2007-01-21 [colin] 2.7.1cvs43
[claws.git] / src / gtk / sslcertwindow.c
1 /*
2  * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 1999-2007 Hiroyuki Yamamoto
4  * This file Copyright (C) 2002-2005 Colin Leroy <colin@colino.net>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19  */
20
21 #ifdef HAVE_CONFIG_H
22 #  include "config.h"
23 #endif
24
25 #if USE_OPENSSL
26
27 #include <openssl/ssl.h>
28 #include <glib.h>
29 #include <glib/gi18n.h>
30 #include <gtk/gtk.h>
31
32 #include "prefs_common.h"
33 #include "ssl_certificate.h"
34 #include "utils.h"
35 #include "alertpanel.h"
36 #include "hooks.h"
37
38 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
39 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
40 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
41
42 static GtkWidget *cert_presenter(SSLCertificate *cert)
43 {
44         GtkWidget *vbox = NULL;
45         GtkWidget *hbox = NULL;
46         GtkWidget *frame_owner = NULL;
47         GtkWidget *frame_signer = NULL;
48         GtkWidget *frame_status = NULL;
49         GtkTable *owner_table = NULL;
50         GtkTable *signer_table = NULL;
51         GtkTable *status_table = NULL;
52         GtkWidget *label = NULL;
53         
54         char buf[100];
55         char *issuer_commonname, *issuer_location, *issuer_organization;
56         char *subject_commonname, *subject_location, *subject_organization;
57         char *fingerprint, *sig_status, *exp_date;
58         unsigned int n;
59         unsigned char md[EVP_MAX_MD_SIZE];      
60         ASN1_TIME *validity;
61         time_t exp_time_t;
62
63         /* issuer */    
64         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
65                                        NID_commonName, buf, 100) >= 0)
66                 issuer_commonname = g_strdup(buf);
67         else
68                 issuer_commonname = g_strdup(_("<not in certificate>"));
69         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
70                                        NID_localityName, buf, 100) >= 0) {
71                 issuer_location = g_strdup(buf);
72                 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
73                                        NID_countryName, buf, 100) >= 0)
74                         issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
75         } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
76                                        NID_countryName, buf, 100) >= 0)
77                 issuer_location = g_strdup(buf);
78         else
79                 issuer_location = g_strdup(_("<not in certificate>"));
80
81         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
82                                        NID_organizationName, buf, 100) >= 0)
83                 issuer_organization = g_strdup(buf);
84         else 
85                 issuer_organization = g_strdup(_("<not in certificate>"));
86          
87         /* subject */   
88         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
89                                        NID_commonName, buf, 100) >= 0)
90                 subject_commonname = g_strdup(buf);
91         else
92                 subject_commonname = g_strdup(_("<not in certificate>"));
93         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
94                                        NID_localityName, buf, 100) >= 0) {
95                 subject_location = g_strdup(buf);
96                 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
97                                        NID_countryName, buf, 100) >= 0)
98                         subject_location = g_strconcat(subject_location,", ",buf, NULL);
99         } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
100                                        NID_countryName, buf, 100) >= 0)
101                 subject_location = g_strdup(buf);
102         else
103                 subject_location = g_strdup(_("<not in certificate>"));
104
105         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
106                                        NID_organizationName, buf, 100) >= 0)
107                 subject_organization = g_strdup(buf);
108         else 
109                 subject_organization = g_strdup(_("<not in certificate>"));
110          
111         if ((validity = X509_get_notAfter(cert->x509_cert)) != NULL) {
112                 exp_time_t = asn1toTime(validity);
113         } else {
114                 exp_time_t = (time_t)0;
115         }
116         
117         memset(buf, 0, sizeof(buf));
118         strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime(&exp_time_t));
119         exp_date = buf? g_strdup(buf):g_strdup("?");
120
121         /* fingerprint */
122         X509_digest(cert->x509_cert, EVP_md5(), md, &n);
123         fingerprint = readable_fingerprint(md, (int)n);
124
125         /* signature */
126         sig_status = ssl_certificate_check_signer(cert->x509_cert);
127
128         if (sig_status==NULL)
129                 sig_status = g_strdup(_("correct"));
130
131         vbox = gtk_vbox_new(FALSE, 5);
132         hbox = gtk_hbox_new(FALSE, 5);
133         
134         frame_owner  = gtk_frame_new(_("Owner"));
135         frame_signer = gtk_frame_new(_("Signer"));
136         frame_status = gtk_frame_new(_("Status"));
137         
138         owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
139         signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
140         status_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
141         
142         label = gtk_label_new(_("Name: "));
143         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
144         gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
145         label = gtk_label_new(subject_commonname);
146         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
147         gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
148         
149         label = gtk_label_new(_("Organization: "));
150         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
151         gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
152         label = gtk_label_new(subject_organization);
153         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
154         gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
155         
156         label = gtk_label_new(_("Location: "));
157         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
158         gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
159         label = gtk_label_new(subject_location);
160         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
161         gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
162
163         label = gtk_label_new(_("Name: "));
164         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
165         gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
166         label = gtk_label_new(issuer_commonname);
167         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
168         gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
169         
170         label = gtk_label_new(_("Organization: "));
171         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
172         gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
173         label = gtk_label_new(issuer_organization);
174         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
175         gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
176         
177         label = gtk_label_new(_("Location: "));
178         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
179         gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
180         label = gtk_label_new(issuer_location);
181         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
182         gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
183
184         label = gtk_label_new(_("Fingerprint: "));
185         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
186         gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
187         label = gtk_label_new(fingerprint);
188         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
189         gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
190         label = gtk_label_new(_("Signature status: "));
191         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
192         gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
193         label = gtk_label_new(sig_status);
194         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
195         gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
196         label = gtk_label_new(_("Expires on: "));
197         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
198         gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
199         label = gtk_label_new(exp_date);
200         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
201         gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
202         
203         gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
204         gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
205         gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
206         
207         gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
208         gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
209         gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
210         gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
211         
212         gtk_widget_show_all(vbox);
213         
214         g_free(issuer_commonname);
215         g_free(issuer_location);
216         g_free(issuer_organization);
217         g_free(subject_commonname);
218         g_free(subject_location);
219         g_free(subject_organization);
220         g_free(fingerprint);
221         g_free(sig_status);
222         g_free(exp_date);
223         return vbox;
224 }
225
226 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
227 {
228         SSLCertHookData *hookdata = (SSLCertHookData *)source;
229
230         if (prefs_common.skip_ssl_cert_check)
231                 return TRUE;
232
233         if (hookdata == NULL) {
234                 return FALSE;
235         }
236         if (hookdata->old_cert == NULL) {
237                 if (hookdata->expired)
238                         hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
239                 else
240                         hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
241         } else {
242                 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
243         }
244         return TRUE;
245 }
246
247 void sslcertwindow_register_hook(void)
248 {
249         hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
250 }
251
252 void sslcertwindow_show_cert(SSLCertificate *cert)
253 {
254         GtkWidget *cert_widget = cert_presenter(cert);
255         gchar *buf;
256         
257         buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
258         alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
259                         FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
260         g_free(buf);
261 }
262
263 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
264 {
265         gchar *buf, *sig_status;
266         AlertValue val;
267         GtkWidget *vbox;
268         GtkWidget *label;
269         GtkWidget *button;
270         GtkWidget *cert_widget;
271         
272         vbox = gtk_vbox_new(FALSE, 5);
273         buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
274         label = gtk_label_new(buf);
275         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
276         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
277         g_free(buf);
278         
279         sig_status = ssl_certificate_check_signer(cert->x509_cert);
280
281         if (sig_status==NULL)
282                 sig_status = g_strdup(_("correct"));
283
284         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
285         label = gtk_label_new(buf);
286         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
287         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
288         g_free(buf);
289         g_free(sig_status);
290         
291         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
292         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
293         cert_widget = cert_presenter(cert);
294         gtk_container_add(GTK_CONTAINER(button), cert_widget);
295
296         val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
297                               _("_Cancel connection"), _("_Accept and save"), NULL,
298                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
299         
300         return (val == G_ALERTALTERNATE);
301 }
302
303 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
304 {
305         gchar *buf, *sig_status;
306         AlertValue val;
307         GtkWidget *vbox;
308         GtkWidget *label;
309         GtkWidget *button;
310         GtkWidget *cert_widget;
311         
312         vbox = gtk_vbox_new(FALSE, 5);
313         buf = g_strdup_printf(_("Certificate for %s is expired.\nDo you want to continue?"), cert->host);
314         label = gtk_label_new(buf);
315         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
316         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
317         g_free(buf);
318         
319         sig_status = ssl_certificate_check_signer(cert->x509_cert);
320
321         if (sig_status==NULL)
322                 sig_status = g_strdup(_("correct"));
323
324         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
325         label = gtk_label_new(buf);
326         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
327         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
328         g_free(buf);
329         g_free(sig_status);
330         
331         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
332         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
333         cert_widget = cert_presenter(cert);
334         gtk_container_add(GTK_CONTAINER(button), cert_widget);
335
336         val = alertpanel_full(_("Expired SSL Certificate"), NULL,
337                               _("_Cancel connection"), _("_Accept"), NULL,
338                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
339         
340         return (val == G_ALERTALTERNATE);
341 }
342
343 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
344 {
345         GtkWidget *old_cert_widget = cert_presenter(old_cert);
346         GtkWidget *new_cert_widget = cert_presenter(new_cert);
347         GtkWidget *vbox;
348         gchar *buf, *sig_status;
349         GtkWidget *vbox2;
350         GtkWidget *label;
351         GtkWidget *button;
352         AlertValue val;
353         
354         vbox = gtk_vbox_new(FALSE, 5);
355         label = gtk_label_new(_("New certificate:"));
356         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
357         gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
358         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
359         gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
360         label = gtk_label_new(_("Known certificate:"));
361         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
362         gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
363         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
364         gtk_widget_show_all(vbox);
365         
366         vbox2 = gtk_vbox_new(FALSE, 5);
367         buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
368         label = gtk_label_new(buf);
369         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
370         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
371         g_free(buf);
372         
373         sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
374
375         if (sig_status==NULL)
376                 sig_status = g_strdup(_("correct"));
377
378         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
379         label = gtk_label_new(buf);
380         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
381         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
382         g_free(buf);
383         g_free(sig_status);
384         
385         button = gtk_expander_new_with_mnemonic(_("_View certificates"));
386         gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
387         gtk_container_add(GTK_CONTAINER(button), vbox);
388
389         val = alertpanel_full(_("Changed SSL Certificate"), NULL,
390                               _("_Cancel connection"), _("_Accept and save"), NULL,
391                               FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
392         
393         return (val == G_ALERTALTERNATE);
394 }
395 #endif