lib/net: Use FingerprintData to represent fingerprints

src/gui/src/SslCertificate.cpp

@@ -76,7 +76,7 @@ void SslCertificate::generateFingerprint(const std::string& cert_path)
 
         auto local_path = DataDirectories::local_ssl_fingerprints_path();
         barrier::FingerprintDatabase db;
-        db.add_trusted(barrier::FingerprintData{"sha1", fingerprint});
+        db.add_trusted(fingerprint);
         db.write(local_path);
 
         emit info(tr("SSL fingerprint generated."));

src/lib/net/FingerprintData.cpp

@@ -15,20 +15,20 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#ifndef BARRIER_LIB_NET_FINGERPRINT_TYPE_H
+#include "base/String.h"
-#define BARRIER_LIB_NET_FINGERPRINT_TYPE_H
+#include "FingerprintDatabase.h"
-
+#include "io/fstream.h"
-#include <string>
+#include <algorithm>
+#include <fstream>
 
 namespace barrier {
 
-enum FingerprintType {
+bool FingerprintData::operator==(const FingerprintData& other) const
-    INVALID,
+{
-    SHA1, // deprecated
+    return algorithm == other.algorithm && data == other.data;
-    SHA256,
+}
-};
 
-inline const char* fingerprint_type_to_string(FingerprintType type)
+const char* fingerprint_type_to_string(FingerprintType type)
 {
     switch (type) {
         case FingerprintType::INVALID: return "invalid";
@@ -38,7 +38,7 @@ inline const char* fingerprint_type_to_string(FingerprintType type)
     return "invalid";
 }
 
-inline FingerprintType fingerprint_type_from_string(const std::string& type)
+FingerprintType fingerprint_type_from_string(const std::string& type)
 {
     if (type == "sha1") {
         return FingerprintType::SHA1;
@@ -50,5 +50,3 @@ inline FingerprintType fingerprint_type_from_string(const std::string& type)
 }
 
 } // namespace barrier
-
-#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H

src/lib/net/FingerprintData.h

@@ -0,0 +1,46 @@
+/*
+    barrier -- mouse and keyboard sharing utility
+    Copyright (C) Barrier contributors
+
+    This package is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License
+    found in the file LICENSE that should have accompanied this file.
+
+    This package is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef BARRIER_LIB_NET_FINGERPRINT_DATA_H
+#define BARRIER_LIB_NET_FINGERPRINT_DATA_H
+
+#include <string>
+#include <vector>
+
+namespace barrier {
+
+enum FingerprintType {
+    INVALID,
+    SHA1, // deprecated
+    SHA256,
+};
+
+struct FingerprintData {
+    std::string algorithm;
+    std::vector<std::uint8_t> data;
+
+    bool valid() const { return !algorithm.empty(); }
+
+    bool operator==(const FingerprintData& other) const;
+};
+
+const char* fingerprint_type_to_string(FingerprintType type);
+FingerprintType fingerprint_type_from_string(const std::string& type);
+
+} // namespace barrier
+
+#endif // BARRIER_LIB_NET_FINGERPRINT_TYPE_H

src/lib/net/FingerprintDatabase.cpp

@@ -23,11 +23,6 @@
 
 namespace barrier {
 
-bool FingerprintData::operator==(const FingerprintData& other) const
-{
-    return algorithm == other.algorithm && data == other.data;
-}
-
 void FingerprintDatabase::read(const std::string& path)
 {
     std::ifstream file;

src/lib/net/FingerprintDatabase.h

@@ -18,22 +18,13 @@
 #ifndef BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
 #define BARRIER_LIB_NET_FINGERPRINT_DATABASE_H
 
-#include "FingerprintType.h"
+#include "FingerprintData.h"
 #include <iosfwd>
 #include <string>
 #include <vector>
 
 namespace barrier {
 
-struct FingerprintData {
-    std::string algorithm;
-    std::vector<std::uint8_t> data;
-
-    bool valid() const { return !algorithm.empty(); }
-
-    bool operator==(const FingerprintData& other) const;
-};
-
 class FingerprintDatabase {
 public:
     void read(const std::string& path);

src/lib/net/SecureSocket.cpp

@@ -657,17 +657,17 @@ bool
 SecureSocket::verifyCertFingerprint()
 {
     // calculate received certificate fingerprint
-    std::vector<std::uint8_t> fingerprint_raw;
+    barrier::FingerprintData fingerprint;
     try {
-        fingerprint_raw = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
+        fingerprint = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
-                                                            barrier::FingerprintType::SHA1);
+                                                        barrier::FingerprintType::SHA1);
     } catch (const std::exception& e) {
         LOG((CLOG_ERR "%s", e.what()));
         return false;
     }
 
     LOG((CLOG_NOTE "server fingerprint: %s",
-         barrier::format_ssl_fingerprint(fingerprint_raw).c_str()));
+         barrier::format_ssl_fingerprint(fingerprint.data).c_str()));
 
     auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path();
 
@@ -685,7 +685,6 @@ SecureSocket::verifyCertFingerprint()
              fingerprint_db_path.c_str()));
     }
 
-    barrier::FingerprintData fingerprint{"sha1", fingerprint_raw};
     if (db.is_trusted(fingerprint)) {
         LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint"));
         return true;

src/lib/net/SecureUtils.cpp

@@ -15,6 +15,7 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#include "FingerprintDatabase.h"
 #include "SecureUtils.h"
 #include "base/String.h"
 #include "base/finally.h"
@@ -59,7 +60,7 @@ std::string format_ssl_fingerprint(const std::vector<uint8_t>& fingerprint, bool
     return result;
 }
 
-std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type)
+FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type)
 {
     if (!cert) {
         throw std::runtime_error("certificate is null");
@@ -77,11 +78,10 @@ std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType t
     std::vector<std::uint8_t> digest_vec;
     digest_vec.assign(reinterpret_cast<std::uint8_t*>(digest),
                       reinterpret_cast<std::uint8_t*>(digest) + digest_length);
-    return digest_vec;
+    return {fingerprint_type_to_string(type), digest_vec};
 }
 
-std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
+FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type)
-                                                        FingerprintType type)
 {
     auto fp = fopen_utf8_path(path, "r");
     if (!fp) {

src/lib/net/SecureUtils.h

@@ -18,7 +18,7 @@
 #ifndef BARRIER_LIB_NET_SECUREUTILS_H
 #define BARRIER_LIB_NET_SECUREUTILS_H
 
-#include "FingerprintType.h"
+#include "FingerprintData.h"
 #include <openssl/ossl_typ.h>
 #include <cstdint>
 #include <string>
@@ -29,10 +29,9 @@ namespace barrier {
 std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint,
                                    bool separator = true);
 
-std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
+FingerprintData get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
 
-std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
+FingerprintData get_pem_file_cert_fingerprint(const std::string& path, FingerprintType type);
-                                                        FingerprintType type);
 
 void generate_pem_self_signed_cert(const std::string& path);