Mercurial > pidgin.yaz
comparison libpurple/certificate.c @ 19094:dd9f69ebaae8
In x509_ca pool:
- More skeletonizing, including a partial "lazy initialization"
implementation to get around the problem of x509_ca requiring an x509
Scheme to be registered before it can properly init.
- Cosmetics
| author | William Ehlhardt <williamehlhardt@gmail.com> |
|---|---|
| date | Sun, 12 Aug 2007 03:36:53 +0000 |
| parents | f96b53df8d17 |
| children | cd70e75f9a83 |
comparison
equal
deleted
inserted
replaced
| 19093:f96b53df8d17 | 19094:dd9f69ebaae8 |
|---|---|
| 585 }; | 585 }; |
| 586 | 586 |
| 587 | 587 |
| 588 | 588 |
| 589 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/ | 589 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/ |
| 590 /* This is implemented in what may be the most inefficient and bugprone way | |
| 591 possible; however, future optimizations should not be difficult. */ | |
| 592 | |
| 590 static PurpleCertificatePool x509_ca; | 593 static PurpleCertificatePool x509_ca; |
| 594 | |
| 595 /** Holds a key-value pair for quickish certificate lookup */ | |
| 596 typedef struct { | |
| 597 gchar *dn; | |
| 598 PurpleCertificate *crt; | |
| 599 } x509_ca_element; | |
| 600 | |
| 601 /** System directory to probe for CA certificates */ | |
| 602 /* TODO: The current path likely won't work on anything but Debian! Fix! */ | |
| 603 static const gchar *x509_ca_syspath = "/etc/ssl/certs/"; | |
| 604 | |
| 605 /** A list of loaded CAs, populated from the above path whenever the lazy_init | |
| 606 happens. Contains pointers to x509_ca_elements */ | |
| 607 static GList *x509_ca_certs = NULL; | |
| 608 | |
| 609 /** Used for lazy initialization purposes. */ | |
| 610 static gboolean x509_ca_initialized = FALSE; | |
| 611 | |
| 612 static gboolean | |
| 613 x509_ca_lazy_init(void) | |
| 614 { | |
| 615 if (x509_ca_initialized) return TRUE; | |
| 616 | |
| 617 /* Populate the certificates pool from the system path */ | |
| 618 /* TODO: Writeme! */ | |
| 619 | |
| 620 x509_ca_initialized = TRUE; | |
| 621 return TRUE; | |
| 622 } | |
| 591 | 623 |
| 592 static gboolean | 624 static gboolean |
| 593 x509_ca_init(void) | 625 x509_ca_init(void) |
| 594 { | 626 { |
| 627 /* Attempt to initialize now, but if it doesn't work, that's OK; | |
| 628 it will get done later */ | |
| 629 if ( ! x509_ca_lazy_init()) { | |
| 630 purple_debug_info("certificate/x509/ca", | |
| 631 "Lazy init failed, probably because a " | |
| 632 "dependency is not yet registered. " | |
| 633 "It has been deferred to later.\n"); | |
| 634 } | |
| 635 | |
| 595 return TRUE; | 636 return TRUE; |
| 596 } | 637 } |
| 597 | 638 |
| 598 static void | 639 static void |
| 599 x509_ca_uninit(void) | 640 x509_ca_uninit(void) |
| 603 | 644 |
| 604 static gboolean | 645 static gboolean |
| 605 x509_ca_cert_in_pool(const gchar *id) | 646 x509_ca_cert_in_pool(const gchar *id) |
| 606 { | 647 { |
| 607 gboolean ret = FALSE; | 648 gboolean ret = FALSE; |
| 608 | 649 |
| 650 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); | |
| 609 g_return_val_if_fail(id, FALSE); | 651 g_return_val_if_fail(id, FALSE); |
| 610 | 652 |
| 611 return ret; | 653 return ret; |
| 612 } | 654 } |
| 613 | 655 |
| 614 static PurpleCertificate * | 656 static PurpleCertificate * |
| 615 x509_ca_get_cert(const gchar *id) | 657 x509_ca_get_cert(const gchar *id) |
| 616 { | 658 { |
| 617 PurpleCertificateScheme *x509; | 659 PurpleCertificateScheme *x509; |
| 618 PurpleCertificate *crt = NULL; | 660 PurpleCertificate *crt = NULL; |
| 619 | 661 |
| 662 g_return_val_if_fail(x509_ca_lazy_init(), NULL); | |
| 620 g_return_val_if_fail(id, NULL); | 663 g_return_val_if_fail(id, NULL); |
| 621 | 664 |
| 622 /* Is it in the pool? */ | 665 /* Is it in the pool? */ |
| 623 if ( !x509_ca_cert_in_pool(id) ) { | 666 if ( !x509_ca_cert_in_pool(id) ) { |
| 624 return NULL; | 667 return NULL; |
| 634 static gboolean | 677 static gboolean |
| 635 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt) | 678 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt) |
| 636 { | 679 { |
| 637 gboolean ret = FALSE; | 680 gboolean ret = FALSE; |
| 638 | 681 |
| 682 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); | |
| 639 g_return_val_if_fail(crt, FALSE); | 683 g_return_val_if_fail(crt, FALSE); |
| 640 g_return_val_if_fail(crt->scheme, FALSE); | 684 g_return_val_if_fail(crt->scheme, FALSE); |
| 641 /* Make sure that this is some kind of X.509 certificate */ | 685 /* Make sure that this is some kind of X.509 certificate */ |
| 642 /* TODO: Perhaps just check crt->scheme->name instead? */ | 686 /* TODO: Perhaps just check crt->scheme->name instead? */ |
| 643 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE); | 687 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE); |
| 648 static gboolean | 692 static gboolean |
| 649 x509_ca_delete_cert(const gchar *id) | 693 x509_ca_delete_cert(const gchar *id) |
| 650 { | 694 { |
| 651 gboolean ret = FALSE; | 695 gboolean ret = FALSE; |
| 652 | 696 |
| 697 g_return_val_if_fail(x509_ca_lazy_init(), FALSE); | |
| 653 g_return_val_if_fail(id, FALSE); | 698 g_return_val_if_fail(id, FALSE); |
| 654 | 699 |
| 655 /* Is the id even in the pool? */ | 700 /* Is the id even in the pool? */ |
| 656 if (!x509_ca_cert_in_pool(id)) { | 701 if (!x509_ca_cert_in_pool(id)) { |
| 657 purple_debug_warning("certificate/ca", | 702 purple_debug_warning("certificate/x509/ca", |
| 658 "Id %s wasn't in the pool\n", | 703 "Id %s wasn't in the pool\n", |
| 659 id); | 704 id); |
| 660 return FALSE; | 705 return FALSE; |
| 661 } | 706 } |
| 662 | 707 |
| 664 } | 709 } |
| 665 | 710 |
| 666 static GList * | 711 static GList * |
| 667 x509_ca_get_idlist(void) | 712 x509_ca_get_idlist(void) |
| 668 { | 713 { |
| 714 g_return_val_if_fail(x509_ca_lazy_init(), NULL); | |
| 669 return NULL; | 715 return NULL; |
| 670 } | 716 } |
| 671 | 717 |
| 672 | 718 |
| 673 static PurpleCertificatePool x509_ca = { | 719 static PurpleCertificatePool x509_ca = { |