static gboolean infinoted_startup_load_credentials(InfinotedStartup* startup, GError** error) { gnutls_x509_crt_t* certs; guint n_certs; gnutls_certificate_credentials_t creds; int res; if(startup->options->security_policy != INF_XMPP_CONNECTION_SECURITY_ONLY_UNSECURED) { startup->private_key = infinoted_startup_load_key( startup->log, startup->options->create_key, startup->options->key_file, error ); if(startup->private_key == NULL) return FALSE; certs = infinoted_startup_load_certificate( startup->log, startup->options->create_certificate, startup->private_key, startup->options->certificate_file, startup->options->certificate_chain_file, &n_certs, error ); if(certs == NULL) return FALSE; /* Takes ownership of certificates: */ startup->certificates = inf_certificate_chain_new(certs, n_certs); startup->credentials = inf_certificate_credentials_new(); creds = inf_certificate_credentials_get(startup->credentials); res = gnutls_certificate_set_x509_key( creds, inf_certificate_chain_get_raw(startup->certificates), inf_certificate_chain_get_n_certificates(startup->certificates), startup->private_key ); if(res != 0) { inf_gnutls_set_error(error, res); return FALSE; } } return TRUE; }
void Gobby::CertificateManager::make_credentials() { InfCertificateCredentials* creds = inf_certificate_credentials_new(); gnutls_certificate_credentials_t gnutls_creds = inf_certificate_credentials_get(creds); if(m_preferences.security.authentication_enabled && m_key != NULL && m_certificates != NULL) { gnutls_certificate_set_x509_key( gnutls_creds, inf_certificate_chain_get_raw(m_certificates), inf_certificate_chain_get_n_certificates(m_certificates), m_key ); } if(m_preferences.security.use_system_trust) { const int n_cas = gnutls_certificate_set_x509_system_trust( gnutls_creds); if(n_cas < 0) { g_warning("Failed to add system CAs: %s\n", gnutls_strerror(n_cas)); } } if(!m_trust.empty()) { gnutls_certificate_set_x509_trust( gnutls_creds, &m_trust[0], m_trust.size() ); } if(m_dh_params != NULL) gnutls_certificate_set_dh_params(gnutls_creds, m_dh_params); gnutls_certificate_set_verify_flags( gnutls_creds, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); InfCertificateCredentials* old_creds = m_credentials; m_credentials = creds; m_signal_credentials_changed.emit(); if(old_creds != NULL) inf_certificate_credentials_unref(old_creds); }
static InfXmppConnection* inf_test_certificate_validate_setup_client(InfIo* io, const gchar* ca_file, const gchar* remote_hostname, GError** error) { InfIpAddress* addr; InfTcpConnection* conn; InfXmppConnection* xmpp; InfCertificateCredentials* creds; GPtrArray* cas; int res; guint i; creds = inf_certificate_credentials_new(); if(ca_file != NULL) { cas = inf_cert_util_read_certificate(ca_file, NULL, error); if(cas == NULL) { inf_certificate_credentials_unref(creds); return NULL; } res = gnutls_certificate_set_x509_trust( inf_certificate_credentials_get(creds), (gnutls_x509_crt_t*)cas->pdata, cas->len ); for(i = 0; i < cas->len; ++i) gnutls_x509_crt_deinit(cas->pdata[i]); g_ptr_array_free(cas, TRUE); } addr = inf_ip_address_new_loopback4(); conn = inf_tcp_connection_new(io, addr, 6524); inf_ip_address_free(addr); xmpp = inf_xmpp_connection_new( conn, INF_XMPP_CONNECTION_CLIENT, g_get_host_name(), remote_hostname, INF_XMPP_CONNECTION_SECURITY_ONLY_TLS, creds, NULL, NULL ); inf_certificate_credentials_unref(creds); if(inf_tcp_connection_open(conn, error) == FALSE) { g_object_unref(conn); g_object_unref(xmpp); return NULL; } g_object_unref(conn); return xmpp; }
static InfdXmppServer* inf_test_certificate_setup_server(InfIo* io, const char* key_file, const char* cert_file, GError** error) { InfdTcpServer* tcp; InfdXmppServer* xmpp; gnutls_x509_privkey_t key; GPtrArray* certs; InfCertificateCredentials* creds; guint i; int res; key = inf_cert_util_read_private_key(key_file, error); if(!key) return NULL; certs = inf_cert_util_read_certificate(cert_file, NULL, error); if(!certs) { gnutls_x509_privkey_deinit(key); return NULL; } creds = inf_certificate_credentials_new(); res = gnutls_certificate_set_x509_key( inf_certificate_credentials_get(creds), (gnutls_x509_crt_t*)certs->pdata, certs->len, key ); gnutls_x509_privkey_deinit(key); for(i = 0; i < certs->len; ++i) gnutls_x509_crt_deinit(certs->pdata[i]); g_ptr_array_free(certs, TRUE); if(res != 0) { inf_certificate_credentials_unref(creds); inf_gnutls_set_error(error, res); return NULL; } tcp = g_object_new( INFD_TYPE_TCP_SERVER, "io", io, "local-port", 6524, NULL ); if(infd_tcp_server_open(tcp, error) == FALSE) { inf_certificate_credentials_unref(creds); return NULL; } xmpp = infd_xmpp_server_new( tcp, INF_XMPP_CONNECTION_SECURITY_ONLY_TLS, creds, NULL, NULL ); /* Keep client connections alive */ g_signal_connect( G_OBJECT(xmpp), "new-connection", G_CALLBACK(inf_test_certificate_validate_new_connection_cb), NULL ); inf_certificate_credentials_unref(creds); return xmpp; }
static void init_infinity (GeditCollaborationWindowHelper *helper) { InfGtkIo *io; InfCommunicationManager *communication_manager; InfXmppManager *xmpp_manager; InfCertificateCredentials *certificate_credentials; InfGtkBrowserModel *model_sort; io = inf_gtk_io_new (); communication_manager = inf_communication_manager_new (); xmpp_manager = inf_xmpp_manager_new (); certificate_credentials = inf_certificate_credentials_new (); helper->priv->io = INF_IO (io); helper->priv->certificate_credentials = certificate_credentials; helper->priv->browser_store = inf_gtk_browser_store_new (INF_IO (io), communication_manager); model_sort = INF_GTK_BROWSER_MODEL ( inf_gtk_browser_model_sort_new ( INF_GTK_BROWSER_MODEL (helper->priv->browser_store) ) ); gtk_tree_sortable_set_default_sort_func (GTK_TREE_SORTABLE (model_sort), compare_func, NULL, NULL); helper->priv->browser_view = inf_gtk_browser_view_new_with_model (model_sort); gtk_widget_show (helper->priv->browser_view); g_signal_connect_after (helper->priv->browser_store, "set-browser", G_CALLBACK (on_set_browser), helper); g_signal_connect (helper->priv->browser_view, "selection-changed", G_CALLBACK (on_selection_changed), helper); g_signal_connect (helper->priv->browser_view, "populate-popup", G_CALLBACK (on_populate_popup), helper); g_signal_connect (helper->priv->browser_view, "activate", G_CALLBACK (on_browser_activate), helper); #ifdef LIBINFINITY_HAVE_AVAHI init_infinity_discovery (helper, xmpp_manager); #endif init_bookmarks (helper); g_object_unref (communication_manager); g_object_unref (xmpp_manager); }