[tool] Add 'trust-exception' command to gnome-keyring tool.

Looks up trust exceptions for certificates.

4 files changed, 173 insertions, 2 deletions

diff --git a/tool/Makefile.am b/tool/Makefile.am
index de328b26..56c2cea3 100644
--- a/tool/Makefile.am
+++ b/tool/Makefile.am
@@ -10,8 +10,9 @@ INCLUDES=	\
 	
 gnome_keyring@GCR_VERSION_SUFFIX@_SOURCES = \
 	gkr-tool.c gkr-tool.h \
-	gkr-tool-import.c
-	
+	gkr-tool-import.c \
+	gkr-tool-trust.c
+
 gnome_keyring@GCR_VERSION_SUFFIX@_CFLAGS = \
 	-DGCR_API_SUBJECT_TO_CHANGE \
 	-DGNOMELOCALEDIR=\""$(datadir)/locale"\"
diff --git a/tool/gkr-tool-trust.c b/tool/gkr-tool-trust.c
new file mode 100644
index 00000000..a04c4fab
--- /dev/null
+++ b/tool/gkr-tool-trust.c
@@ -0,0 +1,167 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* gkr-tool-trust.c: Command line certificate trust exceptions
+
+   Copyright (C) 2010 Stefan Walter
+
+   The Gnome Keyring Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The Gnome Keyring Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the Gnome Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+
+   Author: Stef Walter <stef@memberwebs.com>
+*/
+
+#include "config.h"
+
+#include "gkr-tool.h"
+
+#include "gck/gck.h"
+
+#include "gcr/gcr.h"
+
+#include "egg/egg-hex.h"
+
+#if 0
+static gchar **trust_files = NULL;
+#endif
+
+struct {
+	const gchar *name;
+	GcrPurpose purpose;
+} purpose_names[] = {
+	{ "server", GCR_PURPOSE_SERVER_AUTH },
+	{ "client", GCR_PURPOSE_CLIENT_AUTH },
+	{ "code", GCR_PURPOSE_CODE_SIGNING },
+	{ "email", GCR_PURPOSE_EMAIL },
+	{ "timestamp", GCR_PURPOSE_TIME_STAMPING },
+	{ "ipsec-endpoint", GCR_PURPOSE_IPSEC_ENDPOINT },
+	{ "ipsec-tunnel", GCR_PURPOSE_IPSEC_TUNNEL },
+	{ "ipsec-user", GCR_PURPOSE_IPSEC_USER },
+	{ "ipsec-ike-intermediate", GCR_PURPOSE_IKE_INTERMEDIATE },
+};
+
+static GcrPurpose
+purpose_for_string (const gchar *string)
+{
+	guint i;
+
+	g_assert (string);
+
+	for (i = 0; i < G_N_ELEMENTS (purpose_names); ++i) {
+		if (g_str_equal (purpose_names[i].name, string))
+			return purpose_names[i].purpose;
+	}
+
+	return 0;
+}
+
+static const gchar*
+purpose_to_string (GcrPurpose purpose)
+{
+	guint i;
+
+	for (i = 0; i < G_N_ELEMENTS (purpose_names); ++i) {
+		if (purpose == purpose_names[i].purpose)
+			return purpose_names[i].name;
+	}
+
+	return NULL;
+}
+
+static GOptionEntry trust_entries[] = {
+	GKR_TOOL_BASIC_OPTIONS
+	{ NULL }
+};
+
+static int
+get_certificate_exceptions (GcrCertificate *certificate, GcrPurpose purpose)
+{
+	GError *error = NULL;
+	const gchar *string;
+	GcrTrust trust;
+
+	trust = gcr_trust_get_certificate_exception (certificate, purpose, NULL, &error);
+	if (error != NULL) {
+		gkr_tool_handle_error (&error, "retrieving trust exception failed");
+		return 1;
+	}
+
+	string = purpose_to_string (purpose);
+	if (trust == GCR_TRUST_UNKNOWN && !gkr_tool_mode_quiet)
+		g_print ("%s: no trust exception\n", string);
+	else if (trust == GCR_TRUST_TRUSTED)
+		g_print ("%s: certificate is explicitly trusted\n", string);
+	else if (trust == GCR_TRUST_UNTRUSTED)
+		g_print ("%s: certificate is explicitly untrusted\n", string);
+
+	return 0;
+}
+
+int
+gkr_tool_trust (int argc, char *argv[])
+{
+	GcrCertificate *certificate = NULL;
+	GcrPurpose purpose;
+	GError *error = NULL;
+	GArray *purposes = NULL;
+	GFile *file = NULL;
+	gchar *contents;
+	gsize length;
+	int ret = 2;
+	guint i;
+
+	ret = gkr_tool_parse_options (&argc, &argv, trust_entries);
+	if (ret != 0)
+		return ret;
+
+	if (argc < 3) {
+		gkr_tool_handle_error (NULL, "specify certificate file followed by one or more purposes");
+		goto done;
+	}
+
+	purposes = g_array_new (FALSE, TRUE, sizeof (GcrPurpose));
+	for (i = 2; i < argc; ++i) {
+		purpose = purpose_for_string (argv[i]);
+		if (purpose == 0) {
+			gkr_tool_handle_error (NULL, "invalid purpose: %s", argv[i]);
+			goto done;
+		}
+		g_array_append_val (purposes, purpose);
+	}
+
+	ret = 1;
+
+	file = g_file_new_for_commandline_arg (argv[1]);
+	if (!g_file_load_contents (file, NULL, &contents, &length, NULL, &error)) {
+		gkr_tool_handle_error (&error, "couldn't read file: %s", argv[1]);
+		goto done;
+	}
+
+	certificate = gcr_simple_certificate_new (contents, length);
+	g_free (contents);
+
+	for (i = 0; i < purposes->len; ++i) {
+		ret = get_certificate_exceptions (certificate, g_array_index (purposes, GcrPurpose, i));
+		if (ret != 0)
+			break;
+	}
+
+done:
+	if (file != NULL)
+		g_object_unref (file);
+	if (purposes != NULL)
+		g_array_free (purposes, TRUE);
+	if (certificate != NULL)
+		g_object_unref (certificate);
+	return ret;
+}
diff --git a/tool/gkr-tool.c b/tool/gkr-tool.c
index 57343372..e19b6792 100644
--- a/tool/gkr-tool.c
+++ b/tool/gkr-tool.c
@@ -88,6 +88,7 @@ typedef struct _CommandInfo {
 
 static CommandInfo command_info[] = {
 	{ "import", gkr_tool_import },
+	{ "trust-exception", gkr_tool_trust },
 	{ NULL, NULL }
 };
 
diff --git a/tool/gkr-tool.h b/tool/gkr-tool.h
index 94172a24..217db114 100644
--- a/tool/gkr-tool.h
+++ b/tool/gkr-tool.h
@@ -42,6 +42,8 @@ int gkr_tool_parse_options (int *argc, char** argv[], GOptionEntry *options);
 /* -------------------------------------------------------------------------------
  * VARIOUS COMMAND HANDLERS 
  */
+
 int gkr_tool_import (int argc, char *argv[]);
+int gkr_tool_trust  (int argc, char *argv[]);
 
 #endif /* GKRTOOL_H_ */