[glib-networking/pgriffis/gtlscertificate-password: 2/2] certificate: Print better criticals when double setting construct properties
- From: Patrick Griffis <pgriffis src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/pgriffis/gtlscertificate-password: 2/2] certificate: Print better criticals when double setting construct properties
- Date: Thu, 9 Sep 2021 18:02:33 +0000 (UTC)
commit 209d4bf8e4e043375031aa7977a0a9bc4a41e4e5
Author: Patrick Griffis <pgriffis igalia com>
Date: Thu Sep 9 13:02:27 2021 -0500
certificate: Print better criticals when double setting construct properties
tls/gnutls/gtlscertificate-gnutls.c | 47 ++++++++++++++++++++++++++---------
tls/openssl/gtlscertificate-openssl.c | 43 ++++++++++++++++++++++++++------
2 files changed, 70 insertions(+), 20 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index af8e6244..dddaa82f 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -440,6 +440,33 @@ g_tls_certificate_gnutls_get_property (GObject *object,
}
}
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (gnutls->have_key) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (gnutls->have_cert) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+ { \
+ CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+ CRITICAL_IF_KEY_INITIALIZED (property_name); \
+ } \
+G_STMT_END
+
static void
g_tls_certificate_gnutls_set_property (GObject *object,
guint prop_id,
@@ -458,8 +485,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
gnutls->password = g_value_dup_string (value);
if (gnutls->password)
{
- g_return_if_fail (gnutls->have_cert == FALSE);
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("password");
maybe_import_pkcs12 (gnutls);
}
break;
@@ -468,8 +494,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
gnutls->pkcs12_data = g_value_dup_boxed (value);
if (gnutls->pkcs12_data)
{
- g_return_if_fail (gnutls->have_cert == FALSE);
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("pkcs12-data");
maybe_import_pkcs12 (gnutls);
}
break;
@@ -478,7 +503,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (gnutls->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
data.data = bytes->data;
data.size = bytes->len;
status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -499,7 +524,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
data.data = (void *)string;
data.size = strlen (string);
status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -519,7 +544,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key");
data.data = bytes->data;
data.size = bytes->len;
if (!gnutls->key)
@@ -542,7 +567,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
data.data = (void *)string;
data.size = strlen (string);
if (!gnutls->key)
@@ -569,8 +594,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_cert == FALSE);
- g_return_if_fail (!gnutls->pkcs11_uri);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("pkcs11-uri");
gnutls->pkcs11_uri = g_strdup (string);
@@ -592,8 +616,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_key == FALSE);
- g_return_if_fail (!gnutls->private_key_pkcs11_uri);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key-pkcs11-uri");
gnutls->private_key_pkcs11_uri = g_strdup (string);
break;
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index e3233d20..ce1fedd0 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -441,6 +441,33 @@ g_tls_certificate_openssl_get_property (GObject *object,
}
}
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (openssl->have_key) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (openssl->have_cert) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+ { \
+ CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+ CRITICAL_IF_KEY_INITIALIZED (property_name); \
+ } \
+G_STMT_END
+
static void
g_tls_certificate_openssl_set_property (GObject *object,
guint prop_id,
@@ -459,8 +486,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->password = g_value_dup_string (value);
if (openssl->password)
{
- g_return_if_fail (openssl->have_cert == FALSE);
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("password");
maybe_import_pkcs12 (openssl);
}
break;
@@ -469,8 +495,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->pkcs12_data = g_value_dup_boxed (value);
if (openssl->pkcs12_data)
{
- g_return_if_fail (openssl->have_cert == FALSE);
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("pkcs12-data");
maybe_import_pkcs12 (openssl);
}
break;
@@ -479,7 +504,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (openssl->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
/* see that we cannot use bytes->data directly since it will move the pointer */
data = bytes->data;
openssl->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
@@ -499,7 +524,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (openssl->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
bio = BIO_new_mem_buf ((gpointer)string, -1);
openssl->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
BIO_free (bio);
@@ -518,7 +543,8 @@ g_tls_certificate_openssl_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key");
+
bio = BIO_new_mem_buf (bytes->data, bytes->len);
openssl->key = d2i_PrivateKey_bio (bio, NULL);
BIO_free (bio);
@@ -537,7 +563,8 @@ g_tls_certificate_openssl_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
+
bio = BIO_new_mem_buf ((gpointer)string, -1);
openssl->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
BIO_free (bio);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]