static gboolean
infinoted_startup_load_credentials(InfinotedStartup* startup,
GError** error)
{
gnutls_x509_crt_t* certs;
guint n_certs;
gnutls_certificate_credentials_t creds;
int res;
if(startup->options->security_policy !=
INF_XMPP_CONNECTION_SECURITY_ONLY_UNSECURED)
{
startup->private_key = infinoted_startup_load_key(
startup->log,
startup->options->create_key,
startup->options->key_file,
error
);
if(startup->private_key == NULL)
return FALSE;
certs = infinoted_startup_load_certificate(
startup->log,
startup->options->create_certificate,
startup->private_key,
startup->options->certificate_file,
startup->options->certificate_chain_file,
&n_certs,
error
);
if(certs == NULL)
return FALSE;
/* Takes ownership of certificates: */
startup->certificates = inf_certificate_chain_new(certs, n_certs);
startup->credentials = inf_certificate_credentials_new();
creds = inf_certificate_credentials_get(startup->credentials);
res = gnutls_certificate_set_x509_key(
creds,
inf_certificate_chain_get_raw(startup->certificates),
inf_certificate_chain_get_n_certificates(startup->certificates),
startup->private_key
);
if(res != 0)
{
inf_gnutls_set_error(error, res);
return FALSE;
}
}
return TRUE;
}
void Gobby::CertificateManager::make_credentials()
{
InfCertificateCredentials* creds = inf_certificate_credentials_new();
gnutls_certificate_credentials_t gnutls_creds =
inf_certificate_credentials_get(creds);
if(m_preferences.security.authentication_enabled &&
m_key != NULL && m_certificates != NULL)
{
gnutls_certificate_set_x509_key(
gnutls_creds,
inf_certificate_chain_get_raw(m_certificates),
inf_certificate_chain_get_n_certificates(m_certificates),
m_key
);
}
if(m_preferences.security.use_system_trust)
{
const int n_cas = gnutls_certificate_set_x509_system_trust(
gnutls_creds);
if(n_cas < 0)
{
g_warning("Failed to add system CAs: %s\n",
gnutls_strerror(n_cas));
}
}
if(!m_trust.empty())
{
gnutls_certificate_set_x509_trust(
gnutls_creds,
&m_trust[0],
m_trust.size()
);
}
if(m_dh_params != NULL)
gnutls_certificate_set_dh_params(gnutls_creds, m_dh_params);
gnutls_certificate_set_verify_flags(
gnutls_creds, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
InfCertificateCredentials* old_creds = m_credentials;
m_credentials = creds;
m_signal_credentials_changed.emit();
if(old_creds != NULL)
inf_certificate_credentials_unref(old_creds);
}
static InfXmppConnection*
inf_test_certificate_validate_setup_client(InfIo* io,
const gchar* ca_file,
const gchar* remote_hostname,
GError** error)
{
InfIpAddress* addr;
InfTcpConnection* conn;
InfXmppConnection* xmpp;
InfCertificateCredentials* creds;
GPtrArray* cas;
int res;
guint i;
creds = inf_certificate_credentials_new();
if(ca_file != NULL)
{
cas = inf_cert_util_read_certificate(ca_file, NULL, error);
if(cas == NULL)
{
inf_certificate_credentials_unref(creds);
return NULL;
}
res = gnutls_certificate_set_x509_trust(
inf_certificate_credentials_get(creds),
(gnutls_x509_crt_t*)cas->pdata,
cas->len
);
for(i = 0; i < cas->len; ++i)
gnutls_x509_crt_deinit(cas->pdata[i]);
g_ptr_array_free(cas, TRUE);
}
addr = inf_ip_address_new_loopback4();
conn = inf_tcp_connection_new(io, addr, 6524);
inf_ip_address_free(addr);
xmpp = inf_xmpp_connection_new(
conn,
INF_XMPP_CONNECTION_CLIENT,
g_get_host_name(),
remote_hostname,
INF_XMPP_CONNECTION_SECURITY_ONLY_TLS,
creds,
NULL,
NULL
);
inf_certificate_credentials_unref(creds);
if(inf_tcp_connection_open(conn, error) == FALSE)
{
g_object_unref(conn);
g_object_unref(xmpp);
return NULL;
}
g_object_unref(conn);
return xmpp;
}
static InfdXmppServer*
inf_test_certificate_setup_server(InfIo* io,
const char* key_file,
const char* cert_file,
GError** error)
{
InfdTcpServer* tcp;
InfdXmppServer* xmpp;
gnutls_x509_privkey_t key;
GPtrArray* certs;
InfCertificateCredentials* creds;
guint i;
int res;
key = inf_cert_util_read_private_key(key_file, error);
if(!key) return NULL;
certs = inf_cert_util_read_certificate(cert_file, NULL, error);
if(!certs)
{
gnutls_x509_privkey_deinit(key);
return NULL;
}
creds = inf_certificate_credentials_new();
res = gnutls_certificate_set_x509_key(
inf_certificate_credentials_get(creds),
(gnutls_x509_crt_t*)certs->pdata,
certs->len,
key
);
gnutls_x509_privkey_deinit(key);
for(i = 0; i < certs->len; ++i)
gnutls_x509_crt_deinit(certs->pdata[i]);
g_ptr_array_free(certs, TRUE);
if(res != 0)
{
inf_certificate_credentials_unref(creds);
inf_gnutls_set_error(error, res);
return NULL;
}
tcp = g_object_new(
INFD_TYPE_TCP_SERVER,
"io", io,
"local-port", 6524,
NULL
);
if(infd_tcp_server_open(tcp, error) == FALSE)
{
inf_certificate_credentials_unref(creds);
return NULL;
}
xmpp = infd_xmpp_server_new(
tcp,
INF_XMPP_CONNECTION_SECURITY_ONLY_TLS,
creds,
NULL,
NULL
);
/* Keep client connections alive */
g_signal_connect(
G_OBJECT(xmpp),
"new-connection",
G_CALLBACK(inf_test_certificate_validate_new_connection_cb),
NULL
);
inf_certificate_credentials_unref(creds);
return xmpp;
}
static void
init_infinity (GeditCollaborationWindowHelper *helper)
{
InfGtkIo *io;
InfCommunicationManager *communication_manager;
InfXmppManager *xmpp_manager;
InfCertificateCredentials *certificate_credentials;
InfGtkBrowserModel *model_sort;
io = inf_gtk_io_new ();
communication_manager = inf_communication_manager_new ();
xmpp_manager = inf_xmpp_manager_new ();
certificate_credentials = inf_certificate_credentials_new ();
helper->priv->io = INF_IO (io);
helper->priv->certificate_credentials = certificate_credentials;
helper->priv->browser_store = inf_gtk_browser_store_new (INF_IO (io),
communication_manager);
model_sort = INF_GTK_BROWSER_MODEL (
inf_gtk_browser_model_sort_new (
INF_GTK_BROWSER_MODEL (helper->priv->browser_store)
)
);
gtk_tree_sortable_set_default_sort_func (GTK_TREE_SORTABLE (model_sort),
compare_func,
NULL,
NULL);
helper->priv->browser_view =
inf_gtk_browser_view_new_with_model (model_sort);
gtk_widget_show (helper->priv->browser_view);
g_signal_connect_after (helper->priv->browser_store,
"set-browser",
G_CALLBACK (on_set_browser),
helper);
g_signal_connect (helper->priv->browser_view,
"selection-changed",
G_CALLBACK (on_selection_changed),
helper);
g_signal_connect (helper->priv->browser_view,
"populate-popup",
G_CALLBACK (on_populate_popup),
helper);
g_signal_connect (helper->priv->browser_view,
"activate",
G_CALLBACK (on_browser_activate),
helper);
#ifdef LIBINFINITY_HAVE_AVAHI
init_infinity_discovery (helper, xmpp_manager);
#endif
init_bookmarks (helper);
g_object_unref (communication_manager);
g_object_unref (xmpp_manager);
}
