summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamuel Lidén Borell <samuel@kodafritt.se>2014-08-19 21:38:15 (GMT)
committerSamuel Lidén Borell <samuel@kodafritt.se>2014-08-19 21:38:15 (GMT)
commitd6ec1e4d28c794a1d3fa92956a313d6dca46fead (patch)
treeaba12c68c9bb4931e714f24939c1d125c3dfc660
parent657bd7b4058125dcc02375cd92b14b73d2d63fa3 (diff)
downloadfribid-d6ec1e4d28c794a1d3fa92956a313d6dca46fead.zip
fribid-d6ec1e4d28c794a1d3fa92956a313d6dca46fead.tar.gz
fribid-d6ec1e4d28c794a1d3fa92956a313d6dca46fead.tar.bz2
Show an error message when certificate retreival fails
-rw-r--r--client/backend.h3
-rw-r--r--client/bankid.c15
-rw-r--r--client/bankid.h3
-rw-r--r--client/certutil.c4
-rw-r--r--client/certutil.h1
-rw-r--r--client/gtk.c12
-rw-r--r--client/main.c8
-rw-r--r--client/pkcs12.c14
-rw-r--r--translations/sv.po12
9 files changed, 62 insertions, 10 deletions
diff --git a/client/backend.h b/client/backend.h
index 8850a5a..1eece81 100644
--- a/client/backend.h
+++ b/client/backend.h
@@ -58,6 +58,9 @@ typedef enum {
TokenError_NotImplemented,
TokenError_MessageTooLong,
TokenError_SignatureFailure,
+ TokenError_HostnameMismatch,
+ TokenError_NoCertsMatched,
+ TokenError_FailedToStoreCerts,
// File errors
TokenError_FileNotReadable,
TokenError_CantCreateFile,
diff --git a/client/bankid.c b/client/bankid.c
index 9ea36ca..713c7e4 100644
--- a/client/bankid.c
+++ b/client/bankid.c
@@ -235,23 +235,24 @@ char *bankid_getRequestDisplayName(const RegutilInfo *params) {
/**
* Stores a certificate chain for a newly created key.
*/
-BankIDError bankid_storeCertificates(const char *certs, const char *hostname) {
+BankIDError bankid_storeCertificates(const char *certs, const char *hostname,
+ TokenError *error) {
size_t length;
char *p7data = base64_decode_binary(certs, &length);
if (!p7data) return BIDERR_InternalError;
- TokenError storeerror = backend_storeCertificates(p7data, length, hostname);
- BankIDError error;
- if (storeerror) {
- error = BIDERR_InternalError;
+ *error = backend_storeCertificates(p7data, length, hostname);
+ BankIDError biderr;
+ if (*error) {
+ biderr = BIDERR_InternalError;
} else {
- error = BIDERR_OK;
+ biderr = BIDERR_OK;
}
free(p7data);
- return error;
+ return biderr;
}
diff --git a/client/bankid.h b/client/bankid.h
index 243eedd..14a3bcf 100644
--- a/client/bankid.h
+++ b/client/bankid.h
@@ -54,7 +54,8 @@ BankIDError bankid_createRequest(const RegutilInfo *info,
char *bankid_getRequestDisplayName(const RegutilInfo *params);
-BankIDError bankid_storeCertificates(const char *certs, const char *hostname);
+BankIDError bankid_storeCertificates(const char *certs, const char *hostname,
+ TokenError *error);
#endif
diff --git a/client/certutil.c b/client/certutil.c
index 7b0c81f..b9087d7 100644
--- a/client/certutil.c
+++ b/client/certutil.c
@@ -445,6 +445,10 @@ void certutil_updateErrorString(void) {
fprintf(stderr, BINNAME ": error from OpenSSL or libP11: %s\n", error_string);
}
+void certutil_setErrorString(char *str) {
+ error_string = str;
+}
+
char *certutil_getErrorString(void) {
return error_string;
}
diff --git a/client/certutil.h b/client/certutil.h
index c17dbec..dc03a0c 100644
--- a/client/certutil.h
+++ b/client/certutil.h
@@ -54,6 +54,7 @@ char *certutil_makeFilename(X509_NAME *xname);
char *certutil_getBagAttr(PKCS12_SAFEBAG *bag, ASN1_OBJECT *oid);
void certutil_clearErrorString(void);
void certutil_updateErrorString(void);
+void certutil_setErrorString(char *str);
char *certutil_getErrorString(void);
#endif
diff --git a/client/gtk.c b/client/gtk.c
index 5f670a2..ad5057b 100644
--- a/client/gtk.c
+++ b/client/gtk.c
@@ -64,6 +64,15 @@ static const char *getErrorString(TokenError errorCode) {
case TokenError_SignatureFailure:
s = translatable("Failed to create signature");
break;
+ case TokenError_HostnameMismatch:
+ s = translatable("Domain name mismatch");
+ break;
+ case TokenError_NoCertsMatched:
+ s = translatable("The certificates didn't match");
+ break;
+ case TokenError_FailedToStoreCerts:
+ s = translatable("Failed to store received certificates");
+ break;
/* File errors */
case TokenError_FileNotReadable:
s = translatable("The file could not be read");
@@ -192,6 +201,9 @@ static void showMessage(GtkMessageType type, const char *text) {
GtkWidget *dialog = gtk_message_dialog_new(
GTK_WINDOW(activeDialog), GTK_DIALOG_DESTROY_WITH_PARENT,
type, GTK_BUTTONS_CLOSE, "%s", text);
+ if (!activeDialog) {
+ gtk_window_set_title(GTK_WINDOW(dialog), "FriBID");
+ }
gtk_dialog_run(GTK_DIALOG(dialog));
gtk_widget_destroy(dialog);
}
diff --git a/client/main.c b/client/main.c
index d87aae0..c84c650 100644
--- a/client/main.c
+++ b/client/main.c
@@ -294,7 +294,13 @@ void pipeCommand(PipeCommand command, const char *url, const char *hostname,
case PC_StoreCertificates: {
char *certs = pipe_readString(stdin);
- BankIDError error = bankid_storeCertificates(certs, hostname);
+ TokenError tokenError;
+ BankIDError error = bankid_storeCertificates(certs, hostname,
+ &tokenError);
+ if (error != BIDERR_OK) {
+ /* TODO should perhaps dump the certificate data to a file? */
+ platform_showError(tokenError);
+ }
pipe_sendInt(stdout, error);
pipe_flush(stdout);
diff --git a/client/pkcs12.c b/client/pkcs12.c
index 376c27b..a88258b 100644
--- a/client/pkcs12.c
+++ b/client/pkcs12.c
@@ -651,6 +651,7 @@ static TokenError storeCertificates(STACK_OF(X509) *certs,
FILE *newFile = NULL;
char *tempname = NULL;
bool modified = false;
+ bool hostname_mismatch = false;
// Attempt to create new file first
// (to avoid race conditions)
@@ -695,7 +696,12 @@ static TokenError storeCertificates(STACK_OF(X509) *certs,
bool equal = (origin && strcmp(origin, hostname) == 0);
free(origin);
ASN1_OBJECT_free(objOwningHost);
- if (!equal) continue;
+ if (!equal) {
+ char *str = rasprintf("file=%s, request=%s", origin, hostname);
+ certutil_setErrorString(str);
+ hostname_mismatch = true;
+ continue;
+ }
// Extract cert from bag
X509 *cert = PKCS12_certbag2x509(bag);
@@ -795,12 +801,18 @@ static TokenError storeCertificates(STACK_OF(X509) *certs,
if (!p12) {
fprintf(stderr, BINNAME ": failed to open or parse file to store "
"certs in %s\n", filename);
+ error = TokenError_FailedToStoreCerts;
+ } else if (!modified && hostname_mismatch) {
+ fprintf(stderr, BINNAME ": hostname mismatch with %s\n", hostname);
+ error = TokenError_HostnameMismatch;
} else if (!modified) {
fprintf(stderr, BINNAME ": no certs matched the key file %s\n",
filename);
+ error = TokenError_NoCertsMatched;
} else if (error) {
fprintf(stderr, BINNAME ": failed to store certificates in %s\n",
filename);
+ error = TokenError_FailedToStoreCerts;
}
return error;
diff --git a/translations/sv.po b/translations/sv.po
index 2dc51c7..69aeab5 100644
--- a/translations/sv.po
+++ b/translations/sv.po
@@ -50,6 +50,18 @@ msgstr "Meddelandet som skulle signeras var för långt"
msgid "Failed to create signature"
msgstr "Misslyckades med att skapa signatur"
+#: ../client/gtk.c:68
+msgid "Domain name mismatch"
+msgstr "Domännamnet stämmer inte överrens"
+
+#: ../client/gtk.c:71
+msgid "The certificates didn't match"
+msgstr "Certifikaten matchar inte"
+
+#: ../client/gtk.c:74
+msgid "Failed to store received certificates"
+msgstr "Misslyckades med att lagra mottagna certifikat"
+
#: ../client/gtk.c:58
msgid "The file could not be read"
msgstr "Det gick inte att öppna filen"