2 * Copyright (c) 2011-2016, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 [DBus (name = "org.janet.Moonshot")]
36 public class MoonshotServer : Object {
38 static MoonshotLogger logger = get_logger("MoonshotServer");
40 private string app_name = "Moonshot";
42 private IdentityManagerApp parent_app;
44 public MoonshotServer(IdentityManagerApp app)
46 logger.trace("MoonshotServer.<constructor>; app=" + (app == null ? "null" : "non-null"));
47 this.parent_app = app;
52 logger.trace("MoonshotServer.show_ui");
54 if (parent_app.view == null) {
55 stderr.printf(app_name, "show_ui: parent_app.view is null!\n");
56 logger.warn("show_ui: parent_app.view is null!");
60 parent_app.explicitly_launched = true;
61 logger.trace("MoonshotServer.show_ui: returning true");
65 public async bool get_identity(string nai,
69 out string password_out,
70 out string server_certificate_hash,
71 out string ca_certificate,
72 out string subject_name_constraint,
73 out string subject_alt_name_constraint)
75 logger.trace(@"MoonshotServer.get_identity: nai='$nai'; service='$service'");
76 var request = new IdentityRequest(parent_app,
80 logger.trace(@"MoonshotServer.get_identity: Calling request.execute()");
81 request.set_callback((IdentityRequest) => get_identity.callback());
83 logger.trace(@"MoonshotServer.get_identity: Back from request.execute()");
85 logger.trace(@"MoonshotServer.get_identity: back from yield");
89 server_certificate_hash = "";
91 subject_name_constraint = "";
92 subject_alt_name_constraint = "";
94 var id_card = request.id_card;
96 if ((id_card != null) && (!id_card.is_no_identity())) {
97 nai_out = id_card.nai;
98 if ((request.password != null) && (request.password != ""))
99 password_out = request.password;
101 password_out = id_card.password;
103 server_certificate_hash = id_card.trust_anchor.server_cert;
104 ca_certificate = id_card.trust_anchor.ca_cert;
105 subject_name_constraint = id_card.trust_anchor.subject;
106 subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
110 if (password_out == null)
112 if (server_certificate_hash == null)
113 server_certificate_hash = "";
114 if (ca_certificate == null)
116 if (subject_name_constraint == null)
117 subject_name_constraint = "";
118 if (subject_alt_name_constraint == null)
119 subject_alt_name_constraint = "";
121 logger.trace(@"MoonshotServer.get_identity: returning with nai_out=$nai_out");
126 logger.trace("MoonshotServer.get_identity: returning false");
130 public async bool get_default_identity(out string nai_out,
131 out string password_out,
132 out string server_certificate_hash,
133 out string ca_certificate,
134 out string subject_name_constraint,
135 out string subject_alt_name_constraint)
137 logger.trace("MoonshotServer.get_default_identity");
138 var request = new IdentityRequest.default(parent_app);
139 request.set_callback((IdentityRequest) => get_default_identity.callback());
145 server_certificate_hash = "";
147 subject_name_constraint = "";
148 subject_alt_name_constraint = "";
150 if (request.id_card != null)
152 nai_out = request.id_card.nai;
153 password_out = request.id_card.password;
155 server_certificate_hash = request.id_card.trust_anchor.server_cert;
156 ca_certificate = request.id_card.trust_anchor.ca_cert;
157 subject_name_constraint = request.id_card.trust_anchor.subject;
158 subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
162 if (password_out == null)
164 if (server_certificate_hash == null)
165 server_certificate_hash = "";
166 if (ca_certificate == null)
168 if (subject_name_constraint == null)
169 subject_name_constraint = "";
170 if (subject_alt_name_constraint == null)
171 subject_alt_name_constraint = "";
173 logger.trace("MoonshotServer.get_default_identity: returning true");
180 public bool install_id_card(string display_name,
184 string[] ?rules_patterns,
185 string[] ?rules_always_confirm,
191 int force_flat_file_store)
193 IdCard idcard = new IdCard();
195 idcard.display_name = display_name;
196 idcard.username = user_name;
197 idcard.password = password;
198 if ((password != null) && (password != ""))
199 idcard.store_password = true;
200 idcard.issuer = realm;
201 idcard.update_services(services);
202 var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt);
204 if (!ta.is_empty()) {
205 // We have to set the datetime_added here, because it isn't delivered via IPC.
206 string ta_datetime_added = TrustAnchor.format_datetime_now();
207 ta.set_datetime_added(ta_datetime_added);
208 logger.trace("install_id_card : Set ta_datetime_added for '%s' to '%s'; ca_cert='%s'; server_cert='%s'".printf(idcard.display_name, ta.datetime_added, ta.ca_cert, ta.server_cert));
210 idcard.set_trust_anchor_from_store(ta);
212 logger.trace("install_id_card: Card '%s' has services: '%s'"
213 .printf(idcard.display_name, idcard.get_services_string("; ")));
215 logger.trace(@"Installing IdCard named '$(idcard.display_name)'; ca_cert='$(idcard.trust_anchor.ca_cert)'; server_cert='$(idcard.trust_anchor.server_cert)'");
218 if (rules_patterns.length == rules_always_confirm.length)
220 /* workaround Centos vala array property bug: use temp array */
221 Rule[] rules = new Rule[rules_patterns.length];
223 for (int i = 0; i < rules.length; i++)
225 rules[i].pattern = rules_patterns[i];
226 rules[i].always_confirm = rules_always_confirm[i];
228 idcard.rules = rules;
231 ArrayList<IdCard>? old_duplicates = null;
232 var ret = parent_app.add_identity(idcard, (force_flat_file_store != 0), out old_duplicates);
234 if (old_duplicates != null) {
235 // Printing to stdout here is ugly behavior; but it's old behavior that
236 // may be expected. (TODO: Do we need to keep this?)
237 foreach (IdCard id_card in old_duplicates) {
238 stdout.printf("removed duplicate id for '%s'\n", id_card.nai);
245 public int install_from_file(string file_name)
247 var webp = new WebProvisioning.Parser(file_name);
251 int installed_cards = 0;
252 foreach (IdCard card in webp.cards)
254 string[] rules_patterns = {};
255 string[] rules_always_confirm = {};
257 if (card.rules.length > 0)
260 rules_patterns = new string[card.rules.length];
261 rules_always_confirm = new string[card.rules.length];
262 foreach (Rule r in card.rules)
264 rules_patterns[i] = r.pattern;
265 rules_always_confirm[i] = r.always_confirm;
271 // prevent a crash by holding the reference to otherwise
274 // string[] svcs = card.services.to_array();
275 // string[] svcs = card.services.to_array()[:];
276 string[] svcs = new string[card.services.size];
277 for (int i = 0; i < card.services.size; i++) {
278 svcs[i] = card.services[i];
281 logger.trace(@"install_from_file: Adding card with display name '$(card.display_name)'");
282 result = install_id_card(card.display_name,
287 rules_always_confirm,
289 card.trust_anchor.ca_cert,
290 card.trust_anchor.subject,
291 card.trust_anchor.subject_alt,
292 card.trust_anchor.server_cert,
298 return installed_cards;
301 public async bool confirm_ca_certificate(string nai,
306 logger.trace(@"MoonshotServer.confirm_ca_certificate: nai='$nai'; realm='$realm'; ca_hash='$ca_hash'");
308 var request = new TrustAnchorConfirmationRequest(parent_app, nai, realm, ca_hash);
309 request.set_callback((TrustAnchorConfirmationRequest) => confirm_ca_certificate.callback());
313 confirmed = (request.confirmed ? 1 : 0);
314 logger.trace(@"MoonshotServer.confirm_ca_certificate: confirmed=$confirmed");