1 /* ms-identity-server Moonshot library
2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * Author: pete.fotheringham@codethink.co.uk>
35 namespace MoonshotIdentityServer {
38 * @nai: Name and issuer constraint for the required identity, or %NULL.
39 * @password: Password for the identity, or %NULL.
40 * @service: Service constraint for the required identity, or %NULL.
41 * @nai_out: A pointer to a string which receives the name and issuer of the
43 * @password_out: A pointer to a string which receives the password.
44 * @server_certificate_hash_out: Receives a hash of the identity server's
45 * certificate, or %NULL.
46 * @ca_certificate_out: The CA certificate, if @server_certificate_hash was
48 * @subject_name_constraint_out: Set if @ca_certificate is set, otherwise %NULL.
49 * @subject_alt_name_constraint_out: Set if @ca_certificate is set, otherwise
51 * @error: Return location for a #MoonshotError.
53 * This function calls the Moonshot server to request an ID card. The server
54 * will be activated if it is not already running. The user interface will be
55 * displayed if there is more than one matching identity and the user will be
56 * asked to select one.
58 * There are two types of trust anchor that may be returned. If
59 * @server_certificate_hash is non-empty, the remaining parameters will be
60 * empty. Otherwise, the @ca_certificate parameter and the subject name
61 * constraints will be returned.
63 * Error reporting is handled by a simple mechanism similar to #GError. If
64 * an error occurs, as well as returning %FALSE a #MoonshotError object will
65 * be stored at *@error, with a code and message string. This must be freed
66 * using moonshot_error_free().
68 * Return value: %TRUE if an identity was successfully selected, %FALSE on
71 // public async bool get_identity (string nai,
72 public bool get_identity (string nai,
76 out string password_out,
77 out string server_certificate_hash,
78 out string ca_certificate,
79 out string subject_name_constraint,
80 out string subject_alt_name_constraint)
82 // var request = new IdentityRequest (main_window,
86 // request.set_callback ((IdentityRequest) => get_identity.callback());
87 // request.execute ();
92 // server_certificate_hash = "";
93 // ca_certificate = "";
94 // subject_name_constraint = "";
95 // subject_alt_name_constraint = "";
97 // var id_card = request.id_card;
99 // if (id_card != null) {
100 // nai_out = id_card.nai;
101 // password_out = id_card.password;
103 // server_certificate_hash = id_card.trust_anchor.server_cert;
104 // ca_certificate = id_card.trust_anchor.ca_cert;
105 // subject_name_constraint = id_card.trust_anchor.subject;
106 // subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
108 // if (nai_out == null)
110 // if (password_out == null)
111 // password_out = "";
112 // if (server_certificate_hash == null)
113 // server_certificate_hash = "";
114 // if (ca_certificate == null)
115 // ca_certificate = "";
116 // if (subject_name_constraint == null)
117 // subject_name_constraint = "";
118 // if (subject_alt_name_constraint == null)
119 // subject_alt_name_constraint = "";
128 * moonshot_get_default_identity:
129 * @nai_out: A pointer to a string which receives the name and issuer of the
131 * @password_out: A pointer to a string which receives the password.
132 * @server_certificate_hash_out: Receives a hash of the identity server's
133 * certificate, or %NULL.
134 * @ca_certificate_out: The CA certificate, if @server_certificate_hash was
136 * @subject_name_constraint_out: Set if @ca_certificate is set, otherwise %NULL.
137 * @subject_alt_name_constraint_out: Set if @ca_certificate is set, otherwise
139 * @error: Return location for a #MoonshotError.
141 * This function calls the Moonshot server to request the default identity
142 * (the one most recently used). Its semantics are otherwise the same as
143 * moonshot_get_identity().
145 * Return value: %TRUE if an identity was available, otherwise %FALSE.
147 // public async bool get_default_identity (out string nai_out,
148 public bool get_default_identity (out string nai_out,
149 out string password_out,
150 out string server_certificate_hash,
151 out string ca_certificate,
152 out string subject_name_constraint,
153 out string subject_alt_name_constraint)
155 // var request = new IdentityRequest.default (main_window);
156 // request.set_callback ((IdentityRequest) => get_default_identity.callback());
157 // request.execute ();
161 // password_out = "";
162 // server_certificate_hash = "";
163 // ca_certificate = "";
164 // subject_name_constraint = "";
165 // subject_alt_name_constraint = "";
167 // if (request.id_card != null)
169 // nai_out = request.id_card.nai;
170 // password_out = request.id_card.password;
172 // server_certificate_hash = request.id_card.trust_anchor.server_cert;
173 // ca_certificate = request.id_card.trust_anchor.ca_cert;
174 // subject_name_constraint = request.id_card.trust_anchor.subject;
175 // subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
177 // if (nai_out == null)
179 // if (password_out == null)
180 // password_out = "";
181 // if (server_certificate_hash == null)
182 // server_certificate_hash = "";
183 // if (ca_certificate == null)
184 // ca_certificate = "";
185 // if (subject_name_constraint == null)
186 // subject_name_constraint = "";
187 // if (subject_alt_name_constraint == null)
188 // subject_alt_name_constraint = "";
197 * moonshot_install_id_card:
198 * @display_name: Display name of card
199 * @user_name: Username for identity, or %NULL
200 * @password: Password for identity, or %NULL
201 * @realm: Realm for identity, or %NULL
202 * @rules_patterns: Array of patterns for the service matching rules
203 * @rules_patterns_length: Length of @rules_patterns and @rules_always_confirm arrays
204 * @rules_always_confirm: Array of 'always confirm' flags corresponding to patterns
205 * @rules_always_confirm_length: Length of @rules_patterns and @rules_always_confirm arrays
206 * @services: Array of strings listing the services this identity provides
207 * @services_length: Length of @services array
208 * @ca_cert: The CA certificate, or %NULL
209 * @subject: Subject name constraint for @ca_cert, or %NULL
210 * @subject_alt: Subject alternative name constraint for @ca_cert, or %NULL
211 * @server_cert: Hash of the server certificate; required if @ca_cert is %NULL
212 * @error: Return location for a #MoonshotError.
214 * Calls the Moonshot server to add a new identity. The user will be prompted
215 * if they would like to add the ID card.
217 * The values for @rules_patterns_length and @rules_always_confirm_length should
218 * always be the same. They are present as separate parameters as a concession to
221 * Return value: %TRUE if the ID card was successfully added, %FALSE otherwise
224 public bool install_id_card (string display_name,
228 string[] rules_patterns,
229 string[] rules_always_confirm,
236 // IdCard idcard = new IdCard ();
238 // idcard.display_name = display_name;
239 // idcard.username = user_name;
240 // idcard.password = password;
241 // idcard.issuer = realm;
242 // idcard.services = services;
243 // idcard.trust_anchor.ca_cert = ca_cert;
244 // idcard.trust_anchor.subject = subject;
245 // idcard.trust_anchor.subject_alt = subject_alt;
246 // idcard.trust_anchor.server_cert = server_cert;
248 // if (rules_patterns.length == rules_always_confirm.length)
250 // idcard.rules = new Rule[rules_patterns.length];
252 // for (int i=0; i<idcard.rules.length; i++)
254 // idcard.rules[i].pattern = rules_patterns[i];
255 // idcard.rules[i].always_confirm = rules_always_confirm[i];
259 // return this.main_window.add_identity (idcard);
286 // * @pointer: pointer to be freed
288 // * All the strings returned by the get_identity() functions must be
289 // * freed using this function when they are no longer needed.
291 // * @pointer may be %NULL, in which case no action is taken.
293 //void moonshot_free (void *data);
296 // MOONSHOT_ERROR_UNABLE_TO_START_SERVICE,
297 // MOONSHOT_ERROR_NO_IDENTITY_SELECTED,
298 // MOONSHOT_ERROR_INSTALLATION_ERROR,
299 // MOONSHOT_ERROR_OS_ERROR,
300 // MOONSHOT_ERROR_IPC_ERROR
301 //} MoonshotErrorCode;
304 // int code; /* A MoonshotErrorCode */
309 // * moonshot_error_free:
310 // * @error: A #MoonshotError
312 // * Releases the memory used by @error. This function must be called if
313 // * a function has returned an error, once it has been reported.
315 //void moonshot_error_free (MoonshotError *error);
318 // * moonshot_get_identity:
319 // * @nai: Name and issuer constraint for the required identity, or %NULL.
320 // * @password: Password for the identity, or %NULL.
321 // * @service: Service constraint for the required identity, or %NULL.
322 // * @nai_out: A pointer to a string which receives the name and issuer of the
323 // * selected identity.
324 // * @password_out: A pointer to a string which receives the password.
325 // * @server_certificate_hash_out: Receives a hash of the identity server's
326 // * certificate, or %NULL.
327 // * @ca_certificate_out: The CA certificate, if @server_certificate_hash was
329 // * @subject_name_constraint_out: Set if @ca_certificate is set, otherwise %NULL.
330 // * @subject_alt_name_constraint_out: Set if @ca_certificate is set, otherwise
332 // * @error: Return location for a #MoonshotError.
334 // * This function calls the Moonshot server to request an ID card. The server
335 // * will be activated if it is not already running. The user interface will be
336 // * displayed if there is more than one matching identity and the user will be
337 // * asked to select one.
339 // * There are two types of trust anchor that may be returned. If
340 // * @server_certificate_hash is non-empty, the remaining parameters will be
341 // * empty. Otherwise, the @ca_certificate parameter and the subject name
342 // * constraints will be returned.
344 // * Error reporting is handled by a simple mechanism similar to #GError. If
345 // * an error occurs, as well as returning %FALSE a #MoonshotError object will
346 // * be stored at *@error, with a code and message string. This must be freed
347 // * using moonshot_error_free().
349 // * Return value: %TRUE if an identity was successfully selected, %FALSE on
352 //int moonshot_get_identity (const char *nai,
353 // const char *password,
354 // const char *service,
356 // char **password_out,
357 // char **server_certificate_hash_out,
358 // char **ca_certificate_out,
359 // char **subject_name_constraint_out,
360 // char **subject_alt_name_constraint_out,
361 // MoonshotError **error);
364 // * moonshot_get_default_identity:
365 // * @nai_out: A pointer to a string which receives the name and issuer of the
367 // * @password_out: A pointer to a string which receives the password.
368 // * @server_certificate_hash_out: Receives a hash of the identity server's
369 // * certificate, or %NULL.
370 // * @ca_certificate_out: The CA certificate, if @server_certificate_hash was
372 // * @subject_name_constraint_out: Set if @ca_certificate is set, otherwise %NULL.
373 // * @subject_alt_name_constraint_out: Set if @ca_certificate is set, otherwise
375 // * @error: Return location for a #MoonshotError.
377 // * This function calls the Moonshot server to request the default identity
378 // * (the one most recently used). Its semantics are otherwise the same as
379 // * moonshot_get_identity().
381 // * Return value: %TRUE if an identity was available, otherwise %FALSE.
383 //int moonshot_get_default_identity (char **nai_out,
384 // char **password_out,
385 // char **server_certificate_hash_out,
386 // char **ca_certificate_out,
387 // char **subject_name_constraint_out,
388 // char **subject_alt_name_constraint_out,
389 // MoonshotError **error);
393 // * moonshot_install_id_card:
394 // * @display_name: Display name of card
395 // * @user_name: Username for identity, or %NULL
396 // * @password: Password for identity, or %NULL
397 // * @realm: Realm for identity, or %NULL
398 // * @rules_patterns: Array of patterns for the service matching rules
399 // * @rules_patterns_length: Length of @rules_patterns and @rules_always_confirm arrays
400 // * @rules_always_confirm: Array of 'always confirm' flags corresponding to patterns
401 // * @rules_always_confirm_length: Length of @rules_patterns and @rules_always_confirm arrays
402 // * @services: Array of strings listing the services this identity provides
403 // * @services_length: Length of @services array
404 // * @ca_cert: The CA certificate, or %NULL
405 // * @subject: Subject name constraint for @ca_cert, or %NULL
406 // * @subject_alt: Subject alternative name constraint for @ca_cert, or %NULL
407 // * @server_cert: Hash of the server certificate; required if @ca_cert is %NULL
408 // * @error: Return location for a #MoonshotError.
410 // * Calls the Moonshot server to add a new identity. The user will be prompted
411 // * if they would like to add the ID card.
413 // * The values for @rules_patterns_length and @rules_always_confirm_length should
414 // * always be the same. They are present as separate parameters as a concession to
415 // * the Vala bindings.
417 // * Return value: %TRUE if the ID card was successfully added, %FALSE otherwise
419 //int moonshot_install_id_card (const char *display_name,
420 // const char *user_name,
421 // const char *password,
422 // const char *realm,
423 // char *rules_patterns[],
424 // int rules_patterns_length,
425 // char *rules_always_confirm[],
426 // int rules_always_confirm_length,
428 // int services_length,
429 // const char *ca_cert,
430 // const char *subject,
431 // const char *subject_alt,
432 // const char *server_cert,
433 // MoonshotError **error);