Mercurial > pidgin
comparison libpurple/certificate.c @ 19093:f96b53df8d17
- Add skeleton for X.509 Certificate Authority (x509_ca) CertificatePool
author | William Ehlhardt <williamehlhardt@gmail.com> |
---|---|
date | Sun, 12 Aug 2007 03:06:47 +0000 |
parents | b98151ac2251 |
children | dd9f69ebaae8 |
comparison
equal
deleted
inserted
replaced
19092:b98151ac2251 | 19093:f96b53df8d17 |
---|---|
584 x509_singleuse_destroy_request /* Request cleanup operation */ | 584 x509_singleuse_destroy_request /* Request cleanup operation */ |
585 }; | 585 }; |
586 | 586 |
587 | 587 |
588 | 588 |
589 | 589 /***** X.509 Certificate Authority pool, keyed by Distinguished Name *****/ |
590 static PurpleCertificatePool x509_ca; | |
591 | |
592 static gboolean | |
593 x509_ca_init(void) | |
594 { | |
595 return TRUE; | |
596 } | |
597 | |
598 static void | |
599 x509_ca_uninit(void) | |
600 { | |
601 | |
602 } | |
603 | |
604 static gboolean | |
605 x509_ca_cert_in_pool(const gchar *id) | |
606 { | |
607 gboolean ret = FALSE; | |
608 | |
609 g_return_val_if_fail(id, FALSE); | |
610 | |
611 return ret; | |
612 } | |
613 | |
614 static PurpleCertificate * | |
615 x509_ca_get_cert(const gchar *id) | |
616 { | |
617 PurpleCertificateScheme *x509; | |
618 PurpleCertificate *crt = NULL; | |
619 | |
620 g_return_val_if_fail(id, NULL); | |
621 | |
622 /* Is it in the pool? */ | |
623 if ( !x509_ca_cert_in_pool(id) ) { | |
624 return NULL; | |
625 } | |
626 | |
627 /* Look up the X.509 scheme */ | |
628 x509 = purple_certificate_find_scheme("x509"); | |
629 g_return_val_if_fail(x509, NULL); | |
630 | |
631 return crt; | |
632 } | |
633 | |
634 static gboolean | |
635 x509_ca_put_cert(const gchar *id, PurpleCertificate *crt) | |
636 { | |
637 gboolean ret = FALSE; | |
638 | |
639 g_return_val_if_fail(crt, FALSE); | |
640 g_return_val_if_fail(crt->scheme, FALSE); | |
641 /* Make sure that this is some kind of X.509 certificate */ | |
642 /* TODO: Perhaps just check crt->scheme->name instead? */ | |
643 g_return_val_if_fail(crt->scheme == purple_certificate_find_scheme(x509_ca.scheme_name), FALSE); | |
644 | |
645 return ret; | |
646 } | |
647 | |
648 static gboolean | |
649 x509_ca_delete_cert(const gchar *id) | |
650 { | |
651 gboolean ret = FALSE; | |
652 | |
653 g_return_val_if_fail(id, FALSE); | |
654 | |
655 /* Is the id even in the pool? */ | |
656 if (!x509_ca_cert_in_pool(id)) { | |
657 purple_debug_warning("certificate/ca", | |
658 "Id %s wasn't in the pool\n", | |
659 id); | |
660 return FALSE; | |
661 } | |
662 | |
663 return ret; | |
664 } | |
665 | |
666 static GList * | |
667 x509_ca_get_idlist(void) | |
668 { | |
669 return NULL; | |
670 } | |
671 | |
672 | |
673 static PurpleCertificatePool x509_ca = { | |
674 "x509", /* Scheme name */ | |
675 "ca", /* Pool name */ | |
676 N_("Certificate Authorities"),/* User-friendly name */ | |
677 NULL, /* Internal data */ | |
678 x509_ca_init, /* init */ | |
679 x509_ca_uninit, /* uninit */ | |
680 x509_ca_cert_in_pool, /* Certificate exists? */ | |
681 x509_ca_get_cert, /* Cert retriever */ | |
682 x509_ca_put_cert, /* Cert writer */ | |
683 x509_ca_delete_cert, /* Cert remover */ | |
684 x509_ca_get_idlist /* idlist retriever */ | |
685 }; | |
686 | |
687 | |
688 | |
689 /***** Cache of certificates given by TLS/SSL peers *****/ | |
590 static PurpleCertificatePool x509_tls_peers; | 690 static PurpleCertificatePool x509_tls_peers; |
591 | 691 |
592 static gboolean | 692 static gboolean |
593 x509_tls_peers_init(void) | 693 x509_tls_peers_init(void) |
594 { | 694 { |
745 x509_tls_peers_delete_cert, /* Cert remover */ | 845 x509_tls_peers_delete_cert, /* Cert remover */ |
746 x509_tls_peers_get_idlist /* idlist retriever */ | 846 x509_tls_peers_get_idlist /* idlist retriever */ |
747 }; | 847 }; |
748 | 848 |
749 | 849 |
750 | 850 /***** A Verifier that uses the tls_peers cache and the CA pool to validate certificates *****/ |
751 static PurpleCertificateVerifier x509_tls_cached; | 851 static PurpleCertificateVerifier x509_tls_cached; |
752 | 852 |
753 static void | 853 static void |
754 x509_tls_cached_user_auth_cb (PurpleCertificateVerificationRequest *vrq, gint id) | 854 x509_tls_cached_user_auth_cb (PurpleCertificateVerificationRequest *vrq, gint id) |
755 { | 855 { |
1101 void | 1201 void |
1102 purple_certificate_init(void) | 1202 purple_certificate_init(void) |
1103 { | 1203 { |
1104 /* Register builtins */ | 1204 /* Register builtins */ |
1105 purple_certificate_register_verifier(&x509_singleuse); | 1205 purple_certificate_register_verifier(&x509_singleuse); |
1206 purple_certificate_register_pool(&x509_ca); | |
1106 purple_certificate_register_pool(&x509_tls_peers); | 1207 purple_certificate_register_pool(&x509_tls_peers); |
1107 purple_certificate_register_verifier(&x509_tls_cached); | 1208 purple_certificate_register_verifier(&x509_tls_cached); |
1108 } | 1209 } |
1109 | 1210 |
1110 void | 1211 void |