diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2010-11-26 15:17:32 +0000 |
|---|---|---|
| committer | Guillaume Desmottes <guillaume.desmottes@collabora.co.uk> | 2012-05-09 12:14:08 +0200 |
| commit | caeba3dc1d027a9c90d77ac5ac6d00e9997365af (patch) | |
| tree | f4157eb405af641565acf7dfff4ab5e7cefaec67 | |
| parent | 6c557efaaae94f8ebf66c5af2640d43c92cb72f7 (diff) | |
Add TpTLSCertificate, minimally adapted from Empathy
- re-namespaced
- tp_tls_certificate_init_known_interfaces() added
- GNUTLS-dependent method empathy_tls_certificate_store_ca removed
| -rw-r--r-- | telepathy-glib/Makefile.am | 2 | ||||
| -rw-r--r-- | telepathy-glib/telepathy-glib.h | 1 | ||||
| -rw-r--r-- | telepathy-glib/tls-certificate.c | 464 | ||||
| -rw-r--r-- | telepathy-glib/tls-certificate.h | 100 |
4 files changed, 567 insertions, 0 deletions
diff --git a/telepathy-glib/Makefile.am b/telepathy-glib/Makefile.am index f3e9a2b72..2321e1e97 100644 --- a/telepathy-glib/Makefile.am +++ b/telepathy-glib/Makefile.am @@ -136,6 +136,7 @@ our_headers = \ telepathy-glib-dbus.h \ text-channel.h \ text-mixin.h \ + tls-certificate.h \ util.h tpginclude_HEADERS = \ @@ -301,6 +302,7 @@ libtelepathy_glib_internal_la_SOURCES = \ stream-tube-connection.c \ text-channel.c \ text-mixin.c \ + tls-certificate.c \ util.c \ util-internal.h diff --git a/telepathy-glib/telepathy-glib.h b/telepathy-glib/telepathy-glib.h index eaf258312..4c670478d 100644 --- a/telepathy-glib/telepathy-glib.h +++ b/telepathy-glib/telepathy-glib.h @@ -108,6 +108,7 @@ #include <telepathy-glib/stream-tube-channel.h> #include <telepathy-glib/stream-tube-connection.h> #include <telepathy-glib/text-channel.h> +#include <telepathy-glib/tls-certificate.h> /* deprecated, gone in 1.0 */ #include <telepathy-glib/automatic-proxy-factory.h> diff --git a/telepathy-glib/tls-certificate.c b/telepathy-glib/tls-certificate.c new file mode 100644 index 000000000..4dcb9d9a3 --- /dev/null +++ b/telepathy-glib/tls-certificate.c @@ -0,0 +1,464 @@ +/* + * TpTLSCertificate - a TpProxy for TLS certificates + * Copyright © 2010 Collabora Ltd. + * + * Based on EmpathyTLSCertificate: + * @author Cosimo Cecchi <cosimo.cecchi@collabora.co.uk> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <config.h> +#include "telepathy-glib/tls-certificate.h" + +#include <errno.h> + +#include <glib/gstdio.h> + +#include <telepathy-glib/dbus.h> +#include <telepathy-glib/enums.h> +#include <telepathy-glib/gtypes.h> +#include <telepathy-glib/interfaces.h> +#include <telepathy-glib/proxy-subclass.h> +#include <telepathy-glib/util.h> + +#define DEBUG_FLAG TP_DEBUG_TLS +#include "debug-internal.h" + +enum { + /* proxy properties */ + PROP_CERT_TYPE = 1, + PROP_CERT_DATA, + PROP_STATE, + LAST_PROPERTY, +}; + +struct _TpTLSCertificatePrivate { + GSimpleAsyncResult *async_prepare_res; + + /* TLSCertificate properties */ + gchar *cert_type; + GPtrArray *cert_data; + TpTLSCertificateState state; + + gboolean is_prepared; +}; + +G_DEFINE_TYPE (TpTLSCertificate, tp_tls_certificate, + TP_TYPE_PROXY); + +static void +tls_certificate_got_all_cb (TpProxy *proxy, + GHashTable *properties, + const GError *error, + gpointer user_data, + GObject *weak_object) +{ + GPtrArray *cert_data; + TpTLSCertificate *self = TP_TLS_CERTIFICATE (weak_object); + TpTLSCertificatePrivate *priv = self->priv; + + if (error != NULL) + { + g_simple_async_result_set_from_error (priv->async_prepare_res, error); + g_simple_async_result_complete (priv->async_prepare_res); + tp_clear_object (&priv->async_prepare_res); + + return; + } + + priv->cert_type = g_strdup (tp_asv_get_string (properties, + "CertificateType")); + priv->state = tp_asv_get_uint32 (properties, "State", NULL); + + cert_data = tp_asv_get_boxed (properties, "CertificateChainData", + TP_ARRAY_TYPE_UCHAR_ARRAY_LIST); + g_assert (cert_data != NULL); + priv->cert_data = g_boxed_copy (TP_ARRAY_TYPE_UCHAR_ARRAY_LIST, cert_data); + + DEBUG ("Got a certificate chain long %u, of type %s", + priv->cert_data->len, priv->cert_type); + + priv->is_prepared = TRUE; + + g_simple_async_result_complete (priv->async_prepare_res); + tp_clear_object (&priv->async_prepare_res); +} + +void +tp_tls_certificate_prepare_async (TpTLSCertificate *self, + GAsyncReadyCallback callback, + gpointer user_data) +{ + TpTLSCertificatePrivate *priv = self->priv; + + /* emit an error if we're already preparing the object */ + if (priv->async_prepare_res != NULL) + { + g_simple_async_report_error_in_idle (G_OBJECT (self), + callback, user_data, + G_IO_ERROR, G_IO_ERROR_PENDING, + "%s", + "Prepare operation already in progress on the TLS certificate."); + + return; + } + + /* if the object is already prepared, just complete in idle */ + if (priv->is_prepared) + { + tp_simple_async_report_success_in_idle (G_OBJECT (self), + callback, user_data, tp_tls_certificate_prepare_async); + + return; + } + + priv->async_prepare_res = g_simple_async_result_new (G_OBJECT (self), + callback, user_data, tp_tls_certificate_prepare_async); + + /* call GetAll() on the certificate */ + tp_cli_dbus_properties_call_get_all (self, + -1, TP_IFACE_AUTHENTICATION_TLS_CERTIFICATE, + tls_certificate_got_all_cb, NULL, NULL, + G_OBJECT (self)); +} + +gboolean +tp_tls_certificate_prepare_finish (TpTLSCertificate *self, + GAsyncResult *result, + GError **error) +{ + gboolean retval = TRUE; + + if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), + error)) + retval = FALSE; + + return retval; +} + +static void +tp_tls_certificate_finalize (GObject *object) +{ + TpTLSCertificate *self = TP_TLS_CERTIFICATE (object); + TpTLSCertificatePrivate *priv = self->priv; + + DEBUG ("%p", object); + + g_free (priv->cert_type); + tp_clear_boxed (TP_ARRAY_TYPE_UCHAR_ARRAY_LIST, &priv->cert_data); + + G_OBJECT_CLASS (tp_tls_certificate_parent_class)->finalize (object); +} + +static void +tp_tls_certificate_get_property (GObject *object, + guint property_id, + GValue *value, + GParamSpec *pspec) +{ + TpTLSCertificate *self = TP_TLS_CERTIFICATE (object); + TpTLSCertificatePrivate *priv = self->priv; + + switch (property_id) + { + case PROP_CERT_TYPE: + g_value_set_string (value, priv->cert_type); + break; + case PROP_CERT_DATA: + g_value_set_boxed (value, priv->cert_data); + break; + case PROP_STATE: + g_value_set_uint (value, priv->state); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); + break; + } +} + +static void +tp_tls_certificate_init (TpTLSCertificate *self) +{ + self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, + TP_TYPE_TLS_CERTIFICATE, TpTLSCertificatePrivate); +} + +static void +tp_tls_certificate_class_init (TpTLSCertificateClass *klass) +{ + GParamSpec *pspec; + GObjectClass *oclass = G_OBJECT_CLASS (klass); + TpProxyClass *pclass = TP_PROXY_CLASS (klass); + + tp_tls_certificate_init_known_interfaces (); + + oclass->get_property = tp_tls_certificate_get_property; + oclass->finalize = tp_tls_certificate_finalize; + + pclass->interface = TP_IFACE_QUARK_AUTHENTICATION_TLS_CERTIFICATE; + pclass->must_have_unique_name = TRUE; + + g_type_class_add_private (klass, sizeof (TpTLSCertificatePrivate)); + + pspec = g_param_spec_string ("cert-type", "Certificate type", + "The type of this certificate.", + NULL, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + g_object_class_install_property (oclass, PROP_CERT_TYPE, pspec); + + pspec = g_param_spec_boxed ("cert-data", "Certificate chain data", + "The raw DER-encoded certificate chain data.", + TP_ARRAY_TYPE_UCHAR_ARRAY_LIST, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + g_object_class_install_property (oclass, PROP_CERT_DATA, pspec); + + pspec = g_param_spec_uint ("state", "State", + "The state of this certificate.", + TP_TLS_CERTIFICATE_STATE_PENDING, NUM_TP_TLS_CERTIFICATE_STATES -1, + TP_TLS_CERTIFICATE_STATE_PENDING, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + g_object_class_install_property (oclass, PROP_STATE, pspec); +} + +static void +cert_proxy_accept_cb (TpProxy *proxy, + const GError *error, + gpointer user_data, + GObject *weak_object) +{ + GSimpleAsyncResult *accept_result = user_data; + + DEBUG ("Callback for accept(), error %p", error); + + if (error != NULL) + { + DEBUG ("Error was %s", error->message); + g_simple_async_result_set_from_error (accept_result, error); + } + + g_simple_async_result_complete (accept_result); +} + +static void +cert_proxy_reject_cb (TpProxy *proxy, + const GError *error, + gpointer user_data, + GObject *weak_object) +{ + GSimpleAsyncResult *reject_result = user_data; + + DEBUG ("Callback for reject(), error %p", error); + + if (error != NULL) + { + DEBUG ("Error was %s", error->message); + g_simple_async_result_set_from_error (reject_result, error); + } + + g_simple_async_result_complete (reject_result); +} + +static const gchar * +reject_reason_get_dbus_error (TpTLSCertificateRejectReason reason) +{ + const gchar *retval = NULL; + + switch (reason) + { + case TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_UNTRUSTED); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_EXPIRED: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_EXPIRED); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_NOT_ACTIVATED: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_NOT_ACTIVATED); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_FINGERPRINT_MISMATCH: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_FINGERPRINT_MISMATCH); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_HOSTNAME_MISMATCH); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_SELF_SIGNED); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_REVOKED: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_REVOKED); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_INSECURE: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_INSECURE); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_LIMIT_EXCEEDED: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_LIMIT_EXCEEDED); + break; + case TP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN: + default: + retval = tp_error_get_dbus_name (TP_ERROR_CERT_INVALID); + break; + } + + return retval; +} + +TpTLSCertificate * +tp_tls_certificate_new (TpDBusDaemon *dbus, + const gchar *bus_name, + const gchar *object_path, + GError **error) +{ + TpTLSCertificate *retval = NULL; + + if (!tp_dbus_check_valid_bus_name (bus_name, + TP_DBUS_NAME_TYPE_UNIQUE, error)) + goto finally; + + if (!tp_dbus_check_valid_object_path (object_path, error)) + goto finally; + + retval = g_object_new (TP_TYPE_TLS_CERTIFICATE, + "dbus-daemon", dbus, + "bus-name", bus_name, + "object-path", object_path, + NULL); + +finally: + if (*error != NULL) + DEBUG ("Error while creating the TLS certificate: %s", + (*error)->message); + + return retval; +} + +void +tp_tls_certificate_accept_async (TpTLSCertificate *self, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GSimpleAsyncResult *accept_result; + + g_assert (TP_IS_TLS_CERTIFICATE (self)); + + DEBUG ("Accepting TLS certificate"); + + accept_result = g_simple_async_result_new (G_OBJECT (self), + callback, user_data, tp_tls_certificate_accept_async); + + tp_cli_authentication_tls_certificate_call_accept (TP_PROXY (self), + -1, cert_proxy_accept_cb, + accept_result, g_object_unref, + G_OBJECT (self)); +} + +gboolean +tp_tls_certificate_accept_finish (TpTLSCertificate *self, + GAsyncResult *result, + GError **error) +{ + if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), + error)) + return FALSE; + + return TRUE; +} + +static GPtrArray * +build_rejections_array (TpTLSCertificateRejectReason reason, + GHashTable *details) +{ + GPtrArray *retval; + GValueArray *rejection; + + retval = g_ptr_array_new (); + rejection = tp_value_array_build (3, + G_TYPE_UINT, reason, + G_TYPE_STRING, reject_reason_get_dbus_error (reason), + TP_HASH_TYPE_STRING_VARIANT_MAP, details, + NULL); + + g_ptr_array_add (retval, rejection); + + return retval; +} + +void +tp_tls_certificate_reject_async (TpTLSCertificate *self, + TpTLSCertificateRejectReason reason, + GHashTable *details, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GPtrArray *rejections; + GSimpleAsyncResult *reject_result; + + g_assert (TP_IS_TLS_CERTIFICATE (self)); + + DEBUG ("Rejecting TLS certificate with reason %u", reason); + + rejections = build_rejections_array (reason, details); + reject_result = g_simple_async_result_new (G_OBJECT (self), + callback, user_data, tp_tls_certificate_reject_async); + + tp_cli_authentication_tls_certificate_call_reject (TP_PROXY (self), + -1, rejections, cert_proxy_reject_cb, + reject_result, g_object_unref, G_OBJECT (self)); + + tp_clear_boxed (TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST, + &rejections); +} + +gboolean +tp_tls_certificate_reject_finish (TpTLSCertificate *self, + GAsyncResult *result, + GError **error) +{ + if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), + error)) + return FALSE; + + return TRUE; +} + +#include <telepathy-glib/_gen/tp-cli-tls-cert-body.h> + +/** + * tp_tls_certificate_init_known_interfaces: + * + * Ensure that the known interfaces for TpTLSCertificate have been set up. + * This is done automatically when necessary, but for correct + * overriding of library interfaces by local extensions, you should + * call this function before calling + * tp_proxy_or_subclass_hook_on_interface_add() with first argument + * %TP_TYPE_TLS_CERTIFICATE. + */ +void +tp_tls_certificate_init_known_interfaces (void) +{ + static gsize once = 0; + + if (g_once_init_enter (&once)) + { + GType tp_type = TP_TYPE_TLS_CERTIFICATE; + + tp_proxy_init_known_interfaces (); + tp_proxy_or_subclass_hook_on_interface_add (tp_type, + tp_cli_tls_cert_add_signals); + tp_proxy_subclass_add_error_mapping (tp_type, + TP_ERROR_PREFIX, TP_ERRORS, TP_TYPE_ERROR); + + g_once_init_leave (&once, 1); + } +} diff --git a/telepathy-glib/tls-certificate.h b/telepathy-glib/tls-certificate.h new file mode 100644 index 000000000..387ed4f24 --- /dev/null +++ b/telepathy-glib/tls-certificate.h @@ -0,0 +1,100 @@ +/* + * TpTLSCertificate - a TpProxy for TLS certificates + * Copyright © 2010 Collabora Ltd. + * + * Based on EmpathyTLSCertificate: + * @author Cosimo Cecchi <cosimo.cecchi@collabora.co.uk> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef __TP_TLS_CERTIFICATE_H__ +#define __TP_TLS_CERTIFICATE_H__ + +#include <glib-object.h> +#include <gio/gio.h> + +#include <telepathy-glib/channel.h> +#include <telepathy-glib/enums.h> +#include <telepathy-glib/proxy.h> + +G_BEGIN_DECLS + +typedef struct _TpTLSCertificate TpTLSCertificate; +typedef struct _TpTLSCertificateClass TpTLSCertificateClass; +typedef struct _TpTLSCertificatePrivate TpTLSCertificatePrivate; +typedef struct _TpTLSCertificateClassPrivate TpTLSCertificateClassPrivate; + +struct _TpTLSCertificateClass { + TpProxyClass parent_class; + TpTLSCertificateClassPrivate *priv; +}; + +struct _TpTLSCertificate { + TpProxy parent; + TpTLSCertificatePrivate *priv; +}; + +GType tp_tls_certificate_get_type (void); + +#define TP_TYPE_TLS_CERTIFICATE \ + (tp_tls_certificate_get_type ()) +#define TP_TLS_CERTIFICATE(obj) \ + (G_TYPE_CHECK_INSTANCE_CAST ((obj), TP_TYPE_TLS_CERTIFICATE, \ + TpTLSCertificate)) +#define TP_TLS_CERTIFICATE_CLASS(klass) \ + (G_TYPE_CHECK_CLASS_CAST ((klass), TP_TYPE_TLS_CERTIFICATE, \ + TpTLSCertificateClass)) +#define TP_IS_TLS_CERTIFICATE(obj) \ + (G_TYPE_CHECK_INSTANCE_TYPE ((obj), TP_TYPE_TLS_CERTIFICATE)) +#define TP_IS_TLS_CERTIFICATE_CLASS(klass) \ + (G_TYPE_CHECK_CLASS_TYPE ((klass), TP_TYPE_TLS_CERTIFICATE)) +#define TP_TLS_CERTIFICATE_GET_CLASS(obj) \ + (G_TYPE_INSTANCE_GET_CLASS ((obj), TP_TYPE_TLS_CERTIFICATE, \ + TpTLSCertificateClass)) + +TpTLSCertificate *tp_tls_certificate_new (TpDBusDaemon *dbus_daemon, + const gchar *bus_name, + const gchar *object_path, + GError **error); + +void tp_tls_certificate_prepare_async (TpTLSCertificate *self, + GAsyncReadyCallback callback, gpointer user_data); +gboolean tp_tls_certificate_prepare_finish (TpTLSCertificate *self, + GAsyncResult *result, GError **error); + +void tp_tls_certificate_accept_async (TpTLSCertificate *self, + GAsyncReadyCallback callback, + gpointer user_data); +gboolean tp_tls_certificate_accept_finish (TpTLSCertificate *self, + GAsyncResult *result, + GError **error); + +void tp_tls_certificate_reject_async (TpTLSCertificate *self, + TpTLSCertificateRejectReason reason, + GHashTable *details, + GAsyncReadyCallback callback, + gpointer user_data); +gboolean tp_tls_certificate_reject_finish (TpTLSCertificate *self, + GAsyncResult *result, + GError **error); + +void tp_tls_certificate_init_known_interfaces (void); + +G_END_DECLS + +#include <telepathy-glib/_gen/tp-cli-tls-cert.h> + +#endif /* multiple-inclusion guard */ |