From 1f8333f23f060750673d0b7c573f2e2d12142adf Mon Sep 17 00:00:00 2001
From: Florent Le Coz <louiz@louiz.org>
Date: Wed, 30 Dec 2015 21:34:11 +0100
Subject: Support a trusted SHA1 fingerprint to be configured for each IRC
 server

---
 src/irc/irc_client.cpp              |  7 +++++++
 src/xmpp/biboumi_adhoc_commands.cpp | 22 +++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/irc/irc_client.cpp b/src/irc/irc_client.cpp
index e71d38c..1a83446 100644
--- a/src/irc/irc_client.cpp
+++ b/src/irc/irc_client.cpp
@@ -89,6 +89,13 @@ void IrcClient::start()
 
   this->bind_addr = Config::get("outgoing_bind", "");
 
+#ifdef BOTAN_FOUND
+# ifdef USE_DATABASE
+  auto options = Database::get_irc_server_options(this->bridge.get_bare_jid(),
+                                                  this->get_hostname());
+  this->credential_manager.set_trusted_fingerprint(options.trustedFingerprint);
+# endif
+#endif
   this->connect(this->hostname, port, tls);
 }
 
diff --git a/src/xmpp/biboumi_adhoc_commands.cpp b/src/xmpp/biboumi_adhoc_commands.cpp
index be755e9..7c157cb 100644
--- a/src/xmpp/biboumi_adhoc_commands.cpp
+++ b/src/xmpp/biboumi_adhoc_commands.cpp
@@ -175,6 +175,19 @@ void ConfigureIrcServerStep1(XmppComponent&, AdhocSession& session, XmlNode& com
     verify_cert_value.set_inner("false");
   verify_cert.add_child(std::move(verify_cert_value));
   x.add_child(std::move(verify_cert));
+
+  XmlNode fingerprint("field");
+  fingerprint["var"] = "fingerprint";
+  fingerprint["type"] = "text-single";
+  fingerprint["label"] = "SHA-1 fingerprint of the TLS certificate to trust.";
+  if (!options.trustedFingerprint.value().empty())
+    {
+      XmlNode fingerprint_value("value");
+      fingerprint_value.set_inner(options.trustedFingerprint.value());
+      fingerprint.add_child(std::move(fingerprint_value));
+    }
+  fingerprint.add_child(required);
+  x.add_child(std::move(fingerprint));
 #endif
 
   XmlNode pass("field");
@@ -295,12 +308,19 @@ void ConfigureIrcServerStep2(XmppComponent&, AdhocSession& session, XmlNode& com
               options.tlsPorts = ports;
             }
 
-            else if (field->get_tag("var") == "verify_cert" && value
+          else if (field->get_tag("var") == "verify_cert" && value
               && !value->get_inner().empty())
             {
               auto val = to_bool(value->get_inner());
               options.verifyCert = val;
             }
+
+          else if (field->get_tag("var") == "fingerprint" && value &&
+                   !value->get_inner().empty())
+            {
+              options.trustedFingerprint = value->get_inner();
+            }
+
 #endif // BOTAN_FOUND
 
           else if (field->get_tag("var") == "pass" &&
-- 
cgit v1.2.3