src/moonshot-server.vala

   1 /*
   2  * Copyright (c) 2011-2014, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31 */
  32 #if IPC_DBUS
  33
  34 [DBus (name = "org.janet.Moonshot")]
  35 public class MoonshotServer : Object {
  36
  37     private IdentityManagerApp parent_app;
  38
  39     public MoonshotServer(IdentityManagerApp app)
  40     {
  41         this.parent_app = app;
  42     }
  43
  44     public bool show_ui()
  45     {
  46         if (parent_app.view == null) {
  47             return false;
  48         }
  49         parent_app.show();
  50         parent_app.explicitly_launched = true;
  51         return true;
  52     }
  53
  54     public async bool get_identity(string nai,
  55                                    string password,
  56                                    string service,
  57                                    out string nai_out,
  58                                    out string password_out,
  59                                    out string server_certificate_hash,
  60                                    out string ca_certificate,
  61                                    out string subject_name_constraint,
  62                                    out string subject_alt_name_constraint)
  63     {
  64         var request = new IdentityRequest(parent_app,
  65                                           nai,
  66                                           password,
  67                                           service);
  68         request.set_callback((IdentityRequest) => get_identity.callback());
  69         request.execute();
  70         yield;
  71
  72         nai_out = "";
  73         password_out = "";
  74         server_certificate_hash = "";
  75         ca_certificate = "";
  76         subject_name_constraint = "";
  77         subject_alt_name_constraint = "";
  78
  79         var id_card = request.id_card;
  80
  81         if ((id_card != null) && (id_card.display_name != IdCard.NO_IDENTITY)) {
  82             nai_out = id_card.nai;
  83             if ((request.password!=null) && (request.password != ""))
  84                 password_out = request.password;
  85             else
  86                 password_out = id_card.password;
  87
  88             server_certificate_hash = id_card.trust_anchor.server_cert;
  89             ca_certificate = id_card.trust_anchor.ca_cert;
  90             subject_name_constraint = id_card.trust_anchor.subject;
  91             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
  92
  93             if (nai_out == null)
  94                 nai_out = "";
  95             if (password_out == null)
  96                 password_out = "";
  97             if (server_certificate_hash == null)
  98                 server_certificate_hash = "";
  99             if (ca_certificate == null)
 100                 ca_certificate = "";
 101             if (subject_name_constraint == null)
 102                 subject_name_constraint = "";
 103             if (subject_alt_name_constraint == null)
 104                 subject_alt_name_constraint = "";
 105
 106             return true;
 107         }
 108
 109         return false;
 110     }
 111
 112     public async bool get_default_identity(out string nai_out,
 113                                            out string password_out,
 114                                            out string server_certificate_hash,
 115                                            out string ca_certificate,
 116                                            out string subject_name_constraint,
 117                                            out string subject_alt_name_constraint)
 118     {
 119         var request = new IdentityRequest.default(parent_app);
 120         request.set_callback((IdentityRequest) => get_default_identity.callback());
 121         request.execute();
 122         yield;
 123
 124         nai_out = "";
 125         password_out = "";
 126         server_certificate_hash = "";
 127         ca_certificate = "";
 128         subject_name_constraint = "";
 129         subject_alt_name_constraint = "";
 130
 131         if (request.id_card != null)
 132         {
 133             nai_out = request.id_card.nai;
 134             password_out = request.id_card.password;
 135
 136             server_certificate_hash = request.id_card.trust_anchor.server_cert;
 137             ca_certificate = request.id_card.trust_anchor.ca_cert;
 138             subject_name_constraint = request.id_card.trust_anchor.subject;
 139             subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
 140
 141             if (nai_out == null)
 142                 nai_out = "";
 143             if (password_out == null)
 144                 password_out = "";
 145             if (server_certificate_hash == null)
 146                 server_certificate_hash = "";
 147             if (ca_certificate == null)
 148                 ca_certificate = "";
 149             if (subject_name_constraint == null)
 150                 subject_name_constraint = "";
 151             if (subject_alt_name_constraint == null)
 152                 subject_alt_name_constraint = "";
 153
 154             return true;
 155         }
 156
 157         return false;
 158     }
 159
 160     public bool install_id_card (string   display_name,
 161                                  string   user_name,
 162                                  string   ?password,
 163                                  string   ?realm,
 164                                  string[] ?rules_patterns,
 165                                  string[] ?rules_always_confirm,
 166                                  string[] ?services,
 167                                  string   ?ca_cert,
 168                                  string   ?subject,
 169                                  string   ?subject_alt,
 170                                  string   ?server_cert,
 171                                  int      force_flat_file_store)
 172     {
 173         IdCard idcard = new IdCard();
 174
 175         idcard.display_name = display_name;
 176         idcard.username = user_name;
 177         idcard.password = password;
 178         if ((password != null) && (password != ""))
 179             idcard.store_password = true;
 180         idcard.issuer = realm;
 181         idcard.services = services;
 182         idcard.trust_anchor.ca_cert = ca_cert;
 183         idcard.trust_anchor.subject = subject;
 184         idcard.trust_anchor.subject_alt = subject_alt;
 185         idcard.trust_anchor.server_cert = server_cert;
 186
 187         if (rules_patterns.length == rules_always_confirm.length)
 188         {
 189             /* workaround Centos vala array property bug: use temp array */
 190             Rule[] rules = new Rule[rules_patterns.length];
 191
 192             for (int i = 0; i < rules.length; i++)
 193             {
 194                 rules[i].pattern = rules_patterns[i];
 195                 rules[i].always_confirm = rules_always_confirm[i];
 196             }
 197             idcard.rules = rules;
 198         }
 199
 200         return parent_app.add_identity(idcard, force_flat_file_store!=0);
 201     }
 202
 203
 204     public int install_from_file(string file_name)
 205     {
 206         var webp = new WebProvisioning.Parser(file_name);
 207
 208         webp.parse();
 209         bool result = false;
 210         int installed_cards = 0;
 211         foreach (IdCard card in WebProvisioning.cards)
 212         {
 213             string[] rules_patterns = {};
 214             string[] rules_always_confirm = {};
 215
 216             if (card.rules.length > 0)
 217             {
 218                 int i = 0;
 219                 rules_patterns = new string[card.rules.length];
 220                 rules_always_confirm = new string[card.rules.length];
 221                 foreach (Rule r in card.rules)
 222                 {
 223                     rules_patterns[i] = r.pattern;
 224                     rules_always_confirm[i] = r.always_confirm;
 225                     i++;
 226                 }
 227             }
 228
 229             result = install_id_card(card.display_name,
 230                                      card.username,
 231                                      card.password,
 232                                      card.issuer,
 233                                      rules_patterns,
 234                                      rules_always_confirm,
 235                                      card.services,
 236                                      card.trust_anchor.ca_cert,
 237                                      card.trust_anchor.subject,
 238                                      card.trust_anchor.subject_alt,
 239                                      card.trust_anchor.server_cert,
 240                                      0);
 241             if (result) {
 242                 installed_cards++;
 243             }
 244         }
 245         return installed_cards;
 246     }
 247 }
 248
 249
 250 #elif IPC_MSRPC
 251
 252 using Rpc;
 253 using MoonshotRpcInterface;
 254
 255 /* This class must be a singleton, because we use a global RPC
 256  * binding handle. I cannot picture a situation where more than
 257  * one instance of the same interface would be needed so this
 258  * shouldn't be a problem.
 259  *
 260  * Shutdown is automatically done by the RPC runtime when the
 261  * process ends
 262  */
 263 public class MoonshotServer : Object {
 264     private static IdentityManagerApp parent_app;
 265
 266     private static MoonshotServer instance = null;
 267
 268     public static void start(IdentityManagerApp app)
 269     {
 270         parent_app = app;
 271         Rpc.server_start(MoonshotRpcInterface.spec, "/org/janet/Moonshot", Rpc.Flags.PER_USER);
 272     }
 273
 274     public static MoonshotServer get_instance()
 275     {
 276         if (instance == null)
 277             instance = new MoonshotServer();
 278         return instance;
 279     }
 280
 281     [CCode (cname = "moonshot_get_identity_rpc")]
 282     public static void get_identity(Rpc.AsyncCall call,
 283                                     string nai,
 284                                     string password,
 285                                     string service,
 286                                     ref string nai_out,
 287                                     ref string password_out,
 288                                     ref string server_certificate_hash,
 289                                     ref string ca_certificate,
 290                                     ref string subject_name_constraint,
 291                                     ref string subject_alt_name_constraint)
 292     {
 293         bool result = false;
 294
 295         var request = new IdentityRequest(parent_app,
 296                                           nai,
 297                                           password,
 298                                           service);
 299
 300         // Pass execution to the main loop and block the RPC thread
 301         request.mutex = new Mutex();
 302         request.cond = new Cond();
 303         request.set_callback(return_identity_cb);
 304
 305         request.mutex.lock();
 306         Idle.add(request.execute);
 307
 308         while (request.complete == false)
 309             request.cond.wait(request.mutex);
 310
 311         nai_out = "";
 312         password_out = "";
 313         server_certificate_hash = "";
 314         ca_certificate = "";
 315         subject_name_constraint = "";
 316         subject_alt_name_constraint = "";
 317
 318         var id_card = request.id_card;
 319
 320         if (id_card != null) {
 321             // The strings are freed by the RPC runtime
 322             nai_out = id_card.nai;
 323             password_out = id_card.password;
 324             server_certificate_hash = id_card.trust_anchor.server_cert;
 325             ca_certificate = id_card.trust_anchor.ca_cert;
 326             subject_name_constraint = id_card.trust_anchor.subject;
 327             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 328
 329             return_if_fail(nai_out != null);
 330             return_if_fail(password_out != null);
 331             return_if_fail(server_certificate_hash != null);
 332             return_if_fail(ca_certificate != null);
 333             return_if_fail(subject_name_constraint != null);
 334             return_if_fail(subject_alt_name_constraint != null);
 335
 336             result = true;
 337         }
 338
 339         // The outputs must be set before this function is called. For this
 340         // reason they are 'ref' not 'out' parameters - Vala assigns to the
 341         // 'out' parameters only at the end of the function, which is too
 342         // late.
 343         call.return(&result);
 344
 345         request.cond.signal();
 346         request.mutex.unlock();
 347     }
 348
 349     [CCode (cname = "moonshot_get_default_identity_rpc")]
 350     public static void get_default_identity(Rpc.AsyncCall call,
 351                                             ref string nai_out,
 352                                             ref string password_out,
 353                                             ref string server_certificate_hash,
 354                                             ref string ca_certificate,
 355                                             ref string subject_name_constraint,
 356                                             ref string subject_alt_name_constraint)
 357     {
 358         bool result;
 359
 360         var request = new IdentityRequest.default(parent_app);
 361         request.mutex = new Mutex();
 362         request.cond = new Cond();
 363         request.set_callback(return_identity_cb);
 364
 365         request.mutex.lock();
 366         Idle.add(request.execute);
 367
 368         while (request.complete == false)
 369             request.cond.wait(request.mutex);
 370
 371         nai_out = "";
 372         password_out = "";
 373         server_certificate_hash = "";
 374         ca_certificate = "";
 375         subject_name_constraint = "";
 376         subject_alt_name_constraint = "";
 377
 378         if (request.id_card != null)
 379         {
 380             nai_out = request.id_card.nai;
 381             password_out = request.id_card.password;
 382             server_certificate_hash = "certificate";
 383
 384             return_if_fail(nai_out != null);
 385             return_if_fail(password_out != null);
 386             return_if_fail(server_certificate_hash != null);
 387             return_if_fail(ca_certificate != null);
 388             return_if_fail(subject_name_constraint != null);
 389             return_if_fail(subject_alt_name_constraint != null);
 390
 391             result = true;
 392         }
 393         else
 394         {
 395             result = false;
 396         }
 397
 398         call.return(&result);
 399
 400         request.cond.signal();
 401         request.mutex.unlock();
 402     }
 403
 404     // Called from the main loop thread when an identity has
 405     // been selected
 406     static void return_identity_cb(IdentityRequest request) {
 407         // Notify the RPC thread that the request is complete
 408         request.mutex.lock();
 409         request.cond.signal();
 410
 411         // Block the main loop until the RPC call has returned
 412         // to avoid any races
 413         request.cond.wait(request.mutex);
 414         request.mutex.unlock();
 415     }
 416
 417     [CCode (cname = "moonshot_install_id_card_rpc")]
 418     public static bool install_id_card(string     display_name,
 419                                        string     user_name,
 420                                        string     password,
 421                                        string     realm,
 422                                        string[]   rules_patterns,
 423                                        string[]   rules_always_confirm,
 424                                        string[]   services,
 425                                        string     ca_cert,
 426                                        string     subject,
 427                                        string     subject_alt,
 428                                        string     server_cert,
 429                                        bool       force_flat_file_store)
 430     {
 431         IdCard idcard = new IdCard();
 432         bool success = false;
 433         Mutex mutex = new Mutex();
 434         Cond cond = new Cond();
 435
 436         idcard.display_name = display_name;
 437         idcard.username = user_name;
 438         idcard.password = password;
 439         idcard.issuer = realm;
 440         idcard.services = services;
 441         idcard.trust_anchor.ca_cert = ca_cert;
 442         idcard.trust_anchor.subject = subject;
 443         idcard.trust_anchor.subject_alt = subject_alt;
 444         idcard.trust_anchor.server_cert = server_cert;
 445
 446         if (rules_patterns.length == rules_always_confirm.length)
 447         {
 448             idcard.rules = new Rule[rules_patterns.length];
 449
 450             for (int i = 0; i < idcard.rules.length; i++)
 451             {
 452                 idcard.rules[i].pattern = rules_patterns[i];
 453                 idcard.rules[i].always_confirm = rules_always_confirm[i];
 454             }
 455         }
 456
 457         mutex.lock();
 458
 459         // Defer addition to the main loop thread.
 460         Idle.add(() => {
 461                 mutex.lock();
 462                 success = parent_app.add_identity(idcard, force_flat_file_store);
 463                 cond.signal();
 464                 mutex.unlock();
 465                 return false;
 466             });
 467
 468         cond.wait(mutex);
 469         mutex.unlock();
 470
 471         return success;
 472     }
 473
 474 }
 475
 476
 477 #endif