Mercurial > pidgin
comparison libpurple/certificate.c @ 19093:f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
| author | William Ehlhardt <williamehlhardt@gmail.com> |
|---|---|
| date | Sun, 12 Aug 2007 03:06:47 +0000 |
| parents | b98151ac2251 |
| children | dd9f69ebaae8 |
comparison
equal
deleted
inserted
replaced
| 19092:b98151ac2251 | 19093:f96b53df8d17 |
|---|---|
| 584 x509_singleuse_destroy_request /* Request cleanup operation */ | 584 x509_singleuse_destroy_request /* Request cleanup operation */ |
| 585 }; | 585 }; |
| 586 | 586 |
| 587 | 587 |
| 588 | 588 |
| 589 | 589 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/ |
| 590 static PurpleCertificatePool x509_ca; | |
| 591 | |
| 592 static gboolean | |
| 593 x509_ca_init(void) | |
| 594 { | |
| 595 return TRUE; | |
| 596 } | |
| 597 | |
| 598 static void | |
| 599 x509_ca_uninit(void) | |
| 600 { | |
| 601 | |
| 602 } | |
| 603 | |
| 604 static gboolean | |
| 605 x509_ca_cert_in_pool(const gchar *id) | |
| 606 { | |
| 607 gboolean ret = FALSE; | |
| 608 | |
| 609 g_return_val_if_fail(id, FALSE); | |
| 610 | |
| 611 return ret; | |
| 612 } | |
| 613 | |
| 614 static PurpleCertificate * | |
| 615 x509_ca_get_cert(const gchar *id) | |
| 616 { | |
| 617 PurpleCertificateScheme *x509; | |
| 618 PurpleCertificate *crt = NULL; | |
| 619 | |
| 620 g_return_val_if_fail(id, NULL); | |
| 621 | |
| 622 /* Is it in the pool? */ | |
| 623 if ( !x509_ca_cert_in_pool(id) ) { | |
| 624 return NULL; | |
| 625 } | |
| 626 | |
| 627 /* Look up the X.509 scheme */ | |
| 628 x509 = purple_certificate_find_scheme("x509"); | |
| 629 g_return_val_if_fail(x509, NULL); | |
| 630 | |
| 631 return crt; | |
| 632 } | |
| 633 | |
| 634 static gboolean | |
| 635 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt) | |
| 636 { | |
| 637 gboolean ret = FALSE; | |
| 638 | |
| 639 g_return_val_if_fail(crt, FALSE); | |
| 640 g_return_val_if_fail(crt->scheme, FALSE); | |
| 641 /* Make sure that this is some kind of X.509 certificate */ | |
| 642 /* TODO: Perhaps just check crt->scheme->name instead? */ | |
| 643 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE); | |
| 644 | |
| 645 return ret; | |
| 646 } | |
| 647 | |
| 648 static gboolean | |
| 649 x509_ca_delete_cert(const gchar *id) | |
| 650 { | |
| 651 gboolean ret = FALSE; | |
| 652 | |
| 653 g_return_val_if_fail(id, FALSE); | |
| 654 | |
| 655 /* Is the id even in the pool? */ | |
| 656 if (!x509_ca_cert_in_pool(id)) { | |
| 657 purple_debug_warning("certificate/ca", | |
| 658 "Id %s wasn't in the pool\n", | |
| 659 id); | |
| 660 return FALSE; | |
| 661 } | |
| 662 | |
| 663 return ret; | |
| 664 } | |
| 665 | |
| 666 static GList * | |
| 667 x509_ca_get_idlist(void) | |
| 668 { | |
| 669 return NULL; | |
| 670 } | |
| 671 | |
| 672 | |
| 673 static PurpleCertificatePool x509_ca = { | |
| 674 "x509", /* Scheme name */ | |
| 675 "ca", /* Pool name */ | |
| 676 N_("Certificate Authorities"),/* User-friendly name */ | |
| 677 NULL, /* Internal data */ | |
| 678 x509_ca_init, /* init */ | |
| 679 x509_ca_uninit, /* uninit */ | |
| 680 x509_ca_cert_in_pool, /* Certificate exists? */ | |
| 681 x509_ca_get_cert, /* Cert retriever */ | |
| 682 x509_ca_put_cert, /* Cert writer */ | |
| 683 x509_ca_delete_cert, /* Cert remover */ | |
| 684 x509_ca_get_idlist /* idlist retriever */ | |
| 685 }; | |
| 686 | |
| 687 | |
| 688 | |
| 689 /***** Cache of certificates given by TLS/SSL peers *****/ | |
| 590 static PurpleCertificatePool x509_tls_peers; | 690 static PurpleCertificatePool x509_tls_peers; |
| 591 | 691 |
| 592 static gboolean | 692 static gboolean |
| 593 x509_tls_peers_init(void) | 693 x509_tls_peers_init(void) |
| 594 { | 694 { |
| 745 x509_tls_peers_delete_cert, /* Cert remover */ | 845 x509_tls_peers_delete_cert, /* Cert remover */ |
| 746 x509_tls_peers_get_idlist /* idlist retriever */ | 846 x509_tls_peers_get_idlist /* idlist retriever */ |
| 747 }; | 847 }; |
| 748 | 848 |
| 749 | 849 |
| 750 | 850 /***** A Verifier that uses the tls_peers cache and the CA pool to validate certificates *****/ |
| 751 static PurpleCertificateVerifier x509_tls_cached; | 851 static PurpleCertificateVerifier x509_tls_cached; |
| 752 | 852 |
| 753 static void | 853 static void |
| 754 x509_tls_cached_user_auth_cb (PurpleCertificateVerificationRequest *vrq, gint id) | 854 x509_tls_cached_user_auth_cb (PurpleCertificateVerificationRequest *vrq, gint id) |
| 755 { | 855 { |
| 1101 void | 1201 void |
| 1102 purple_certificate_init(void) | 1202 purple_certificate_init(void) |
| 1103 { | 1203 { |
| 1104 /* Register builtins */ | 1204 /* Register builtins */ |
| 1105 purple_certificate_register_verifier(&x509_singleuse); | 1205 purple_certificate_register_verifier(&x509_singleuse); |
| 1206 purple_certificate_register_pool(&x509_ca); | |
| 1106 purple_certificate_register_pool(&x509_tls_peers); | 1207 purple_certificate_register_pool(&x509_tls_peers); |
| 1107 purple_certificate_register_verifier(&x509_tls_cached); | 1208 purple_certificate_register_verifier(&x509_tls_cached); |
| 1108 } | 1209 } |
| 1109 | 1210 |
| 1110 void | 1211 void |