From 7cced74119fc2f4e96f4a894132090057d28455a Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Mon, 1 Nov 2021 02:52:47 +0200 Subject: [PATCH] lib/net: Use FingerprintData to represent fingerprints --- src/gui/src/SslCertificate.cpp | 2 +- ...{FingerprintType.h => FingerprintData.cpp} | 24 +++++----- src/lib/net/FingerprintData.h | 46 +++++++++++++++++++ src/lib/net/FingerprintDatabase.cpp | 5 -- src/lib/net/FingerprintDatabase.h | 11 +---- src/lib/net/SecureSocket.cpp | 9 ++-- src/lib/net/SecureUtils.cpp | 8 ++-- src/lib/net/SecureUtils.h | 7 ++- 8 files changed, 70 insertions(+), 42 deletions(-) rename src/lib/net/{FingerprintType.h => FingerprintData.cpp} (74%) create mode 100644 src/lib/net/FingerprintData.h diff --git a/src/gui/src/SslCertificate.cpp b/src/gui/src/SslCertificate.cpp index 4242df56..a96a3e30 100644 --- a/src/gui/src/SslCertificate.cpp +++ b/src/gui/src/SslCertificate.cpp @@ -76,7 +76,7 @@ void SslCertificate::generateFingerprint(const std::string& cert_path) auto local_path = DataDirectories::local_ssl_fingerprints_path(); barrier::FingerprintDatabase db; - db.add_trusted(barrier::FingerprintData{"sha1", fingerprint}); + db.add_trusted(fingerprint); db.write(local_path); emit info(tr("SSL fingerprint generated.")); diff --git a/src/lib/net/FingerprintType.h b/src/lib/net/FingerprintData.cpp similarity index 74% rename from src/lib/net/FingerprintType.h rename to src/lib/net/FingerprintData.cpp index 4e58e9f6..f7acbd28 100644 --- a/src/lib/net/FingerprintType.h +++ b/src/lib/net/FingerprintData.cpp @@ -15,20 +15,20 @@ along with this program. If not, see . */ -#ifndef BARRIER_LIB_NET_FINGERPRINT_TYPE_H -#define BARRIER_LIB_NET_FINGERPRINT_TYPE_H - -#include +#include "base/String.h" +#include "FingerprintDatabase.h" +#include "io/fstream.h" +#include +#include namespace barrier { -enum FingerprintType { - INVALID, - SHA1, // deprecated - SHA256, -}; +bool FingerprintData::operator==(const FingerprintData& other) const +{ + return algorithm == other.algorithm && data == other.data; +} -inline const char* fingerprint_type_to_string(FingerprintType type) +const char* fingerprint_type_to_string(FingerprintType type) { switch (type) { case FingerprintType::INVALID: return "invalid"; @@ -38,7 +38,7 @@ inline const char* fingerprint_type_to_string(FingerprintType type) return "invalid"; } -inline FingerprintType fingerprint_type_from_string(const std::string& type) +FingerprintType fingerprint_type_from_string(const std::string& type) { if (type == "sha1") { return FingerprintType::SHA1; @@ -50,5 +50,3 @@ inline FingerprintType fingerprint_type_from_string(const std::string& type) } } // namespace barrier - -#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H diff --git a/src/lib/net/FingerprintData.h b/src/lib/net/FingerprintData.h new file mode 100644 index 00000000..938a6953 --- /dev/null +++ b/src/lib/net/FingerprintData.h @@ -0,0 +1,46 @@ +/* + barrier -- mouse and keyboard sharing utility + Copyright (C) Barrier contributors + + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + found in the file LICENSE that should have accompanied this file. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef BARRIER_LIB_NET_FINGERPRINT_DATA_H +#define BARRIER_LIB_NET_FINGERPRINT_DATA_H + +#include +#include + +namespace barrier { + +enum FingerprintType { + INVALID, + SHA1, // deprecated + SHA256, +}; + +struct FingerprintData { + std::string algorithm; + std::vector data; + + bool valid() const { return !algorithm.empty(); } + + bool operator==(const FingerprintData& other) const; +}; + +const char* fingerprint_type_to_string(FingerprintType type); +FingerprintType fingerprint_type_from_string(const std::string& type); + +} // namespace barrier + +#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H diff --git a/src/lib/net/FingerprintDatabase.cpp b/src/lib/net/FingerprintDatabase.cpp index cdc3ad32..3dcbaee6 100644 --- a/src/lib/net/FingerprintDatabase.cpp +++ b/src/lib/net/FingerprintDatabase.cpp @@ -23,11 +23,6 @@ namespace barrier { -bool FingerprintData::operator==(const FingerprintData& other) const -{ - return algorithm == other.algorithm && data == other.data; -} - void FingerprintDatabase::read(const std::string& path) { std::ifstream file; diff --git a/src/lib/net/FingerprintDatabase.h b/src/lib/net/FingerprintDatabase.h index 36ab39ce..4a17696e 100644 --- a/src/lib/net/FingerprintDatabase.h +++ b/src/lib/net/FingerprintDatabase.h @@ -18,22 +18,13 @@ #ifndef BARRIER_LIB_NET_FINGERPRINT_DATABASE_H #define BARRIER_LIB_NET_FINGERPRINT_DATABASE_H -#include "FingerprintType.h" +#include "FingerprintData.h" #include #include #include namespace barrier { -struct FingerprintData { - std::string algorithm; - std::vector data; - - bool valid() const { return !algorithm.empty(); } - - bool operator==(const FingerprintData& other) const; -}; - class FingerprintDatabase { public: void read(const std::string& path); diff --git a/src/lib/net/SecureSocket.cpp b/src/lib/net/SecureSocket.cpp index c38c5315..245f5287 100644 --- a/src/lib/net/SecureSocket.cpp +++ b/src/lib/net/SecureSocket.cpp @@ -657,17 +657,17 @@ bool SecureSocket::verifyCertFingerprint() { // calculate received certificate fingerprint - std::vector fingerprint_raw; + barrier::FingerprintData fingerprint; try { - fingerprint_raw = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl), - barrier::FingerprintType::SHA1); + fingerprint = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl), + barrier::FingerprintType::SHA1); } catch (const std::exception& e) { LOG((CLOG_ERR "%s", e.what())); return false; } LOG((CLOG_NOTE "server fingerprint: %s", - barrier::format_ssl_fingerprint(fingerprint_raw).c_str())); + barrier::format_ssl_fingerprint(fingerprint.data).c_str())); auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path(); @@ -685,7 +685,6 @@ SecureSocket::verifyCertFingerprint() fingerprint_db_path.c_str())); } - barrier::FingerprintData fingerprint{"sha1", fingerprint_raw}; if (db.is_trusted(fingerprint)) { LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint")); return true; diff --git a/src/lib/net/SecureUtils.cpp b/src/lib/net/SecureUtils.cpp index 4b081f66..a9852558 100644 --- a/src/lib/net/SecureUtils.cpp +++ b/src/lib/net/SecureUtils.cpp @@ -15,6 +15,7 @@ along with this program. If not, see . */ +#include "FingerprintDatabase.h" #include "SecureUtils.h" #include "base/String.h" #include "base/finally.h" @@ -59,7 +60,7 @@ std::string format_ssl_fingerprint(const std::vector& fingerprint, bool return result; } -std::vector get_ssl_cert_fingerprint(X509* cert, FingerprintType type) +FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type) { if (!cert) { throw std::runtime_error("certificate is null"); @@ -77,11 +78,10 @@ std::vector get_ssl_cert_fingerprint(X509* cert, FingerprintType t std::vector digest_vec; digest_vec.assign(reinterpret_cast(digest), reinterpret_cast(digest) + digest_length); - return digest_vec; + return {fingerprint_type_to_string(type), digest_vec}; } -std::vector get_pem_file_cert_fingerprint(const std::string& path, - FingerprintType type) +FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type) { auto fp = fopen_utf8_path(path, "r"); if (!fp) { diff --git a/src/lib/net/SecureUtils.h b/src/lib/net/SecureUtils.h index ace0d45a..c6361419 100644 --- a/src/lib/net/SecureUtils.h +++ b/src/lib/net/SecureUtils.h @@ -18,7 +18,7 @@ #ifndef BARRIER_LIB_NET_SECUREUTILS_H #define BARRIER_LIB_NET_SECUREUTILS_H -#include "FingerprintType.h" +#include "FingerprintData.h" #include #include #include @@ -29,10 +29,9 @@ namespace barrier { std::string format_ssl_fingerprint(const std::vector& fingerprint, bool separator = true); -std::vector get_ssl_cert_fingerprint(X509* cert, FingerprintType type); +FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type); -std::vector get_pem_file_cert_fingerprint(const std::string& path, - FingerprintType type); +FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type); void generate_pem_self_signed_cert(const std::string& path);