/pidgin/main: d7be18faeeae: Remove old certificate API from libp...

Thu Apr 7 13:36:21 EDT 2016

Changeset: d7be18faeeae3d516d115bce5a37b3a1e0becd62
Author:	 Mike Ruprecht <cmaiku at gmail.com>
Date:	 2016-01-31 03:36 -0600
Branch:	 purple-ssl-to-gio
URL: https://hg.pidgin.im/pidgin/main/rev/d7be18faeeae

Description:

Remove old certificate API from libpurple

Now that the new TLS Certificate API is being used, the old
certificate API can be removed. This patch does just that.

diffstat:

 libpurple/Makefile.am   |     2 -
 libpurple/certificate.c |  2226 -----------------------------------------------
 libpurple/certificate.h |   963 --------------------
 libpurple/core.c        |    10 -
 libpurple/purple.h.in   |     1 -
 5 files changed, 0 insertions(+), 3202 deletions(-)

diffs (truncated from 3263 to 300 lines):

diff --git a/libpurple/Makefile.am b/libpurple/Makefile.am
--- a/libpurple/Makefile.am
+++ b/libpurple/Makefile.am
@@ -43,7 +43,6 @@ purple_coresources = \
 	blistnodetypes.c \
 	buddylist.c \
 	buddyicon.c \
-	certificate.c \
 	ciphers/aescipher.c \
 	ciphers/descipher.c \
 	ciphers/des3cipher.c \
@@ -136,7 +135,6 @@ purple_coreheaders = \
 	blistnodetypes.h \
 	buddylist.h \
 	buddyicon.h \
-	certificate.h \
 	cipher.h \
 	circularbuffer.h \
 	cmds.h \
diff --git a/libpurple/certificate.c b/libpurple/certificate.c
deleted file mode 100644
--- a/libpurple/certificate.c
+++ /dev/null
@@ -1,2226 +0,0 @@
-/*
- *
- * purple
- *
- * Purple is the legal property of its developers, whose names are too numerous
- * to list here.  Please refer to the COPYRIGHT file distributed with this
- * source distribution.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
- */
-
-#include "internal.h"
-#include "certificate.h"
-#include "dbus-maybe.h"
-#include "debug.h"
-#include "request.h"
-#include "signals.h"
-#include "util.h"
-
-/* List holding pointers to all registered certificate schemes */
-static GList *cert_schemes = NULL;
-/* List of registered Verifiers */
-static GList *cert_verifiers = NULL;
-/* List of registered Pools */
-static GList *cert_pools = NULL;
-
-static const gchar *
-invalidity_reason_to_string(PurpleCertificateVerificationStatus flag)
-{
-	switch (flag) {
-		case PURPLE_CERTIFICATE_SELF_SIGNED:
-			return _("The certificate is self-signed and cannot be "
-			         "automatically checked.");
-			break;
-		case PURPLE_CERTIFICATE_CA_UNKNOWN:
-			return _("The certificate is not trusted because no certificate "
-			         "that can verify it is currently trusted.");
-			break;
-		case PURPLE_CERTIFICATE_NOT_ACTIVATED:
-			return _("The certificate is not valid yet.  Check that your "
-			         "computer's date and time are accurate.");
-			break;
-		case PURPLE_CERTIFICATE_EXPIRED:
-			return _("The certificate has expired and should not be "
-			         "considered valid.  Check that your computer's date "
-			         "and time are accurate.");
-			break;
-		case PURPLE_CERTIFICATE_NAME_MISMATCH:
-			/* Translators: "domain" refers to a DNS domain (e.g. talk.google.com) */
-			return _("The certificate presented is not issued to this domain.");
-			break;
-		case PURPLE_CERTIFICATE_NO_CA_POOL:
-			return _("You have no database of root certificates, so "
-			         "this certificate cannot be validated.");
-			break;
-		case PURPLE_CERTIFICATE_INVALID_CHAIN:
-			return _("The certificate chain presented is invalid.");
-			break;
-		case PURPLE_CERTIFICATE_REVOKED:
-			return _("The certificate has been revoked.");
-			break;
-		case PURPLE_CERTIFICATE_REJECTED:
-			return _("The certificate was rejected by the user.");
-			break;
-		case PURPLE_CERTIFICATE_UNKNOWN_ERROR:
-		default:
-			return _("An unknown certificate error occurred.");
-			break;
-	}
-}
-
-void
-purple_certificate_verify (PurpleCertificateVerifier *verifier,
-			   const gchar *subject_name, GList *cert_chain,
-			   PurpleCertificateVerifiedCallback cb,
-			   gpointer cb_data)
-{
-	PurpleCertificateVerificationRequest *vrq;
-	PurpleCertificateScheme *scheme;
-
-	g_return_if_fail(subject_name != NULL);
-	/* If you don't have a cert to check, why are you requesting that it
-	   be verified? */
-	g_return_if_fail(cert_chain != NULL);
-	g_return_if_fail(cb != NULL);
-
-	/* Look up the CertificateScheme */
-	scheme = purple_certificate_find_scheme(verifier->scheme_name);
-	g_return_if_fail(scheme);
-
-	/* Check that at least the first cert in the chain matches the
-	   Verifier scheme */
-	g_return_if_fail(scheme ==
-			 ((PurpleCertificate *) (cert_chain->data))->scheme);
-
-	/* Construct and fill in the request fields */
-	vrq = g_new0(PurpleCertificateVerificationRequest, 1);
-	vrq->verifier = verifier;
-	vrq->scheme = scheme;
-	vrq->subject_name = g_strdup(subject_name);
-	vrq->cert_chain = purple_certificate_copy_list(cert_chain);
-	vrq->cb = cb;
-	vrq->cb_data = cb_data;
-
-	/* Initiate verification */
-	(verifier->start_verification)(vrq);
-}
-
-void
-purple_certificate_verify_complete(PurpleCertificateVerificationRequest *vrq,
-				   PurpleCertificateVerificationStatus st)
-{
-	PurpleCertificateVerifier *vr;
-
-	g_return_if_fail(vrq);
-
-	if (st == PURPLE_CERTIFICATE_VALID) {
-		purple_debug_info("certificate",
-				  "Successfully verified certificate for %s\n",
-				  vrq->subject_name);
-	} else {
-		purple_debug_error("certificate",
-				  "Failed to verify certificate for %s\n",
-				  vrq->subject_name);
-	}
-
-	/* Pass the results on to the request's callback */
-	(vrq->cb)(st, vrq->cb_data);
-
-	/* And now to eliminate the request */
-	/* Fetch the Verifier responsible... */
-	vr = vrq->verifier;
-	/* ...and order it to KILL */
-	(vr->destroy_request)(vrq);
-
-	/* Now the internals have been cleaned up, so clean up the libpurple-
-	   created elements */
-	g_free(vrq->subject_name);
-	purple_certificate_destroy_list(vrq->cert_chain);
-
-	/*  A structure born
-	 *          to much ado
-	 *                   and with so much within.
-	 * It reaches now
-	 *             its quiet end. */
-	g_free(vrq);
-}
-
-
-PurpleCertificate *
-purple_certificate_copy(PurpleCertificate *crt)
-{
-	g_return_val_if_fail(crt, NULL);
-	g_return_val_if_fail(crt->scheme, NULL);
-	g_return_val_if_fail(crt->scheme->copy_certificate, NULL);
-
-	return (crt->scheme->copy_certificate)(crt);
-}
-
-GList *
-purple_certificate_copy_list(GList *crt_list)
-{
-	GList *new_l, *l;
-
-	/* First, make a shallow copy of the list */
-	new_l = g_list_copy(crt_list);
-
-	/* Now go through and actually duplicate each certificate */
-	for (l = new_l; l; l = l->next) {
-		l->data = purple_certificate_copy(l->data);
-	}
-
-	return new_l;
-}
-
-void
-purple_certificate_destroy (PurpleCertificate *crt)
-{
-	PurpleCertificateScheme *scheme;
-
-	if (NULL == crt) return;
-
-	scheme = crt->scheme;
-
-	(scheme->destroy_certificate)(crt);
-}
-
-void
-purple_certificate_destroy_list (GList * crt_list)
-{
-	PurpleCertificate *crt;
-	GList *l;
-
-	for (l=crt_list; l; l = l->next) {
-		crt = (PurpleCertificate *) l->data;
-		purple_certificate_destroy(crt);
-	}
-
-	g_list_free(crt_list);
-}
-
-gboolean
-purple_certificate_signed_by(PurpleCertificate *crt, PurpleCertificate *issuer)
-{
-	PurpleCertificateScheme *scheme;
-
-	g_return_val_if_fail(crt, FALSE);
-	g_return_val_if_fail(issuer, FALSE);
-
-	scheme = crt->scheme;
-	g_return_val_if_fail(scheme, FALSE);
-	/* We can't compare two certs of unrelated schemes, obviously */
-	g_return_val_if_fail(issuer->scheme == scheme, FALSE);
-
-	return (scheme->signed_by)(crt, issuer);
-}
-
-gboolean
-purple_certificate_check_signature_chain(GList *chain,
-                                                      PurpleCertificate **failing)
-{
-	GList *cur;
-	PurpleCertificate *crt, *issuer;
-	gchar *uid;
-	time_t now;
-	gint64 activation, expiration;
-	gboolean ret;
-
-	g_return_val_if_fail(chain, FALSE);
-
-	if (failing)
-		*failing = NULL;
-
-	uid = purple_certificate_get_unique_id((PurpleCertificate *) chain->data);
-	purple_debug_info("certificate",
-			  "Checking signature chain for uid=%s\n",
-			  uid);
-	g_free(uid);
-
-	/* If this is a single-certificate chain, say that it is valid */
-	if (chain->next == NULL) {
-		purple_debug_info("certificate",
-				  "...Singleton. We'll say it's valid.\n");
-		return TRUE;
-	}
-
-	now = time(NULL);
-
-	/* Load crt with the first certificate */
-	crt = (PurpleCertificate *)(chain->data);
-	/* And start with the second certificate in the chain */
-	for ( cur = chain->next; cur; cur = cur->next ) {
-
-		issuer = (PurpleCertificate *)(cur->data);
-
-		uid = purple_certificate_get_unique_id(issuer);
-
-		ret = purple_certificate_get_times(issuer, &activation, &expiration);
-		if (!ret || now < activation || now > expiration) {
-			if (!ret)
-				purple_debug_error("certificate",
-						"...Failed to get validity times for certificate %s\n"
-						"Chain is INVALID\n", uid);
-			else if (now > expiration) {

