[network-manager-openvpn/NETWORKMANAGER_0_7] core: add pkcs#8 key support and simplify key checking (rh #581992)
- From: Dan Williams <dcbw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn/NETWORKMANAGER_0_7] core: add pkcs#8 key support and simplify key checking (rh #581992)
- Date: Wed, 28 Jul 2010 04:24:36 +0000 (UTC)
commit 99ea77997c91efb9d4c84f11894276ed3c326fa7
Author: Dan Williams <dcbw redhat com>
Date: Mon May 3 22:33:02 2010 -0700
core: add pkcs#8 key support and simplify key checking (rh #581992)
auth-dialog/main.c | 2 +-
common/utils.c | 19 ++++++++++---------
common/utils.h | 2 +-
properties/auth-helpers.c | 8 +++++++-
src/nm-openvpn-service.c | 6 ++----
5 files changed, 21 insertions(+), 16 deletions(-)
---
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 45ed544..85a324b 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -256,7 +256,7 @@ get_password_types (PasswordsInfo *info)
key = g_strdup_printf ("%s/%s/%s", connection_path, NM_SETTING_VPN_SETTING_NAME,
NM_OPENVPN_KEY_KEY);
str = gconf_client_get_string (gconf_client, key, NULL);
- info->need_certpass = (is_pkcs12 (str) || is_encrypted_pem (str));
+ info->need_certpass = is_encrypted (str);
g_free (str);
g_free (key);
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
diff --git a/common/utils.c b/common/utils.c
index 9e79318..02771c0 100644
--- a/common/utils.c
+++ b/common/utils.c
@@ -49,16 +49,14 @@ is_pkcs12 (const char *filepath)
}
#define PROC_TYPE_TAG "Proc-Type: 4,ENCRYPTED"
+#define PKCS8_TAG "-----BEGIN ENCRYPTED PRIVATE KEY-----"
-/** Checks if a key is encrypted
- * The key file is read and it is checked if it contains a line reading
- * Proc-Type: 4,ENCRYPTED
- * This is defined in RFC 1421 (PEM)
+/** Checks if a file appears to be an encrypted private key.
* @param filename the path to the file
* @return returns true if the key is encrypted, false otherwise
*/
gboolean
-is_encrypted_pem (const char *filename)
+is_encrypted (const char *filename)
{
GIOChannel *pem_chan;
char *str = NULL;
@@ -67,15 +65,18 @@ is_encrypted_pem (const char *filename)
if (!filename || !strlen (filename))
return FALSE;
+ if (is_pkcs12 (filename))
+ return TRUE;
+
pem_chan = g_io_channel_new_file (filename, "r", NULL);
if (!pem_chan)
return FALSE;
- while (g_io_channel_read_line (pem_chan, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF) {
- if (strncmp (str, PROC_TYPE_TAG, strlen (PROC_TYPE_TAG)) == 0) {
+ while ( g_io_channel_read_line (pem_chan, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF
+ && !encrypted) {
+ if ( !strncmp (str, PROC_TYPE_TAG, strlen (PROC_TYPE_TAG))
+ || !strncmp (str, PKCS8_TAG, strlen (PKCS8_TAG)))
encrypted = TRUE;
- break;
- }
g_free (str);
}
diff --git a/common/utils.h b/common/utils.h
index 5e6033e..fcdda44 100644
--- a/common/utils.h
+++ b/common/utils.h
@@ -26,7 +26,7 @@
gboolean is_pkcs12 (const char *filepath);
-gboolean is_encrypted_pem (const char *filename);
+gboolean is_encrypted (const char *filename);
#endif /* UTILS_H */
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index ba6b0fe..33db4dc 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -423,7 +423,7 @@ validate_tls (GladeXML *xml, const char *prefix, GError **error)
/* Encrypted certificates require a password */
str = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- encrypted = is_pkcs12 (str) || is_encrypted_pem (str);
+ encrypted = is_encrypted (str);
g_free (str);
if (encrypted) {
tmp = g_strdup_printf ("%s_private_key_password_entry", prefix);
@@ -693,6 +693,7 @@ find_tag (const char *tag, const char *buf, gsize len)
static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----";
+static const char *pem_pkcs8_key_begin = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
static gboolean
@@ -754,6 +755,11 @@ tls_default_filter (const GtkFileFilterInfo *filter_info, gpointer data)
goto out;
}
+ if (find_tag (pem_pkcs8_key_begin, (const char *) contents, bytes_read)) {
+ show = TRUE;
+ goto out;
+ }
+
out:
g_free (contents);
return show;
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index e1e21ba..3439c75 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -1110,8 +1110,7 @@ real_need_secrets (NMVPNPlugin *plugin,
/* Will require a password and maybe private key password */
key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
- if ( (is_pkcs12 (key) || is_encrypted_pem (key))
- && !nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS))
+ if (is_encrypted (key) && !nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS))
need_secrets = TRUE;
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_PASSWORD))
@@ -1125,8 +1124,7 @@ real_need_secrets (NMVPNPlugin *plugin,
/* May require private key password */
key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
- if ( (is_pkcs12 (key) || is_encrypted_pem (key))
- && !nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS))
+ if (is_encrypted (key) && !nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS))
need_secrets = TRUE;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]