#include <tlsvalidator.h>

Collaboration diagram for jami::tls::TlsValidator:

Public Types
enum class	CertificateCheck : std::uint8_t { HAS_PRIVATE_KEY , EXPIRED , STRONG_SIGNING , NOT_SELF_SIGNED , KEY_MATCH , PRIVATE_KEY_STORAGE_PERMISSION , PUBLIC_KEY_STORAGE_PERMISSION , PRIVATE_KEY_DIRECTORY_PERMISSIONS , PUBLIC_KEY_DIRECTORY_PERMISSIONS , PRIVATE_KEY_STORAGE_LOCATION , PUBLIC_KEY_STORAGE_LOCATION , PRIVATE_KEY_SELINUX_ATTRIBUTES , PUBLIC_KEY_SELINUX_ATTRIBUTES , EXIST , VALID , VALID_AUTHORITY , KNOWN_AUTHORITY , NOT_REVOKED , AUTHORITY_MISMATCH , UNEXPECTED_OWNER , NOT_ACTIVATED , COUNT__ }
	All validation fields. More...

enum class	CertificateDetails : std::uint8_t { EXPIRATION_DATE , ACTIVATION_DATE , REQUIRE_PRIVATE_KEY_PASSWORD , PUBLIC_SIGNATURE , VERSION_NUMBER , SERIAL_NUMBER , ISSUER , SUBJECT_KEY_ALGORITHM , SUBJECT_KEY , CN , UID , N , O , SIGNATURE_ALGORITHM , MD5_FINGERPRINT , SHA1_FINGERPRINT , PUBLIC_KEY_ID , ISSUER_DN , ISSUER_CN , ISSUER_UID , ISSUER_N , ISSUER_O , NEXT_EXPECTED_UPDATE_DATE , OUTGOING_SERVER , IS_CA , COUNT__ }
	Informative fields about a certificate. More...

using	CheckResult = std::pair< CheckValues, std::string >

enum class	CheckValues : std::uint8_t { PASSED , FAILED , UNSUPPORTED , ISO_DATE , CUSTOM , NUMBER , COUNT__ }

enum class	CheckValuesType : std::uint8_t { BOOLEAN , ISO_DATE , CUSTOM , NUMBER , COUNT__ }
	Categories of possible values for each CertificateCheck. More...

Public Member Functions
CheckResult	activated ()
	If the activation value is in the past.

CheckResult	authorityMatch ()
	Check if the authority match the certificate.

CheckResult	exist ()
	The file has been found.

CheckResult	expectedOwner ()
	The CA and certificate provide conflicting ownership information.

CheckResult	getActivationDate ()
	Get the activation date.

std::shared_ptr< dht::crypto::Certificate >	getCertificate () const

CheckResult	getCN ()
	The 'CN' section of a DN (RFC4514)

CheckResult	getExpirationDate ()
	Get the expiration date.

CheckResult	getIssuer ()
	If the certificate is not self signed, return the issuer.

CheckResult	getIssuerCN ()
	If the certificate is not self signed, return the issuer CN.

CheckResult	getIssuerDN ()
	If the certificate is not self signed, return the issuer DN (RFC4514)

CheckResult	getIssuerN ()
	If the certificate is not self signed, return the issuer N.

CheckResult	getIssuerO ()
	If the certificate is not self signed, return the issuer O.

CheckResult	getIssuerUID ()
	If the certificate is not self signed, return the issuer UID.

CheckResult	getMd5Fingerprint ()
	Compute the key fingerprint.

CheckResult	getN ()
	The 'N' section of a DN (RFC4514)

CheckResult	getO ()
	The 'O' section of a DN (RFC4514)

CheckResult	getPublicKeyId ()
	Return an hexadecimal identifier.

CheckResult	getPublicSignature ()
	An hexadecimal representation of the signature.

std::map< std::string, std::string >	getSerializedChecks ()
	Convert all checks results into a string map.

std::map< std::string, std::string >	getSerializedDetails ()
	Get a map with all common certificate details.

CheckResult	getSerialNumber ()
	Return the certificate serial number.

CheckResult	getSha1Fingerprint ()
	Compute the key fingerprint.

CheckResult	getSignatureAlgorithm ()
	Return the algorithm used to sign the Key.

CheckResult	getSubjectKey ()
	The subject public key.

CheckResult	getSubjectKeyAlgorithm ()
	The algorithm used to sign the certificate details (rather than the certificate itself)

CheckResult	getUID ()
	The 'UID' section of a DN (RFC4514)

CheckResult	getVersionNumber ()
	Return the certificate version.

bool	hasCa () const
	A certificate authority has been provided.

CheckResult	hasPrivateKey ()
	Check if the Validator have access to a private key.

CheckResult	isCA ()
	If the certificate is not self signed, return the issuer.

bool	isValid (bool verbose=false)
	Check if all boolean check passed return true if there was no FAILED checks.

CheckResult	keyMatch ()
	The provided key can be used along with the certificate.

CheckResult	knownAuthority ()
	When an account require an authority known by the system (like /usr/share/ssl/certs) then the whole chain of trust need be to checked.

CheckResult	notExpired ()
	Check if the certificate is not expired.

CheckResult	notRevoked ()
	Check if the certificate has been revoked.

CheckResult	notSelfSigned ()
	The certificate is not self signed.

CheckResult	outgoingServer ()
	The expected outgoing server domain.

CheckResult	privateKeyDirectoryPermissions ()

CheckResult	privateKeySelinuxAttributes ()
	SELinux provide additional key protection mechanism.

CheckResult	privateKeyStorageLocation ()
	Certificate should be located in specific path on some operating systems.

CheckResult	privateKeyStoragePermissions ()

CheckResult	publicKeyDirectoryPermissions ()

CheckResult	publicKeySelinuxAttributes ()
	SELinux provide additional key protection mechanism.

CheckResult	publicKeyStorageLocation ()
	Certificate should be located in specific path on some operating systems.

CheckResult	publicKeyStoragePermissions ()

CheckResult	requirePrivateKeyPassword ()
	If the key need decryption.

void	setCaTlsValidator (const TlsValidator &validator)

CheckResult	strongSigning ()
	If the algorithm used to sign the certificate is considered weak by modern standard.

	TlsValidator (const dhtnet::tls::CertificateStore &certStore, const std::shared_ptr< dht::crypto::Certificate > &)

	TlsValidator (const dhtnet::tls::CertificateStore &certStore, const std::string &certificate, const std::string &privatekey="", const std::string &privatekeyPasswd="", const std::string &caList="")
	Create a TlsValidator for a given certificate.

	TlsValidator (const dhtnet::tls::CertificateStore &certStore, const std::vector< std::vector< uint8_t > > &certificate_chain_raw)

	TlsValidator (const dhtnet::tls::CertificateStore &certStore, const std::vector< uint8_t > &certificate_raw)

CheckResult	valid ()
	The certificate is invalid compared to the authority.

CheckResult	validAuthority ()
	The provided authority is invalid.

	~TlsValidator ()

Detailed Description

Definition at line 68 of file tlsvalidator.h.

Member Typedef Documentation

◆ CheckResult

using jami::tls::TlsValidator::CheckResult = std::pair<CheckValues, std::string>

Definition at line 176 of file tlsvalidator.h.

Member Enumeration Documentation

◆ CertificateCheck

enum class jami::tls::TlsValidator::CertificateCheck : std::uint8_t

strong

All validation fields.

Enumerator
HAS_PRIVATE_KEY
EXPIRED	This certificate has a build in private key
STRONG_SIGNING	This certificate is past its expiration date
NOT_SELF_SIGNED	This certificate has been signed with a brute-force-able method
KEY_MATCH	This certificate has been self signed
PRIVATE_KEY_STORAGE_PERMISSION	The public and private keys provided don't match
PUBLIC_KEY_STORAGE_PERMISSION	The file hosting the private key isn't correctly secured.
PRIVATE_KEY_DIRECTORY_PERMISSIONS	The file hosting the public key isn't correctly secured.
PUBLIC_KEY_DIRECTORY_PERMISSIONS	The folder storing the private key isn't correctly secured
PRIVATE_KEY_STORAGE_LOCATION	The folder storing the public key isn't correctly secured
PUBLIC_KEY_STORAGE_LOCATION	Some operating systems have extra policies for certificate storage
PRIVATE_KEY_SELINUX_ATTRIBUTES	Some operating systems have extra policies for certificate storage
PUBLIC_KEY_SELINUX_ATTRIBUTES	Some operating systems require keys to have extra attributes
EXIST	Some operating systems require keys to have extra attributes
VALID	The certificate file doesn't exist or is not accessible
VALID_AUTHORITY	The file is not a certificate
KNOWN_AUTHORITY	The claimed authority did not sign the certificate
NOT_REVOKED	Some operating systems provide a list of trusted authorities, use it.
AUTHORITY_MISMATCH	The certificate has been revoked by the authority
UNEXPECTED_OWNER	The certificate and authority mismatch.
NOT_ACTIVATED	The certificate has an expected owner
COUNT__	The certificate has not been activated yet

Definition at line 75 of file tlsvalidator.h.

◆ CertificateDetails

enum class jami::tls::TlsValidator::CertificateDetails : std::uint8_t

strong

Informative fields about a certificate.

Enumerator
EXPIRATION_DATE
ACTIVATION_DATE	The certificate expiration date
REQUIRE_PRIVATE_KEY_PASSWORD	The certificate activation date
PUBLIC_SIGNATURE	Does the private key require a password.
VERSION_NUMBER
SERIAL_NUMBER
ISSUER
SUBJECT_KEY_ALGORITHM
SUBJECT_KEY
CN
UID
N
O
SIGNATURE_ALGORITHM
MD5_FINGERPRINT
SHA1_FINGERPRINT
PUBLIC_KEY_ID
ISSUER_DN
ISSUER_CN
ISSUER_UID
ISSUER_N
ISSUER_O
NEXT_EXPECTED_UPDATE_DATE
OUTGOING_SERVER
IS_CA	The hostname/outgoing server used for this certificate
COUNT__

Definition at line 109 of file tlsvalidator.h.

◆ CheckValues

enum class jami::tls::TlsValidator::CheckValues : std::uint8_t

strong

Enumerator
PASSED
FAILED	Equivalent of a boolean "true"
UNSUPPORTED	Equivalent of a boolean "false"
ISO_DATE	The operating system doesn't support or require the check
CUSTOM	The check value is an ISO 8601 date YYYY-MM-DD[TH24:MM:SS+00:00]
NUMBER	The check value cannot be represented with a finite set of values.
COUNT__

Definition at line 159 of file tlsvalidator.h.

◆ CheckValuesType

enum class jami::tls::TlsValidator::CheckValuesType : std::uint8_t

strong

Categories of possible values for each CertificateCheck.

Enumerator
BOOLEAN
ISO_DATE
CUSTOM
NUMBER
COUNT__

Definition at line 141 of file tlsvalidator.h.

Constructor & Destructor Documentation

◆ TlsValidator() [1/4]

jami::tls::TlsValidator::TlsValidator	(	const dhtnet::tls::CertificateStore &	certStore,
		const std::string &	certificate,
		const std::string &	privatekey = `""`,
		const std::string &	privatekeyPasswd = `""`,
		const std::string &	caList = `""`
	)

Create a TlsValidator for a given certificate.

Parameters

certificate	The certificate path
privatekey	An optional private key file path
privatekeyPasswd	An optional private key password
caList	An optional CA list to use for certificate validation

Definition at line 236 of file tlsvalidator.cpp.

References jami::emitSignal(), JAMI_WARN, and jami::fileutils::loadFile().

Here is the call graph for this function:

◆ TlsValidator() [2/4]

jami::tls::TlsValidator::TlsValidator	(	const dhtnet::tls::CertificateStore &	certStore,
		const std::vector< std::vector< uint8_t > > &	certificate_chain_raw
	)

Definition at line 231 of file tlsvalidator.cpp.

◆ TlsValidator() [3/4]

jami::tls::TlsValidator::TlsValidator	(	const dhtnet::tls::CertificateStore &	certStore,
		const std::vector< uint8_t > &	certificate_raw
	)

Definition at line 280 of file tlsvalidator.cpp.

References jami::emitSignal().

Here is the call graph for this function:

◆ TlsValidator() [4/4]

jami::tls::TlsValidator::TlsValidator	(	const dhtnet::tls::CertificateStore &	certStore,
		const std::shared_ptr< dht::crypto::Certificate > &	crt
	)

Definition at line 292 of file tlsvalidator.cpp.

References jami::emitSignal().

Here is the call graph for this function:

◆ ~TlsValidator()

jami::tls::TlsValidator::~TlsValidator ( )

Definition at line 307 of file tlsvalidator.cpp.

Member Function Documentation

◆ activated()

TlsValidator::CheckResult jami::tls::TlsValidator::activated ( )

If the activation value is in the past.

@fixme Handle both "with ca" and "without ca" case

Definition at line 785 of file tlsvalidator.cpp.

References jami::emitSignal(), exist(), FAILED, PASSED, and UNSUPPORTED.

Here is the call graph for this function:

◆ authorityMatch()

TlsValidator::CheckResult jami::tls::TlsValidator::authorityMatch ( )

Check if the authority match the certificate.

Definition at line 1040 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, and PASSED.

Here is the call graph for this function:

◆ exist()

TlsValidator::CheckResult jami::tls::TlsValidator::exist ( )

The file has been found.

Definition at line 1006 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, and PASSED.

Referenced by activated(), getSerializedChecks(), keyMatch(), notExpired(), and strongSigning().

Here is the call graph for this function:

◆ expectedOwner()

TlsValidator::CheckResult jami::tls::TlsValidator::expectedOwner ( )

The CA and certificate provide conflicting ownership information.

Definition at line 995 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, and PASSED.

Here is the call graph for this function:

◆ getActivationDate()

TlsValidator::CheckResult jami::tls::TlsValidator::getActivationDate ( )

Get the activation date.

Todo:: Move to "certificateDetails()" method once completed

Definition at line 1386 of file tlsvalidator.cpp.

References jami::emitSignal(), jami::tls::formatDate(), and UNSUPPORTED.

Here is the call graph for this function:

◆ getCertificate()

std::shared_ptr< dht::crypto::Certificate > jami::tls::TlsValidator::getCertificate ( ) const

inline

Definition at line 259 of file tlsvalidator.h.

Referenced by libjami::getCertificateDetails(), and libjami::validateCertificate().

◆ getCN()

TlsValidator::CheckResult jami::tls::TlsValidator::getCN ( )

The 'CN' section of a DN (RFC4514)

Definition at line 1191 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getExpirationDate()

TlsValidator::CheckResult jami::tls::TlsValidator::getExpirationDate ( )

Get the expiration date.

Todo:: Move to "certificateDetails()" method once completed

Definition at line 1370 of file tlsvalidator.cpp.

References jami::emitSignal(), jami::tls::formatDate(), and UNSUPPORTED.

Here is the call graph for this function:

◆ getIssuer()

TlsValidator::CheckResult jami::tls::TlsValidator::getIssuer ( )

If the certificate is not self signed, return the issuer.

Definition at line 1138 of file tlsvalidator.cpp.

References CUSTOM, jami::emitSignal(), and UNSUPPORTED.

Here is the call graph for this function:

◆ getIssuerCN()

TlsValidator::CheckResult jami::tls::TlsValidator::getIssuerCN ( )

If the certificate is not self signed, return the issuer CN.

Definition at line 1314 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getIssuerDN()

TlsValidator::CheckResult jami::tls::TlsValidator::getIssuerDN ( )

If the certificate is not self signed, return the issuer DN (RFC4514)

Definition at line 1303 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getIssuerN()

TlsValidator::CheckResult jami::tls::TlsValidator::getIssuerN ( )

If the certificate is not self signed, return the issuer N.

Definition at line 1341 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getIssuerO()

TlsValidator::CheckResult jami::tls::TlsValidator::getIssuerO ( )

If the certificate is not self signed, return the issuer O.

Definition at line 1352 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getIssuerUID()

TlsValidator::CheckResult jami::tls::TlsValidator::getIssuerUID ( )

If the certificate is not self signed, return the issuer UID.

Definition at line 1330 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getMd5Fingerprint()

TlsValidator::CheckResult jami::tls::TlsValidator::getMd5Fingerprint ( )

Compute the key fingerprint.

This need to be used along with getSha1Fingerprint() to avoid collisions

Definition at line 1262 of file tlsvalidator.cpp.

References jami::tls::checkBinaryError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getN()

TlsValidator::CheckResult jami::tls::TlsValidator::getN ( )

The 'N' section of a DN (RFC4514)

Definition at line 1214 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getO()

TlsValidator::CheckResult jami::tls::TlsValidator::getO ( )

The 'O' section of a DN (RFC4514)

Definition at line 1226 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getPublicKeyId()

TlsValidator::CheckResult jami::tls::TlsValidator::getPublicKeyId ( )

Return an hexadecimal identifier.

Definition at line 1286 of file tlsvalidator.cpp.

References jami::tls::checkBinaryError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getPublicSignature()

TlsValidator::CheckResult jami::tls::TlsValidator::getPublicSignature ( )

An hexadecimal representation of the signature.

Definition at line 1098 of file tlsvalidator.cpp.

References jami::tls::checkBinaryError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getSerializedChecks()

std::map< std::string, std::string > jami::tls::TlsValidator::getSerializedChecks ( )

Convert all checks results into a string map.

Definition at line 364 of file tlsvalidator.cpp.

References jami::emitSignal(), EXIST, and exist().

Referenced by libjami::validateCertificatePath().

Here is the call graph for this function:

◆ getSerializedDetails()

std::map< std::string, std::string > jami::tls::TlsValidator::getSerializedDetails ( )

Get a map with all common certificate details.

Definition at line 383 of file tlsvalidator.cpp.

References CUSTOM, jami::emitSignal(), FAILED, ISO_DATE, NUMBER, PASSED, and UNSUPPORTED.

Referenced by libjami::getCertificateDetailsPath().

Here is the call graph for this function:

◆ getSerialNumber()

TlsValidator::CheckResult jami::tls::TlsValidator::getSerialNumber ( )

Return the certificate serial number.

Definition at line 1125 of file tlsvalidator.cpp.

References jami::tls::checkBinaryError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getSha1Fingerprint()

TlsValidator::CheckResult jami::tls::TlsValidator::getSha1Fingerprint ( )

Compute the key fingerprint.

This need to be used along with getMd5Fingerprint() to avoid collisions

Definition at line 1275 of file tlsvalidator.cpp.

References jami::tls::checkBinaryError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getSignatureAlgorithm()

TlsValidator::CheckResult jami::tls::TlsValidator::getSignatureAlgorithm ( )

Return the algorithm used to sign the Key.

For example: RSA

Definition at line 1245 of file tlsvalidator.cpp.

References CUSTOM, jami::emitSignal(), and UNSUPPORTED.

Here is the call graph for this function:

◆ getSubjectKey()

TlsValidator::CheckResult jami::tls::TlsValidator::getSubjectKey ( )

The subject public key.

Definition at line 1176 of file tlsvalidator.cpp.

References CUSTOM, jami::emitSignal(), and UNSUPPORTED.

Here is the call graph for this function:

◆ getSubjectKeyAlgorithm()

TlsValidator::CheckResult jami::tls::TlsValidator::getSubjectKeyAlgorithm ( )

The algorithm used to sign the certificate details (rather than the certificate itself)

Definition at line 1153 of file tlsvalidator.cpp.

References CUSTOM, jami::emitSignal(), and UNSUPPORTED.

Here is the call graph for this function:

◆ getUID()

TlsValidator::CheckResult jami::tls::TlsValidator::getUID ( )

The 'UID' section of a DN (RFC4514)

Definition at line 1203 of file tlsvalidator.cpp.

References jami::tls::checkError(), and jami::emitSignal().

Here is the call graph for this function:

◆ getVersionNumber()

TlsValidator::CheckResult jami::tls::TlsValidator::getVersionNumber ( )

Return the certificate version.

Definition at line 1109 of file tlsvalidator.cpp.

References jami::emitSignal(), NUMBER, UNSUPPORTED, and jami::swarm_protocol::version.

Here is the call graph for this function:

◆ hasCa()

bool jami::tls::TlsValidator::hasCa ( ) const

A certificate authority has been provided.

Definition at line 1082 of file tlsvalidator.cpp.

References jami::emitSignal().

Here is the call graph for this function:

◆ hasPrivateKey()

TlsValidator::CheckResult jami::tls::TlsValidator::hasPrivateKey ( )

Check if the Validator have access to a private key.

Definition at line 745 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, JAMI_DBG, and PASSED.

Here is the call graph for this function:

◆ isCA()

TlsValidator::CheckResult jami::tls::TlsValidator::isCA ( )

If the certificate is not self signed, return the issuer.

Definition at line 1413 of file tlsvalidator.cpp.

References CUSTOM, jami::FALSE_STR, and jami::TRUE_STR.

◆ isValid()

bool jami::tls::TlsValidator::isValid ( bool verbose = false )

Check if all boolean check passed return true if there was no FAILED checks.

Checks functions are not "const", so this function isn't

Definition at line 346 of file tlsvalidator.cpp.

References BOOLEAN, jami::emitSignal(), FAILED, and JAMI_WARNING.

Here is the call graph for this function:

◆ keyMatch()

TlsValidator::CheckResult jami::tls::TlsValidator::keyMatch ( )

The provided key can be used along with the certificate.

Definition at line 827 of file tlsvalidator.cpp.

References jami::emitSignal(), exist(), FAILED, PASSED, and UNSUPPORTED.

Here is the call graph for this function:

◆ knownAuthority()

TlsValidator::CheckResult jami::tls::TlsValidator::knownAuthority ( )

When an account require an authority known by the system (like /usr/share/ssl/certs) then the whole chain of trust need be to checked.

@fixme port crypto_cert_load_trusted @fixme add account settings

Todo:: implement the check

Definition at line 1056 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, and PASSED.

Here is the call graph for this function:

◆ notExpired()

TlsValidator::CheckResult jami::tls::TlsValidator::notExpired ( )

Check if the certificate is not expired.

The double negative is used because all boolean checks need to have a consistent return value semantic

@fixme Handle both "with ca" and "without ca" case

Definition at line 769 of file tlsvalidator.cpp.

References jami::emitSignal(), exist(), FAILED, PASSED, and UNSUPPORTED.

Here is the call graph for this function:

◆ notRevoked()

TlsValidator::CheckResult jami::tls::TlsValidator::notRevoked ( )

Check if the certificate has been revoked.

Definition at line 1069 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, and PASSED.

Here is the call graph for this function:

◆ notSelfSigned()

TlsValidator::CheckResult jami::tls::TlsValidator::notSelfSigned ( )

The certificate is not self signed.

Definition at line 818 of file tlsvalidator.cpp.

References UNSUPPORTED.

◆ outgoingServer()

TlsValidator::CheckResult jami::tls::TlsValidator::outgoingServer ( )

The expected outgoing server domain.

Todo:

Move to "certificateDetails()" method once completed

extract information for the certificate

Definition at line 1403 of file tlsvalidator.cpp.

References CUSTOM.

◆ privateKeyDirectoryPermissions()

TlsValidator::CheckResult jami::tls::TlsValidator::privateKeyDirectoryPermissions ( )

Definition at line 876 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, PASSED, and UNSUPPORTED.

Here is the call graph for this function:

◆ privateKeySelinuxAttributes()

TlsValidator::CheckResult jami::tls::TlsValidator::privateKeySelinuxAttributes ( )

SELinux provide additional key protection mechanism.

Definition at line 965 of file tlsvalidator.cpp.

References UNSUPPORTED.

◆ privateKeyStorageLocation()

TlsValidator::CheckResult jami::tls::TlsValidator::privateKeyStorageLocation ( )

Certificate should be located in specific path on some operating systems.

Definition at line 945 of file tlsvalidator.cpp.

References UNSUPPORTED.

◆ privateKeyStoragePermissions()

TlsValidator::CheckResult jami::tls::TlsValidator::privateKeyStoragePermissions ( )

Definition at line 838 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, PASSED, S_IFREG, S_IRGRP, S_IROTH, S_IRUSR, S_IWGRP, S_IWOTH, S_IXGRP, S_IXOTH, S_IXUSR, and UNSUPPORTED.

Here is the call graph for this function:

◆ publicKeyDirectoryPermissions()

TlsValidator::CheckResult jami::tls::TlsValidator::publicKeyDirectoryPermissions ( )

Definition at line 909 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, PASSED, and UNSUPPORTED.

Here is the call graph for this function:

◆ publicKeySelinuxAttributes()

TlsValidator::CheckResult jami::tls::TlsValidator::publicKeySelinuxAttributes ( )

SELinux provide additional key protection mechanism.

Definition at line 975 of file tlsvalidator.cpp.

References UNSUPPORTED.

◆ publicKeyStorageLocation()

TlsValidator::CheckResult jami::tls::TlsValidator::publicKeyStorageLocation ( )

Certificate should be located in specific path on some operating systems.

Definition at line 955 of file tlsvalidator.cpp.

References UNSUPPORTED.

◆ publicKeyStoragePermissions()

TlsValidator::CheckResult jami::tls::TlsValidator::publicKeyStoragePermissions ( )

Definition at line 857 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, PASSED, S_IFREG, S_IRUSR, S_IWGRP, S_IWOTH, S_IXGRP, S_IXOTH, S_IXUSR, and UNSUPPORTED.

Here is the call graph for this function:

◆ requirePrivateKeyPassword()

TlsValidator::CheckResult jami::tls::TlsValidator::requirePrivateKeyPassword ( )

If the key need decryption.

Double factor authentication is recommended

Definition at line 987 of file tlsvalidator.cpp.

References FAILED, and PASSED.

◆ setCaTlsValidator()

void jami::tls::TlsValidator::setCaTlsValidator ( const TlsValidator & validator )

◆ strongSigning()

TlsValidator::CheckResult jami::tls::TlsValidator::strongSigning ( )

If the algorithm used to sign the certificate is considered weak by modern standard.

Definition at line 801 of file tlsvalidator.cpp.

References jami::emitSignal(), exist(), FAILED, PASSED, and UNSUPPORTED.

Here is the call graph for this function:

◆ valid()

TlsValidator::CheckResult jami::tls::TlsValidator::valid ( )

The certificate is invalid compared to the authority.

Todo:: Handle case when there is facultative authority, such as DHT

Definition at line 1019 of file tlsvalidator.cpp.

References FAILED, and PASSED.

◆ validAuthority()

TlsValidator::CheckResult jami::tls::TlsValidator::validAuthority ( )

The provided authority is invalid.

Definition at line 1028 of file tlsvalidator.cpp.

References jami::emitSignal(), FAILED, and PASSED.

Here is the call graph for this function:

The documentation for this class was generated from the following files:

Public Types

Public Member Functions

Detailed Description

Member Typedef Documentation

◆ CheckResult

Member Enumeration Documentation

◆ CertificateCheck

◆ CertificateDetails

◆ CheckValues

◆ CheckValuesType

Constructor & Destructor Documentation

◆ TlsValidator() [1/4]

◆ TlsValidator() [2/4]

◆ TlsValidator() [3/4]

◆ TlsValidator() [4/4]

◆ ~TlsValidator()

Member Function Documentation

◆ activated()

◆ authorityMatch()

◆ exist()

◆ expectedOwner()

◆ getActivationDate()

◆ getCertificate()

◆ getCN()

◆ getExpirationDate()

◆ getIssuer()

◆ getIssuerCN()

◆ getIssuerDN()

◆ getIssuerN()

◆ getIssuerO()

◆ getIssuerUID()

◆ getMd5Fingerprint()

◆ getN()

◆ getO()

◆ getPublicKeyId()

◆ getPublicSignature()

◆ getSerializedChecks()

◆ getSerializedDetails()

◆ getSerialNumber()

◆ getSha1Fingerprint()

◆ getSignatureAlgorithm()

◆ getSubjectKey()

◆ getSubjectKeyAlgorithm()

◆ getUID()

◆ getVersionNumber()

◆ hasCa()

◆ hasPrivateKey()

◆ isCA()

◆ isValid()

◆ keyMatch()

◆ knownAuthority()

◆ notExpired()

◆ notRevoked()

◆ notSelfSigned()

◆ outgoingServer()

◆ privateKeyDirectoryPermissions()

◆ privateKeySelinuxAttributes()

◆ privateKeyStorageLocation()

◆ privateKeyStoragePermissions()

◆ publicKeyDirectoryPermissions()

◆ publicKeySelinuxAttributes()

◆ publicKeyStorageLocation()

◆ publicKeyStoragePermissions()

◆ requirePrivateKeyPassword()

◆ setCaTlsValidator()

◆ strongSigning()

◆ valid()

◆ validAuthority()