GmCerts: Make the server port known

author: Jaakko Keränen <jaakko.keranen@iki.fi> 2021-07-13 10:41:00 +0300
committer: Jaakko Keränen <jaakko.keranen@iki.fi> 2021-07-13 10:41:00 +0300
commit: 07156681f635a18f0b4e8e76fce60a723c8cddd8 (patch)
tree: 5491820c9deb03ef02d174fe03bbe1bc6b012b98
parent: 0076a605540337bd89d37b7887541144e44b20f3 (diff)
6 files changed, 74 insertions, 17 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c
index 8577cf2b..4b84aa05 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -426,7 +426,7 @@ iBool verifyDomain_GmCerts(const iTlsCertificate *cert, iRangecc domain) {
    return iFalse;
 }
-iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *cert) {
+iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTlsCertificate *cert) {
    if (!cert) {
        return iFalse;
    }
@@ -441,6 +441,9 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
    /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
    /* Good certificate. If not already trusted, add it now. */
    iString *key = newRange_String(domain);
+    if (port && port != GEMINI_DEFAULT_PORT) {
+        appendFormat_String(key, ":%u", port);
+    }
    iDate until;
    validUntil_TlsCertificate(cert, &until);
    iBlock *fingerprint = fingerprint_TlsCertificate(cert);
@@ -471,10 +474,13 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
    return iTrue;
 }
-void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint,
+void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iBlock *fingerprint,
                        const iDate *validUntil) {
    iString *key = collectNew_String();
    punyEncodeDomain_Rangecc(domain, key);
+    if (port && port != GEMINI_DEFAULT_PORT) {
+        appendFormat_String(key, ":%u", port);
+    }
    lock_Mutex(d->mtx);
    iTrustEntry *trust = value_StringHash(d->trusted, key);
    if (trust) {
@@ -488,12 +494,15 @@ void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint,
    unlock_Mutex(d->mtx);
 }
-iTime domainValidUntil_GmCerts(const iGmCerts *d, iRangecc domain) {
+iTime domainValidUntil_GmCerts(const iGmCerts *d, iRangecc domain, uint16_t port) {
    iTime expiry;
    iZap(expiry);
    lock_Mutex(d->mtx);
    iString key;
    initRange_String(&key, domain);
+    if (port && port != GEMINI_DEFAULT_PORT) {
+        appendFormat_String(&key, ":%u", port);
+    }
    const iTrustEntry *trust = constValue_StringHash(d->trusted, &key);
    if (trust) {
        expiry = trust->validUntil;
diff --git a/src/gmcerts.h b/src/gmcerts.h
index a962d8b6..1a9480f7 100644
--- a/src/gmcerts.h
+++ b/src/gmcerts.h
@@ -60,10 +60,10 @@ iDeclareTypeConstructionArgs(GmCerts, const char *saveDir)
 typedef iBool (*iGmCertsIdentityFilterFunc)(void *context, const iGmIdentity *);
-iBool               checkTrust_GmCerts      (iGmCerts *, iRangecc domain, const iTlsCertificate *cert);
+iBool               checkTrust_GmCerts      (iGmCerts *, iRangecc domain, uint16_t port, const iTlsCertificate *cert);
-void                setTrusted_GmCerts      (iGmCerts *, iRangecc domain, const iBlock *fingerprint,
+void                setTrusted_GmCerts      (iGmCerts *, iRangecc domain, uint16_t port, const iBlock *fingerprint,
                                             const iDate *validUntil);
-iTime               domainValidUntil_GmCerts(const iGmCerts *, iRangecc domain);
+iTime               domainValidUntil_GmCerts(const iGmCerts *, iRangecc domain, uint16_t port);
 /**
 * Create a new self-signed TLS client certificate for identifying the user.
diff --git a/src/gmrequest.c b/src/gmrequest.c
index 672614a2..8ae8f736 100644
--- a/src/gmrequest.c
+++ b/src/gmrequest.c
@@ -149,7 +149,11 @@ struct Impl_GmRequest {
 iDefineObjectConstructionArgs(GmRequest, (iGmCerts *certs), certs)
 iDefineAudienceGetter(GmRequest, updated)
 iDefineAudienceGetter(GmRequest, finished)
+    
+static uint16_t port_GmRequest_(iGmRequest *d) {
+    return urlPort_String(&d->url);
+}
+    
 static void checkServerCertificate_GmRequest_(iGmRequest *d) {
    const iTlsCertificate *cert = d->req ? serverCertificate_TlsRequest(d->req) : NULL;
    iGmResponse *resp = d->resp;
@@ -165,7 +169,7 @@ static void checkServerCertificate_GmRequest_(iGmRequest *d) {
        if (verifyDomain_GmCerts(cert, domain)) {
            resp->certFlags |= domainVerified_GmCertFlag;
        }
-        if (checkTrust_GmCerts(d->certs, domain, cert)) {
+        if (checkTrust_GmCerts(d->certs, domain, port_GmRequest_(d), cert)) {
            resp->certFlags |= trusted_GmCertFlag;
        }
        if (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus) {
@@ -836,7 +840,7 @@ void submit_GmRequest(iGmRequest *d) {
    iConnect(TlsRequest, d->req, readyRead, d, readIncoming_GmRequest_);
    iConnect(TlsRequest, d->req, finished, d, requestFinished_GmRequest_);
    if (port == 0) {
-        port = 1965; /* default Gemini port */
+        port = GEMINI_DEFAULT_PORT; /* default Gemini port */
    }
    setHost_TlsRequest(d->req, host, port);
    setContent_TlsRequest(d->req,
diff --git a/src/gmutil.c b/src/gmutil.c
index 846405c3..23f5142f 100644
--- a/src/gmutil.c
+++ b/src/gmutil.c
@@ -74,6 +74,35 @@ void init_Url(iUrl *d, const iString *text) {
    }
 }
+uint16_t port_Url(const iUrl *d) {
+    uint16_t port = 0;
+    if (!isEmpty_Range(&d->port)) {
+        iString portStr;
+        initRange_String(&portStr, d->port);
+        port = toInt_String(&portStr);
+        deinit_String(&portStr);
+    }
+    if (port != 0) {
+        return port;
+    }
+    if (isEmpty_Range(&d->scheme) || equalCase_Rangecc(d->scheme, "gemini")) {
+        port = GEMINI_DEFAULT_PORT;
+    }
+    else if (equalCase_Rangecc(d->scheme, "gopher")) {
+        port = 70;
+    }
+    else if (equalCase_Rangecc(d->scheme, "finger")) {
+        port = 79;
+    }
+    else if (equalCase_Rangecc(d->scheme, "http")) {
+        port = 80;
+    }
+    else if (equalCase_Rangecc(d->scheme, "https")) {
+        port = 443;
+    }
+    return port;
+}
 static iRangecc dirPath_(iRangecc path) {
    const size_t pos = lastIndexOfCStr_Rangecc(path, "/");
    if (pos == iInvalidPos) return path;
@@ -98,7 +127,8 @@ static iRangecc prevPathSeg_(const char *end, const char *start) {
 void stripDefaultUrlPort_String(iString *d) {
    iUrl parts;
    init_Url(&parts, d);
-    if (equalCase_Rangecc(parts.scheme, "gemini") && equal_Rangecc(parts.port, "1965")) {
+    if (equalCase_Rangecc(parts.scheme, "gemini") &&
+        equal_Rangecc(parts.port, GEMINI_DEFAULT_PORT_CSTR)) {
        /* Always preceded by a colon. */
        remove_Block(&d->chars, parts.port.start - 1 - constBegin_String(d),
                     size_Range(&parts.port) + 1);
@@ -169,6 +199,12 @@ iRangecc urlHost_String(const iString *d) {
    return url.host;
 }
+uint16_t urlPort_String(const iString *d) {
+    iUrl url;
+    init_Url(&url, d);
+    return port_Url(&url);
+}
 iRangecc urlUser_String(const iString *d) {
    static iRegExp *userPats_[2];
    if (!userPats_[0]) {
@@ -320,8 +356,9 @@ const iString *absoluteUrl_String(const iString *d, const iString *urlMaybeRelat
        }
        delete_String(decHost);
        /* Default Gemini port is removed as redundant; normalization. */
-        if (!isEmpty_Range(&selHost->port) && (!equalCase_Rangecc(scheme, "gemini")
+        if (!isEmpty_Range(&selHost->port) &&
-                                               || !equal_Rangecc(selHost->port, "1965"))) {
+            (!equalCase_Rangecc(scheme, "gemini") ||
+             !equal_Rangecc(selHost->port, GEMINI_DEFAULT_PORT_CSTR))) {
            appendCStr_String(absolute, ":");
            appendRange_String(absolute, selHost->port);
        }
diff --git a/src/gmutil.h b/src/gmutil.h
index be6b471e..40fa1cf9 100644
--- a/src/gmutil.h
+++ b/src/gmutil.h
@@ -93,6 +93,9 @@ const iGmError *    get_GmError         (enum iGmStatusCode code);
 iRegExp *       newGemtextLink_RegExp   (void);
+#define GEMINI_DEFAULT_PORT         ((uint16_t) 1965)
+#define GEMINI_DEFAULT_PORT_CSTR    "1965"
 struct Impl_Url {
    iRangecc scheme;
    iRangecc host;
@@ -103,9 +106,11 @@ struct Impl_Url {
 };
 void            init_Url                (iUrl *, const iString *text);
+uint16_t        port_Url                (const iUrl *);
 iRangecc        urlScheme_String        (const iString *);
 iRangecc        urlHost_String          (const iString *);
+uint16_t        urlPort_String          (const iString *);
 iRangecc        urlUser_String          (const iString *);
 iRangecc        urlRoot_String          (const iString *);
 const iString * absoluteUrl_String      (const iString *, const iString *urlMaybeRelative);
diff --git a/src/ui/documentwidget.c b/src/ui/documentwidget.c
index 6524d454..962ccc3b 100644
--- a/src/ui/documentwidget.c
+++ b/src/ui/documentwidget.c
@@ -2623,8 +2623,9 @@ static iBool handleCommand_DocumentWidget_(iDocumentWidget *d, const char *cmd)
    }
    else if (equal_Command(cmd, "server.trustcert") && document_App() == d) {
        const iRangecc host = urlHost_String(d->mod.url);
+        const uint16_t port = urlPort_String(d->mod.url);
        if (!isEmpty_Block(d->certFingerprint) && !isEmpty_Range(&host)) {
-            setTrusted_GmCerts(certs_App(), host, d->certFingerprint, &d->certExpiry);
+            setTrusted_GmCerts(certs_App(), host, port, d->certFingerprint, &d->certExpiry);
            d->certFlags |= trusted_GmCertFlag;
            postCommand_Widget(w, "document.info");
            updateTrust_DocumentWidget_(d, NULL);
@@ -3993,7 +3994,8 @@ static void drawBannerRun_DrawContext_(iDrawContext *d, const iGmRun *run, iInt2
        if (certFlags & timeVerified_GmCertFlag && certFlags & domainVerified_GmCertFlag) {
            iUrl parts;
            init_Url(&parts, d->widget->mod.url);
-            const iTime oldUntil = domainValidUntil_GmCerts(certs_App(), parts.host);
+            const iTime oldUntil =
+                domainValidUntil_GmCerts(certs_App(), parts.host, port_Url(&parts));
            iDate exp;
            init_Date(&exp, &oldUntil);
            iTime now;
@@ -4192,7 +4194,7 @@ static void drawRun_DrawContext_(void *context, const iGmRun *run) {
                            height_Rect(run->visBounds),
                            tmQuoteIcon_ColorId);
        }
-        drawBoundRange_Text(run->font, visPos, width_Rect(run->bounds), fg, run->text);
+        drawRange_Text(run->font, visPos, /*width_Rect(run->bounds),*/ fg, run->text);
    runDrawn:;
    }
    /* Presentation of links. */
@@ -4324,8 +4326,8 @@ static void drawRun_DrawContext_(void *context, const iGmRun *run) {
            }
        }
    }
-//    drawRect_Paint(&d->paint, (iRect){ visPos, run->bounds.size }, green_ColorId);
+    drawRect_Paint(&d->paint, (iRect){ visPos, run->bounds.size }, green_ColorId);
-//    drawRect_Paint(&d->paint, (iRect){ visPos, run->visBounds.size }, red_ColorId);
+    drawRect_Paint(&d->paint, (iRect){ visPos, run->visBounds.size }, red_ColorId);
 }
 static int drawSideRect_(iPaint *p, iRect rect) {
author	Jaakko Keränen <jaakko.keranen@iki.fi>	2021-07-13 10:41:00 +0300
committer	Jaakko Keränen <jaakko.keranen@iki.fi>	2021-07-13 10:41:00 +0300
commit	07156681f635a18f0b4e8e76fce60a723c8cddd8 (patch)
tree	5491820c9deb03ef02d174fe03bbe1bc6b012b98
parent	0076a605540337bd89d37b7887541144e44b20f3 (diff)