274
file_has_extension (const char *filename, const char *extensions[])
278
gboolean found = FALSE;
280
p = strrchr (filename, '.');
284
ext = g_ascii_strdown (p, -1);
286
while (extensions[i]) {
287
if (!strcmp (ext, extensions[i++])) {
300
find_tag (const char *tag, const char *buf, gsize len)
304
taglen = strlen (tag);
308
for (i = 0; i < len - taglen + 1; i++) {
309
if (memcmp (buf + i, tag, taglen) == 0)
315
static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
316
static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----";
317
static const char *pem_pkcs8_enc_key_begin = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
318
static const char *pem_pkcs8_dec_key_begin = "-----BEGIN PRIVATE KEY-----";
319
static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
320
static const char *proc_type_tag = "Proc-Type: 4,ENCRYPTED";
321
static const char *dek_info_tag = "DEK-Info:";
324
pem_file_is_encrypted (const char *buffer, gsize bytes_read)
326
/* Check if the private key is encrypted or not by looking for the
327
* old OpenSSL-style proc-type and dec-info tags.
329
if (find_tag (proc_type_tag, (const char *) buffer, bytes_read)) {
330
if (find_tag (dek_info_tag, (const char *) buffer, bytes_read))
337
file_is_der_or_pem (const char *filename,
339
gboolean *out_privkey_encrypted)
342
unsigned char buffer[8192];
344
gboolean success = FALSE;
346
fd = open (filename, O_RDONLY);
350
bytes_read = read (fd, buffer, sizeof (buffer) - 1);
351
if (bytes_read < 400) /* needs to be lower? */
353
buffer[bytes_read] = '\0';
355
/* Check for DER signature */
356
if (bytes_read > 2 && buffer[0] == 0x30 && buffer[1] == 0x82) {
361
/* Check for PEM signatures */
363
if (find_tag (pem_rsa_key_begin, (const char *) buffer, bytes_read)) {
365
if (out_privkey_encrypted)
366
*out_privkey_encrypted = pem_file_is_encrypted ((const char *) buffer, bytes_read);
370
if (find_tag (pem_dsa_key_begin, (const char *) buffer, bytes_read)) {
372
if (out_privkey_encrypted)
373
*out_privkey_encrypted = pem_file_is_encrypted ((const char *) buffer, bytes_read);
377
if (find_tag (pem_pkcs8_enc_key_begin, (const char *) buffer, bytes_read)) {
379
if (out_privkey_encrypted)
380
*out_privkey_encrypted = TRUE;
384
if (find_tag (pem_pkcs8_dec_key_begin, (const char *) buffer, bytes_read)) {
386
if (out_privkey_encrypted)
387
*out_privkey_encrypted = FALSE;
391
if (find_tag (pem_cert_begin, (const char *) buffer, bytes_read)) {
286
404
default_filter_privkey (const GtkFileFilterInfo *filter_info, gpointer user_data)
288
gboolean require_encrypted = !!user_data;
289
gboolean is_encrypted;
406
const char *extensions[] = { ".der", ".pem", ".p12", ".key", NULL };
291
408
if (!filter_info->filename)
294
is_encrypted = FALSE;
295
if (!nm_utils_file_is_private_key (filter_info->filename, &is_encrypted))
411
if (!file_has_extension (filter_info->filename, extensions))
298
return require_encrypted ? is_encrypted : TRUE;
302
418
default_filter_cert (const GtkFileFilterInfo *filter_info, gpointer user_data)
420
const char *extensions[] = { ".der", ".pem", ".crt", ".cer", NULL };
304
422
if (!filter_info->filename)
307
if (!nm_utils_file_is_certificate (filter_info->filename))
425
if (!file_has_extension (filter_info->filename, extensions))