diff options
author | Patrick Griffis <pgriffis@igalia.com> | 2021-09-09 13:02:27 -0500 |
---|---|---|
committer | Marge Bot <marge-bot@gnome.org> | 2022-08-15 19:12:25 +0000 |
commit | 5ff768ac5e5c6497d87d9d869eefb54588ac1044 (patch) | |
tree | f64cb700c8dbd33c6171bb900595d7fabf8e2aa8 | |
parent | 683b9b3733e92e677c601910ba9593aacaa78341 (diff) | |
download | glib-networking-5ff768ac5e5c6497d87d9d869eefb54588ac1044.tar.gz |
certificate: Print better criticals when double setting construct properties
Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/184>
-rw-r--r-- | tls/gnutls/gtlscertificate-gnutls.c | 47 | ||||
-rw-r--r-- | tls/openssl/gtlscertificate-openssl.c | 43 |
2 files changed, 70 insertions, 20 deletions
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c index 1b2f4a9..45e68f7 100644 --- a/tls/gnutls/gtlscertificate-gnutls.c +++ b/tls/gnutls/gtlscertificate-gnutls.c @@ -443,6 +443,33 @@ g_tls_certificate_gnutls_get_property (GObject *object, } } +#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \ + { \ + if (gnutls->have_key) \ + { \ + g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was already set earlier during construction.", property_name); \ + return; \ + } \ + } \ +G_STMT_END + +#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \ + { \ + if (gnutls->have_cert) \ + { \ + g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was already set earlier during construction.", property_name); \ + return; \ + } \ + } \ +G_STMT_END + +#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \ + { \ + CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \ + CRITICAL_IF_KEY_INITIALIZED (property_name); \ + } \ +G_STMT_END + static void g_tls_certificate_gnutls_set_property (GObject *object, guint prop_id, @@ -461,8 +488,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, gnutls->password = g_value_dup_string (value); if (gnutls->password) { - g_return_if_fail (gnutls->have_cert == FALSE); - g_return_if_fail (gnutls->have_key == FALSE); + CRITICAL_IF_INITIALIZED ("password"); maybe_import_pkcs12 (gnutls); } break; @@ -471,8 +497,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, gnutls->pkcs12_data = g_value_dup_boxed (value); if (gnutls->pkcs12_data) { - g_return_if_fail (gnutls->have_cert == FALSE); - g_return_if_fail (gnutls->have_key == FALSE); + CRITICAL_IF_INITIALIZED ("pkcs12-data"); maybe_import_pkcs12 (gnutls); } break; @@ -481,7 +506,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, bytes = g_value_get_boxed (value); if (!bytes) break; - g_return_if_fail (gnutls->have_cert == FALSE); + CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate"); data.data = bytes->data; data.size = bytes->len; status = gnutls_x509_crt_import (gnutls->cert, &data, @@ -502,7 +527,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, string = g_value_get_string (value); if (!string) break; - g_return_if_fail (gnutls->have_cert == FALSE); + CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem"); data.data = (void *)string; data.size = strlen (string); status = gnutls_x509_crt_import (gnutls->cert, &data, @@ -522,7 +547,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, bytes = g_value_get_boxed (value); if (!bytes) break; - g_return_if_fail (gnutls->have_key == FALSE); + CRITICAL_IF_KEY_INITIALIZED ("private-key"); data.data = bytes->data; data.size = bytes->len; if (!gnutls->key) @@ -545,7 +570,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, string = g_value_get_string (value); if (!string) break; - g_return_if_fail (gnutls->have_key == FALSE); + CRITICAL_IF_KEY_INITIALIZED ("private-key-pem"); data.data = (void *)string; data.size = strlen (string); if (!gnutls->key) @@ -572,8 +597,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, string = g_value_get_string (value); if (!string) break; - g_return_if_fail (gnutls->have_cert == FALSE); - g_return_if_fail (!gnutls->pkcs11_uri); + CRITICAL_IF_CERTIFICATE_INITIALIZED ("pkcs11-uri"); gnutls->pkcs11_uri = g_strdup (string); @@ -595,8 +619,7 @@ g_tls_certificate_gnutls_set_property (GObject *object, string = g_value_get_string (value); if (!string) break; - g_return_if_fail (gnutls->have_key == FALSE); - g_return_if_fail (!gnutls->private_key_pkcs11_uri); + CRITICAL_IF_KEY_INITIALIZED ("private-key-pkcs11-uri"); gnutls->private_key_pkcs11_uri = g_strdup (string); break; diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c index d57f5ee..ec81717 100644 --- a/tls/openssl/gtlscertificate-openssl.c +++ b/tls/openssl/gtlscertificate-openssl.c @@ -441,6 +441,33 @@ g_tls_certificate_openssl_get_property (GObject *object, } } +#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \ + { \ + if (openssl->have_key) \ + { \ + g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was already set earlier during construction.", property_name); \ + return; \ + } \ + } \ +G_STMT_END + +#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \ + { \ + if (openssl->have_cert) \ + { \ + g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was already set earlier during construction.", property_name); \ + return; \ + } \ + } \ +G_STMT_END + +#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \ + { \ + CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \ + CRITICAL_IF_KEY_INITIALIZED (property_name); \ + } \ +G_STMT_END + static void g_tls_certificate_openssl_set_property (GObject *object, guint prop_id, @@ -460,8 +487,7 @@ g_tls_certificate_openssl_set_property (GObject *object, openssl->password = g_value_dup_string (value); if (openssl->password) { - g_return_if_fail (openssl->have_cert == FALSE); - g_return_if_fail (openssl->have_key == FALSE); + CRITICAL_IF_INITIALIZED ("password"); maybe_import_pkcs12 (openssl); } break; @@ -470,8 +496,7 @@ g_tls_certificate_openssl_set_property (GObject *object, openssl->pkcs12_data = g_value_dup_boxed (value); if (openssl->pkcs12_data) { - g_return_if_fail (openssl->have_cert == FALSE); - g_return_if_fail (openssl->have_key == FALSE); + CRITICAL_IF_INITIALIZED ("pkcs12-data"); maybe_import_pkcs12 (openssl); } break; @@ -480,7 +505,7 @@ g_tls_certificate_openssl_set_property (GObject *object, bytes = g_value_get_boxed (value); if (!bytes) break; - g_return_if_fail (openssl->have_cert == FALSE); + CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate"); /* see that we cannot use bytes->data directly since it will move the pointer */ data = bytes->data; openssl->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len); @@ -501,7 +526,7 @@ g_tls_certificate_openssl_set_property (GObject *object, string = g_value_get_string (value); if (!string) break; - g_return_if_fail (openssl->have_cert == FALSE); + CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem"); bio = BIO_new_mem_buf ((gpointer)string, -1); openssl->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL); BIO_free (bio); @@ -521,7 +546,8 @@ g_tls_certificate_openssl_set_property (GObject *object, bytes = g_value_get_boxed (value); if (!bytes) break; - g_return_if_fail (openssl->have_key == FALSE); + CRITICAL_IF_KEY_INITIALIZED ("private-key"); + bio = BIO_new_mem_buf (bytes->data, bytes->len); openssl->key = d2i_PrivateKey_bio (bio, NULL); BIO_free (bio); @@ -541,7 +567,8 @@ g_tls_certificate_openssl_set_property (GObject *object, string = g_value_get_string (value); if (!string) break; - g_return_if_fail (openssl->have_key == FALSE); + CRITICAL_IF_KEY_INITIALIZED ("private-key-pem"); + bio = BIO_new_mem_buf ((gpointer)string, -1); openssl->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL); BIO_free (bio); |