3 [DBus (name = "org.janet.Moonshot")]
4 public class MoonshotServer : Object {
6 private IdentityManagerApp parent_app;
8 public MoonshotServer (IdentityManagerApp app)
10 this.parent_app = app;
15 if (parent_app.view == null) {
19 parent_app.explicitly_launched = true;
23 public async bool get_identity (string nai,
27 out string password_out,
28 out string server_certificate_hash,
29 out string ca_certificate,
30 out string subject_name_constraint,
31 out string subject_alt_name_constraint)
33 var request = new IdentityRequest (parent_app,
37 request.set_callback ((IdentityRequest) => get_identity.callback());
43 server_certificate_hash = "";
45 subject_name_constraint = "";
46 subject_alt_name_constraint = "";
48 var id_card = request.id_card;
50 if ((id_card != null) && (id_card.display_name != IdCard.NO_IDENTITY)) {
51 nai_out = id_card.nai;
52 if ((request.password!=null) && (request.password != ""))
53 password_out = request.password;
55 password_out = id_card.password;
57 server_certificate_hash = id_card.trust_anchor.server_cert;
58 ca_certificate = id_card.trust_anchor.ca_cert;
59 subject_name_constraint = id_card.trust_anchor.subject;
60 subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
64 if (password_out == null)
66 if (server_certificate_hash == null)
67 server_certificate_hash = "";
68 if (ca_certificate == null)
70 if (subject_name_constraint == null)
71 subject_name_constraint = "";
72 if (subject_alt_name_constraint == null)
73 subject_alt_name_constraint = "";
81 public async bool get_default_identity (out string nai_out,
82 out string password_out,
83 out string server_certificate_hash,
84 out string ca_certificate,
85 out string subject_name_constraint,
86 out string subject_alt_name_constraint)
88 var request = new IdentityRequest.default (parent_app);
89 request.set_callback ((IdentityRequest) => get_default_identity.callback());
95 server_certificate_hash = "";
97 subject_name_constraint = "";
98 subject_alt_name_constraint = "";
100 if (request.id_card != null)
102 nai_out = request.id_card.nai;
103 password_out = request.id_card.password;
105 server_certificate_hash = request.id_card.trust_anchor.server_cert;
106 ca_certificate = request.id_card.trust_anchor.ca_cert;
107 subject_name_constraint = request.id_card.trust_anchor.subject;
108 subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
112 if (password_out == null)
114 if (server_certificate_hash == null)
115 server_certificate_hash = "";
116 if (ca_certificate == null)
118 if (subject_name_constraint == null)
119 subject_name_constraint = "";
120 if (subject_alt_name_constraint == null)
121 subject_alt_name_constraint = "";
129 public bool install_id_card (string display_name,
133 string[] ?rules_patterns,
134 string[] ?rules_always_confirm,
140 int force_flat_file_store)
142 IdCard idcard = new IdCard ();
144 idcard.display_name = display_name;
145 idcard.username = user_name;
146 idcard.password = password;
147 if ((password != null) && (password != ""))
148 idcard.store_password = true;
149 idcard.issuer = realm;
150 idcard.services = services;
151 idcard.trust_anchor.ca_cert = ca_cert;
152 idcard.trust_anchor.subject = subject;
153 idcard.trust_anchor.subject_alt = subject_alt;
154 idcard.trust_anchor.server_cert = server_cert;
156 if (rules_patterns.length == rules_always_confirm.length)
158 /* workaround Centos vala array property bug: use temp array */
159 Rule[] rules = new Rule[rules_patterns.length];
161 for (int i=0; i<rules.length; i++)
163 rules[i].pattern = rules_patterns[i];
164 rules[i].always_confirm = rules_always_confirm[i];
166 idcard.rules = rules;
169 return parent_app.add_identity (idcard, force_flat_file_store!=0);
173 public int install_from_file (string file_name)
175 var webp = new WebProvisioning.Parser (file_name);
179 int installed_cards = 0;
180 foreach (IdCard card in WebProvisioning.cards)
182 string[] rules_patterns = {};
183 string[] rules_always_confirm = {};
185 if (card.rules.length > 0)
188 rules_patterns = new string[card.rules.length];
189 rules_always_confirm = new string[card.rules.length];
190 foreach (Rule r in card.rules)
192 rules_patterns[i] = r.pattern;
193 rules_always_confirm[i] = r.always_confirm;
198 result = install_id_card (card.display_name,
203 rules_always_confirm,
205 card.trust_anchor.ca_cert,
206 card.trust_anchor.subject,
207 card.trust_anchor.subject_alt,
208 card.trust_anchor.server_cert,
214 return installed_cards;
222 using MoonshotRpcInterface;
224 /* This class must be a singleton, because we use a global RPC
225 * binding handle. I cannot picture a situation where more than
226 * one instance of the same interface would be needed so this
227 * shouldn't be a problem.
229 * Shutdown is automatically done by the RPC runtime when the
232 public class MoonshotServer : Object {
233 private static IdentityManagerApp parent_app;
235 private static MoonshotServer instance = null;
237 public static void start (IdentityManagerApp app)
240 Rpc.server_start (MoonshotRpcInterface.spec, "/org/janet/Moonshot", Rpc.Flags.PER_USER);
243 public static MoonshotServer get_instance ()
245 if (instance == null)
246 instance = new MoonshotServer ();
250 [CCode (cname = "moonshot_get_identity_rpc")]
251 public static void get_identity (Rpc.AsyncCall call,
256 ref string password_out,
257 ref string server_certificate_hash,
258 ref string ca_certificate,
259 ref string subject_name_constraint,
260 ref string subject_alt_name_constraint)
264 var request = new IdentityRequest (parent_app,
269 // Pass execution to the main loop and block the RPC thread
270 request.mutex = new Mutex ();
271 request.cond = new Cond ();
272 request.set_callback (return_identity_cb);
274 request.mutex.lock ();
275 Idle.add (request.execute);
277 while (request.complete == false)
278 request.cond.wait (request.mutex);
282 server_certificate_hash = "";
284 subject_name_constraint = "";
285 subject_alt_name_constraint = "";
287 var id_card = request.id_card;
289 if (id_card != null) {
290 // The strings are freed by the RPC runtime
291 nai_out = id_card.nai;
292 password_out = id_card.password;
293 server_certificate_hash = id_card.trust_anchor.server_cert;
294 ca_certificate = id_card.trust_anchor.ca_cert;
295 subject_name_constraint = id_card.trust_anchor.subject;
296 subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
298 return_if_fail (nai_out != null);
299 return_if_fail (password_out != null);
300 return_if_fail (server_certificate_hash != null);
301 return_if_fail (ca_certificate != null);
302 return_if_fail (subject_name_constraint != null);
303 return_if_fail (subject_alt_name_constraint != null);
308 // The outputs must be set before this function is called. For this
309 // reason they are 'ref' not 'out' parameters - Vala assigns to the
310 // 'out' parameters only at the end of the function, which is too
312 call.return (&result);
314 request.cond.signal ();
315 request.mutex.unlock ();
318 [CCode (cname = "moonshot_get_default_identity_rpc")]
319 public static void get_default_identity (Rpc.AsyncCall call,
321 ref string password_out,
322 ref string server_certificate_hash,
323 ref string ca_certificate,
324 ref string subject_name_constraint,
325 ref string subject_alt_name_constraint)
329 var request = new IdentityRequest.default (parent_app);
330 request.mutex = new Mutex ();
331 request.cond = new Cond ();
332 request.set_callback (return_identity_cb);
334 request.mutex.lock ();
335 Idle.add (request.execute);
337 while (request.complete == false)
338 request.cond.wait (request.mutex);
342 server_certificate_hash = "";
344 subject_name_constraint = "";
345 subject_alt_name_constraint = "";
347 if (request.id_card != null)
349 nai_out = request.id_card.nai;
350 password_out = request.id_card.password;
351 server_certificate_hash = "certificate";
353 return_if_fail (nai_out != null);
354 return_if_fail (password_out != null);
355 return_if_fail (server_certificate_hash != null);
356 return_if_fail (ca_certificate != null);
357 return_if_fail (subject_name_constraint != null);
358 return_if_fail (subject_alt_name_constraint != null);
367 call.return (&result);
369 request.cond.signal ();
370 request.mutex.unlock ();
373 // Called from the main loop thread when an identity has
375 static void return_identity_cb (IdentityRequest request) {
376 // Notify the RPC thread that the request is complete
377 request.mutex.lock ();
378 request.cond.signal ();
380 // Block the main loop until the RPC call has returned
381 // to avoid any races
382 request.cond.wait (request.mutex);
383 request.mutex.unlock ();
386 [CCode (cname = "moonshot_install_id_card_rpc")]
387 public static bool install_id_card (string display_name,
391 string[] rules_patterns,
392 string[] rules_always_confirm,
398 bool force_flat_file_store)
400 IdCard idcard = new IdCard ();
401 bool success = false;
402 Mutex mutex = new Mutex();
403 Cond cond = new Cond();
405 idcard.display_name = display_name;
406 idcard.username = user_name;
407 idcard.password = password;
408 idcard.issuer = realm;
409 idcard.services = services;
410 idcard.trust_anchor.ca_cert = ca_cert;
411 idcard.trust_anchor.subject = subject;
412 idcard.trust_anchor.subject_alt = subject_alt;
413 idcard.trust_anchor.server_cert = server_cert;
415 if (rules_patterns.length == rules_always_confirm.length)
417 idcard.rules = new Rule[rules_patterns.length];
419 for (int i=0; i<idcard.rules.length; i++)
421 idcard.rules[i].pattern = rules_patterns[i];
422 idcard.rules[i].always_confirm = rules_always_confirm[i];
428 // Defer addition to the main loop thread.
431 success = parent_app.add_identity (idcard, force_flat_file_store);