diff options
author | Samuel Lidén Borell <samuel@kodafritt.se> | 2014-08-19 23:38:15 +0200 |
---|---|---|
committer | Samuel Lidén Borell <samuel@kodafritt.se> | 2014-08-19 23:38:15 +0200 |
commit | d6ec1e4d28c794a1d3fa92956a313d6dca46fead (patch) | |
tree | aba12c68c9bb4931e714f24939c1d125c3dfc660 | |
parent | 657bd7b4058125dcc02375cd92b14b73d2d63fa3 (diff) | |
download | fribid-d6ec1e4d28c794a1d3fa92956a313d6dca46fead.tar.gz fribid-d6ec1e4d28c794a1d3fa92956a313d6dca46fead.tar.bz2 fribid-d6ec1e4d28c794a1d3fa92956a313d6dca46fead.zip |
Show an error message when certificate retreival fails
-rw-r--r-- | client/backend.h | 3 | ||||
-rw-r--r-- | client/bankid.c | 15 | ||||
-rw-r--r-- | client/bankid.h | 3 | ||||
-rw-r--r-- | client/certutil.c | 4 | ||||
-rw-r--r-- | client/certutil.h | 1 | ||||
-rw-r--r-- | client/gtk.c | 12 | ||||
-rw-r--r-- | client/main.c | 8 | ||||
-rw-r--r-- | client/pkcs12.c | 14 | ||||
-rw-r--r-- | translations/sv.po | 12 |
9 files changed, 62 insertions, 10 deletions
diff --git a/client/backend.h b/client/backend.h index 8850a5a..1eece81 100644 --- a/client/backend.h +++ b/client/backend.h @@ -58,6 +58,9 @@ typedef enum { TokenError_NotImplemented, TokenError_MessageTooLong, TokenError_SignatureFailure, + TokenError_HostnameMismatch, + TokenError_NoCertsMatched, + TokenError_FailedToStoreCerts, // File errors TokenError_FileNotReadable, TokenError_CantCreateFile, diff --git a/client/bankid.c b/client/bankid.c index 9ea36ca..713c7e4 100644 --- a/client/bankid.c +++ b/client/bankid.c @@ -235,23 +235,24 @@ char *bankid_getRequestDisplayName(const RegutilInfo *params) { /** * Stores a certificate chain for a newly created key. */ -BankIDError bankid_storeCertificates(const char *certs, const char *hostname) { +BankIDError bankid_storeCertificates(const char *certs, const char *hostname, + TokenError *error) { size_t length; char *p7data = base64_decode_binary(certs, &length); if (!p7data) return BIDERR_InternalError; - TokenError storeerror = backend_storeCertificates(p7data, length, hostname); - BankIDError error; - if (storeerror) { - error = BIDERR_InternalError; + *error = backend_storeCertificates(p7data, length, hostname); + BankIDError biderr; + if (*error) { + biderr = BIDERR_InternalError; } else { - error = BIDERR_OK; + biderr = BIDERR_OK; } free(p7data); - return error; + return biderr; } diff --git a/client/bankid.h b/client/bankid.h index 243eedd..14a3bcf 100644 --- a/client/bankid.h +++ b/client/bankid.h @@ -54,7 +54,8 @@ BankIDError bankid_createRequest(const RegutilInfo *info, char *bankid_getRequestDisplayName(const RegutilInfo *params); -BankIDError bankid_storeCertificates(const char *certs, const char *hostname); +BankIDError bankid_storeCertificates(const char *certs, const char *hostname, + TokenError *error); #endif diff --git a/client/certutil.c b/client/certutil.c index 7b0c81f..b9087d7 100644 --- a/client/certutil.c +++ b/client/certutil.c @@ -445,6 +445,10 @@ void certutil_updateErrorString(void) { fprintf(stderr, BINNAME ": error from OpenSSL or libP11: %s\n", error_string); } +void certutil_setErrorString(char *str) { + error_string = str; +} + char *certutil_getErrorString(void) { return error_string; } diff --git a/client/certutil.h b/client/certutil.h index c17dbec..dc03a0c 100644 --- a/client/certutil.h +++ b/client/certutil.h @@ -54,6 +54,7 @@ char *certutil_makeFilename(X509_NAME *xname); char *certutil_getBagAttr(PKCS12_SAFEBAG *bag, ASN1_OBJECT *oid); void certutil_clearErrorString(void); void certutil_updateErrorString(void); +void certutil_setErrorString(char *str); char *certutil_getErrorString(void); #endif diff --git a/client/gtk.c b/client/gtk.c index 5f670a2..ad5057b 100644 --- a/client/gtk.c +++ b/client/gtk.c @@ -64,6 +64,15 @@ static const char *getErrorString(TokenError errorCode) { case TokenError_SignatureFailure: s = translatable("Failed to create signature"); break; + case TokenError_HostnameMismatch: + s = translatable("Domain name mismatch"); + break; + case TokenError_NoCertsMatched: + s = translatable("The certificates didn't match"); + break; + case TokenError_FailedToStoreCerts: + s = translatable("Failed to store received certificates"); + break; /* File errors */ case TokenError_FileNotReadable: s = translatable("The file could not be read"); @@ -192,6 +201,9 @@ static void showMessage(GtkMessageType type, const char *text) { GtkWidget *dialog = gtk_message_dialog_new( GTK_WINDOW(activeDialog), GTK_DIALOG_DESTROY_WITH_PARENT, type, GTK_BUTTONS_CLOSE, "%s", text); + if (!activeDialog) { + gtk_window_set_title(GTK_WINDOW(dialog), "FriBID"); + } gtk_dialog_run(GTK_DIALOG(dialog)); gtk_widget_destroy(dialog); } diff --git a/client/main.c b/client/main.c index d87aae0..c84c650 100644 --- a/client/main.c +++ b/client/main.c @@ -294,7 +294,13 @@ void pipeCommand(PipeCommand command, const char *url, const char *hostname, case PC_StoreCertificates: { char *certs = pipe_readString(stdin); - BankIDError error = bankid_storeCertificates(certs, hostname); + TokenError tokenError; + BankIDError error = bankid_storeCertificates(certs, hostname, + &tokenError); + if (error != BIDERR_OK) { + /* TODO should perhaps dump the certificate data to a file? */ + platform_showError(tokenError); + } pipe_sendInt(stdout, error); pipe_flush(stdout); diff --git a/client/pkcs12.c b/client/pkcs12.c index 376c27b..a88258b 100644 --- a/client/pkcs12.c +++ b/client/pkcs12.c @@ -651,6 +651,7 @@ static TokenError storeCertificates(STACK_OF(X509) *certs, FILE *newFile = NULL; char *tempname = NULL; bool modified = false; + bool hostname_mismatch = false; // Attempt to create new file first // (to avoid race conditions) @@ -695,7 +696,12 @@ static TokenError storeCertificates(STACK_OF(X509) *certs, bool equal = (origin && strcmp(origin, hostname) == 0); free(origin); ASN1_OBJECT_free(objOwningHost); - if (!equal) continue; + if (!equal) { + char *str = rasprintf("file=%s, request=%s", origin, hostname); + certutil_setErrorString(str); + hostname_mismatch = true; + continue; + } // Extract cert from bag X509 *cert = PKCS12_certbag2x509(bag); @@ -795,12 +801,18 @@ static TokenError storeCertificates(STACK_OF(X509) *certs, if (!p12) { fprintf(stderr, BINNAME ": failed to open or parse file to store " "certs in %s\n", filename); + error = TokenError_FailedToStoreCerts; + } else if (!modified && hostname_mismatch) { + fprintf(stderr, BINNAME ": hostname mismatch with %s\n", hostname); + error = TokenError_HostnameMismatch; } else if (!modified) { fprintf(stderr, BINNAME ": no certs matched the key file %s\n", filename); + error = TokenError_NoCertsMatched; } else if (error) { fprintf(stderr, BINNAME ": failed to store certificates in %s\n", filename); + error = TokenError_FailedToStoreCerts; } return error; diff --git a/translations/sv.po b/translations/sv.po index 2dc51c7..69aeab5 100644 --- a/translations/sv.po +++ b/translations/sv.po @@ -50,6 +50,18 @@ msgstr "Meddelandet som skulle signeras var för långt" msgid "Failed to create signature" msgstr "Misslyckades med att skapa signatur" +#: ../client/gtk.c:68 +msgid "Domain name mismatch" +msgstr "Domännamnet stämmer inte överrens" + +#: ../client/gtk.c:71 +msgid "The certificates didn't match" +msgstr "Certifikaten matchar inte" + +#: ../client/gtk.c:74 +msgid "Failed to store received certificates" +msgstr "Misslyckades med att lagra mottagna certifikat" + #: ../client/gtk.c:58 msgid "The file could not be read" msgstr "Det gick inte att öppna filen" |