[glib-networking/pgriffis/gtlscertificate-password: 15/15] certificate: Print better criticals when double setting construct properties




commit 5ff768ac5e5c6497d87d9d869eefb54588ac1044
Author: Patrick Griffis <pgriffis igalia com>
Date:   Thu Sep 9 13:02:27 2021 -0500

    certificate: Print better criticals when double setting construct properties
    
    Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/184>

 tls/gnutls/gtlscertificate-gnutls.c   | 47 ++++++++++++++++++++++++++---------
 tls/openssl/gtlscertificate-openssl.c | 43 ++++++++++++++++++++++++++------
 2 files changed, 70 insertions(+), 20 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index 1b2f4a9b..45e68f7e 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -443,6 +443,33 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
     }
 }
 
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (gnutls->have_key) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (gnutls->have_cert) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+  { \
+    CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+    CRITICAL_IF_KEY_INITIALIZED (property_name); \
+  } \
+G_STMT_END
+
 static void
 g_tls_certificate_gnutls_set_property (GObject      *object,
                                        guint         prop_id,
@@ -461,8 +488,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       gnutls->password = g_value_dup_string (value);
       if (gnutls->password)
         {
-          g_return_if_fail (gnutls->have_cert == FALSE);
-          g_return_if_fail (gnutls->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("password");
           maybe_import_pkcs12 (gnutls);
         }
       break;
@@ -471,8 +497,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       gnutls->pkcs12_data = g_value_dup_boxed (value);
       if (gnutls->pkcs12_data)
         {
-          g_return_if_fail (gnutls->have_cert == FALSE);
-          g_return_if_fail (gnutls->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("pkcs12-data");
           maybe_import_pkcs12 (gnutls);
         }
       break;
@@ -481,7 +506,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (gnutls->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
       data.data = bytes->data;
       data.size = bytes->len;
       status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -502,7 +527,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
       data.data = (void *)string;
       data.size = strlen (string);
       status = gnutls_x509_crt_import (gnutls->cert, &data,
@@ -522,7 +547,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (gnutls->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key");
       data.data = bytes->data;
       data.size = bytes->len;
       if (!gnutls->key)
@@ -545,7 +570,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
       data.data = (void *)string;
       data.size = strlen (string);
       if (!gnutls->key)
@@ -572,8 +597,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_cert == FALSE);
-      g_return_if_fail (!gnutls->pkcs11_uri);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("pkcs11-uri");
 
       gnutls->pkcs11_uri = g_strdup (string);
 
@@ -595,8 +619,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->have_key == FALSE);
-      g_return_if_fail (!gnutls->private_key_pkcs11_uri);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key-pkcs11-uri");
 
       gnutls->private_key_pkcs11_uri = g_strdup (string);
       break;
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index d57f5eee..ec817170 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -441,6 +441,33 @@ g_tls_certificate_openssl_get_property (GObject    *object,
     }
 }
 
+#define CRITICAL_IF_KEY_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (openssl->have_key) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a private key was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_CERTIFICATE_INITIALIZED(property_name) G_STMT_START \
+  { \
+    if (openssl->have_cert) \
+      { \
+        g_critical ("GTlsCertificate: Failed to set construct property \"%s\" because a certificate was 
already set earlier during construction.", property_name); \
+        return; \
+      } \
+  } \
+G_STMT_END
+
+#define CRITICAL_IF_INITIALIZED(property_name) G_STMT_START \
+  { \
+    CRITICAL_IF_CERTIFICATE_INITIALIZED (property_name); \
+    CRITICAL_IF_KEY_INITIALIZED (property_name); \
+  } \
+G_STMT_END
+
 static void
 g_tls_certificate_openssl_set_property (GObject      *object,
                                        guint         prop_id,
@@ -460,8 +487,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       openssl->password = g_value_dup_string (value);
       if (openssl->password)
         {
-          g_return_if_fail (openssl->have_cert == FALSE);
-          g_return_if_fail (openssl->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("password");
           maybe_import_pkcs12 (openssl);
         }
       break;
@@ -470,8 +496,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       openssl->pkcs12_data = g_value_dup_boxed (value);
       if (openssl->pkcs12_data)
         {
-          g_return_if_fail (openssl->have_cert == FALSE);
-          g_return_if_fail (openssl->have_key == FALSE);
+          CRITICAL_IF_INITIALIZED ("pkcs12-data");
           maybe_import_pkcs12 (openssl);
         }
       break;
@@ -480,7 +505,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (openssl->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate");
       /* see that we cannot use bytes->data directly since it will move the pointer */
       data = bytes->data;
       openssl->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
@@ -501,7 +526,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (openssl->have_cert == FALSE);
+      CRITICAL_IF_CERTIFICATE_INITIALIZED ("certificate-pem");
       bio = BIO_new_mem_buf ((gpointer)string, -1);
       openssl->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
       BIO_free (bio);
@@ -521,7 +546,8 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (openssl->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key");
+
       bio = BIO_new_mem_buf (bytes->data, bytes->len);
       openssl->key = d2i_PrivateKey_bio (bio, NULL);
       BIO_free (bio);
@@ -541,7 +567,8 @@ g_tls_certificate_openssl_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (openssl->have_key == FALSE);
+      CRITICAL_IF_KEY_INITIALIZED ("private-key-pem");
+
       bio = BIO_new_mem_buf ((gpointer)string, -1);
       openssl->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
       BIO_free (bio);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]