[glib-networking/pgriffis/gtlscertificate-password: 15/15] certificate: Print better criticals when double setting construct properties
- From: Marge Bot <marge-bot src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/pgriffis/gtlscertificate-password: 15/15] certificate: Print better criticals when double setting construct properties
- Date: Mon, 15 Aug 2022 19:12:36 +0000 (UTC)
commit 5ff768ac5e5c6497d87d9d869eefb54588ac1044
Author: Patrick Griffis <pgriffis igalia com>
Date: Thu Sep 9 13:02:27 2021 -0500
certificate: Print better criticals when double setting construct properties
Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/184>
tls/gnutls/gtlscertificate-gnutls.c | 47 ++++++++++++++++++++++++++---------
tls/openssl/gtlscertificate-openssl.c | 43 ++++++++++++++++++++++++++------
2 files changed, 70 insertions(+), 20 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index 1b2f4a9b..45e68f7e 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -443,6 +443,33 @@ g_tls_certificate_gnutls_get_property (GObject *object,
}
}
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (gnutls->have_key) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (gnutls->have_cert) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+ { \
+ CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+ CRITICAL_IF_KEY_INITIALIZED (property_name); \
+ } \
+G_STMT_END
+
static void
g_tls_certificate_gnutls_set_property (GObject *object,
guint prop_id,
@@ -461,8 +488,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
gnutls->password = g_value_dup_string (value);
if (gnutls->password)
{
- g_return_if_fail (gnutls->have_cert == FALSE);
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("password");
maybe_import_pkcs12 (gnutls);
}
break;
@@ -471,8 +497,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
gnutls->pkcs12_data = g_value_dup_boxed (value);
if (gnutls->pkcs12_data)
{
- g_return_if_fail (gnutls->have_cert == FALSE);
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("pkcs12-data");
maybe_import_pkcs12 (gnutls);
}
break;
@@ -481,7 +506,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (gnutls->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
data.data = bytes->data;
data.size = bytes->len;
status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -502,7 +527,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
data.data = (void *)string;
data.size = strlen (string);
status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -522,7 +547,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key");
data.data = bytes->data;
data.size = bytes->len;
if (!gnutls->key)
@@ -545,7 +570,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
data.data = (void *)string;
data.size = strlen (string);
if (!gnutls->key)
@@ -572,8 +597,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_cert == FALSE);
- g_return_if_fail (!gnutls->pkcs11_uri);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("pkcs11-uri");
gnutls->pkcs11_uri = g_strdup (string);
@@ -595,8 +619,7 @@ g_tls_certificate_gnutls_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (gnutls->have_key == FALSE);
- g_return_if_fail (!gnutls->private_key_pkcs11_uri);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key-pkcs11-uri");
gnutls->private_key_pkcs11_uri = g_strdup (string);
break;
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index d57f5eee..ec817170 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -441,6 +441,33 @@ g_tls_certificate_openssl_get_property (GObject *object,
}
}
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (openssl->have_key) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+ { \
+ if (openssl->have_cert) \
+ { \
+ g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was
already set earlier during construction.", property_name); \
+ return; \
+ } \
+ } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+ { \
+ CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+ CRITICAL_IF_KEY_INITIALIZED (property_name); \
+ } \
+G_STMT_END
+
static void
g_tls_certificate_openssl_set_property (GObject *object,
guint prop_id,
@@ -460,8 +487,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->password = g_value_dup_string (value);
if (openssl->password)
{
- g_return_if_fail (openssl->have_cert == FALSE);
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("password");
maybe_import_pkcs12 (openssl);
}
break;
@@ -470,8 +496,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->pkcs12_data = g_value_dup_boxed (value);
if (openssl->pkcs12_data)
{
- g_return_if_fail (openssl->have_cert == FALSE);
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_INITIALIZED ("pkcs12-data");
maybe_import_pkcs12 (openssl);
}
break;
@@ -480,7 +505,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (openssl->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
/* see that we cannot use bytes->data directly since it will move the pointer */
data = bytes->data;
openssl->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
@@ -501,7 +526,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (openssl->have_cert == FALSE);
+ CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
bio = BIO_new_mem_buf ((gpointer)string, -1);
openssl->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
BIO_free (bio);
@@ -521,7 +546,8 @@ g_tls_certificate_openssl_set_property (GObject *object,
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key");
+
bio = BIO_new_mem_buf (bytes->data, bytes->len);
openssl->key = d2i_PrivateKey_bio (bio, NULL);
BIO_free (bio);
@@ -541,7 +567,8 @@ g_tls_certificate_openssl_set_property (GObject *object,
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (openssl->have_key == FALSE);
+ CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
+
bio = BIO_new_mem_buf ((gpointer)string, -1);
openssl->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
BIO_free (bio);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]