Save server fingerprint in keyring after user approves it; check keyring for fingerpr...

diff --git a/.gitignore b/.gitignore
index b2b436a..fbc5605 100755 (executable)
--- a/.gitignore
+++ b/.gitignore
@@ -45,7 +45,8 @@ src/moonshot-logger.c
 src/moonshot-password-dialog.c
 src/moonshot-provisioning-common-new.vala
 src/moonshot-provisioning-common.c
-src/moonshot-server.c
+src/moonshot-server-linux.c
+src/moonshot-server-msrpc.c
 src/moonshot-settings.c
 src/moonshot-trust-anchor-dialog.c
 src/moonshot-utils.c

diff --git a/src/moonshot-id.vala b/src/moonshot-id.vala
index b8e92a6..77d146a 100644 (file)
--- a/src/moonshot-id.vala
+++ b/src/moonshot-id.vala
@@ -122,6 +122,10 @@ public class TrustAnchor : Object
         return dt;
     }
 
+    internal void update_server_fingerprint(string fingerprint) {
+        this._server_cert = fingerprint;
+    }
+
     public int Compare(TrustAnchor other)
     {
         if (this.ca_cert != other.ca_cert) {

diff --git a/src/moonshot-identity-manager-app.vala b/src/moonshot-identity-manager-app.vala
index 0170139..671615c 100644 (file)
--- a/src/moonshot-identity-manager-app.vala
+++ b/src/moonshot-identity-manager-app.vala
@@ -54,6 +54,7 @@ public class IdentityManagerApp {
     private MoonshotServer ipc_server;
     private bool name_is_owned;
     private bool show_requested;
+    public bool use_flat_file_store {public get; private set;}
 
 #if OS_MACOS
     public OSXApplication osxApp;
@@ -88,6 +89,7 @@ public class IdentityManagerApp {
 
     public IdentityManagerApp(bool headless, bool use_flat_file_store) {
         use_flat_file_store |= UserForcesFlatFileStore();
+        this.use_flat_file_store = use_flat_file_store;
 
 #if GNOME_KEYRING
         bool keyring_available = (!use_flat_file_store) && GnomeKeyring.is_available();

diff --git a/src/moonshot-server-linux.vala b/src/moonshot-server-linux.vala
index 8657c86..5312b41 100644 (file)
--- a/src/moonshot-server-linux.vala
+++ b/src/moonshot-server-linux.vala
@@ -305,7 +305,7 @@ public class MoonshotServer : Object {
     {
         logger.trace(@"MoonshotServer.confirm_ca_certificate: nai='$nai'; realm='$realm'; ca_hash='$ca_hash'");
 
-        var request = new TrustAnchorConfirmationRequest(nai, realm, ca_hash);
+        var request = new TrustAnchorConfirmationRequest(parent_app, nai, realm, ca_hash);
         request.set_callback((TrustAnchorConfirmationRequest) => confirm_ca_certificate.callback());
         request.execute();
         yield;

diff --git a/src/moonshot-trust-anchor-dialog.vala b/src/moonshot-trust-anchor-dialog.vala
index dcc8d67..6fcc540 100644 (file)
--- a/src/moonshot-trust-anchor-dialog.vala
+++ b/src/moonshot-trust-anchor-dialog.vala
@@ -36,18 +36,21 @@ public delegate void TrustAnchorConfirmationCallback(TrustAnchorConfirmationRequ
 public class TrustAnchorConfirmationRequest : GLib.Object {
     static MoonshotLogger logger = get_logger("TrustAnchorConfirmationRequest");
 
-    string nai;
+    IdentityManagerApp parent_app;
+    string userid;
     string realm;
     string ca_hash;
     public bool confirmed = false;
 
     TrustAnchorConfirmationCallback callback = null;
 
-    public TrustAnchorConfirmationRequest(string nai,
+    public TrustAnchorConfirmationRequest(IdentityManagerApp parent_app,
+                                          string userid,
                                           string realm,
                                           string ca_hash)
     {
-        this.nai = nai;
+        this.parent_app = parent_app;
+        this.userid = userid;
         this.realm = realm;
         this.ca_hash = ca_hash;
     }
@@ -63,22 +66,37 @@ public class TrustAnchorConfirmationRequest : GLib.Object {
 
     public bool execute() {
 
-        var dialog = new TrustAnchorDialog(nai, realm, ca_hash);
+        string nai = userid + "@" + realm;
+        IdCard? card = parent_app.model.find_id_card(nai, parent_app.use_flat_file_store);
+        if (card == null) {
+            logger.warn(@"execute: Could not find ID card for NAI $nai; returning false.");
+            return_confirmation(false);
+            return false;
+        }
+        
+        if (card.trust_anchor.get_anchor_type() != TrustAnchor.TrustAnchorType.SERVER_CERT) {
+            logger.warn(@"execute: Trust anchor type for NAI $nai is not SERVER_CERT; returning true.");
+            return_confirmation(true);
+            return false;
+        }
+
+        if (card.trust_anchor.server_cert == ca_hash) {
+            logger.trace(@"execute: Fingerprint for $nai matches stored value; returning true.");
+            return_confirmation(true);
+            return false;
+        }
+
+        var dialog = new TrustAnchorDialog(userid, realm, ca_hash);
         var response = dialog.run();
-        this.confirmed = (response == ResponseType.OK);
         dialog.destroy();
+        bool is_confirmed = (response == ResponseType.OK);
 
-        // Send back the confirmation (we can't directly run the
-        // callback because we may be being called from a 'yield')
-        GLib.Idle.add(
-            () => {
-                return_confirmation(confirmed);
-                return false;
-            }
-            );
+        if (is_confirmed) {
+            card.trust_anchor.update_server_fingerprint(ca_hash);
+            parent_app.model.update_card(card);
+        }            
 
-
-//        return_confirmation(confirmed);
+        return_confirmation(is_confirmed);
 
         /* This function works as a GSourceFunc, so it can be passed to
          * the main loop from other threads
@@ -86,13 +104,21 @@ public class TrustAnchorConfirmationRequest : GLib.Object {
         return false;
     }
 
-    public void return_confirmation(bool confirmed) {
+    private void return_confirmation(bool confirmed) {
+        return_if_fail(callback != null);
+
         this.confirmed = confirmed;
         logger.trace(@"return_confirmation: confirmed=$confirmed");
 
-        return_if_fail(callback != null);
-        logger.trace("return_confirmation: invoking callback");
-        callback(this);
+        // Send back the confirmation (we can't directly run the
+        // callback because we may be being called from a 'yield')
+        GLib.Idle.add(
+            () => {
+                logger.trace("return_confirmation[Idle handler]: invoking callback");
+                callback(this);
+                return false;
+            }
+            );
     }
 }
 
@@ -104,7 +130,7 @@ class TrustAnchorDialog : Dialog
 
     public bool complete = false;
 
-    public TrustAnchorDialog(string nai,
+    public TrustAnchorDialog(string userid,
                              string realm,
                              string ca_hash)
     {
@@ -131,7 +157,7 @@ class TrustAnchorDialog : Dialog
         dialog_label.set_line_wrap(true);
         dialog_label.set_width_chars(60);
                                                    
-        var user_label = new Label(_("Username: ") + nai);
+        var user_label = new Label(_("Username: ") + userid);
         user_label.set_alignment(0, 0.5f);
 
         var realm_label = new Label(_("Realm: ") + realm);