+#if GNOME_KEYRING
+ bool keyring_available = (!use_flat_file_store) && GnomeKeyring.is_available();
+#else
+ bool keyring_available = false;
+#endif
+
+ IIdentityCardStore.StoreType store_type;
+ if (headless || use_flat_file_store || !keyring_available)
+ store_type = IIdentityCardStore.StoreType.FLAT_FILE;
+ else
+ store_type = IIdentityCardStore.StoreType.KEYRING;
+
+ model = new IdentityManagerModel(this, store_type);
+ /* if headless, but we have nothing in the flat file store
+ * and keyring is available, switch to keyring */
+ if (headless && keyring_available && !use_flat_file_store && !model.HasNonTrivialIdentities())
+ model.set_store_type(IIdentityCardStore.StoreType.KEYRING);
+
+ if (!headless)
+ view = new IdentityManagerView(this, use_flat_file_store);
+ LinkedList<IdCard> card_list = model.get_card_list();
+ if (card_list.size > 0)
+ this.default_id_card = card_list.last();
+
+ init_ipc_server();
+
+#if OS_MACOS
+ osxApp = OSXApplication.get_instance();
+ // The 'correct' way of connecting won't work in Mac OS with Vala 0.12; e.g.
+ // osxApp.ns_application_open_file.connect(install_from_file);
+ // so we have to use this old way
+ Signal.connect(osxApp, "NSApplicationOpenFile", (GLib.Callback)(on_osx_open_files), this);
+#endif
+ }
+
+ public bool add_identity(IdCard id, bool force_flat_file_store, out ArrayList<IdCard>? old_duplicates=null) {
+ if (view != null)
+ {
+ logger.trace("add_identity: calling view.add_identity");
+ return view.add_identity(id, force_flat_file_store, out old_duplicates);
+ }
+ else {
+ logger.trace("add_identity: calling model.add_card");
+ model.add_card(id, force_flat_file_store, out old_duplicates);
+ return true;
+ }
+ }
+
+ public void select_identity(IdentityRequest request) {
+ logger.trace("select_identity: request.nai=%s".printf(request.nai ?? "[null]"));
+
+ IdCard identity = null;
+
+ if (request.select_default)
+ {
+ identity = default_id_card;
+ }
+
+ if (identity == null)
+ {
+ bool has_nai = request.nai != null && request.nai != "";
+ bool has_srv = request.service != null && request.service != "";
+ bool confirm = false;
+
+ foreach (IdCard id in model.get_card_list())
+ {
+ /* If NAI matches, use this id card */
+ if (has_nai && request.nai == id.nai)
+ {
+ logger.trace("select_identity: request has nai; returning " + id.display_name);
+ identity = id;
+ break;
+ }
+
+ /* If any service matches we add id card to the candidate list */
+ if (has_srv)
+ {
+ if (id.services.contains(request.service)) {
+ logger.trace(@"select_identity: request has service '$(request.service); matched on '$(id.display_name)'");
+ request.candidates.append(id);
+ }
+ }
+ }
+
+ /* If more than one candidate we dissasociate service from all ids */
+ if ((identity == null) && has_srv && request.candidates.length() > 1)
+ {
+ logger.trace(@"select_identity: multiple candidates; removing service '$(request.service) from all.");
+ foreach (IdCard id in request.candidates)
+ {
+ id.services.remove(request.service);
+ }
+ }
+
+ /* If there are no candidates we use the service matching rules */
+ if ((identity == null) && (request.candidates.length() == 0))
+ {
+ logger.trace("select_identity: No candidates; using service matching rules.");
+ foreach (IdCard id in model.get_card_list())
+ {
+ foreach (Rule rule in id.rules)
+ {
+ if (!match_service_pattern(request.service, rule.pattern))
+ continue;
+
+ logger.trace(@"select_identity: ID $(id.display_name) matched on service matching rules.");
+ request.candidates.append(id);
+
+ if (rule.always_confirm == "true")
+ confirm = true;
+ }
+ }
+ }
+
+ if ((identity == null) && has_nai) {
+ logger.trace("select_identity: Creating temp identity");
+ // create a temp identity
+ string[] components = request.nai.split("@", 2);
+ identity = new IdCard();
+ identity.display_name = request.nai;
+ identity.username = components[0];
+ if (components.length > 1)
+ identity.issuer = components[1];
+ identity.password = request.password;
+ identity.temporary = true;
+ }
+ if (identity == null) {
+ if (request.candidates.length() != 1) {
+ logger.trace("select_identity: Have %u candidates; user must make selection.".printf(request.candidates.length()));
+ confirm = true;
+ } else {
+ identity = request.candidates.nth_data(0);
+ }
+ }
+
+ if (confirm && (view != null))
+ {
+ if (!explicitly_launched)
+ show();
+ view.queue_identity_request(request);
+ return;
+ }
+ }
+ // Send back the identity (we can't directly run the
+ // callback because we may be being called from a 'yield')
+ GLib.Idle.add(
+ () => {
+ if (view != null) {
+ logger.trace("select_identity (Idle handler): calling check_add_password");
+ identity = view.check_add_password(identity, request, model);
+ }
+ request.return_identity(identity);
+// The following occasionally causes the app to exit without sending the dbus
+// reply, so for now we just don't exit
+// if (!explicitly_launched)
+// Idle.add(() => { Gtk.main_quit(); return false; } );
+ return false;
+ }
+ );
+ return;
+ }
+
+ private bool match_service_pattern(string service, string pattern) {
+ var pspec = new PatternSpec(pattern);
+ return pspec.match_string(service);
+ }
+