using Gee;
+extern char* get_cert_valid_before(char* cert, int certlen, char* datebuf, int buflen);
+
+
+// A TrustAnchor object can be imported or installed via the API, but cannot
+// be modified by the user, other than being cleared. Hence the fields are read-only.
public class TrustAnchor : Object
{
- public static const string TYPE_CA_CERT = _("CA Certificate");
- public static const string TYPE_ENTERPRISE = _("Enterprise provisioned");
+ private static const string CERT_HEADER = "-----BEGIN CERTIFICATE-----";
+ private static const string CERT_FOOTER = "-----END CERTIFICATE-----";
+ public enum TrustAnchorType {
+ CA_CERT,
+ SERVER_CERT
+ }
private string _ca_cert = "";
private string _subject = "";
private string _subject_alt = "";
private string _server_cert = "";
+ public bool user_verified = false;
+
+ public TrustAnchor(string ca_cert, string server_cert, string subject, string subject_alt, bool user_verified) {
+ _ca_cert = ca_cert;
+ _server_cert = server_cert;
+ _subject = subject;
+ _subject_alt = subject_alt;
+ this.user_verified = user_verified;
+ }
+
+ public TrustAnchor.empty() {
+ _ca_cert = "";
+ _server_cert = "";
+ _subject = "";
+ _subject_alt = "";
+ this.user_verified = false;
+ }
+
+
public string ca_cert {
get {
return _ca_cert;
}
- set {
- _ca_cert = (value ?? "");
- }
}
public string subject {
get {
return _subject;
}
- set {
- _subject = (value ?? "");
- }
}
public string subject_alt {
get {
return _subject_alt;
}
- set {
- _subject_alt = (value ?? "");
- }
}
get {
return _server_cert;
}
- set {
- _server_cert = (value ?? "");
- }
}
public bool is_empty() {
return ca_cert == "" && subject == "" && subject_alt == "" && server_cert == "";
}
- public string get_anchor_type() {
- return server_cert == "" ? TYPE_CA_CERT : TYPE_ENTERPRISE;
+ public TrustAnchorType get_anchor_type() {
+ return server_cert == "" ? TrustAnchorType.CA_CERT : TrustAnchorType.SERVER_CERT;
}
public int Compare(TrustAnchor other)
return 1;
if (this.server_cert != other.server_cert)
return 1;
+ if (this.user_verified != other.user_verified)
+ return 1;
return 0;
}
+
+ public string? get_expiration_date(out string? err_out=null)
+ {
+ if (this.ca_cert == "") {
+ if (&err_out != null) {
+ err_out = "Trust anchor does not have a ca_certificate";
+ return null;
+ }
+ }
+
+ string cert = this.ca_cert;
+ cert.chomp();
+ if (cert.substring(0, CERT_HEADER.length) != CERT_HEADER) {
+ cert = CERT_HEADER + "\n" + cert;
+ }
+ if (cert.substring(0, -CERT_FOOTER.length) != CERT_FOOTER) {
+ cert += "\n" + CERT_FOOTER;
+ }
+ cert += "\n";
+
+ IdCard.logger.trace(@"get_expiration_date: Sending " + cert);
+
+ char buf[64];
+ string err = (string) get_cert_valid_before(cert, cert.length, buf, 64);
+ if (err != "") {
+ IdCard.logger.error(@"get_expiration_date: get_cert_valid_before returned '$err'");
+ if (&err_out != null) {
+ err_out = err;
+ }
+ return null;
+ }
+
+ string date = (string) buf;
+ IdCard.logger.trace(@"get_expiration_date: get_cert_valid_before returned '$date'");
+
+ return date;
+ }
}
+
public struct Rule
{
public string pattern;
public class IdCard : Object
{
- static MoonshotLogger logger = get_logger("IdCard");
+ internal static MoonshotLogger logger = get_logger("IdCard");
public const string NO_IDENTITY = "No Identity";
public bool temporary {get; set; default = false; }
- public TrustAnchor trust_anchor { get; set; default = new TrustAnchor (); }
+ private TrustAnchor _trust_anchor = new TrustAnchor.empty();
+ public TrustAnchor trust_anchor {
+ get {
+ return _trust_anchor;
+ }
+ }
+
+ // For use by storage implementations.
+ internal void set_trust_anchor_from_store(TrustAnchor ta) {
+ _trust_anchor = ta;
+ }
+
+ internal void clear_trust_anchor() {
+ _trust_anchor = new TrustAnchor.empty();
+ }
public unowned string nai { get { _nai = username + "@" + issuer; return _nai;}}
diff |= 1 << DiffFlags.TRUST_ANCHOR;
// stdout.printf("Diff Flags: %x\n", diff);
+ if (this.display_name == other.display_name && diff != 0) {
+ logger.trace("Compare: Two IDs with display_name '%s', but diff_flags=%0x".printf(this.display_name, diff));
+ }
return diff;
}