From 537f157a7a5fb7ea9e44a403a65621b81556b78a Mon Sep 17 00:00:00 2001
From: Dan Breslau <dbreslau@painless-security.com>
Date: Wed, 10 Aug 2016 22:07:01 -0400
Subject: [PATCH] First pass at supporting trust anchors in IdCard dialog

---
 src/moonshot-id.vala                  | 10 +++++
 src/moonshot-identity-dialog.vala     | 79 +++++++++++++++++++++++++++++++++--
 src/moonshot-trust-anchor-dialog.vala | 38 ++---------------
 src/moonshot-utils.vala               | 42 +++++++++++++++++++
 4 files changed, 130 insertions(+), 39 deletions(-)

diff --git a/src/moonshot-id.vala b/src/moonshot-id.vala
index 515b73e..0895d1e 100644
--- a/src/moonshot-id.vala
+++ b/src/moonshot-id.vala
@@ -101,6 +101,16 @@ public class TrustAnchor : Object
             return 1;
         return 0;
     }
+
+    public string? get_expiration_date()
+    {
+        if (this.ca_cert == "") {
+            return null;
+        }
+
+        //!!TODO read expiration date
+        return "";
+    }
 }
 
 public struct Rule
diff --git a/src/moonshot-identity-dialog.vala b/src/moonshot-identity-dialog.vala
index 99a52b4..dc9142b 100644
--- a/src/moonshot-identity-dialog.vala
+++ b/src/moonshot-identity-dialog.vala
@@ -175,6 +175,9 @@ class IdentityDialog : Dialog
         this.response.connect(on_response);
         content_area.set_border_width(6);
 
+        Widget trust_anchor_box = make_trust_anchor_box(card);
+        content_area.pack_start(trust_anchor_box, false, false, 15);
+
         if (!is_new_card)
         {
             var services_vbox = make_services_vbox();
@@ -196,6 +199,74 @@ class IdentityDialog : Dialog
         this.show_all();
     }
 
+    private static Widget make_trust_anchor_box(IdCard id)
+    {
+
+        Label ta_label = new Label(_("Trust anchor: ")
+                                   + (id.trust_anchor.is_empty() ? _("None") : _("Enterprise provisioned")));
+        ta_label.set_alignment(0, 0.5f);
+
+        if (id.trust_anchor.is_empty()) {
+            return ta_label;
+        }
+
+
+        AttachOptions opts = AttachOptions.EXPAND | AttachOptions.FILL;
+        AttachOptions fill = AttachOptions.FILL;
+
+        Table ta_table = new Table(6, 2, false);
+        int row = 0;
+
+        var ta_clear_button = new Button.with_label(_("Clear Trust Anchor"));
+        ta_clear_button.clicked.connect((w) => {id.trust_anchor = new TrustAnchor();});
+
+        ta_table.attach(ta_label, 0, 1, row, row + 1, opts, opts, 0, 0);
+        ta_table.attach(ta_clear_button, 1, 2, row, row + 1, fill, fill, 0, 0);
+        row++;
+
+        //!!TODO
+        Label added_label = new Label(_("Added on: N/A"));
+        added_label.set_alignment(0, 0.5f);
+        ta_table.attach(added_label, 0, 1, row, row + 1, opts, opts, 20, 5);
+        row++;
+
+        if (id.trust_anchor.get_anchor_type() == TrustAnchor.TrustAnchorType.SERVER_CERT) {
+            Widget fingerprint = make_ta_fingerprint_widget(id.trust_anchor);
+            ta_table.attach(fingerprint, 0, 2, row, row + 2, opts, opts, 20, 5);
+        }
+        else {
+            Label ca_cert_label = new Label(_("CA Certificate:"));
+            ca_cert_label.set_alignment(0, 0.5f);
+            var export_button = new Button.with_label(_("Export Certificate"));
+            //!!TODO!
+            export_button.clicked.connect((w) => {/* !!TODO! */});
+
+            ta_table.attach(ca_cert_label, 0, 1, row, row + 1, opts, opts, 20, 0);
+            ta_table.attach(export_button, 1, 2, row, row + 1, fill, fill, 0, 0);
+            row++;
+
+            //!!TODO: When to show Subject, and when (if ever) show Subject-Altname here?
+            Label subject_label = new Label(_("Subject: ") + id.trust_anchor.subject);
+            subject_label.set_alignment(0, 0.5f);
+            ta_table.attach(subject_label, 0, 1, row, row + 1, opts, opts, 40, 5);
+            row++;
+
+            Label expiration_label = new Label(_("Expiration date: ") + id.trust_anchor.get_expiration_date());
+            expiration_label.set_alignment(0, 0.5f);
+            ta_table.attach(expiration_label, 0, 1, row, row + 1, opts, opts, 40, 5);
+            row++;
+
+            //!!TODO: What *is* this?
+            Label constraint_label = new Label(_("Constraint: "));
+            constraint_label.set_alignment(0, 0.5f);
+            ta_table.attach(constraint_label, 0, 1, row, row + 1, opts, opts, 20, 0);
+            row++;
+        }
+
+        return ta_table;
+
+    }
+
     private static void add_as_vbox(Box content_area, Label label, Entry entry)
     {
         VBox vbox = new VBox(false, 2);
@@ -313,7 +384,7 @@ class IdentityDialog : Dialog
         // Hack to prevent the button from growing vertically
         VBox fixed_height = new VBox(false, 0);
         fixed_height.pack_start(remove_button, false, false, 0);
-        table_button_hbox.pack_start(fixed_height, false, false, 6);
+        table_button_hbox.pack_start(fixed_height, false, false, 0);
 
         // A table doesn't have a background color, so put it in an EventBox, and
         // set the EventBox's background color instead.
@@ -324,11 +395,11 @@ class IdentityDialog : Dialog
 
         var services_vbox_title = new Label(_("Services:"));
         label_make_bold(services_vbox_title);
-        services_vbox_title.set_alignment(0, (float) 0.5);
+        services_vbox_title.set_alignment(0, 0.5f);
 
         var services_vbox = new VBox(false, 6);
-        services_vbox.pack_start(services_vbox_title, false, false, 6);
-        services_vbox.pack_start(table_button_hbox, true, true, 6);
+        services_vbox.pack_start(services_vbox_title, false, false, 0);
+        services_vbox.pack_start(table_button_hbox, true, true, 0);
 
         int i = 0;
         foreach (string service in card.services)
diff --git a/src/moonshot-trust-anchor-dialog.vala b/src/moonshot-trust-anchor-dialog.vala
index b3de3df..aec8fda 100644
--- a/src/moonshot-trust-anchor-dialog.vala
+++ b/src/moonshot-trust-anchor-dialog.vala
@@ -70,33 +70,17 @@ class TrustAnchorDialog : Dialog
         var realm_label = new Label(_("Realm: ") + idcard.issuer);
         realm_label.set_alignment(0, 0.5f);
 
-        var fingerprint_label = new Label(_("SHA-256 fingerprint:"));
-        fingerprint_label.set_alignment(0, 0.5f);
-
-        var fingerprint = new TextView();
-        fingerprint.set_editable(false);
-        var buffer = fingerprint.get_buffer();
-        buffer.set_text(colonize(idcard.trust_anchor.server_cert), -1);
-        fingerprint.wrap_mode = WrapMode.WORD_CHAR;
-
-        set_atk_relation(fingerprint_label, fingerprint, Atk.RelationType.LABEL_FOR);
-
-        var fingerprint_width_constraint = new ScrolledWindow(null, null);
-        fingerprint_width_constraint.set_policy(PolicyType.NEVER, PolicyType.NEVER);
-        fingerprint_width_constraint.set_shadow_type(ShadowType.IN);
-        fingerprint_width_constraint.set_size_request(400, 60);
-        fingerprint_width_constraint.add_with_viewport(fingerprint);
-
         Label confirm_label = new Label(_("Please confirm that this is the correct trust anchor."));
         confirm_label.set_alignment(0, 0.5f);
 
+        var trust_anchor_display = make_ta_fingerprint_widget(idcard.trust_anchor);
+
         var vbox = new VBox(false, 0);
         vbox.set_border_width(6);
         vbox.pack_start(dialog_label, true, true, 12);
         vbox.pack_start(user_label, true, true, 2);
         vbox.pack_start(realm_label, true, true, 2);
-        vbox.pack_start(fingerprint_label, true, true, 2);
-        vbox.pack_start(fingerprint_width_constraint, true, true, 2);
+        vbox.pack_start(trust_anchor_display, true, true, 0);
         vbox.pack_start(confirm_label, true, true, 12);
 
         ((Container) content_area).add(vbox);
@@ -120,20 +104,4 @@ class TrustAnchorDialog : Dialog
             break;
         }
     }
-
-    // Yeah, it doesn't mean "colonize" the way you might think... :-)
-    private static string colonize(string input) {
-        return_if_fail(input.length % 2 == 0);
-
-        string result = "";
-        int i = 0;
-        while (i < input.length) {
-            if (i > 0) {
-                result += ":";
-            }
-            result += input[i : i + 2];
-            i += 2;
-        }
-        return result;
-    }
 }
diff --git a/src/moonshot-utils.vala b/src/moonshot-utils.vala
index e760738..96e02eb 100644
--- a/src/moonshot-utils.vala
+++ b/src/moonshot-utils.vala
@@ -121,3 +121,45 @@ internal void set_atk_relation(Widget widget, Widget target_widget, Atk.Relation
 
     atk_widget.add_relationship(relationship, atk_target_widget);
 }
+
+
+internal Widget make_ta_fingerprint_widget(TrustAnchor trust_anchor)
+{
+        var fingerprint_label = new Label(_("SHA-256 fingerprint:"));
+        fingerprint_label.set_alignment(0, 0.5f);
+
+        var fingerprint = new TextView();
+        fingerprint.set_editable(false);
+        var buffer = fingerprint.get_buffer();
+        buffer.set_text(colonize(trust_anchor.server_cert), -1);
+        fingerprint.wrap_mode = WrapMode.WORD_CHAR;
+
+        set_atk_relation(fingerprint_label, fingerprint, Atk.RelationType.LABEL_FOR);
+
+        var fingerprint_width_constraint = new ScrolledWindow(null, null);
+        fingerprint_width_constraint.set_policy(PolicyType.NEVER, PolicyType.NEVER);
+        fingerprint_width_constraint.set_shadow_type(ShadowType.IN);
+        fingerprint_width_constraint.set_size_request(400, 60);
+        fingerprint_width_constraint.add_with_viewport(fingerprint);
+
+        var vbox = new VBox(false, 0);
+        vbox.pack_start(fingerprint_label, true, true, 2);
+        vbox.pack_start(fingerprint_width_constraint, true, true, 2);
+        return vbox;
+}
+
+    // Yeah, it doesn't mean "colonize" the way you might think... :-)
+internal static string colonize(string input) {
+    return_if_fail(input.length % 2 == 0);
+
+    string result = "";
+    int i = 0;
+    while (i < input.length) {
+        if (i > 0) {
+            result += ":";
+        }
+        result += input[i : i + 2];
+        i += 2;
+    }
+    return result;
+}
-- 
2.1.4