source
This commit is contained in:
Simon Rozman 2016-08-23 14:42:11 +02:00
parent 59768e8097
commit f39cb94ee5
7 changed files with 3255 additions and 3262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/TLS/include/Config.h
View File

@ -167,7 +167,7 @@ namespace eap
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::string> m_server_names; ///< Acceptable authenticating server names
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID

13
lib/TLS/src/Config.cpp
View File

@ -161,10 +161,8 @@ void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
}
// <ServerName>
for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
wstring str;
MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))))
for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
}
}
@ -231,12 +229,7 @@ void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID);
// Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies.
string str;
WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL);
m_server_names.push_back(str);
m_server_names.push_back(wstring(bstrServerID));
}
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);

18
lib/TLS/src/Method.cpp
View File

@ -1166,8 +1166,8 @@ void eap::method_tls::verify_server_trust() const
assert(!m_server_cert_chain.empty());
const cert_context &cert = m_server_cert_chain.front();
string subj;
if (!CertGetNameStringA(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, subj))
wstring subj;
if (!CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, subj))
throw win_runtime_error(__FUNCTION__ " Error retrieving server's certificate subject name.");
const config_provider &cfg_prov(m_cfg.m_providers.front());
@ -1176,29 +1176,29 @@ void eap::method_tls::verify_server_trust() const
if (!cfg_method->m_server_names.empty()) {
// Check server name.
for (list<string>::const_iterator s = cfg_method->m_server_names.cbegin(), s_end = cfg_method->m_server_names.cend();; ++s) {
for (list<wstring>::const_iterator s = cfg_method->m_server_names.cbegin(), s_end = cfg_method->m_server_names.cend();; ++s) {
if (s != s_end) {
const char
const wchar_t
*a = s->c_str(),
*b = subj.c_str();
size_t
len_a = s->length(),
len_b = subj.length();
if (_stricmp(a, b) == 0 || // Direct match
a[0] == '*' && len_b + 1 >= len_a && _stricmp(a + 1, b + len_b - (len_a - 1)) == 0) // "*..." wildchar match
if (_wcsicmp(a, b) == 0 || // Direct match
a[0] == '*' && len_b + 1 >= len_a && _wcsicmp(a + 1, b + len_b - (len_a - 1)) == 0) // "*..." wildchar match
{
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED, event_data(subj), event_data::blank);
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED1, event_data(subj), event_data::blank);
break;
}
} else
throw win_runtime_error(ERROR_INVALID_DOMAINNAME, string_printf(__FUNCTION__ " Server name %s is not on the list of trusted server names.", subj.c_str()).c_str());
throw win_runtime_error(ERROR_INVALID_DOMAINNAME, string_printf(__FUNCTION__ " Server name %ls is not on the list of trusted server names.", subj.c_str()).c_str());
}
}
if (cert->pCertInfo->Issuer.cbData == cert->pCertInfo->Subject.cbData &&
memcmp(cert->pCertInfo->Issuer.pbData, cert->pCertInfo->Subject.pbData, cert->pCertInfo->Issuer.cbData) == 0)
throw com_runtime_error(CRYPT_E_SELF_SIGNED, string_printf(__FUNCTION__ " Server is using a self-signed certificate %s. Cannot trust it.", subj.c_str()).c_str());
throw com_runtime_error(CRYPT_E_SELF_SIGNED, string_printf(__FUNCTION__ " Server is using a self-signed certificate %ls. Cannot trust it.", subj.c_str()).c_str());
// Create temporary certificate store of our trusted root CAs.
cert_store store;

20
lib/TLS_UI/include/TLS_UI.h
View File

@ -119,7 +119,7 @@ public:
///
/// Construct the validator with a value to store data
///
wxHostNameValidator(std::string *val = NULL);
wxHostNameValidator(std::wstring *val = NULL);
///
/// Copy constructor
@ -149,10 +149,10 @@ public:
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
@ -165,7 +165,7 @@ public:
///
/// Construct the validator with a value to store data
///
wxFQDNValidator(std::string *val = NULL);
wxFQDNValidator(std::wstring *val = NULL);
///
/// Copy constructor
@ -195,10 +195,10 @@ public:
///
/// Parses FQDN value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
};
@ -211,7 +211,7 @@ public:
///
/// Construct the validator with a value to store data
///
wxFQDNListValidator(std::list<std::string> *val = NULL);
wxFQDNListValidator(std::list<std::wstring> *val = NULL);
///
/// Copy constructor
@ -241,10 +241,10 @@ public:
///
/// Parses FQDN list value
///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out = NULL);
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected:
std::list<std::string> *m_val; ///< Pointer to variable to receive control's parsed value
std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
};
@ -311,7 +311,7 @@ protected:
eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon
std::list<std::string> m_server_names_val; ///< Acceptable authenticating server names
std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
};

2
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@ -74,7 +74,7 @@ wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed") );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );

2
lib/TLS_UI/res/wxTLS_UI.fbp
View File

@ -870,7 +870,7 @@
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; &quot;*&quot; wildchar allowed</property>
<property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; &quot;*&quot; wildchar allowed; Unicode characters allowed</property>
<property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property>

20
lib/TLS_UI/src/TLS_UI.cpp
View File

@ -46,7 +46,7 @@ wxCertificateClientData::~wxCertificateClientData()
wxIMPLEMENT_DYNAMIC_CLASS(wxHostNameValidator, wxValidator);
wxHostNameValidator::wxHostNameValidator(std::string *val) :
wxHostNameValidator::wxHostNameValidator(std::wstring *val) :
m_val(val),
wxValidator()
{
@ -98,7 +98,7 @@ bool wxHostNameValidator::TransferFromWindow()
}
bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out)
bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
{
const wxStringCharType *buf = val_in;
@ -108,7 +108,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
// End of host name found.
if (val_out) val_out->assign(val_in.c_str() + i_start, i - i_start);
return true;
} else if (_tcschr(wxT("abcdefghijklmnopqrstuvwxyz0123456789-*"), buf[i])) {
} else if (buf[i] == _T('-') || buf[i] == _T('_') || buf[i] == _T('*') || _istalnum(buf[i])) {
// Valid character found.
i++;
} else {
@ -129,7 +129,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNValidator, wxValidator);
wxFQDNValidator::wxFQDNValidator(std::string *val) :
wxFQDNValidator::wxFQDNValidator(std::wstring *val) :
m_val(val),
wxValidator()
{
@ -181,7 +181,7 @@ bool wxFQDNValidator::TransferFromWindow()
}
bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out)
bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
{
const wxStringCharType *buf = val_in;
@ -210,7 +210,7 @@ bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end
wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNListValidator, wxValidator);
wxFQDNListValidator::wxFQDNListValidator(std::list<std::string> *val) :
wxFQDNListValidator::wxFQDNListValidator(std::list<std::wstring> *val) :
m_val(val),
wxValidator()
{
@ -246,7 +246,7 @@ bool wxFQDNListValidator::TransferToWindow()
if (m_val) {
wxString str;
for (std::list<std::string>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
for (std::list<std::wstring>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
if (!str.IsEmpty()) str += wxT("; ");
str += *name;
}
@ -267,11 +267,11 @@ bool wxFQDNListValidator::TransferFromWindow()
}
bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out)
bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out)
{
const wxStringCharType *buf = val_in;
std::string _fqdn, *fqdn = val_out ? &_fqdn : NULL;
std::list<std::string> _val_out;
std::wstring _fqdn, *fqdn = val_out ? &_fqdn : NULL;
std::list<std::wstring> _val_out;
size_t i = i_start;
for (;;) {