Ticket #10842: filezilla_trust_cert.patch

src/interface/verifycertdialog.cpp

@@ -147 +147 @@
             XRCCTRL(*m_pDlg, "ID_ALWAYS", wxCheckBox)->Hide();
     }
 
+    m_curSelect = 0;
     m_certificates = notification.GetCertificates();
     if (m_certificates.size() == 1) {
         XRCCTRL(*m_pDlg, "ID_CHAIN_DESC", wxStaticText)->Hide();
@@ -230 +231 @@
     m_pDlg = 0;
 }
 
+wxString CVerifyCertDialog::GetCNValue(const wxString& dn)
+{
+    wxStringTokenizer tokens(dn, _T(","));
+
+    std::list<wxString> tokenlist;
+    while (tokens.HasMoreTokens())
+        tokenlist.push_back(tokens.GetNextToken());
+
+    wxString prefix = _T("CN=");
+    int len = prefix.Length();
+
+    wxString value;
+
+    bool append = false;
+
+    auto iter = tokenlist.begin();
+    while (iter != tokenlist.end())
+    {
+        if (!append)
+        {
+            if (iter->Left(len) != prefix)
+            {
+                ++iter;
+                continue;
+            }
+            if (!value.empty())
+                value += _T("\n");
+        }
+        else
+        {
+            append = false;
+            value += _T(",");
+        }
+        value += iter->Mid(len);
+        if (iter->Last() == '\\')
+        {
+            value.RemoveLast();
+            append = true;
+            len = 0;
+        }
+        auto remove = iter++;
+        tokenlist.erase(remove);
+    }
+    return value;
+}
+
 void CVerifyCertDialog::ParseDN(wxWindow* parent, const wxString& dn, wxSizer* pSizer)
 {
     pSizer->Clear(true);
@@ -329 +376 @@
 
     LoadTrustedCerts();
 
-    unsigned int len;
-    CCertificate cert =  notification.GetCertificates()[0];
-    const unsigned char* data = cert.GetRawData(len);
+    for (unsigned int i = 0; i < notification.GetCertificates().size(); ++i) {
+        if (i > 0) {
+            unsigned int len;
+            CCertificate cert =  notification.GetCertificates()[i];
+            const unsigned char* data = cert.GetRawData(len);
+            wxString sCN = GetCNValue(cert.GetSubject());
 
-    return IsTrusted(notification.GetHost(), notification.GetPort(), data, len, false);
+            if (IsTrusted(sCN, 0, data, len, false)) {
+                return true;
+            }
+        }
+        else {
+            unsigned int len;
+            CCertificate cert =  notification.GetCertificates()[0];
+            const unsigned char* data = cert.GetRawData(len);
+
+            if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, false)) {
+                return true;
+            }
+        }
+        }
+    return false;
 }
 
 bool CVerifyCertDialog::DoIsTrusted(const wxString& host, int port, const unsigned char* data, unsigned int len, std::list<CVerifyCertDialog::t_certData> const& trustedCerts)
@@ -465 +529 @@
 
         data.host = GetTextElement(cert, "Host");
         data.port = GetTextElementInt(cert, "Port");
-        if (data.host.empty() || data.port < 1 || data.port > 65535)
+        if (data.port == 0) {
+            // use for non-first cert
+        }
+        else if (data.host.empty() || data.port < 1 || data.port > 65535)
             remove = cert;
 
         int64_t activationTime = GetTextElementInt(cert, "ActivationTime", 0);
@@ -498 +565 @@
 
 void CVerifyCertDialog::SetPermanentlyTrusted(CCertificateNotification const& notification)
 {
-    const CCertificate certificate = notification.GetCertificates()[0];
+    wxString sCN = _T("");
+    const CCertificate certificate = notification.GetCertificates()[m_curSelect];
     unsigned int len;
     const unsigned char* const data = certificate.GetRawData(len);
 
     CReentrantInterProcessMutexLocker mutex(MUTEX_TRUSTEDCERTS);
     LoadTrustedCerts();
 
-    if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) {
-        return;
+    if (m_curSelect > 0) {
+        sCN = GetCNValue(certificate.GetSubject());
+        if (IsTrusted(sCN, 0, data, len, true)) {
+            return;
+        }
+    }
+    else {
+        if (IsTrusted(notification.GetHost(), notification.GetPort(), data, len, true)) {
+            return;
+        }
     }
 
     t_certData cert;
-    cert.host = notification.GetHost();
-    cert.port = notification.GetPort();
+    if (m_curSelect > 0) {
+        cert.host = sCN;
+        cert.port = 0;
+    }
+    else {
+        cert.host = notification.GetHost();
+        cert.port = notification.GetPort();
+    }
     cert.len = len;
     cert.data = new unsigned char[len];
     memcpy(cert.data, data, len);
@@ -534 +616 @@
     AddTextElement(xCert, "Data", ConvertHexToString(data, len));
     AddTextElement(xCert, "ActivationTime", static_cast<int64_t>(certificate.GetActivationTime().get_time_t()));
     AddTextElement(xCert, "ExpirationTime", static_cast<int64_t>(certificate.GetExpirationTime().get_time_t()));
-    AddTextElement(xCert, "Host", notification.GetHost());
-    AddTextElement(xCert, "Port", notification.GetPort());
+    if (m_curSelect > 0) {
+        AddTextElement(xCert, "Host", sCN);
+        AddTextElement(xCert, "Port", 0);
+    }
+    else {
+        AddTextElement(xCert, "Host", notification.GetHost());
+        AddTextElement(xCert, "Port", notification.GetPort());
+    }
 
     m_xmlFile.Save(true);
 }
@@ -590 +678 @@
     int sel = event.GetSelection();
     if (sel < 0 || sel > (int)m_certificates.size())
         return;
+    m_curSelect = sel;
     DisplayCert(m_pDlg, m_certificates[sel]);
 
     m_pDlg->Layout();

src/interface/verifycertdialog.h

@@ -28 +28 @@
 
     bool DisplayCert(wxDialogEx* pDlg, const CCertificate& cert);
 
+    wxString GetCNValue(const wxString& dn);
     void ParseDN(wxWindow* parent, const wxString& dn, wxSizer* pSizer);
     void ParseDN_by_prefix(wxWindow* parent, std::list<wxString>& tokens, wxString prefix, const wxString& name, wxSizer* pSizer, bool decode = false);
 
@@ -50 +51 @@
     wxSizer* m_pSubjectSizer{};
     wxSizer* m_pIssuerSizer{};
     int line_height_{};
+    unsigned int m_curSelect;
 
     void OnCertificateChoice(wxCommandEvent& event);
 };