X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fmoonshot-server.vala;h=0f42448c4f0c60f694bb1bc8d0444323da0e7250;hb=f7088bb9db61e6829e4b9666691ffac1af2f2b56;hp=3f9c6fb6e522115ed9336acbee5f32ba971bb8e4;hpb=e441d15af5b664477f8aca0a53eac85a69442008;p=moonshot-ui.git diff --git a/src/moonshot-server.vala b/src/moonshot-server.vala index 3f9c6fb..0f42448 100644 --- a/src/moonshot-server.vala +++ b/src/moonshot-server.vala @@ -3,37 +3,23 @@ [DBus (name = "org.janet.Moonshot")] public class MoonshotServer : Object { - private MainWindow main_window; + private IdentityManagerApp parent_app; - public MoonshotServer (Gtk.Window window) + public MoonshotServer (IdentityManagerApp app) { - this.main_window = (MainWindow) window; + this.parent_app = app; + } + + public bool show_ui() + { + if (parent_app.view == null) { + return false; + } + parent_app.show(); + parent_app.explicitly_launched = true; + return true; } - /** - * This is the function used by the GSS mechanism to get the NAI, - * password and certificate of the ID card for the specificated service. - * - * The function will block until the user choose the ID card. - * - * There are two types of trust anchor that may be returned. If - * server_certificate_hash is non-empty, the remaining parameters - * will be empty. Otherwise, the ca_certificate paramater and the - * subject name constraints will be returned. - * - * @param nai NAI of the ID Card (optional) - * @param password Password of the ID Card (optional) - * @param service Service application request an ID Card for (optional) - * @param nai_out NAI stored in the ID Card - * @param password_out Password stored in the ID Card - * @param server_certificate_hash Hash of the identity server's certificate - * @param ca_certificate Base64-encoded CA certificate - * @param subject_name_constraint Subject name constraint - * @param subject_alt_name_constraint Subject alternative name constraint - * - * @return true if the user choose a correct ID card for that service, - * false otherwise. - */ public async bool get_identity (string nai, string password, string service, @@ -44,7 +30,7 @@ public class MoonshotServer : Object { out string subject_name_constraint, out string subject_alt_name_constraint) { - var request = new IdentityRequest (main_window, + var request = new IdentityRequest (parent_app, nai, password, service); @@ -61,15 +47,30 @@ public class MoonshotServer : Object { var id_card = request.id_card; - if (id_card != null) { + if ((id_card != null) && (id_card.display_name != IdCard.NO_IDENTITY)) { nai_out = id_card.nai; - password_out = id_card.password; - - server_certificate_hash = "certificate"; - - // User should have been prompted if there was no p/w. - return_if_fail (nai_out != null); - return_if_fail (password_out != null); + if ((request.password!=null) && (request.password != "")) + password_out = request.password; + else + password_out = id_card.password; + + server_certificate_hash = id_card.trust_anchor.server_cert; + ca_certificate = id_card.trust_anchor.ca_cert; + subject_name_constraint = id_card.trust_anchor.subject; + subject_alt_name_constraint = id_card.trust_anchor.subject_alt; + + if (nai_out == null) + nai_out = ""; + if (password_out == null) + password_out = ""; + if (server_certificate_hash == null) + server_certificate_hash = ""; + if (ca_certificate == null) + ca_certificate = ""; + if (subject_name_constraint == null) + subject_name_constraint = ""; + if (subject_alt_name_constraint == null) + subject_alt_name_constraint = ""; return true; } @@ -77,41 +78,144 @@ public class MoonshotServer : Object { return false; } - /** - * Returns the default identity - most recently used. - * - * @param nai_out NAI stored in the ID card - * @param password_out Password stored in the ID card - * - * @return true on success, false if no identities are stored - */ public async bool get_default_identity (out string nai_out, - out string password_out) + out string password_out, + out string server_certificate_hash, + out string ca_certificate, + out string subject_name_constraint, + out string subject_alt_name_constraint) { - var request = new IdentityRequest.default (main_window); + var request = new IdentityRequest.default (parent_app); request.set_callback ((IdentityRequest) => get_default_identity.callback()); request.execute (); yield; nai_out = ""; password_out = ""; + server_certificate_hash = ""; + ca_certificate = ""; + subject_name_constraint = ""; + subject_alt_name_constraint = ""; if (request.id_card != null) { nai_out = request.id_card.nai; password_out = request.id_card.password; - // User should have been prompted if there was no p/w. - return_val_if_fail (nai_out != null, false); - return_val_if_fail (password_out != null, false); + server_certificate_hash = request.id_card.trust_anchor.server_cert; + ca_certificate = request.id_card.trust_anchor.ca_cert; + subject_name_constraint = request.id_card.trust_anchor.subject; + subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt; + + if (nai_out == null) + nai_out = ""; + if (password_out == null) + password_out = ""; + if (server_certificate_hash == null) + server_certificate_hash = ""; + if (ca_certificate == null) + ca_certificate = ""; + if (subject_name_constraint == null) + subject_name_constraint = ""; + if (subject_alt_name_constraint == null) + subject_alt_name_constraint = ""; return true; } return false; } + + public bool install_id_card (string display_name, + string user_name, + string ?password, + string ?realm, + string[] ?rules_patterns, + string[] ?rules_always_confirm, + string[] ?services, + string ?ca_cert, + string ?subject, + string ?subject_alt, + string ?server_cert, + int force_flat_file_store) + { + IdCard idcard = new IdCard (); + + idcard.display_name = display_name; + idcard.username = user_name; + idcard.password = password; + if ((password != null) && (password != "")) + idcard.store_password = true; + idcard.issuer = realm; + idcard.services = services; + idcard.trust_anchor.ca_cert = ca_cert; + idcard.trust_anchor.subject = subject; + idcard.trust_anchor.subject_alt = subject_alt; + idcard.trust_anchor.server_cert = server_cert; + + if (rules_patterns.length == rules_always_confirm.length) + { + /* workaround Centos vala array property bug: use temp array */ + Rule[] rules = new Rule[rules_patterns.length]; + + for (int i=0; i 0) + { + int i = 0; + rules_patterns = new string[card.rules.length]; + rules_always_confirm = new string[card.rules.length]; + foreach (Rule r in card.rules) + { + rules_patterns[i] = r.pattern; + rules_always_confirm[i] = r.always_confirm; + i++; + } + } + + result = install_id_card (card.display_name, + card.username, + card.password, + card.issuer, + rules_patterns, + rules_always_confirm, + card.services, + card.trust_anchor.ca_cert, + card.trust_anchor.subject, + card.trust_anchor.subject_alt, + card.trust_anchor.server_cert, + 0); + if (result) { + installed_cards++; + } + } + return installed_cards; + } } + #elif IPC_MSRPC using Rpc; @@ -126,13 +230,13 @@ using MoonshotRpcInterface; * process ends */ public class MoonshotServer : Object { - private static MainWindow main_window; + private static IdentityManagerApp parent_app; private static MoonshotServer instance = null; - public static void start (Gtk.Window window) + public static void start (IdentityManagerApp app) { - main_window = (MainWindow) window; + parent_app = app; Rpc.server_start (MoonshotRpcInterface.spec, "/org/janet/Moonshot", Rpc.Flags.PER_USER); } @@ -143,7 +247,7 @@ public class MoonshotServer : Object { return instance; } - [CCode (cname = "moonshot_get_identity")] + [CCode (cname = "moonshot_get_identity_rpc")] public static void get_identity (Rpc.AsyncCall call, string nai, string password, @@ -157,7 +261,7 @@ public class MoonshotServer : Object { { bool result = false; - var request = new IdentityRequest (main_window, + var request = new IdentityRequest (parent_app, nai, password, service); @@ -182,14 +286,21 @@ public class MoonshotServer : Object { var id_card = request.id_card; - if (id_card == null) { + if (id_card != null) { // The strings are freed by the RPC runtime nai_out = id_card.nai; password_out = id_card.password; - server_certificate_hash = "certificate"; + server_certificate_hash = id_card.trust_anchor.server_cert; + ca_certificate = id_card.trust_anchor.ca_cert; + subject_name_constraint = id_card.trust_anchor.subject; + subject_alt_name_constraint = id_card.trust_anchor.subject_alt; return_if_fail (nai_out != null); return_if_fail (password_out != null); + return_if_fail (server_certificate_hash != null); + return_if_fail (ca_certificate != null); + return_if_fail (subject_name_constraint != null); + return_if_fail (subject_alt_name_constraint != null); result = true; } @@ -204,14 +315,18 @@ public class MoonshotServer : Object { request.mutex.unlock (); } - [CCode (cname = "moonshot_get_default_identity")] + [CCode (cname = "moonshot_get_default_identity_rpc")] public static void get_default_identity (Rpc.AsyncCall call, ref string nai_out, - ref string password_out) + ref string password_out, + ref string server_certificate_hash, + ref string ca_certificate, + ref string subject_name_constraint, + ref string subject_alt_name_constraint) { bool result; - var request = new IdentityRequest.default (main_window); + var request = new IdentityRequest.default (parent_app); request.mutex = new Mutex (); request.cond = new Cond (); request.set_callback (return_identity_cb); @@ -224,14 +339,23 @@ public class MoonshotServer : Object { nai_out = ""; password_out = ""; + server_certificate_hash = ""; + ca_certificate = ""; + subject_name_constraint = ""; + subject_alt_name_constraint = ""; if (request.id_card != null) { nai_out = request.id_card.nai; password_out = request.id_card.password; + server_certificate_hash = "certificate"; return_if_fail (nai_out != null); return_if_fail (password_out != null); + return_if_fail (server_certificate_hash != null); + return_if_fail (ca_certificate != null); + return_if_fail (subject_name_constraint != null); + return_if_fail (subject_alt_name_constraint != null); result = true; } @@ -258,6 +382,65 @@ public class MoonshotServer : Object { request.cond.wait (request.mutex); request.mutex.unlock (); } + + [CCode (cname = "moonshot_install_id_card_rpc")] + public static bool install_id_card (string display_name, + string user_name, + string password, + string realm, + string[] rules_patterns, + string[] rules_always_confirm, + string[] services, + string ca_cert, + string subject, + string subject_alt, + string server_cert, + bool force_flat_file_store) + { + IdCard idcard = new IdCard (); + bool success = false; + Mutex mutex = new Mutex(); + Cond cond = new Cond(); + + idcard.display_name = display_name; + idcard.username = user_name; + idcard.password = password; + idcard.issuer = realm; + idcard.services = services; + idcard.trust_anchor.ca_cert = ca_cert; + idcard.trust_anchor.subject = subject; + idcard.trust_anchor.subject_alt = subject_alt; + idcard.trust_anchor.server_cert = server_cert; + + if (rules_patterns.length == rules_always_confirm.length) + { + idcard.rules = new Rule[rules_patterns.length]; + + for (int i=0; i { + mutex.lock (); + success = parent_app.add_identity (idcard, force_flat_file_store); + cond.signal (); + mutex.unlock (); + return false; + }); + + cond.wait (mutex); + mutex.unlock (); + + return success; + } + } + #endif