2 * Copyright (c) 2011-2016, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 extern char* get_cert_valid_before(char* cert, int certlen, char* datebuf, int buflen);
38 public class TrustAnchor : Object
40 private static const string CERT_HEADER = "-----BEGIN CERTIFICATE-----";
41 private static const string CERT_FOOTER = "-----END CERTIFICATE-----";
43 public enum TrustAnchorType {
48 private string _ca_cert = "";
49 private string _subject = "";
50 private string _subject_alt = "";
51 private string _server_cert = "";
53 public string ca_cert {
58 _ca_cert = (value ?? "");
62 public string subject {
67 _subject = (value ?? "");
71 public string subject_alt {
76 _subject_alt = (value ?? "");
81 public string server_cert {
86 _server_cert = (value ?? "");
90 public bool is_empty() {
91 return ca_cert == "" && subject == "" && subject_alt == "" && server_cert == "";
94 public TrustAnchorType get_anchor_type() {
95 return server_cert == "" ? TrustAnchorType.CA_CERT : TrustAnchorType.SERVER_CERT;
98 public int Compare(TrustAnchor other)
100 if (this.ca_cert != other.ca_cert)
102 if (this.subject != other.subject)
104 if (this.subject_alt != other.subject_alt)
106 if (this.server_cert != other.server_cert)
111 public string? get_expiration_date(out string? err_out=null)
113 if (this.ca_cert == "") {
114 if (&err_out != null) {
115 err_out = "Trust anchor does not have a ca_certificate";
120 string cert = this.ca_cert;
122 if (cert.substring(0, CERT_HEADER.length) != CERT_HEADER) {
123 cert = CERT_HEADER + "\n" + cert;
125 if (cert.substring(0, -CERT_FOOTER.length) != CERT_FOOTER) {
126 cert += "\n" + CERT_FOOTER;
130 IdCard.logger.trace(@"get_expiration_date: Sending " + cert);
133 string err = (string) get_cert_valid_before(cert, cert.length, buf, 64);
135 IdCard.logger.error(@"get_expiration_date: get_cert_valid_before returned '$err'");
136 if (&err_out != null) {
142 string date = (string) buf;
143 IdCard.logger.trace(@"get_expiration_date: get_cert_valid_before returned '$date'");
152 public string pattern;
153 public string always_confirm;
154 public int Compare(Rule other) {
155 if (this.pattern != other.pattern)
157 if (this.always_confirm != other.always_confirm)
163 public class IdCard : Object
165 internal static MoonshotLogger logger = get_logger("IdCard");
167 public const string NO_IDENTITY = "No Identity";
171 public string display_name { get; set; default = ""; }
173 public string username { get; set; default = ""; }
175 private unowned string _password;
176 public string password {
178 return (_password!=null) ? _password : "";
181 if (_password != null) {
182 GnomeKeyring.memory_free((void *)_password);
186 _password = GnomeKeyring.memory_strdup(value);
190 public string password { get; set; default = null; }
193 public string issuer { get; set; default = ""; }
195 private Rule[] _rules = new Rule[0];
196 public Rule[] rules {
198 internal set {_rules = value ?? new Rule[0] ;}
201 private ArrayList<string> _services = new ArrayList<string>();
203 internal ArrayList<string> services {
204 get {return _services;}
207 // Returns the list of services as a string, using the given separator.
208 internal string get_services_string(string sep) {
209 if (_services.is_empty) {
213 // ArrayList.to_array() seems to be unreliable -- it causes segfaults
214 // semi-randomly. (Possibly because it returns an unowned ref?)
215 // return string.joinv(sep, _services.to_array());
217 // This problem may be related to the one noted elsewhere as the
218 // "Centos vala array property bug".
220 string[] svcs = new string[_services.size];
221 for (int i = 0; i < _services.size; i++) {
222 svcs[i] = _services[i];
225 return string.joinv(sep, svcs);
228 internal void update_services(string[] services) {
231 // Doesn't exist in older versions of libgee:
232 // _services.add_all_array(services);
234 if (services != null) {
235 foreach (string s in services) {
241 internal void update_services_from_list(ArrayList<string> services) {
242 if (services == this._services) {
243 // Don't try to update from self.
249 if (services != null) {
250 _services.add_all(services);
255 public bool temporary {get; set; default = false; }
257 public TrustAnchor trust_anchor { get; set; default = new TrustAnchor (); }
259 public unowned string nai { get { _nai = username + "@" + issuer; return _nai;}}
261 public bool store_password { get; set; default = false; }
263 public bool is_no_identity()
265 return (display_name == NO_IDENTITY);
268 public enum DiffFlags {
278 public int Compare(IdCard other)
281 if (this.display_name != other.display_name)
282 diff |= 1 << DiffFlags.DISPLAY_NAME;
284 if (this.username != other.username)
285 diff |= 1 << DiffFlags.USERNAME;
287 if (this.password != other.password)
288 diff |= 1 << DiffFlags.PASSWORD;
290 if (this.issuer != other.issuer)
291 diff |= 1 << DiffFlags.ISSUER;
293 if (CompareRules(this.rules, other.rules)!=0)
294 diff |= 1 << DiffFlags.RULES;
296 if (CompareStringArrayList(this._services, other._services)!=0)
297 diff |= 1 << DiffFlags.SERVICES;
299 if (this.trust_anchor.Compare(other.trust_anchor)!=0)
300 diff |= 1 << DiffFlags.TRUST_ANCHOR;
302 // stdout.printf("Diff Flags: %x\n", diff);
306 public static IdCard NewNoIdentity()
308 IdCard card = new IdCard();
309 card.display_name = NO_IDENTITY;
317 internal void add_rule(Rule rule) {
322 public int CompareRules(Rule[] a, Rule[] b)
324 if (a.length != b.length) {
328 for (int i = 0; i < a.length; i++) {
329 if (a[i].Compare(b[i]) != 0) {
336 public int CompareStringArrayList(ArrayList<string> a, ArrayList<string> b)
338 if (a.size != b.size) {
342 for (int i = 0; i < a.size; i++) {