[glib-networking/pgriffis/gtlscertificate-password: 2/2] certificate: Print better criticals when double setting construct properties




commit 209d4bf8e4e043375031aa7977a0a9bc4a41e4e5
Author: Patrick Griffis <pgriffis igalia com>
Date:   Thu Sep 9 13:02:27 2021 -0500

    certificate: Print better criticals when double setting construct properties

 tls/gnutls/gtlscertificate-gnutls.c   | 47 ++++++++++++++++++++++++++---------
 tls/openssl/gtlscertificate-openssl.c | 43 ++++++++++++++++++++++++++------
 2 files changed, 70 insertions(+), 20 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index af8e6244..dddaa82f 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -440,6 +440,33 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
     }
 }
 
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (gnutls->have_key) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (gnutls->have_cert) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+  { \
+    CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+    CRITICAL_IF_KEY_INITIALIZED (property_name); \
+  } \
+G_STMT_END
+
 static void
 g_tls_certificate_gnutls_set_property (GObject      *object,
                                        guint         prop_id,
@@ -458,8 +485,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       gnutls->password = g_value_dup_string (value);
       if (gnutls->password)
         {
-          g_return_if_fail (gnutls->have_cert == FALSE);
-          g_return_if_fail (gnutls->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("password");
           maybe_import_pkcs12 (gnutls);
         }
       break;
@@ -468,8 +494,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       gnutls->pkcs12_data = g_value_dup_boxed (value);
       if (gnutls->pkcs12_data)
         {
-          g_return_if_fail (gnutls->have_cert == FALSE);
-          g_return_if_fail (gnutls->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("pkcs12-data");
           maybe_import_pkcs12 (gnutls);
         }
       break;
@@ -478,7 +503,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (gnutls->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
       data.data = bytes->data;
       data.size = bytes->len;
       status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -499,7 +524,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
       data.data = (void *)string;
       data.size = strlen (string);
       status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -519,7 +544,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (gnutls->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key");
       data.data = bytes->data;
       data.size = bytes->len;
       if (!gnutls->key)
@@ -542,7 +567,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
       data.data = (void *)string;
       data.size = strlen (string);
       if (!gnutls->key)
@@ -569,8 +594,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_cert == FALSE);
-      g_return_if_fail (!gnutls->pkcs11_uri);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("pkcs11-uri");
 
       gnutls->pkcs11_uri = g_strdup (string);
 
@@ -592,8 +616,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_key == FALSE);
-      g_return_if_fail (!gnutls->private_key_pkcs11_uri);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key-pkcs11-uri");
 
       gnutls->private_key_pkcs11_uri = g_strdup (string);
       break;
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index e3233d20..ce1fedd0 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -441,6 +441,33 @@ g_tls_certificate_openssl_get_property (GObject    *object,
     }
 }
 
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (openssl->have_key) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (openssl->have_cert) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+  { \
+    CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+    CRITICAL_IF_KEY_INITIALIZED (property_name); \
+  } \
+G_STMT_END
+
 static void
 g_tls_certificate_openssl_set_property (GObject      *object,
                                        guint         prop_id,
@@ -459,8 +486,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       openssl->password = g_value_dup_string (value);
       if (openssl->password)
         {
-          g_return_if_fail (openssl->have_cert == FALSE);
-          g_return_if_fail (openssl->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("password");
           maybe_import_pkcs12 (openssl);
         }
       break;
@@ -469,8 +495,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       openssl->pkcs12_data = g_value_dup_boxed (value);
       if (openssl->pkcs12_data)
         {
-          g_return_if_fail (openssl->have_cert == FALSE);
-          g_return_if_fail (openssl->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("pkcs12-data");
           maybe_import_pkcs12 (openssl);
         }
       break;
@@ -479,7 +504,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (openssl->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
       /* see that we cannot use bytes->data directly since it will move the pointer */
       data = bytes->data;
       openssl->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
@@ -499,7 +524,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (openssl->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
       bio = BIO_new_mem_buf ((gpointer)string, -1);
       openssl->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
       BIO_free (bio);
@@ -518,7 +543,8 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (openssl->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key");
+
       bio = BIO_new_mem_buf (bytes->data, bytes->len);
       openssl->key = d2i_PrivateKey_bio (bio, NULL);
       BIO_free (bio);
@@ -537,7 +563,8 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (openssl->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
+
       bio = BIO_new_mem_buf ((gpointer)string, -1);
       openssl->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
       BIO_free (bio);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]