2 * empathy-tls-dialog.c - Source for EmpathyTLSDialog
3 * Copyright (C) 2010 Collabora Ltd.
4 * @author Cosimo Cecchi <cosimo.cecchi@collabora.co.uk>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23 #include "empathy-tls-dialog.h"
25 #include <glib/gi18n-lib.h>
27 #include <telepathy-glib/util.h>
29 #include "gcr-simple-certificate.h"
31 #define DEBUG_FLAG EMPATHY_DEBUG_TLS
32 #include <libempathy/empathy-debug.h>
33 #include <libempathy/empathy-utils.h>
35 G_DEFINE_TYPE (EmpathyTLSDialog, empathy_tls_dialog,
36 GTK_TYPE_MESSAGE_DIALOG)
38 #define GET_PRIV(obj) EMPATHY_GET_PRIV (obj, EmpathyTLSDialog);
41 PROP_TLS_CERTIFICATE = 1,
50 EmpathyTLSCertificate *certificate;
51 EmpTLSCertificateRejectReason reason;
57 } EmpathyTLSDialogPriv;
60 empathy_tls_dialog_get_property (GObject *object,
65 EmpathyTLSDialogPriv *priv = GET_PRIV (object);
69 case PROP_TLS_CERTIFICATE:
70 g_value_set_object (value, priv->certificate);
73 g_value_set_uint (value, priv->reason);
76 g_value_set_boolean (value, priv->remember);
79 g_value_set_boxed (value, priv->details);
82 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
88 empathy_tls_dialog_set_property (GObject *object,
93 EmpathyTLSDialogPriv *priv = GET_PRIV (object);
97 case PROP_TLS_CERTIFICATE:
98 priv->certificate = g_value_dup_object (value);
101 priv->reason = g_value_get_uint (value);
104 priv->details = g_value_dup_boxed (value);
107 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
113 empathy_tls_dialog_dispose (GObject *object)
115 EmpathyTLSDialogPriv *priv = GET_PRIV (object);
117 if (priv->dispose_run)
120 priv->dispose_run = TRUE;
122 tp_clear_object (&priv->certificate);
124 G_OBJECT_CLASS (empathy_tls_dialog_parent_class)->dispose (object);
128 empathy_tls_dialog_finalize (GObject *object)
130 EmpathyTLSDialogPriv *priv = GET_PRIV (object);
132 tp_clear_boxed (G_TYPE_HASH_TABLE, &priv->details);
134 G_OBJECT_CLASS (empathy_tls_dialog_parent_class)->finalize (object);
138 reason_to_string (EmpathyTLSDialog *self)
141 const gchar *reason_str;
142 EmpTLSCertificateRejectReason reason;
144 EmpathyTLSDialogPriv *priv = GET_PRIV (self);
146 str = g_string_new (NULL);
147 reason = priv->reason;
148 details = priv->details;
150 g_string_append (str, _("The identity provided by the chat server cannot be "
152 g_string_append (str, "\n\n");
156 case EMP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED:
157 reason_str = _("The certificate is not signed by a Certification "
160 case EMP_TLS_CERTIFICATE_REJECT_REASON_EXPIRED:
161 reason_str = _("The certificate has expired.");
163 case EMP_TLS_CERTIFICATE_REJECT_REASON_NOT_ACTIVATED:
164 reason_str = _("The certificate hasn't yet been activated.");
166 case EMP_TLS_CERTIFICATE_REJECT_REASON_FINGERPRINT_MISMATCH:
167 reason_str = _("The certificate does not have the expected fingerprint.");
169 case EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH:
170 reason_str = _("The hostname verified by the certificate doesn't match "
173 case EMP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED:
174 reason_str = _("The certificate is self-signed.");
176 case EMP_TLS_CERTIFICATE_REJECT_REASON_REVOKED:
177 reason_str = _("The certificate has been revoked by the issuing "
178 "Certification Authority.");
180 case EMP_TLS_CERTIFICATE_REJECT_REASON_INSECURE:
181 reason_str = _("The certificate is cryptographically weak.");
183 case EMP_TLS_CERTIFICATE_REJECT_REASON_LIMIT_EXCEEDED:
184 reason_str = _("The certificate length exceeds verifiable limits.");
186 case EMP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN:
188 reason_str = _("The certificate is malformed.");
192 g_string_append (str, reason_str);
194 /* add more information in case of HOSTNAME_MISMATCH */
195 if (reason == EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH)
197 const gchar *expected_hostname, *certificate_hostname;
199 expected_hostname = tp_asv_get_string (details, "expected-hostname");
200 certificate_hostname = tp_asv_get_string (details,
201 "certificate-hostname");
203 if (expected_hostname != NULL && certificate_hostname != NULL)
205 g_string_append (str, "\n\n");
206 g_string_append_printf (str, _("Expected hostname: %s"),
208 g_string_append (str, "\n");
209 g_string_append_printf (str, _("Certificate hostname: %s"),
210 certificate_hostname);
214 return g_string_free (str, FALSE);
218 build_gcr_widget (EmpathyTLSDialog *self)
220 GcrCertificateWidget *widget;
221 GcrCertificate *certificate;
222 GPtrArray *cert_chain = NULL;
225 EmpathyTLSDialogPriv *priv = GET_PRIV (self);
227 g_object_get (priv->certificate,
228 "cert-data", &cert_chain,
230 first_cert = g_ptr_array_index (cert_chain, 0);
232 certificate = gcr_simple_certificate_new ((const guchar *) first_cert->data,
234 widget = gcr_certificate_widget_new (certificate);
236 /* FIXME: make this widget bigger by default -- GTK+ should really handle
237 * this sort of thing for us */
238 gtk_widget_get_preferred_height (GTK_WIDGET (widget), NULL, &height);
239 /* force the widget to at least 150 pixels high */
240 gtk_widget_set_size_request (GTK_WIDGET (widget), -1, MAX (height, 150));
242 g_object_unref (certificate);
243 g_ptr_array_unref (cert_chain);
245 return GTK_WIDGET (widget);
249 checkbox_toggled_cb (GtkToggleButton *checkbox,
252 EmpathyTLSDialog *self = user_data;
253 EmpathyTLSDialogPriv *priv = GET_PRIV (self);
255 priv->remember = gtk_toggle_button_get_active (checkbox);
256 g_object_notify (G_OBJECT (self), "remember");
260 empathy_tls_dialog_constructed (GObject *object)
262 GtkWidget *content_area, *expander, *details, *checkbox;
264 EmpathyTLSDialog *self = EMPATHY_TLS_DIALOG (object);
265 GtkMessageDialog *message_dialog = GTK_MESSAGE_DIALOG (self);
266 GtkDialog *dialog = GTK_DIALOG (self);
267 EmpathyTLSDialogPriv *priv = GET_PRIV (self);
269 gtk_dialog_add_buttons (dialog,
270 GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
271 _("Continue"), GTK_RESPONSE_YES,
274 text = reason_to_string (self);
276 g_object_set (message_dialog,
277 "text", _("This connection is untrusted. Would you like to "
279 "secondary-text", text,
284 content_area = gtk_dialog_get_content_area (dialog);
286 /* FIXME: right now we do this only if the error is SelfSigned, as we can
287 * easily store the new CA cert in $XDG_CONFIG_DIR/telepathy/certs in that
288 * case. For the other errors, we probably need a smarter/more powerful
289 * certificate storage.
291 if (priv->reason == EMP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED)
293 checkbox = gtk_check_button_new_with_label (
294 _("Remember this choice for future connections"));
295 gtk_box_pack_end (GTK_BOX (content_area), checkbox, FALSE, FALSE, 0);
296 gtk_widget_show (checkbox);
298 g_signal_connect (checkbox, "toggled",
299 G_CALLBACK (checkbox_toggled_cb), self);
302 text = g_strdup_printf ("<b>%s</b>", _("Certificate Details"));
303 expander = gtk_expander_new (text);
304 gtk_expander_set_use_markup (GTK_EXPANDER (expander), TRUE);
305 gtk_box_pack_end (GTK_BOX (content_area), expander, TRUE, TRUE, 0);
306 gtk_widget_show (expander);
310 details = build_gcr_widget (self);
311 gtk_container_add (GTK_CONTAINER (expander), details);
312 gtk_widget_show (details);
316 empathy_tls_dialog_init (EmpathyTLSDialog *self)
318 self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
319 EMPATHY_TYPE_TLS_DIALOG, EmpathyTLSDialogPriv);
323 empathy_tls_dialog_class_init (EmpathyTLSDialogClass *klass)
326 GObjectClass *oclass = G_OBJECT_CLASS (klass);
328 g_type_class_add_private (klass, sizeof (EmpathyTLSDialogPriv));
330 oclass->set_property = empathy_tls_dialog_set_property;
331 oclass->get_property = empathy_tls_dialog_get_property;
332 oclass->dispose = empathy_tls_dialog_dispose;
333 oclass->finalize = empathy_tls_dialog_finalize;
334 oclass->constructed = empathy_tls_dialog_constructed;
336 pspec = g_param_spec_object ("certificate", "The EmpathyTLSCertificate",
337 "The EmpathyTLSCertificate to be displayed.",
338 EMPATHY_TYPE_TLS_CERTIFICATE,
339 G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
340 g_object_class_install_property (oclass, PROP_TLS_CERTIFICATE, pspec);
342 pspec = g_param_spec_uint ("reason", "The reason",
343 "The reason why the certificate is being asked for confirmation.",
344 0, NUM_EMP_TLS_CERTIFICATE_REJECT_REASONS - 1,
345 EMP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN,
346 G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
347 g_object_class_install_property (oclass, PROP_REASON, pspec);
349 pspec = g_param_spec_boolean ("remember", "Whether to remember the decision",
350 "Whether we should remember the decision for this certificate.",
352 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
353 g_object_class_install_property (oclass, PROP_REMEMBER, pspec);
355 pspec = g_param_spec_boxed ("details", "Rejection details",
356 "Additional details about the rejection of this certificate.",
358 G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
359 g_object_class_install_property (oclass, PROP_DETAILS, pspec);
363 empathy_tls_dialog_new (EmpathyTLSCertificate *certificate,
364 EmpTLSCertificateRejectReason reason,
367 g_assert (EMPATHY_IS_TLS_CERTIFICATE (certificate));
369 return g_object_new (EMPATHY_TYPE_TLS_DIALOG,
370 "message-type", GTK_MESSAGE_WARNING,
371 "certificate", certificate,