void
trust_user_certs(WebKitWebContext *wc)
{
GTlsCertificate *cert;
const gchar *basedir, *file, *absfile;
GDir *dir;
basedir = g_build_filename(g_get_user_config_dir(), __NAME__, "certs", NULL);
dir = g_dir_open(basedir, 0, NULL);
if (dir != NULL)
{
file = g_dir_read_name(dir);
while (file != NULL)
{
absfile = g_build_filename(g_get_user_config_dir(), __NAME__, "certs",
file, NULL);
cert = g_tls_certificate_new_from_file(absfile, NULL);
if (cert == NULL)
fprintf(stderr, __NAME__": Could not load trusted cert '%s'\n", file);
else
webkit_web_context_allow_tls_certificate_for_host(wc, cert, file);
file = g_dir_read_name(dir);
}
g_dir_close(dir);
}
}
static gboolean
load_cert (GTlsCertificate **out_cert,
GError **error)
{
GTlsCertificate *cert = NULL;
gboolean ret = FALSE;
gchar *cert_path = NULL;
const gchar *cert_dir = PACKAGE_SYSCONF_DIR "/cockpit/ws-certs.d";
GError *local_error;
local_error = NULL;
cert_path = load_cert_from_dir (cert_dir, &local_error);
if (local_error != NULL)
{
g_propagate_prefixed_error (error, local_error,
"Error loading certificates from %s: ",
cert_dir);
goto out;
}
/* Could be there's no certicate at all, so cert_path can indeed be
* NULL. If so, use (and possibly generate) a temporary self-signed
* certificate
*/
if (cert_path == NULL)
{
cert_path = generate_temp_cert (error);
if (cert_path == NULL)
goto out;
}
cert = g_tls_certificate_new_from_file (cert_path, error);
if (cert == NULL)
{
g_prefix_error (error, "Error loading certificate at path `%s': ", cert_path);
goto out;
}
g_info ("Using certificate %s", cert_path);
if (out_cert != NULL)
{
*out_cert = cert;
cert = NULL;
}
ret = TRUE;
out:
g_clear_object (&cert);
g_free (cert_path);
return ret;
}
GTlsCertificate *
purple_tls_certificate_new_from_id(const gchar *id, GError **error)
{
GTlsCertificate *cert;
gchar *path;
g_return_val_if_fail(id != NULL && id[0] != '\0', NULL);
/* Load certificate from file if it exists */
path = make_certificate_path(id);
cert = g_tls_certificate_new_from_file(path, error);
g_free(path);
return cert;
}
xr_server* xr_server_new(const char* cert, int threads, GError** err)
{
xr_trace(XR_DEBUG_SERVER_TRACE, "(cert=%s, threads=%d, err=%p)", cert, threads, err);
GError* local_err = NULL;
g_return_val_if_fail(threads > 0 && threads < 1000, NULL);
g_return_val_if_fail (err == NULL || *err == NULL, NULL);
xr_init();
xr_server* server = g_new0(xr_server, 1);
server->secure = !!cert;
server->service = g_threaded_socket_service_new(threads);
g_signal_connect(server->service, "run", (GCallback)_xr_server_service_run, server);
if (cert)
{
server->cert = g_tls_certificate_new_from_file(cert, &local_err);
if (local_err)
{
g_propagate_prefixed_error(err, local_err, "Certificate load failed: ");
goto err0;
}
}
server->sessions = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, (GDestroyNotify)xr_servlet_free_fini);
g_static_rw_lock_init(&server->sessions_lock);
server->sessions_cleaner = g_thread_create((GThreadFunc)sessions_cleaner_func, server, TRUE, NULL);
if (server->sessions_cleaner == NULL)
goto err1;
return server;
err1:
g_hash_table_destroy(server->sessions);
g_static_rw_lock_free(&server->sessions_lock);
if (server->cert)
g_object_unref(server->cert);
err0:
g_object_unref(server->service);
g_free(server);
return NULL;
}
int
main (int argc,
char *argv[])
{
GSocket *socket, *new_socket, *recv_socket;
GSocketAddress *src_address;
GSocketAddress *address;
GSocketType socket_type;
GSocketFamily socket_family;
GError *error = NULL;
GOptionContext *context;
GCancellable *cancellable;
char *display_addr;
GTlsCertificate *tlscert = NULL;
GIOStream *connection;
GInputStream *istream;
GOutputStream *ostream;
g_type_init ();
context = g_option_context_new (" - Test GSocket server stuff");
g_option_context_add_main_entries (context, cmd_entries, NULL);
if (!g_option_context_parse (context, &argc, &argv, &error))
{
g_printerr ("%s: %s\n", argv[0], error->message);
return 1;
}
if (unix_socket && argc != 2)
{
g_printerr ("%s: %s\n", argv[0], "Need to specify unix socket name");
return 1;
}
if (cancel_timeout)
{
GThread *thread;
cancellable = g_cancellable_new ();
thread = g_thread_new ("cancel", cancel_thread, cancellable);
g_thread_unref (thread);
}
else
{
cancellable = NULL;
}
if (tls_cert_file)
{
if (use_udp)
{
g_printerr ("DTLS (TLS over UDP) is not supported");
return 1;
}
tlscert = g_tls_certificate_new_from_file (tls_cert_file, &error);
if (!tlscert)
{
g_printerr ("Could not read server certificate '%s': %s\n",
tls_cert_file, error->message);
return 1;
}
}
loop = g_main_loop_new (NULL, FALSE);
if (use_udp)
socket_type = G_SOCKET_TYPE_DATAGRAM;
else
socket_type = G_SOCKET_TYPE_STREAM;
if (unix_socket)
socket_family = G_SOCKET_FAMILY_UNIX;
else
socket_family = G_SOCKET_FAMILY_IPV4;
socket = g_socket_new (socket_family, socket_type, 0, &error);
if (socket == NULL)
{
g_printerr ("%s: %s\n", argv[0], error->message);
return 1;
}
if (non_blocking)
g_socket_set_blocking (socket, FALSE);
if (unix_socket)
{
src_address = socket_address_from_string (argv[1]);
if (src_address == NULL)
{
g_printerr ("%s: Could not parse '%s' as unix socket name\n", argv[0], argv[1]);
return 1;
}
}
else
{
src_address = g_inet_socket_address_new (g_inet_address_new_any (G_SOCKET_FAMILY_IPV4), port);
}
if (!g_socket_bind (socket, src_address, !dont_reuse_address, &error))
{
g_printerr ("Can't bind socket: %s\n", error->message);
return 1;
}
g_object_unref (src_address);
if (!use_udp)
{
if (!g_socket_listen (socket, &error))
{
g_printerr ("Can't listen on socket: %s\n", error->message);
return 1;
}
address = g_socket_get_local_address (socket, &error);
if (!address)
{
g_printerr ("Error getting local address: %s\n",
error->message);
return 1;
}
display_addr = socket_address_to_string (address);
g_print ("listening on %s...\n", display_addr);
g_free (display_addr);
ensure_socket_condition (socket, G_IO_IN, cancellable);
new_socket = g_socket_accept (socket, cancellable, &error);
if (!new_socket)
{
g_printerr ("Error accepting socket: %s\n",
error->message);
return 1;
}
if (non_blocking)
g_socket_set_blocking (new_socket, FALSE);
if (read_timeout)
g_socket_set_timeout (new_socket, read_timeout);
address = g_socket_get_remote_address (new_socket, &error);
if (!address)
{
g_printerr ("Error getting remote address: %s\n",
error->message);
return 1;
}
display_addr = socket_address_to_string (address);
g_print ("got a new connection from %s\n", display_addr);
g_free(display_addr);
g_object_unref (address);
recv_socket = new_socket;
connection = G_IO_STREAM (g_socket_connection_factory_create_connection (recv_socket));
g_object_unref (new_socket);
}
else
{
recv_socket = socket;
connection = NULL;
}
if (tlscert)
{
GIOStream *tls_conn;
tls_conn = g_tls_server_connection_new (connection, tlscert, &error);
if (!tls_conn)
{
g_printerr ("Could not create TLS connection: %s\n",
error->message);
return 1;
}
if (!g_tls_connection_handshake (G_TLS_CONNECTION (tls_conn),
cancellable, &error))
{
g_printerr ("Error during TLS handshake: %s\n",
error->message);
return 1;
}
g_object_unref (connection);
connection = tls_conn;
}
if (connection)
{
istream = g_io_stream_get_input_stream (connection);
ostream = g_io_stream_get_output_stream (connection);
}
else
{
g_assert (use_udp);
istream = NULL;
ostream = NULL;
}
while (TRUE)
{
gchar buffer[4096];
gssize size;
gsize to_send;
if (use_udp)
{
ensure_socket_condition (recv_socket, G_IO_IN, cancellable);
size = g_socket_receive_from (recv_socket, &address,
buffer, sizeof buffer,
cancellable, &error);
}
else
{
ensure_connection_condition (connection, G_IO_IN, cancellable);
size = g_input_stream_read (istream,
buffer, sizeof buffer,
cancellable, &error);
}
if (size < 0)
{
g_printerr ("Error receiving from socket: %s\n",
error->message);
return 1;
}
if (size == 0)
break;
g_print ("received %" G_GSSIZE_FORMAT " bytes of data", size);
if (use_udp)
g_print (" from %s", socket_address_to_string (address));
g_print ("\n");
if (verbose)
g_print ("-------------------------\n"
"%.*s\n"
"-------------------------\n",
(int)size, buffer);
to_send = size;
#ifdef __QNXNTO__
if (delay_)
#else
if (delay)
#endif
{
#ifdef __QNXNTO__
if (verbose)
g_print ("delaying %d seconds before response\n", delay_);
g_usleep (1000 * 1000 * delay_);
#else
if (verbose)
g_print ("delaying %d seconds before response\n", delay);
g_usleep (1000 * 1000 * delay);
#endif
}
while (to_send > 0)
{
if (use_udp)
{
ensure_socket_condition (recv_socket, G_IO_OUT, cancellable);
size = g_socket_send_to (recv_socket, address,
buffer, to_send, cancellable, &error);
}
else
{
ensure_connection_condition (connection, G_IO_OUT, cancellable);
size = g_output_stream_write (ostream,
buffer, to_send,
cancellable, &error);
}
if (size < 0)
{
if (g_error_matches (error,
G_IO_ERROR,
G_IO_ERROR_WOULD_BLOCK))
{
g_print ("socket send would block, handling\n");
g_error_free (error);
error = NULL;
continue;
}
else
{
g_printerr ("Error sending to socket: %s\n",
error->message);
return 1;
}
}
g_print ("sent %" G_GSSIZE_FORMAT " bytes of data\n", size);
if (size == 0)
{
g_printerr ("Unexpected short write\n");
return 1;
}
to_send -= size;
}
}
g_print ("connection closed\n");
if (connection)
{
if (!g_io_stream_close (connection, NULL, &error))
{
g_printerr ("Error closing connection stream: %s\n",
error->message);
return 1;
}
g_object_unref (connection);
}
if (!g_socket_close (socket, &error))
{
g_printerr ("Error closing master socket: %s\n",
error->message);
return 1;
}
g_object_unref (socket);
return 0;
}
