Added a UUID value to IdCard for internal debugging.
Various other minor updates.
private static const string CERT_FOOTER = "-----END CERTIFICATE-----";
public enum TrustAnchorType {
+ EMPTY,
CA_CERT,
SERVER_CERT
}
private string _subject_alt = "";
private string _server_cert = "";
private string _datetime_added = "";
- public bool user_verified = false;
private static string fixup (string s) {
return (s == null ? "" : s.strip());
}
- public TrustAnchor(string ca_cert, string server_cert, string subject, string subject_alt, bool user_verified) {
+ public TrustAnchor(string ca_cert, string server_cert, string subject, string subject_alt) {
_ca_cert = fixup(ca_cert);
_server_cert = fixup(server_cert);
_subject = fixup(subject);
_subject_alt = fixup(subject_alt);
- this.user_verified = user_verified;
// If we're reading from store, this will be overridden (see set_datetime_added)
_datetime_added = "";
}
public bool is_empty() {
- return ca_cert == "" && subject == "" && subject_alt == "" && server_cert == "";
+ return ca_cert == "" && server_cert == "";
}
public TrustAnchorType get_anchor_type() {
- return server_cert == "" ? TrustAnchorType.CA_CERT : TrustAnchorType.SERVER_CERT;
+ return (server_cert != "" ? TrustAnchorType.SERVER_CERT
+ : (ca_cert != "" ? TrustAnchorType.CA_CERT : TrustAnchorType.EMPTY));
}
internal void set_datetime_added(string datetime) {
internal void update_server_fingerprint(string fingerprint) {
this._server_cert = fingerprint;
+ string ta_datetime_added = TrustAnchor.format_datetime_now();
+ this.set_datetime_added(ta_datetime_added);
}
public int Compare(TrustAnchor other)
return 1;
}
- // Do not compare the user_verified and datetime_added fields; they are not essential.
+ // Do not compare the datetime_added fields; it's not essential.
return 0;
}
public bool store_password { get; set; default = false; }
+ // uuid is currently used only for debugging. Must be unique, even between cards with same nai and display name.
+ public string uuid {
+ public get {return _uuid;}
+ }
+ private string _uuid = generate_uuid();
+
+ internal static string generate_uuid() {
+ uint32 rand1 = Random.next_int();
+ uint32 rand2 = Random.next_int();
+ return "%08X.%08X::%s".printf(rand1, rand2, TrustAnchor.format_datetime_now());
+ }
+
public bool is_no_identity()
{
return (display_name == NO_IDENTITY);
remove_card_internal(id_card);
if (new_card.trust_anchor.Compare(id_card.trust_anchor) == 0) {
- logger.trace("Old and new cards have same trust anchor. Re-using the datetime_added and user_verified fields from the old card.");
+ logger.trace("Old and new cards have same trust anchor. Re-using the datetime_added field from the old card.");
new_card.trust_anchor.set_datetime_added(id_card.trust_anchor.datetime_added);
- new_card.trust_anchor.user_verified = id_card.trust_anchor.user_verified;
}
}
if (id.trust_anchor.get_anchor_type() == TrustAnchor.TrustAnchorType.SERVER_CERT) {
Widget fingerprint = make_ta_fingerprint_widget(id.trust_anchor.server_cert);
- ta_table.attach(fingerprint, 0, 1, row, row + 2, fill_and_expand, fill_and_expand, 5, 5);
+ // ta_table.attach(fingerprint, 0, 1, row, row + 2, fill_and_expand, fill_and_expand, 5, 5);
// To make the fingerprint box wider, try:
- // ta_table.attach(fingerprint, 0, 2, row, row + 2, fill_and_expand, fill_and_expand, 20, 5);
+ ta_table.attach(fingerprint, 0, 2, row, row + 2, fill_and_expand, fill_and_expand, 20, 5);
}
else {
string server_cert = "";
string subject = "";
string subject_alt = "";
- bool user_verified = false;
string ta_datetime_added = "";
for (i = 0; i < entry.attributes.len; i++) {
var attribute = ((GnomeKeyring.Attribute *) entry.attributes.data)[i];
subject_alt = value;
} else if (attribute.name == "StorePassword") {
store_password = value;
- } else if (attribute.name == "TA_User_Verified") {
- user_verified = (value == "true");
} else if (attribute.name == "TA_DateTime_Added") {
ta_datetime_added = value;
}
}
- var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt, user_verified);
+ var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt);
if (ta_datetime_added != "") {
ta.set_datetime_added(ta_datetime_added);
}
id_card.password = entry.secret;
else
id_card.password = null;
+
id_card_list.add(id_card);
}
}
attributes.append_string("Server-Cert", id_card.trust_anchor.server_cert);
attributes.append_string("Subject", id_card.trust_anchor.subject);
attributes.append_string("Subject-Alt", id_card.trust_anchor.subject_alt);
- attributes.append_string("TA_User_Verified", id_card.trust_anchor.user_verified ? "true" : "false");
attributes.append_string("TA_DateTime_Added", id_card.trust_anchor.datetime_added);
attributes.append_string("StorePassword", id_card.store_password ? "yes" : "no");
string server_cert = key_file.get_string(identity, "ServerCert");
string subject = key_file.get_string(identity, "Subject");
string subject_alt = key_file.get_string(identity, "SubjectAlt");
- bool user_verified = get_bool_setting(identity, "TA_User_Verified", false, key_file);
- var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt, user_verified);
+ var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt);
string ta_datetime_added = get_string_setting(identity, "TA_DateTime_Added", "", key_file);
if (ta_datetime_added != "") {
ta.set_datetime_added(ta_datetime_added);
if (id_card.trust_anchor.datetime_added != "") {
key_file.set_string(id_card.display_name, "TA_DateTime_Added", id_card.trust_anchor.datetime_added);
}
- key_file.set_boolean(id_card.display_name, "TA_User_Verified", id_card.trust_anchor.user_verified);
logger.trace(@"store_id_cards: Stored '$(id_card.display_name)'");
}
var ta = new TrustAnchor(ta_ca_cert,
ta_server_cert,
ta_subject,
- ta_subject_alt,
- false);
+ ta_subject_alt);
// Set the datetime_added in moonshot-server.vala, since it doesn't get sent via IPC
card.set_trust_anchor_from_store(ta);
}
idcard.store_password = true;
idcard.issuer = realm;
idcard.update_services(services);
- var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt, false);
+ var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt);
if (!ta.is_empty()) {
// We have to set the datetime_added here, because it isn't delivered via IPC.
return false;
}
- if (card.trust_anchor.get_anchor_type() != TrustAnchor.TrustAnchorType.SERVER_CERT) {
- logger.warn(@"execute: Trust anchor type for NAI $nai is not SERVER_CERT; returning true.");
+ if (!(card.trust_anchor.is_empty() || card.trust_anchor.get_anchor_type() == TrustAnchor.TrustAnchorType.SERVER_CERT)) {
+ logger.warn(@"execute: Trust anchor type for NAI $nai is not empty or SERVER_CERT; returning true.");
return_confirmation(true);
return false;
}
bool is_confirmed = (response == ResponseType.OK);
if (is_confirmed) {
+ logger.trace(@"execute: Fingerprint confirmed; updating stored value.");
+
card.trust_anchor.update_server_fingerprint(ca_hash);
parent_app.model.update_card(card);
}