src/moonshot-keyring-store.vala

   1 /*
   2  * Copyright (c) 2011-2014, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31 */
  32 using Gee;
  33
  34 #if GNOME_KEYRING
  35 public class KeyringStore : Object, IIdentityCardStore {
  36     static MoonshotLogger logger = get_logger("KeyringStore");
  37
  38     private LinkedList<IdCard> id_card_list;
  39     private const string keyring_store_attribute = "Moonshot";
  40     private const string keyring_store_version = "1.0";
  41     private const GnomeKeyring.ItemType item_type = GnomeKeyring.ItemType.GENERIC_SECRET;
  42
  43     public void add_card(IdCard card) {
  44         logger.trace("add_card: Adding card '%s' with services: '%s'"
  45                      .printf(card.display_name, card.get_services_string("; ")));
  46
  47         id_card_list.add(card);
  48         store_id_cards();
  49     }
  50
  51     public IdCard? update_card(IdCard card) {
  52         logger.trace("update_card");
  53
  54         id_card_list.remove(card);
  55         id_card_list.add(card);
  56
  57         store_id_cards();
  58         foreach (IdCard idcard in id_card_list) {
  59             if (idcard.display_name == card.display_name) {
  60                 return idcard;
  61             }
  62         }
  63
  64         logger.error(@"update_card: card '$(card.display_name)' was not found after re-loading!");
  65         return null;
  66     }
  67
  68     public bool remove_card(IdCard card) {
  69         bool retval = id_card_list.remove(card);
  70         if (retval)
  71             store_id_cards();
  72         return retval;
  73     }
  74
  75     public IIdentityCardStore.StoreType get_store_type() {
  76         return IIdentityCardStore.StoreType.KEYRING;
  77     }
  78
  79     public LinkedList<IdCard> get_card_list() {
  80         return id_card_list;
  81     }
  82
  83     /* clear all keyring-stored ids (in preparation to store current list) */
  84     private void clear_keyring() {
  85         GnomeKeyring.AttributeList match = new GnomeKeyring.AttributeList();
  86         match.append_string(keyring_store_attribute, keyring_store_version);
  87         GLib.List<GnomeKeyring.Found> items;
  88         GnomeKeyring.find_items_sync(item_type, match, out items);
  89         foreach(unowned GnomeKeyring.Found entry in items) {
  90             GnomeKeyring.Result result = GnomeKeyring.item_delete_sync(null, entry.item_id);
  91             if (result != GnomeKeyring.Result.OK) {
  92                 stdout.printf("GnomeKeyring.item_delete_sync() failed. result: %d", result);
  93             }
  94         }
  95     }
  96
  97     private void load_id_cards() {
  98         id_card_list.clear();
  99
 100         GnomeKeyring.AttributeList match = new GnomeKeyring.AttributeList();
 101         match.append_string(keyring_store_attribute, keyring_store_version);
 102         GLib.List<GnomeKeyring.Found> items;
 103         GnomeKeyring.find_items_sync(item_type, match, out items);
 104         foreach(unowned GnomeKeyring.Found entry in items) {
 105             IdCard id_card = new IdCard();
 106             int i;
 107             int rules_patterns_index = -1;
 108             int rules_always_confirm_index = -1;
 109             string store_password = null;
 110             string ca_cert = "";
 111             string server_cert = "";
 112             string subject = "";
 113             string subject_alt = "";
 114             bool   user_verified = false;
 115             string ta_datetime_added = "";
 116             for (i = 0; i < entry.attributes.len; i++) {
 117                 var attribute = ((GnomeKeyring.Attribute *) entry.attributes.data)[i];
 118                 string value = "";
 119                 if (attribute.type == GnomeKeyring.AttributeType.STRING) {
 120                     value = attribute.string_value;
 121                 }
 122
 123                 if (attribute.name == "Issuer") {
 124                     id_card.issuer = value;
 125                 } else if (attribute.name == "Username") {
 126                     id_card.username = value;
 127                 } else if (attribute.name == "DisplayName") {
 128                     id_card.display_name = value;
 129                 } else if (attribute.name == "Services") {
 130                     id_card.update_services(value.split(";"));
 131                 } else if (attribute.name == "Rules-Pattern") {
 132                     rules_patterns_index = i;
 133                 } else if (attribute.name == "Rules-AlwaysConfirm") {
 134                     rules_always_confirm_index = i;
 135                 } else if (attribute.name == "CA-Cert") {
 136                     ca_cert = value.strip();
 137                 } else if (attribute.name == "Server-Cert") {
 138                     server_cert = value;
 139                 } else if (attribute.name == "Subject") {
 140                     subject = value;
 141                 } else if (attribute.name == "Subject-Alt") {
 142                     subject_alt = value;
 143                 } else if (attribute.name == "StorePassword") {
 144                     store_password = value;
 145                 } else if (attribute.name == "CACert_User_Verified") {
 146                     user_verified = (value == "true");
 147                 } else if (attribute.name == "TA_DateTime_Added") {
 148                     ta_datetime_added = value;
 149                 }
 150             }
 151
 152             var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt, user_verified);
 153             if (ta_datetime_added != "") {
 154                 ta.set_datetime_added(ta_datetime_added);
 155             }
 156             id_card.set_trust_anchor_from_store(ta);
 157
 158             if ((rules_always_confirm_index != -1) && (rules_patterns_index != -1)) {
 159                 string rules_patterns_all = ((GnomeKeyring.Attribute *) entry.attributes.data)[rules_patterns_index].string_value;
 160                 string rules_always_confirm_all = ((GnomeKeyring.Attribute *) entry.attributes.data)[rules_always_confirm_index].string_value;
 161                 string [] rules_always_confirm = rules_always_confirm_all.split(";");
 162                 string [] rules_patterns = rules_patterns_all.split(";");
 163                 if (rules_patterns.length == rules_always_confirm.length) {
 164                     Rule[] rules = new Rule[rules_patterns.length];
 165                     for (int j = 0; j < rules_patterns.length; j++) {
 166                         rules[j].pattern = rules_patterns[j];
 167                         rules[j].always_confirm = rules_always_confirm[j];
 168                     }
 169                     id_card.rules = rules;
 170                 }
 171             }
 172
 173             if (store_password != null)
 174                 id_card.store_password = (store_password == "yes");
 175             else
 176                 id_card.store_password = ((entry.secret != null) && (entry.secret != ""));
 177
 178             if (id_card.store_password)
 179                 id_card.password = entry.secret;
 180             else
 181                 id_card.password = null;
 182             id_card_list.add(id_card);
 183         }
 184     }
 185
 186     internal void store_id_cards() {
 187         logger.trace("store_id_cards");
 188         clear_keyring();
 189         foreach (IdCard id_card in this.id_card_list) {
 190             /* workaround for Centos vala array property bug: use temp array */
 191             var rules = id_card.rules;
 192             string[] rules_patterns = new string[rules.length];
 193             string[] rules_always_conf = new string[rules.length];
 194
 195             for (int i = 0; i < rules.length; i++) {
 196                 rules_patterns[i] = rules[i].pattern;
 197                 rules_always_conf[i] = rules[i].always_confirm;
 198             }
 199             string patterns = string.joinv(";", rules_patterns);
 200             string always_conf = string.joinv(";", rules_always_conf);
 201             string services = id_card.get_services_string(";");
 202             GnomeKeyring.AttributeList attributes = new GnomeKeyring.AttributeList();
 203             uint32 item_id;
 204             attributes.append_string(keyring_store_attribute, keyring_store_version);
 205             attributes.append_string("Issuer", id_card.issuer);
 206             attributes.append_string("Username", id_card.username);
 207             attributes.append_string("DisplayName", id_card.display_name);
 208             attributes.append_string("Services", services);
 209             attributes.append_string("Rules-Pattern", patterns);
 210             attributes.append_string("Rules-AlwaysConfirm", always_conf);
 211             attributes.append_string("CA-Cert", id_card.trust_anchor.ca_cert);
 212             attributes.append_string("Server-Cert", id_card.trust_anchor.server_cert);
 213             attributes.append_string("Subject", id_card.trust_anchor.subject);
 214             attributes.append_string("Subject-Alt", id_card.trust_anchor.subject_alt);
 215             attributes.append_string("CACert_User_Verified", id_card.trust_anchor.user_verified ? "true" : "false");
 216             attributes.append_string("TA_DateTime_Added", id_card.trust_anchor.datetime_added);
 217             attributes.append_string("StorePassword", id_card.store_password ? "yes" : "no");
 218
 219             GnomeKeyring.Result result = GnomeKeyring.item_create_sync(null,
 220                                                                        item_type, id_card.display_name, attributes,
 221                                                                        id_card.store_password ? id_card.password : "",
 222                                                                        true, out item_id);
 223             if (result != GnomeKeyring.Result.OK) {
 224                 stdout.printf("GnomeKeyring.item_create_sync() failed. result: %d", result);
 225             }
 226         }
 227         load_id_cards();
 228     }
 229
 230     public KeyringStore() {
 231         id_card_list = new LinkedList<IdCard>();
 232         load_id_cards();
 233     }
 234 }
 235
 236 #endif