2010-05-14 [colin] 3.7.6cvs5
[claws.git] / src / gtk / sslcertwindow.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 1999-2009 Colin Leroy <colin@colino.net> 
4  * and the Claws Mail team
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  * 
19  */
20
21 #ifdef HAVE_CONFIG_H
22 #  include "config.h"
23 #endif
24
25 #ifdef USE_GNUTLS
26
27 #include <gnutls/gnutls.h>
28 #include <gnutls/x509.h>
29 #include <sys/types.h>
30 #include <sys/stat.h>
31 #include <stdio.h>
32 #include <unistd.h>
33 #include <string.h>
34
35 #include <glib.h>
36 #include <glib/gi18n.h>
37 #include <gtk/gtk.h>
38
39 #include "prefs_common.h"
40 #include "defs.h"
41 #include "ssl_certificate.h"
42 #include "utils.h"
43 #include "alertpanel.h"
44 #include "hooks.h"
45
46 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
47 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
48 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
49
50 static GtkWidget *cert_presenter(SSLCertificate *cert)
51 {
52         GtkWidget *vbox = NULL;
53         GtkWidget *hbox = NULL;
54         GtkWidget *frame_owner = NULL;
55         GtkWidget *frame_signer = NULL;
56         GtkWidget *frame_status = NULL;
57         GtkTable *owner_table = NULL;
58         GtkTable *signer_table = NULL;
59         GtkTable *status_table = NULL;
60         GtkWidget *label = NULL;
61         
62         char *issuer_commonname, *issuer_location, *issuer_organization;
63         char *subject_commonname, *subject_location, *subject_organization;
64         char *sig_status, *exp_date;
65         char *md5_fingerprint, *sha1_fingerprint, *fingerprint;
66         size_t n;
67         char buf[100];
68         unsigned char md[128];  
69         char *tmp;
70         time_t exp_time_t;
71         struct tm lt;
72
73         /* issuer */    
74         issuer_commonname = g_malloc(BUFFSIZE);
75         issuer_location = g_malloc(BUFFSIZE);
76         issuer_organization = g_malloc(BUFFSIZE);
77         subject_commonname = g_malloc(BUFFSIZE);
78         subject_location = g_malloc(BUFFSIZE);
79         subject_organization = g_malloc(BUFFSIZE);
80
81         n = BUFFSIZE;
82         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
83                 GNUTLS_OID_X520_COMMON_NAME, 0, 0, issuer_commonname, &n))
84                 strncpy(issuer_commonname, _("<not in certificate>"), BUFFSIZE);
85         n = BUFFSIZE;
86
87         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
88                 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, issuer_location, &n)) {
89                 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
90                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, issuer_location, &n)) {
91                         strncpy(issuer_location, _("<not in certificate>"), BUFFSIZE);
92                 }
93         } else {
94                 tmp = g_malloc(BUFFSIZE);
95                 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
96                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
97                         strncat(issuer_location, ", ", BUFFSIZE-strlen(issuer_location));
98                         strncat(issuer_location, tmp, BUFFSIZE-strlen(issuer_location));
99                 }
100                 g_free(tmp);
101         }
102
103         n = BUFFSIZE;
104         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
105                 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, issuer_organization, &n))
106                 strncpy(issuer_organization, _("<not in certificate>"), BUFFSIZE);
107
108         n = BUFFSIZE;
109         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
110                 GNUTLS_OID_X520_COMMON_NAME, 0, 0, subject_commonname, &n))
111                 strncpy(subject_commonname, _("<not in certificate>"), BUFFSIZE);
112         n = BUFFSIZE;
113
114         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
115                 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, subject_location, &n)) {
116                 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
117                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, subject_location, &n)) {
118                         strncpy(subject_location, _("<not in certificate>"), BUFFSIZE);
119                 }
120         } else {
121                 tmp = g_malloc(BUFFSIZE);
122                 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
123                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
124                         strncat(subject_location, ", ", BUFFSIZE-strlen(subject_location));
125                         strncat(subject_location, tmp, BUFFSIZE-strlen(subject_location));
126                 }
127                 g_free(tmp);
128         }
129
130         n = BUFFSIZE;
131         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
132                 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, subject_organization, &n))
133                 strncpy(subject_organization, _("<not in certificate>"), BUFFSIZE);
134                 
135         exp_time_t = gnutls_x509_crt_get_expiration_time(cert->x509_cert);
136
137         memset(buf, 0, sizeof(buf));
138         if (exp_time_t > 0) {
139                 fast_strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, &lt));
140                 exp_date = (*buf) ? g_strdup(buf):g_strdup("?");
141         } else
142                 exp_date = g_strdup("");
143
144         /* fingerprint */
145         n = 128;
146         gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_MD5, md, &n);
147         md5_fingerprint = readable_fingerprint(md, (int)n);
148         n = 128;
149         gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
150         sha1_fingerprint = readable_fingerprint(md, (int)n);
151
152         /* signature */
153         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
154
155         if (sig_status==NULL)
156                 sig_status = g_strdup(_("Correct"));
157
158         vbox = gtk_vbox_new(FALSE, 5);
159         hbox = gtk_hbox_new(FALSE, 5);
160         
161         frame_owner  = gtk_frame_new(_("Owner"));
162         frame_signer = gtk_frame_new(_("Signer"));
163         frame_status = gtk_frame_new(_("Status"));
164         
165         owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
166         signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
167         status_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
168         
169         label = gtk_label_new(_("Name: "));
170         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
171         gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
172         label = gtk_label_new(subject_commonname);
173         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
174         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
175         gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
176         
177         label = gtk_label_new(_("Organization: "));
178         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
179         gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
180         label = gtk_label_new(subject_organization);
181         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
182         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
183         gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
184         
185         label = gtk_label_new(_("Location: "));
186         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
187         gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
188         label = gtk_label_new(subject_location);
189         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
190         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
191         gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
192
193         label = gtk_label_new(_("Name: "));
194         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
195         gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
196         label = gtk_label_new(issuer_commonname);
197         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
198         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
199         gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
200         
201         label = gtk_label_new(_("Organization: "));
202         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
203         gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
204         label = gtk_label_new(issuer_organization);
205         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
206         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
207         gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
208         
209         label = gtk_label_new(_("Location: "));
210         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
211         gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
212         label = gtk_label_new(issuer_location);
213         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
214         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
215         gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
216
217         label = gtk_label_new(_("Fingerprint: \n"));
218         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
219         gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
220         fingerprint = g_strdup_printf("MD5: %s\nSHA1: %s", 
221                         md5_fingerprint, sha1_fingerprint);
222         label = gtk_label_new(fingerprint);
223         g_free(fingerprint);
224         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
225         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
226         gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
227         label = gtk_label_new(_("Signature status: "));
228         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
229         gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
230         label = gtk_label_new(sig_status);
231         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
232         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
233         gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
234         label = gtk_label_new(_("Expires on: "));
235         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
236         gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
237         label = gtk_label_new(exp_date);
238         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
239         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
240         gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
241         
242         gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
243         gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
244         gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
245         
246         gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
247         gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
248         gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
249         gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
250         
251         gtk_widget_show_all(vbox);
252         
253         g_free(issuer_commonname);
254         g_free(issuer_location);
255         g_free(issuer_organization);
256         g_free(subject_commonname);
257         g_free(subject_location);
258         g_free(subject_organization);
259         g_free(md5_fingerprint);
260         g_free(sha1_fingerprint);
261         g_free(sig_status);
262         g_free(exp_date);
263         return vbox;
264 }
265
266 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
267 {
268         SSLCertHookData *hookdata = (SSLCertHookData *)source;
269
270         if (hookdata == NULL) {
271                 return FALSE;
272         }
273         
274         if (prefs_common.skip_ssl_cert_check) {
275                 hookdata->accept = TRUE;
276                 return TRUE;
277         }
278
279         if (hookdata->old_cert == NULL) {
280                 if (hookdata->expired)
281                         hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
282                 else
283                         hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
284         } else {
285                 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
286         }
287         return TRUE;
288 }
289
290 void sslcertwindow_register_hook(void)
291 {
292         hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
293 }
294
295 void sslcertwindow_show_cert(SSLCertificate *cert)
296 {
297         GtkWidget *cert_widget = cert_presenter(cert);
298         gchar *buf;
299         
300         buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
301         alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
302                         FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
303         g_free(buf);
304 }
305
306 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
307 {
308         gchar *buf, *sig_status;
309         AlertValue val;
310         GtkWidget *vbox;
311         GtkWidget *label;
312         GtkWidget *button;
313         GtkWidget *cert_widget;
314         
315         vbox = gtk_vbox_new(FALSE, 5);
316         buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
317         label = gtk_label_new(buf);
318         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
319         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
320         g_free(buf);
321         
322         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
323         if (sig_status==NULL)
324                 sig_status = g_strdup(_("Correct"));
325
326         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
327         label = gtk_label_new(buf);
328         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
329         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
330         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
331         g_free(buf);
332         g_free(sig_status);
333         
334         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
335         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
336         cert_widget = cert_presenter(cert);
337         gtk_container_add(GTK_CONTAINER(button), cert_widget);
338
339         val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
340                               _("_Cancel connection"), _("_Accept and save"), NULL,
341                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
342         
343         return (val == G_ALERTALTERNATE);
344 }
345
346 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
347 {
348         gchar *buf, *sig_status;
349         AlertValue val;
350         GtkWidget *vbox;
351         GtkWidget *label;
352         GtkWidget *button;
353         GtkWidget *cert_widget;
354         
355         vbox = gtk_vbox_new(FALSE, 5);
356         buf = g_strdup_printf(_("Certificate for %s is expired.\nDo you want to continue?"), cert->host);
357         label = gtk_label_new(buf);
358         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
359         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
360         g_free(buf);
361         
362         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
363
364         if (sig_status==NULL)
365                 sig_status = g_strdup(_("Correct"));
366
367         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
368         label = gtk_label_new(buf);
369         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
370         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
371         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
372         g_free(buf);
373         g_free(sig_status);
374         
375         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
376         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
377         cert_widget = cert_presenter(cert);
378         gtk_container_add(GTK_CONTAINER(button), cert_widget);
379
380         val = alertpanel_full(_("Expired SSL Certificate"), NULL,
381                               _("_Cancel connection"), _("_Accept"), NULL,
382                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
383         
384         return (val == G_ALERTALTERNATE);
385 }
386
387 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
388 {
389         GtkWidget *old_cert_widget = cert_presenter(old_cert);
390         GtkWidget *new_cert_widget = cert_presenter(new_cert);
391         GtkWidget *vbox;
392         gchar *buf, *sig_status;
393         GtkWidget *vbox2;
394         GtkWidget *label;
395         GtkWidget *button;
396         AlertValue val;
397         
398         vbox = gtk_vbox_new(FALSE, 5);
399         label = gtk_label_new(_("New certificate:"));
400         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
401         gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
402         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
403         gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
404         label = gtk_label_new(_("Known certificate:"));
405         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
406         gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
407         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
408         gtk_widget_show_all(vbox);
409         
410         vbox2 = gtk_vbox_new(FALSE, 5);
411         buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
412         label = gtk_label_new(buf);
413         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
414         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
415         g_free(buf);
416         
417         sig_status = ssl_certificate_check_signer(new_cert->x509_cert, new_cert->status);
418
419         if (sig_status==NULL)
420                 sig_status = g_strdup(_("Correct"));
421
422         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
423         label = gtk_label_new(buf);
424         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
425         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
426         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
427         g_free(buf);
428         g_free(sig_status);
429         
430         button = gtk_expander_new_with_mnemonic(_("_View certificates"));
431         gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
432         gtk_container_add(GTK_CONTAINER(button), vbox);
433
434         val = alertpanel_full(_("Changed SSL Certificate"), NULL,
435                               _("_Cancel connection"), _("_Accept and save"), NULL,
436                               FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
437         
438         return (val == G_ALERTALTERNATE);
439 }
440 #endif