90 lines
2.7 KiB
Python
90 lines
2.7 KiB
Python
# This file is part of Gajim.
|
|
#
|
|
# Gajim is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published
|
|
# by the Free Software Foundation; version 3 only.
|
|
#
|
|
# Gajim is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Gajim. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
import logging
|
|
|
|
from gi.repository import GLib
|
|
from gi.repository import Gio
|
|
|
|
from gajim.common import configpaths
|
|
|
|
from gajim.common.helpers import get_random_string
|
|
from gajim.common.helpers import write_file_async
|
|
|
|
|
|
log = logging.getLogger('gajim.c.cert_store')
|
|
|
|
|
|
class CertificateStore:
|
|
def __init__(self):
|
|
self._path = configpaths.get('CERT_STORE')
|
|
self._certs = []
|
|
|
|
self._load_certificates()
|
|
|
|
def _get_random_path(self):
|
|
filename = get_random_string()
|
|
path = self._path / filename
|
|
if path.exists():
|
|
return self._get_random_path()
|
|
return path
|
|
|
|
def _load_certificates(self):
|
|
for path in self._path.iterdir():
|
|
if path.is_dir():
|
|
continue
|
|
try:
|
|
cert = Gio.TlsCertificate.new_from_file(str(path))
|
|
except GLib.Error as error:
|
|
log.warning('Can\'t load certificate: %s, %s', path, error)
|
|
continue
|
|
|
|
log.info('Loaded: %s', path.stem)
|
|
self._certs.append(cert)
|
|
|
|
log.info('%s Certificates loaded', len(self._certs))
|
|
|
|
def get_certificates(self):
|
|
return list(self._certs)
|
|
|
|
def add_certificate(self, certificate):
|
|
log.info('Add certificate to trust store')
|
|
self._certs.append(certificate)
|
|
pem = certificate.props.certificate_pem
|
|
path = self._get_random_path()
|
|
write_file_async(path,
|
|
pem.encode(),
|
|
self._on_certificate_write_finished,
|
|
path)
|
|
|
|
def verify(self, certificate, tls_errors):
|
|
if Gio.TlsCertificateFlags.UNKNOWN_CA in tls_errors:
|
|
for trusted_certificate in self._certs:
|
|
if trusted_certificate.is_same(certificate):
|
|
tls_errors.remove(Gio.TlsCertificateFlags.UNKNOWN_CA)
|
|
break
|
|
|
|
if not tls_errors:
|
|
return True
|
|
return False
|
|
|
|
@staticmethod
|
|
def _on_certificate_write_finished(data, error, path):
|
|
if data is None:
|
|
log.error('Can\'t store certificate: %s', error)
|
|
return
|
|
|
|
log.info('Certificate stored: %s', path)
|