src/moonshot-server-linux.vala

   1 /*
   2  * Copyright (c) 2011-2016, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31 */
  32
  33 using Gee;
  34
  35 [DBus (name = "org.janet.Moonshot")]
  36 public class MoonshotServer : Object {
  37
  38     static MoonshotLogger logger = get_logger("MoonshotServer");
  39
  40     private string app_name = "Moonshot";
  41
  42     private IdentityManagerApp parent_app;
  43
  44     public MoonshotServer(IdentityManagerApp app)
  45     {
  46         logger.trace("MoonshotServer.<constructor>; app=" + (app == null ? "null" : "non-null"));
  47         this.parent_app = app;
  48     }
  49
  50     public bool show_ui()
  51     {
  52         logger.trace("MoonshotServer.show_ui");
  53
  54         if (parent_app.view == null) {
  55             stderr.printf(app_name, "show_ui: parent_app.view is null!\n");
  56             logger.warn("show_ui: parent_app.view is null!");
  57             return false;
  58         }
  59         parent_app.show();
  60         parent_app.explicitly_launched = true;
  61         logger.trace("MoonshotServer.show_ui: returning true");
  62         return true;
  63     }
  64
  65     public async bool get_identity(string nai,
  66                                    string password,
  67                                    string service,
  68                                    out string nai_out,
  69                                    out string password_out,
  70                                    out string server_certificate_hash,
  71                                    out string ca_certificate,
  72                                    out string subject_name_constraint,
  73                                    out string subject_alt_name_constraint)
  74     {
  75         logger.trace(@"MoonshotServer.get_identity: nai='$nai'; service='$service'");
  76         var request = new IdentityRequest(parent_app,
  77                                           nai,
  78                                           password,
  79                                           service);
  80         logger.trace(@"MoonshotServer.get_identity: Calling request.execute()");
  81         request.set_callback((IdentityRequest) => get_identity.callback());
  82         request.execute();
  83         logger.trace(@"MoonshotServer.get_identity: Back from request.execute()");
  84         yield;
  85         logger.trace(@"MoonshotServer.get_identity: back from yield");
  86
  87         nai_out = "";
  88         password_out = "";
  89         server_certificate_hash = "";
  90         ca_certificate = "";
  91         subject_name_constraint = "";
  92         subject_alt_name_constraint = "";
  93
  94         var id_card = request.id_card;
  95
  96         if ((id_card != null) && (!id_card.is_no_identity())) {
  97             nai_out = id_card.nai;
  98             if ((request.password != null) && (request.password != ""))
  99                 password_out = request.password;
 100             else
 101                 password_out = id_card.password;
 102
 103             server_certificate_hash = id_card.trust_anchor.server_cert;
 104             ca_certificate = id_card.trust_anchor.ca_cert;
 105             subject_name_constraint = id_card.trust_anchor.subject;
 106             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 107
 108             if (nai_out == null)
 109                 nai_out = "";
 110             if (password_out == null)
 111                 password_out = "";
 112             if (server_certificate_hash == null)
 113                 server_certificate_hash = "";
 114             if (ca_certificate == null)
 115                 ca_certificate = "";
 116             if (subject_name_constraint == null)
 117                 subject_name_constraint = "";
 118             if (subject_alt_name_constraint == null)
 119                 subject_alt_name_constraint = "";
 120
 121             logger.trace(@"MoonshotServer.get_identity: returning with nai_out=$nai_out");
 122
 123             return true;
 124         }
 125
 126         logger.trace("MoonshotServer.get_identity: returning false");
 127         return false;
 128     }
 129
 130     public async bool get_default_identity(out string nai_out,
 131                                            out string password_out,
 132                                            out string server_certificate_hash,
 133                                            out string ca_certificate,
 134                                            out string subject_name_constraint,
 135                                            out string subject_alt_name_constraint)
 136     {
 137         logger.trace("MoonshotServer.get_default_identity");
 138         var request = new IdentityRequest.default(parent_app);
 139         request.set_callback((IdentityRequest) => get_default_identity.callback());
 140         request.execute();
 141         yield;
 142
 143         nai_out = "";
 144         password_out = "";
 145         server_certificate_hash = "";
 146         ca_certificate = "";
 147         subject_name_constraint = "";
 148         subject_alt_name_constraint = "";
 149
 150         if (request.id_card != null)
 151         {
 152             nai_out = request.id_card.nai;
 153             password_out = request.id_card.password;
 154
 155             server_certificate_hash = request.id_card.trust_anchor.server_cert;
 156             ca_certificate = request.id_card.trust_anchor.ca_cert;
 157             subject_name_constraint = request.id_card.trust_anchor.subject;
 158             subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
 159
 160             if (nai_out == null)
 161                 nai_out = "";
 162             if (password_out == null)
 163                 password_out = "";
 164             if (server_certificate_hash == null)
 165                 server_certificate_hash = "";
 166             if (ca_certificate == null)
 167                 ca_certificate = "";
 168             if (subject_name_constraint == null)
 169                 subject_name_constraint = "";
 170             if (subject_alt_name_constraint == null)
 171                 subject_alt_name_constraint = "";
 172
 173             logger.trace("MoonshotServer.get_default_identity: returning true");
 174             return true;
 175         }
 176
 177         return false;
 178     }
 179
 180     public bool install_id_card(string   display_name,
 181                                 string   user_name,
 182                                 string   ?password,
 183                                 string   ?realm,
 184                                 string[] ?rules_patterns,
 185                                 string[] ?rules_always_confirm,
 186                                 string[] ?services,
 187                                 string   ?ca_cert,
 188                                 string   ?subject,
 189                                 string   ?subject_alt,
 190                                 string   ?server_cert,
 191                                 int      force_flat_file_store)
 192     {
 193         IdCard idcard = new IdCard();
 194
 195         idcard.display_name = display_name;
 196         idcard.username = user_name;
 197         idcard.password = password;
 198         if ((password != null) && (password != ""))
 199             idcard.store_password = true;
 200         idcard.issuer = realm;
 201         idcard.update_services(services);
 202         var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt);
 203
 204         if (!ta.is_empty()) {
 205             // We have to set the datetime_added here, because it isn't delivered via IPC.
 206             string ta_datetime_added = TrustAnchor.format_datetime_now();
 207             ta.set_datetime_added(ta_datetime_added);
 208             logger.trace("install_id_card : Set ta_datetime_added for '%s' to '%s'; ca_cert='%s'; server_cert='%s'".printf(idcard.display_name, ta.datetime_added, ta.ca_cert, ta.server_cert));
 209         }
 210         idcard.set_trust_anchor_from_store(ta);
 211
 212         logger.trace("install_id_card: Card '%s' has services: '%s'"
 213                      .printf(idcard.display_name, idcard.get_services_string("; ")));
 214
 215         logger.trace(@"Installing IdCard named '$(idcard.display_name)'; ca_cert='$(idcard.trust_anchor.ca_cert)'; server_cert='$(idcard.trust_anchor.server_cert)'");
 216
 217
 218         if (rules_patterns.length == rules_always_confirm.length)
 219         {
 220             /* workaround Centos vala array property bug: use temp array */
 221             Rule[] rules = new Rule[rules_patterns.length];
 222
 223             for (int i = 0; i < rules.length; i++)
 224             {
 225                 rules[i].pattern = rules_patterns[i];
 226                 rules[i].always_confirm = rules_always_confirm[i];
 227             }
 228             idcard.rules = rules;
 229         }
 230
 231         ArrayList<IdCard>? old_duplicates = null;
 232         var ret = parent_app.add_identity(idcard, (force_flat_file_store != 0), out old_duplicates);
 233
 234         if (old_duplicates != null) {
 235             // Printing to stdout here is ugly behavior; but it's old behavior that
 236             // may be expected. (TODO: Do we need to keep this?)
 237             foreach (IdCard id_card in old_duplicates) {
 238                 stdout.printf("removed duplicate id for '%s'\n", id_card.nai);
 239             }
 240         }
 241         return ret;
 242     }
 243
 244
 245     public int install_from_file(string file_name)
 246     {
 247         var webp = new WebProvisioning.Parser(file_name);
 248
 249         webp.parse();
 250         bool result = false;
 251         int installed_cards = 0;
 252         foreach (IdCard card in webp.cards)
 253         {
 254             string[] rules_patterns = {};
 255             string[] rules_always_confirm = {};
 256
 257             if (card.rules.length > 0)
 258             {
 259                 int i = 0;
 260                 rules_patterns = new string[card.rules.length];
 261                 rules_always_confirm = new string[card.rules.length];
 262                 foreach (Rule r in card.rules)
 263                 {
 264                     rules_patterns[i] = r.pattern;
 265                     rules_always_confirm[i] = r.always_confirm;
 266                     i++;
 267                 }
 268             }
 269
 270
 271             // prevent a crash by holding the reference to otherwise
 272             // unowned array(?)
 273
 274             // string[] svcs = card.services.to_array();
 275             // string[] svcs = card.services.to_array()[:];
 276             string[] svcs = new string[card.services.size];
 277             for (int i = 0; i < card.services.size; i++) {
 278                 svcs[i] = card.services[i];
 279             }
 280
 281             logger.trace(@"install_from_file: Adding card with display name '$(card.display_name)'");
 282             result = install_id_card(card.display_name,
 283                                      card.username,
 284                                      card.password,
 285                                      card.issuer,
 286                                      rules_patterns,
 287                                      rules_always_confirm,
 288                                      svcs,
 289                                      card.trust_anchor.ca_cert,
 290                                      card.trust_anchor.subject,
 291                                      card.trust_anchor.subject_alt,
 292                                      card.trust_anchor.server_cert,
 293                                      0);
 294             if (result) {
 295                 installed_cards++;
 296             }
 297         }
 298         return installed_cards;
 299     }
 300
 301     public async bool confirm_ca_certificate(string nai,
 302                                              string realm,
 303                                              string ca_hash,
 304                                              out int confirmed)
 305     {
 306         logger.trace(@"MoonshotServer.confirm_ca_certificate: nai='$nai'; realm='$realm'; ca_hash='$ca_hash'");
 307
 308         var request = new TrustAnchorConfirmationRequest(parent_app, nai, realm, ca_hash);
 309         request.set_callback((TrustAnchorConfirmationRequest) => confirm_ca_certificate.callback());
 310         request.execute();
 311         yield;
 312
 313         confirmed = (request.confirmed ? 1 : 0);
 314         logger.trace(@"MoonshotServer.confirm_ca_certificate: confirmed=$confirmed");
 315         return true;
 316     }
 317 }