/pidgin/main: 5467197bd084: Implement new, simplified TLS certif...

Mike Ruprecht cmaiku at gmail.com
Thu Apr 7 13:36:20 EDT 2016 

Changeset: 5467197bd0848797f06283234ba6b38ae76b4bfd
Author:	 Mike Ruprecht <cmaiku at gmail.com>
Date:	 2016-02-16 20:47 -0600
Branch:	 purple-ssl-to-gio
URL: https://hg.pidgin.im/pidgin/main/rev/5467197bd084

Description:

Implement new, simplified TLS certificate API in libpurple

In using Gio directly, a lot of the certificate verification etc is
unneeded. Only SSL/TLS certificates have ever been handled as far
as I see. This patch creates a new, drastically simplified the API,
which is specific to SSL/TLS certificates (X.509)

diffstat:

 libpurple/Makefile.am       |    2 +
 libpurple/purple.h.in       |    1 +
 libpurple/tls-certificate.c |  194 ++++++++++++++++++++++++++++++++++++++++++++
 libpurple/tls-certificate.h |   97 ++++++++++++++++++++++
 4 files changed, 294 insertions(+), 0 deletions(-)

diffs (truncated from 331 to 300 lines):

diff --git a/libpurple/Makefile.am b/libpurple/Makefile.am
--- a/libpurple/Makefile.am
+++ b/libpurple/Makefile.am
@@ -115,6 +115,7 @@ purple_coresources = \
 	theme.c \
 	theme-loader.c \
 	theme-manager.c \
+	tls-certificate.c \
 	trie.c \
 	upnp.c \
 	util.c \
@@ -193,6 +194,7 @@ purple_coreheaders = \
 	theme.h \
 	theme-loader.h \
 	theme-manager.h \
+	tls-certificate.h \
 	trie.h \
 	upnp.h \
 	util.h \
diff --git a/libpurple/purple.h.in b/libpurple/purple.h.in
--- a/libpurple/purple.h.in
+++ b/libpurple/purple.h.in
@@ -95,6 +95,7 @@
 #include <theme.h>
 #include <theme-loader.h>
 #include <theme-manager.h>
+#include <tls-certificate.h>
 #include <upnp.h>
 #include <util.h>
 #include <version.h>
diff --git a/libpurple/tls-certificate.c b/libpurple/tls-certificate.c
new file mode 100644
--- /dev/null
+++ b/libpurple/tls-certificate.c
@@ -0,0 +1,194 @@
+/*
+ *
+ * purple
+ *
+ * Purple is the legal property of its developers, whose names are too numerous
+ * to list here.  Please refer to the COPYRIGHT file distributed with this
+ * source distribution.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
+ */
+
+#include "internal.h"
+#include "tls-certificate.h"
+#include "debug.h"
+#include "util.h"
+
+/* Makes a filename path for a certificate. If id is NULL,
+ * just return the directory
+ */
+static gchar *
+make_certificate_path(const gchar *id)
+{
+	return g_build_filename(purple_user_dir(),
+				"certificates", "tls",
+				id != NULL ? purple_escape_filename(id) : NULL,
+				NULL);
+}
+
+/* Creates the certificate directory if it doesn't exist,
+ * returns TRUE if it's successful or it already exists,
+ * returns FALSE if there was an error.
+ */
+static gboolean
+ensure_certificate_dir(GError **error)
+{
+	gchar *dir = make_certificate_path(NULL);
+	gboolean ret = TRUE;
+
+	if (purple_build_dir(dir, 0700) != 0) {
+		g_set_error_literal(error, G_FILE_ERROR,
+				g_file_error_from_errno(errno),
+				g_strerror(errno));
+		ret = FALSE;
+	}
+
+	g_free(dir);
+	return ret;
+}
+
+GList *
+purple_tls_certificate_list_ids()
+{
+	gchar *dir_path;
+	GDir *dir;
+	const gchar *entry;
+	GList *idlist = NULL;
+	GError *error = NULL;
+
+	/* Ensure certificate directory exists */
+
+	if (!ensure_certificate_dir(&error)) {
+		purple_debug_error("tls-certificate",
+				"Error creating certificate directory: %s",
+				error->message);
+		g_clear_error(&error);
+		return NULL;
+	}
+
+	/* Open certificate directory */
+
+	dir_path = make_certificate_path(NULL);
+	dir = g_dir_open(dir_path, 0, &error);
+
+	if (dir == NULL) {
+		purple_debug_error("tls-certificate",
+				"Error opening certificate directory (%s): %s",
+				dir_path, error->message);
+		g_free(dir_path);
+		g_clear_error(&error);
+		return NULL;
+	}
+
+	g_free(dir_path);
+
+	/* Traverse the directory listing and create an idlist */
+
+	while ((entry = g_dir_read_name(dir)) != NULL) {
+		/* Unescape the filename
+		 * (GLib owns original string)
+		 */
+		const char *unescaped = purple_unescape_filename(entry);
+
+		/* Copy the entry name into our list
+		 * (Purple own the escaped string)
+		 */
+		idlist = g_list_prepend(idlist, g_strdup(unescaped));
+	}
+
+	g_dir_close(dir);
+
+	return idlist;
+}
+
+void
+purple_tls_certificate_free_ids(GList *ids)
+{
+	g_list_free_full(ids, g_free);
+}
+
+GTlsCertificate *
+purple_tls_certificate_new_from_id(const gchar *id, GError **error)
+{
+	GTlsCertificate *cert;
+	gchar *path;
+
+	g_return_val_if_fail(id != NULL && id[0] != '\0', NULL);
+
+	/* Load certificate from file if it exists */
+
+	path = make_certificate_path(id);
+	cert = g_tls_certificate_new_from_file(path, error);
+	g_free(path);
+
+	return cert;
+}
+
+gboolean
+purple_tls_certificate_trust(const gchar *id, GTlsCertificate *certificate,
+		GError **error)
+{
+	gchar *path;
+	gchar *pem = NULL;
+	gboolean ret;
+
+	g_return_val_if_fail(id != NULL && id[0] != '\0', FALSE);
+	g_return_val_if_fail(G_IS_TLS_CERTIFICATE(certificate), FALSE);
+
+	/* Ensure certificate directory exists */
+
+	if (!ensure_certificate_dir(error)) {
+		return FALSE;
+	}
+
+	/* Get the text representation of the certificate */
+
+	g_object_get(certificate, "certificate-pem", &pem, NULL);
+	g_return_val_if_fail(pem != NULL, FALSE);
+
+	/* Save certificate text to a fail */
+
+	path = make_certificate_path(id);
+	ret = g_file_set_contents(path, pem, -1, error);
+	g_free(path);
+	g_free(pem);
+
+	return ret;
+}
+
+gboolean
+purple_tls_certificate_distrust(const gchar *id, GError **error)
+{
+	gchar *path;
+	gboolean ret = TRUE;
+
+	g_return_val_if_fail(id != NULL && id[0] != '\0', FALSE);
+
+	/* Delete certificate file if it exists */
+
+	path = make_certificate_path(id);
+
+	if (g_unlink(path) != 0) {
+		g_set_error_literal(error, G_FILE_ERROR,
+				g_file_error_from_errno(errno),
+				g_strerror(errno));
+		ret = FALSE;
+	}
+
+	g_free(path);
+
+	return ret;
+}
+
diff --git a/libpurple/tls-certificate.h b/libpurple/tls-certificate.h
new file mode 100644
--- /dev/null
+++ b/libpurple/tls-certificate.h
@@ -0,0 +1,97 @@
+/*
+ *
+ * purple
+ *
+ * Purple is the legal property of its developers, whose names are too numerous
+ * to list here.  Please refer to the COPYRIGHT file distributed with this
+ * source distribution.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
+ */
+
+#ifndef _PURPLE_TLS_CERTIFICATE_H
+#define _PURPLE_TLS_CERTIFICATE_H
+/**
+ * SECTION:tls-certificate
+ * @section_id: libpurple-tls-certificate
+ * @short_description: <filename>tls-certificate.h</filename>
+ * @title: TLS Certificate API
+ */
+
+#include <gio/gio.h>
+
+/**
+ * purple_tls_certificate_list_ids:
+ *
+ * Returns a list of the IDs for certificates trusted with
+ * purple_tls_certificate_trust() and friends. These IDs can then be passed
+ * to purple_certificate_path() or used directly, if desired.
+ *
+ * Returns: The #GList of IDs described above
+ *          Free with purple_certificate_free_ids()
+ */
+GList *
+purple_tls_certificate_list_ids(void);
+
+/**
+ * purple_tls_certificate_free_ids:
+ * @ids: List of ids retrieved from purple_certificate_list_ids()
+ *
+ * Frees the list of IDs returned from purple_certificate_list_ids().
+ */
+void
+purple_tls_certificate_free_ids(GList *ids);
+
+/**
+ * purple_tls_certificate_new_from_id:
+ * @id: ID of certificate to load
+ * @error: A GError location to store the error occurring, or NULL to ignore
+ *
+ * Loads the certificate referenced by ID into a #GTlsCertificate object.
+ */
+GTlsCertificate *
+purple_tls_certificate_new_from_id(const gchar *id, GError **error);
+

More information about the Commits mailing list