2 * empathy-tls-certificate.c - Source for EmpathyTLSCertificate
3 * Copyright (C) 2010 Collabora Ltd.
4 * @author Cosimo Cecchi <cosimo.cecchi@collabora.co.uk>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23 #include "empathy-tls-certificate.h"
27 #include <glib/gstdio.h>
29 #include <gnutls/gnutls.h>
30 #include <gnutls/x509.h>
32 #include <telepathy-glib/proxy-subclass.h>
34 #define DEBUG_FLAG EMPATHY_DEBUG_TLS
35 #include "empathy-debug.h"
36 #include "empathy-utils.h"
38 #include "extensions/extensions.h"
40 static void async_initable_iface_init (GAsyncInitableIface *iface);
46 /* proxy properties */
59 GSimpleAsyncResult *async_init_res;
61 /* TLSCertificate properties */
64 EmpTLSCertificateState state;
65 } EmpathyTLSCertificatePriv;
67 G_DEFINE_TYPE_WITH_CODE (EmpathyTLSCertificate, empathy_tls_certificate,
69 G_IMPLEMENT_INTERFACE (G_TYPE_ASYNC_INITABLE, async_initable_iface_init));
71 #define GET_PRIV(obj) EMPATHY_GET_PRIV (obj, EmpathyTLSCertificate);
74 tls_certificate_init_finish (GAsyncInitable *initable,
78 gboolean retval = TRUE;
79 EmpathyTLSCertificate *self = EMPATHY_TLS_CERTIFICATE (initable);
80 EmpathyTLSCertificatePriv *priv = GET_PRIV (self);
82 if (g_simple_async_result_propagate_error (priv->async_init_res, error))
89 array_of_ay_get_type (void)
93 if (G_UNLIKELY (t == 0))
95 t = dbus_g_type_get_collection ("GPtrArray",
96 dbus_g_type_get_collection ("GArray",
104 tls_certificate_got_all_cb (TpProxy *proxy,
105 GHashTable *properties,
108 GObject *weak_object)
110 GPtrArray *cert_data;
111 EmpathyTLSCertificate *self = EMPATHY_TLS_CERTIFICATE (weak_object);
112 EmpathyTLSCertificatePriv *priv = GET_PRIV (self);
116 g_simple_async_result_set_from_error (priv->async_init_res, error);
117 g_simple_async_result_complete_in_idle (priv->async_init_res);
119 g_object_unref (priv->async_init_res);
124 priv->cert_type = g_strdup (tp_asv_get_string (properties,
126 priv->state = tp_asv_get_uint32 (properties, "State", NULL);
128 cert_data = tp_asv_get_boxed (properties, "CertificateChainData",
129 array_of_ay_get_type ());
130 g_assert (cert_data != NULL);
131 priv->cert_data = g_boxed_copy (array_of_ay_get_type (), cert_data);
133 DEBUG ("Got a certificate chain long %u, of type %s",
134 priv->cert_data->len, priv->cert_type);
136 g_simple_async_result_complete_in_idle (priv->async_init_res);
137 g_object_unref (priv->async_init_res);
141 tls_certificate_init_async (GAsyncInitable *initable,
143 GCancellable *cancellable,
144 GAsyncReadyCallback callback,
148 GError *error = NULL;
149 EmpathyTLSCertificate *self = EMPATHY_TLS_CERTIFICATE (initable);
150 EmpathyTLSCertificatePriv *priv = GET_PRIV (self);
152 g_assert (priv->object_path != NULL);
153 g_assert (priv->bus_name != NULL);
155 priv->async_init_res = g_simple_async_result_new (G_OBJECT (self),
156 callback, user_data, empathy_tls_certificate_new_async);
157 dbus = tp_dbus_daemon_dup (&error);
161 g_simple_async_result_set_from_error (priv->async_init_res, error);
162 g_simple_async_result_complete_in_idle (priv->async_init_res);
164 g_error_free (error);
165 g_object_unref (priv->async_init_res);
169 DEBUG ("Creating a proxy for object at path %s, owned by %s",
170 priv->object_path, priv->bus_name);
172 priv->proxy = g_object_new (TP_TYPE_PROXY,
173 "object-path", priv->object_path,
174 "bus-name", priv->bus_name,
175 "dbus-daemon", dbus, NULL);
177 tp_proxy_add_interface_by_id (priv->proxy,
178 EMP_IFACE_QUARK_AUTHENTICATION_TLS_CERTIFICATE);
180 /* call GetAll() on the certificate */
181 tp_cli_dbus_properties_call_get_all (priv->proxy,
182 -1, EMP_IFACE_AUTHENTICATION_TLS_CERTIFICATE,
183 tls_certificate_got_all_cb, NULL, NULL, G_OBJECT (self));
185 g_object_unref (dbus);
189 async_initable_iface_init (GAsyncInitableIface *iface)
191 iface->init_async = tls_certificate_init_async;
192 iface->init_finish = tls_certificate_init_finish;
196 empathy_tls_certificate_finalize (GObject *object)
198 EmpathyTLSCertificatePriv *priv = GET_PRIV (object);
200 DEBUG ("%p", object);
202 g_free (priv->object_path);
204 G_OBJECT_CLASS (empathy_tls_certificate_parent_class)->finalize (object);
208 empathy_tls_certificate_get_property (GObject *object,
213 EmpathyTLSCertificatePriv *priv = GET_PRIV (object);
217 case PROP_OBJECT_PATH:
218 g_value_set_string (value, priv->object_path);
221 g_value_set_string (value, priv->bus_name);
224 g_value_set_string (value, priv->cert_type);
227 g_value_set_boxed (value, priv->cert_data);
230 g_value_set_uint (value, priv->state);
233 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
239 empathy_tls_certificate_set_property (GObject *object,
244 EmpathyTLSCertificatePriv *priv = GET_PRIV (object);
248 case PROP_OBJECT_PATH:
249 priv->object_path = g_value_dup_string (value);
252 priv->bus_name = g_value_dup_string (value);
255 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
261 empathy_tls_certificate_init (EmpathyTLSCertificate *self)
263 self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
264 EMPATHY_TYPE_TLS_CERTIFICATE, EmpathyTLSCertificatePriv);
268 empathy_tls_certificate_class_init (EmpathyTLSCertificateClass *klass)
271 GObjectClass *oclass = G_OBJECT_CLASS (klass);
273 oclass->get_property = empathy_tls_certificate_get_property;
274 oclass->set_property = empathy_tls_certificate_set_property;
275 oclass->finalize = empathy_tls_certificate_finalize;
277 g_type_class_add_private (klass, sizeof (EmpathyTLSCertificatePriv));
279 pspec = g_param_spec_string ("object-path", "The object path",
280 "The path on the bus where the object we proxy is living.",
282 G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS);
283 g_object_class_install_property (oclass, PROP_OBJECT_PATH, pspec);
285 pspec = g_param_spec_string ("bus-name", "The bus name",
286 "The bus name owning this certificate.",
288 G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS);
289 g_object_class_install_property (oclass, PROP_BUS_NAME, pspec);
291 pspec = g_param_spec_string ("cert-type", "Certificate type",
292 "The type of this certificate.",
294 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
295 g_object_class_install_property (oclass, PROP_CERT_TYPE, pspec);
297 pspec = g_param_spec_boxed ("cert-data", "Certificate chain data",
298 "The raw DER-encoded certificate chain data.",
299 array_of_ay_get_type (),
300 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
301 g_object_class_install_property (oclass, PROP_CERT_DATA, pspec);
303 pspec = g_param_spec_uint ("state", "State",
304 "The state of this certificate.",
305 EMP_TLS_CERTIFICATE_STATE_PENDING, NUM_EMP_TLS_CERTIFICATE_STATES -1,
306 EMP_TLS_CERTIFICATE_STATE_PENDING,
307 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
308 g_object_class_install_property (oclass, PROP_STATE, pspec);
312 cert_proxy_accept_cb (TpProxy *proxy,
315 GObject *weak_object)
317 GSimpleAsyncResult *accept_result = user_data;
319 DEBUG ("Callback for accept(), error %p", error);
323 DEBUG ("Error was %s", error->message);
324 g_simple_async_result_set_from_error (accept_result, error);
327 g_simple_async_result_complete (accept_result);
331 cert_proxy_reject_cb (TpProxy *proxy,
334 GObject *weak_object)
336 GSimpleAsyncResult *reject_result = user_data;
338 DEBUG ("Callback for reject(), error %p", error);
342 DEBUG ("Error was %s", error->message);
343 g_simple_async_result_set_from_error (reject_result, error);
346 g_simple_async_result_complete (reject_result);
350 reject_reason_get_dbus_error (EmpTLSCertificateRejectReason reason)
352 const gchar *retval = NULL;
356 case EMP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED:
357 retval = tp_error_get_dbus_name (TP_ERROR_CERT_UNTRUSTED);
359 case EMP_TLS_CERTIFICATE_REJECT_REASON_EXPIRED:
360 retval = tp_error_get_dbus_name (TP_ERROR_CERT_EXPIRED);
362 case EMP_TLS_CERTIFICATE_REJECT_REASON_NOT_ACTIVATED:
363 retval = tp_error_get_dbus_name (TP_ERROR_CERT_NOT_ACTIVATED);
365 case EMP_TLS_CERTIFICATE_REJECT_REASON_FINGERPRINT_MISMATCH:
366 retval = tp_error_get_dbus_name (TP_ERROR_CERT_FINGERPRINT_MISMATCH);
368 case EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH:
369 retval = tp_error_get_dbus_name (TP_ERROR_CERT_HOSTNAME_MISMATCH);
371 case EMP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED:
372 retval = tp_error_get_dbus_name (TP_ERROR_CERT_SELF_SIGNED);
374 case EMP_TLS_CERTIFICATE_REJECT_REASON_REVOKED:
375 retval = tp_error_get_dbus_name (TP_ERROR_CERT_REVOKED);
377 case EMP_TLS_CERTIFICATE_REJECT_REASON_INSECURE:
378 retval = tp_error_get_dbus_name (TP_ERROR_CERT_INSECURE);
380 case EMP_TLS_CERTIFICATE_REJECT_REASON_LIMIT_EXCEEDED:
381 retval = tp_error_get_dbus_name (TP_ERROR_CERT_LIMIT_EXCEEDED);
383 case EMP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN:
385 retval = tp_error_get_dbus_name (TP_ERROR_CERT_INVALID);
393 empathy_tls_certificate_new_async (const gchar *bus_name,
394 const gchar *object_path,
395 GAsyncReadyCallback callback,
398 g_assert (object_path != NULL);
400 g_async_initable_new_async (EMPATHY_TYPE_TLS_CERTIFICATE,
401 G_PRIORITY_DEFAULT, NULL, callback, user_data,
402 "bus-name", bus_name,
403 "object-path", object_path, NULL);
406 EmpathyTLSCertificate *
407 empathy_tls_certificate_new_finish (GAsyncResult *res,
410 GObject *object, *source_object;
412 source_object = g_async_result_get_source_object (res);
414 object = g_async_initable_new_finish (G_ASYNC_INITABLE (source_object),
416 g_object_unref (source_object);
419 return EMPATHY_TLS_CERTIFICATE (object);
425 empathy_tls_certificate_accept_async (EmpathyTLSCertificate *self,
426 GAsyncReadyCallback callback,
429 GSimpleAsyncResult *accept_result;
430 EmpathyTLSCertificatePriv *priv = GET_PRIV (self);
432 g_assert (EMPATHY_IS_TLS_CERTIFICATE (self));
434 DEBUG ("Accepting TLS certificate");
436 accept_result = g_simple_async_result_new (G_OBJECT (self),
437 callback, user_data, empathy_tls_certificate_accept_async);
439 emp_cli_authentication_tls_certificate_call_accept (priv->proxy,
440 -1, cert_proxy_accept_cb,
441 accept_result, g_object_unref,
446 empathy_tls_certificate_accept_finish (EmpathyTLSCertificate *self,
447 GAsyncResult *result,
450 if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
458 empathy_tls_certificate_reject_async (EmpathyTLSCertificate *self,
459 EmpTLSCertificateRejectReason reason,
460 gboolean user_requested,
461 GAsyncReadyCallback callback,
465 const gchar *dbus_error;
466 GSimpleAsyncResult *reject_result;
467 EmpathyTLSCertificatePriv *priv = GET_PRIV (self);
469 g_assert (EMPATHY_IS_TLS_CERTIFICATE (self));
471 DEBUG ("Rejecting TLS certificate with reason %u", reason);
473 dbus_error = reject_reason_get_dbus_error (reason);
474 details = tp_asv_new ("user-requested", G_TYPE_BOOLEAN, user_requested,
476 reject_result = g_simple_async_result_new (G_OBJECT (self),
477 callback, user_data, empathy_tls_certificate_reject_async);
479 emp_cli_authentication_tls_certificate_call_reject (priv->proxy,
480 -1, reason, dbus_error, details, cert_proxy_reject_cb,
481 reject_result, g_object_unref, G_OBJECT (self));
483 g_hash_table_unref (details);
487 empathy_tls_certificate_reject_finish (EmpathyTLSCertificate *self,
488 GAsyncResult *result,
491 if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
499 get_exported_size (gnutls_x509_crt_t cert)
504 /* fake an export so we get the size to allocate */
505 gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM,
508 DEBUG ("Should allocate %lu bytes", (gulong) retval);
514 empathy_tls_certificate_store_ca (EmpathyTLSCertificate *self)
517 gnutls_x509_crt_t cert;
518 gnutls_datum_t datum = { NULL, 0 };
520 guchar *exported_cert = NULL;
522 gchar *user_certs_dir = NULL, *filename = NULL, *path = NULL;
523 GError *error = NULL;
524 EmpathyTLSCertificatePriv *priv = GET_PRIV (self);
526 last_cert = g_ptr_array_index (priv->cert_data, priv->cert_data->len - 1);
527 datum.data = (guchar *) last_cert->data;
528 datum.size = last_cert->len;
530 gnutls_x509_crt_init (&cert);
531 gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER);
533 /* make sure it's self-signed, otherwise it's not a CA */
534 if (gnutls_x509_crt_check_issuer (cert, cert) <= 0)
536 DEBUG ("Can't import the CA, as it's not self-signed");
537 gnutls_x509_crt_deinit (cert);
542 if (gnutls_x509_crt_get_ca_status (cert, NULL) <= 0)
544 DEBUG ("Can't import the CA, it's not a valid CA certificate");
545 gnutls_x509_crt_deinit (cert);
550 exported_len = get_exported_size (cert);
551 exported_cert = g_malloc (sizeof (guchar) * exported_len);
553 res = gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM,
554 exported_cert, &exported_len);
558 DEBUG ("Failed to export the CA certificate; GnuTLS returned %d", res);
559 gnutls_x509_crt_deinit (cert);
564 gnutls_x509_crt_deinit (cert);
567 user_certs_dir = g_build_filename (g_get_user_config_dir (),
568 "telepathy", "certs", NULL);
570 res = g_mkdir_with_parents (user_certs_dir, S_IRWXU | S_IRWXG);
574 DEBUG ("Failed to create the user certificate directory: %s",
584 filename = g_strdup_printf ("cert-%p", cert);
585 path = g_build_filename (user_certs_dir, filename, NULL);
589 while (g_file_test (path, G_FILE_TEST_EXISTS));
591 DEBUG ("Will save to %s", path);
593 g_file_set_contents (path, (const gchar *) exported_cert, exported_len,
598 DEBUG ("Can't save the CA certificate to %s: %s",
599 path, error->message);
601 g_error_free (error);
606 g_free (exported_cert);
607 g_free (user_certs_dir);