[gnome-keyring/trust-store: 95/105] Merge branch 'master' into trust-store
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/trust-store: 95/105] Merge branch 'master' into trust-store
- Date: Tue, 23 Nov 2010 03:08:48 +0000 (UTC)
commit d2ce4a0263db1d15cb89b7170aa671753be92b23
Merge: c29d406 5379f76
Author: Stef Walter <stef memberwebs com>
Date: Thu Nov 11 21:52:07 2010 +0000
Merge branch 'master' into trust-store
.gitignore | 4 +
HACKING | 123 +-
Makefile.am | 4 +-
NEWS | 25 +
configure.in | 17 +-
daemon/Makefile.am | 3 +-
daemon/control/Makefile.am | 3 +-
daemon/dbus/Makefile.am | 3 +-
daemon/dbus/gkd-secret-change.c | 6 +-
daemon/dbus/gkd-secret-create.c | 2 +-
daemon/dbus/gkd-secret-lock.c | 2 +-
daemon/dbus/gkd-secret-objects.c | 31 +-
daemon/dbus/gkd-secret-service.c | 9 +-
daemon/dbus/gkd-secret-session.c | 61 +-
daemon/dbus/gkd-secret-unlock.c | 2 +-
daemon/gkd-main.c | 25 +-
daemon/gpg-agent/Makefile.am | 5 +-
daemon/gpg-agent/gkd-gpg-agent-ops.c | 8 +-
daemon/gpg-agent/gkd-gpg-agent-standalone.c | 2 +-
daemon/gpg-agent/gkd-gpg-agent.c | 4 +-
daemon/login/Makefile.am | 3 +-
daemon/login/gkd-login.c | 15 +-
daemon/ssh-agent/Makefile.am | 3 +-
daemon/ssh-agent/gkd-ssh-agent-ops.c | 32 +-
daemon/ssh-agent/gkd-ssh-agent-standalone.c | 2 +-
daemon/ssh-agent/gkd-ssh-agent.c | 4 +-
docs/reference/Makefile.am | 2 +-
docs/reference/{gp11 => gck}/.gitignore | 1 -
docs/reference/{gp11 => gck}/Makefile.am | 5 +-
docs/reference/gck/gck-docs.sgml | 25 +
.../gp11-overrides.txt => gck/gck-overrides.txt} | 0
docs/reference/gck/gck-sections.txt | 195 ++
docs/reference/gck/gck.types | 4 +
docs/reference/gcr/Makefile.am | 4 +-
docs/reference/gcr/gcr.types | 2 -
docs/reference/gp11/gp11-docs.sgml | 25 -
docs/reference/gp11/gp11-sections.txt | 195 --
docs/reference/gp11/gp11.types | 4 -
egg/egg-mkdtemp.c | 5 +-
egg/egg-oid.c | 2 +-
gck/Makefile.am | 3 +-
gck/gck-attributes.c | 47 +-
gck/gck-enumerator.c | 25 +-
gck/gck-misc.c | 89 +-
gck/gck-mock.c | 4 +-
gck/gck-module.c | 49 +-
gck/gck-modules.c | 18 +-
gck/gck-object.c | 138 +-
gck/gck-private.h | 4 +-
gck/gck-session.c | 323 ++-
gck/gck-slot.c | 60 +-
gck/gck.h | 153 +-
gck/gck.pc.in | 6 +-
gck/tests/Makefile.am | 7 +-
gck/tests/test-gck-crypto.c | 168 +-
gck/tests/test-gck-mechanism.c | 60 -
gck/tests/test-gck-object.c | 43 +-
gck/tests/test-gck-session.c | 50 +-
gcr/Makefile.am | 42 +-
gcr/gcr-certificate-basics-widget.c | 306 ---
gcr/gcr-certificate-basics-widget.h | 62 -
gcr/gcr-certificate-basics-widget.ui | 504 ----
gcr/gcr-certificate-details-widget.c | 549 ----
gcr/gcr-certificate-details-widget.h | 62 -
gcr/gcr-certificate-renderer.c | 540 ++++
gcr/gcr-certificate-renderer.h | 67 +
gcr/gcr-certificate-widget.c | 200 ++
gcr/gcr-certificate-widget.h | 67 +
gcr/gcr-display-view.c | 784 ++++++
gcr/gcr-display-view.h | 94 +
gcr/gcr-icons.c | 85 +
gcr/gcr-icons.h | 36 +
gcr/gcr-import-dialog.ui | 7 +-
gcr/gcr-importer.c | 429 +--
gcr/gcr-importer.h | 18 +-
gcr/gcr-key-renderer.c | 342 +++
gcr/gcr-key-renderer.h | 62 +
gcr/gcr-key-widget.c | 174 ++
gcr/gcr-key-widget.h | 61 +
gcr/gcr-library.c | 2 +-
gcr/gcr-marshal.list | 1 +
gcr/gcr-parser.c | 302 ++
gcr/gcr-parser.h | 16 +
gcr/gcr-renderer.c | 169 ++
gcr/gcr-renderer.h | 73 +
gcr/gcr-simple-certificate.c | 71 +-
gcr/gcr-simple-certificate.h | 3 +
gcr/gcr-trust.c | 4 +-
gcr/gcr-unlock-options-widget.ui | 2 +-
gcr/gcr-viewer.c | 99 +
gcr/gcr-viewer.h | 73 +
gcr/gcr.h | 3 +-
gcr/gcr.pc.in | 2 +-
gcr/template/gcr-zzz.c | 59 +
gcr/template/gcr-zzz.h | 45 +
gcr/tests/.gitignore | 2 +
gcr/tests/Makefile.am | 39 +-
.../{ui-test-details.c => ui-test-certificate.c} | 67 +-
gcr/tests/{ui-test-details.c => ui-test-key.c} | 64 +-
gp11/.gitignore | 2 -
gp11/Makefile.am | 67 -
gp11/gp11-attributes.c | 1428 ----------
gp11/gp11-call.c | 541 ----
gp11/gp11-marshal.list | 3 -
gp11/gp11-misc.c | 437 ---
gp11/gp11-module.c | 1234 ---------
gp11/gp11-object.c | 1621 -----------
gp11/gp11-private.h | 162 --
gp11/gp11-session.c | 2893 --------------------
gp11/gp11-slot.c | 1067 --------
gp11/gp11.h | 1523 ----------
gp11/gp11.pc.in | 14 -
gp11/pkcs11.h | 30 -
gp11/tests/Makefile.am | 43 -
gp11/tests/gp11-test-module.c | 1702 ------------
gp11/tests/gp11-test.h | 46 -
gp11/tests/test-gp11-mechanism.c | 60 -
gp11/tests/unit-test-gp11-attributes.c | 528 ----
gp11/tests/unit-test-gp11-crypto.c | 595 ----
gp11/tests/unit-test-gp11-module.c | 159 --
gp11/tests/unit-test-gp11-object.c | 463 ----
gp11/tests/unit-test-gp11-session.c | 323 ---
gp11/tests/unit-test-gp11-slot.c | 148 -
pkcs11/rpc-layer/gkm-rpc-util.c | 4 +-
pkcs11/wrap-layer/gkm-wrap-layer.h | 6 +-
pkcs11/wrap-layer/gkm-wrap-login.c | 38 +-
pkcs11/wrap-layer/gkm-wrap-login.h | 2 +
pkcs11/wrap-layer/gkm-wrap-prompt.c | 89 +-
pkcs11/wrap-layer/tests/test-login-hints.c | 15 +-
po/POTFILES.in | 7 +-
po/ar.po | 126 +-
po/bg.po | 580 ++--
po/ca.po | 600 +++--
po/ca valencia po | 629 +++--
po/cs.po | 576 ++--
po/da.po | 607 +++--
po/de.po | 896 ++----
po/el.po | 262 +-
po/es.po | 619 +++--
po/et.po | 10 +-
po/eu.po | 603 +++--
po/fa.po | 1294 +++++++--
po/gl.po | 636 +++--
po/he.po | 622 +++--
po/id.po | 124 +-
po/it.po | 626 +++--
po/ja.po | 682 +++---
po/ko.po | 611 +++--
po/lt.po | 690 +++---
po/nb.po | 551 ++--
po/pa.po | 623 +++--
po/pl.po | 579 ++--
po/pt_BR.po | 633 +++--
po/ru.po | 600 ++---
po/sl.po | 548 ++--
po/zh_CN.po | 704 +++---
tool/Makefile.am | 7 +-
tool/gkr-tool-import.c | 21 +-
ui/Makefile.am | 1 +
ui/gku-prompt.c | 2 +
160 files changed, 12947 insertions(+), 25066 deletions(-)
---
diff --cc gcr/Makefile.am
index 80492ab,3e40939..cffa886
--- a/gcr/Makefile.am
+++ b/gcr/Makefile.am
@@@ -17,15 -16,18 +16,19 @@@ incdir = $(includedir)/gcr GCR_VERSION_
inc_HEADERS = \
gcr.h \
gcr-certificate.h \
- gcr-certificate-basics-widget.h \
- gcr-certificate-details-widget.h \
+ gcr-certificate-renderer.h \
+ gcr-certificate-widget.h \
+ gcr-key-renderer.h \
+ gcr-key-widget.h \
gcr-importer.h \
gcr-parser.h \
+ gcr-renderer.h \
gcr-simple-certificate.h \
+ gcr-trust.h \
gcr-types.h \
gcr-unlock-options.h \
- gcr-unlock-options-widget.h
+ gcr-unlock-options-widget.h \
+ gcr-viewer.h
# ------------------------------------------------------------------
# LIBRARY
@@@ -51,10 -55,12 +56,13 @@@ libgcr GCR_VERSION_SUFFIX@_la_SOURCES
gcr-import-dialog.c gcr-import-dialog.h \
gcr-importer.c gcr-importer.h \
gcr-internal.h \
+ gcr-key-renderer.c gcr-key-renderer.h \
+ gcr-key-widget.c gcr-key-widget.h \
gcr-library.c \
gcr-parser.c gcr-parser.h \
+ gcr-renderer.c gcr-renderer.h \
gcr-simple-certificate.c gcr-simple-certificate.h \
+ gcr-trust.c gcr-trust.h \
gcr-types.h \
gcr-unlock-options.h \
gcr-unlock-options-widget.c gcr-unlock-options-widget.h \
diff --cc gcr/gcr-simple-certificate.h
index d4746d1,7089af9..ccc9815
--- a/gcr/gcr-simple-certificate.h
+++ b/gcr/gcr-simple-certificate.h
@@@ -50,9 -50,12 +50,12 @@@ struct _GcrSimpleCertificateClass
GType gcr_simple_certificate_get_type (void);
-GcrCertificate* gcr_simple_certificate_new (const guchar *data,
+GcrCertificate* gcr_simple_certificate_new (gconstpointer data,
gsize n_data);
+ GcrCertificate* gcr_simple_certificate_new_static (const guchar *data,
+ gsize n_data);
+
G_END_DECLS
#endif /* __GCR_SIMPLE_CERTIFICATE_H__ */
diff --cc gcr/gcr-trust.c
index 03c04e7,0000000..a627987
mode 100644,000000..100644
--- a/gcr/gcr-trust.c
+++ b/gcr/gcr-trust.c
@@@ -1,590 -1,0 +1,590 @@@
+/*
+ * gnome-keyring
+ *
+ * Copyright (C) 2010 Stefan Walter
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "gcr.h"
+#include "gcr-types.h"
+#include "gcr-internal.h"
+#include "gcr-trust.h"
+
+#include <gck/gck.h>
+
+#include <pkcs11/pkcs11n.h>
+
+/* ----------------------------------------------------------------------------------
+ * HELPERS
+ */
+
+typedef struct _GcrTrustOperation {
+ GckEnumerator *en;
+ GckAttributes *attrs;
+ GcrPurpose purpose;
+ GcrTrust trust;
+} GcrTrustOperation;
+
+static CK_ATTRIBUTE_TYPE
+attribute_type_for_purpose (GcrPurpose purpose)
+{
+ switch (purpose) {
+ case GCR_PURPOSE_SERVER_AUTH:
+ return CKA_TRUST_SERVER_AUTH;
+ case GCR_PURPOSE_CLIENT_AUTH:
+ return CKA_TRUST_CLIENT_AUTH;
+ case GCR_PURPOSE_CODE_SIGNING:
+ return CKA_TRUST_CODE_SIGNING;
+ case GCR_PURPOSE_EMAIL:
+ return CKA_TRUST_EMAIL_PROTECTION;
+ case GCR_PURPOSE_TIME_STAMPING:
+ return CKA_TRUST_TIME_STAMPING;
+ case GCR_PURPOSE_IPSEC_ENDPOINT:
+ return CKA_TRUST_IPSEC_END_SYSTEM;
+ case GCR_PURPOSE_IPSEC_TUNNEL:
+ return CKA_TRUST_IPSEC_TUNNEL;
+ case GCR_PURPOSE_IPSEC_USER:
+ return CKA_TRUST_IPSEC_USER;
+ case GCR_PURPOSE_IKE_INTERMEDIATE:
+ g_return_val_if_reached ((CK_ULONG)-1);
+ default:
+ g_return_val_if_reached ((CK_ULONG)-1);
+ };
+}
+
+static void
+trust_operation_free (gpointer data)
+{
+ GcrTrustOperation *op = data;
+ g_assert (data);
+
+ /* No reference held */
+ g_assert (GCK_IS_ENUMERATOR (op->en));
+ op->en = NULL;
+
+ g_assert (op->attrs);
+ gck_attributes_unref (op->attrs);
+ op->attrs = NULL;
+
+ g_slice_free (GcrTrustOperation, op);
+}
+
+static void
+trust_operation_init (GckEnumerator *en, GckAttributes *attrs,
+ GcrPurpose purpose, GcrTrust trust)
+{
+ GcrTrustOperation *op;
+
+ g_assert (GCK_IS_ENUMERATOR (en));
+ g_assert (!g_object_get_data (G_OBJECT (en), "trust-operation"));
+ g_assert (attrs);
+
+ op = g_slice_new0 (GcrTrustOperation);
+ op->purpose = purpose;
+ op->trust = trust;
+ op->attrs = gck_attributes_ref (attrs);
+
+ /* No reference held, GckEnumerator owns */
+ op->en = en;
+ g_object_set_data_full (G_OBJECT (en), "trust-operation", op, trust_operation_free);
+}
+
+static GcrTrustOperation*
+trust_operation_get (GckEnumerator *en)
+{
+ GcrTrustOperation *op = g_object_get_data (G_OBJECT (en), "trust-operation");
+ g_assert (op);
+ g_assert (op->en == en);
+ return op;
+}
+
+static GckAttributes*
+prepare_trust_attrs (GcrCertificate *cert)
+{
+ GckAttributes *attrs;
+ gpointer data;
+ gsize n_data;
+
+ attrs = gck_attributes_new ();
+ gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_NETSCAPE_TRUST);
+
+ data = gcr_certificate_get_issuer_raw (cert, &n_data);
+ g_return_val_if_fail (data, NULL);
+ gck_attributes_add_data (attrs, CKA_ISSUER, data, n_data);
+ g_free (data);
+
+ data = gcr_certificate_get_serial_number (cert, &n_data);
+ g_return_val_if_fail (data, NULL);
+ gck_attributes_add_data (attrs, CKA_SERIAL_NUMBER, data, n_data);
+ g_free (data);
+
+ data = gcr_certificate_get_fingerprint (cert, G_CHECKSUM_SHA1, &n_data);
+ g_return_val_if_fail (data, NULL);
+ gck_attributes_add_data (attrs, CKA_CERT_SHA1_HASH, data, n_data);
+ g_free (data);
+
+ return attrs;
+}
+
+/* ----------------------------------------------------------------------------------
+ * GET CERTIFICATE EXCEPTION
+ */
+
+static GckEnumerator*
+prepare_get_certificate_exception (GcrCertificate *cert, GcrPurpose purpose)
+{
+ GckAttributes *attrs;
+ GckEnumerator *en;
+ GList *modules;
+
+ modules = _gcr_get_pkcs11_modules ();
+
+ attrs = prepare_trust_attrs (cert);
+ g_return_val_if_fail (attrs, NULL);
+
+ /*
+ * TODO: We need to be able to sort the modules by preference
+ * on which sources of trust storage we want to read over which
+ * others.
+ */
+
+ en = gck_modules_enumerate_objects (modules, attrs, 0);
+ trust_operation_init (en, attrs, purpose, GCR_TRUST_UNKNOWN);
+ gck_attributes_unref (attrs);
+
+ return en;
+}
+
+static GcrTrust
+perform_get_certificate_exception (GckEnumerator *en, GCancellable *cancel, GError **error)
+{
+ CK_ATTRIBUTE_TYPE type;
+ GcrTrustOperation *op;
+ GckObject *object;
+ gpointer data;
+ gsize n_data;
+ gulong value;
+
+ op = trust_operation_get (en);
+
+ g_assert (op != NULL);
+ g_assert (op->trust == GCR_TRUST_UNKNOWN);
+
+ type = attribute_type_for_purpose (op->purpose);
+
+ while (op->trust == GCR_TRUST_UNKNOWN) {
+ object = gck_enumerator_next (en, cancel, error);
+ if (!object)
+ break;
+
- data = gck_object_get_data (object, type, &n_data, error);
++ data = gck_object_get_data (object, type, NULL, &n_data, error);
+
+ g_object_unref (object);
+
+ if (!data)
+ break;
+
+ if (!gck_value_to_ulong (data, n_data, &value)) {
+ g_message ("an invalid sized value was received for trust attribute");
+ value = CKT_NETSCAPE_TRUST_UNKNOWN;
+ }
+
+ if (value == CKT_NETSCAPE_TRUSTED)
+ op->trust = GCR_TRUST_TRUSTED;
+ else if (value == CKT_NETSCAPE_UNTRUSTED)
+ op->trust = GCR_TRUST_UNTRUSTED;
+
+ g_free (data);
+ }
+
+ return op->trust;
+}
+
+GcrTrust
+gcr_trust_get_certificate_exception (GcrCertificate *cert, GcrPurpose purpose,
+ GCancellable *cancel, GError **error)
+{
+ GckEnumerator *en;
+ GcrTrust trust;
+
+ en = prepare_get_certificate_exception (cert, purpose);
+ g_return_val_if_fail (en, GCR_TRUST_UNKNOWN);
+
+ trust = perform_get_certificate_exception (en, cancel, error);
+
+ g_object_unref (en);
+
+ return trust;
+}
+
+static void
+thread_get_certificate_exception (GSimpleAsyncResult *res, GObject *object, GCancellable *cancel)
+{
+ GError *error = NULL;
+
+ perform_get_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+
+ if (error != NULL) {
+ g_simple_async_result_set_from_error (res, error);
+ g_clear_error (&error);
+ }
+}
+
+void
+gcr_trust_get_certificate_exception_async (GcrCertificate *cert, GcrPurpose purpose,
+ GCancellable *cancel, GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GSimpleAsyncResult *async;
+ GckEnumerator *en;
+
+ en = prepare_get_certificate_exception (cert, purpose);
+ g_return_if_fail (en);
+
+ async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
+ gcr_trust_get_certificate_exception_async);
+
+ g_simple_async_result_run_in_thread (async, thread_get_certificate_exception,
+ G_PRIORITY_DEFAULT, cancel);
+
+ g_object_unref (async);
+ g_object_unref (en);
+}
+
+GcrTrust
+gcr_trust_get_certificate_exception_finish (GAsyncResult *res, GError **error)
+{
+ GcrTrustOperation *op;
+ GObject *object;
+
+ object = g_async_result_get_source_object (res);
+ g_return_val_if_fail (g_simple_async_result_is_valid (res, object,
+ gcr_trust_get_certificate_exception_async), GCR_TRUST_UNKNOWN);
+
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error))
+ return GCR_TRUST_UNKNOWN;
+
+ op = trust_operation_get (GCK_ENUMERATOR (object));
+ return op->trust;
+}
+
+/* ----------------------------------------------------------------------------------
+ * SET CERTIFICATE EXCEPTION
+ */
+
+static GckEnumerator*
+prepare_set_certificate_exception (GcrCertificate *cert, GcrPurpose purpose, GcrTrust trust)
+{
+ GckAttributes *attrs;
+ GckEnumerator *en;
+ GList *modules;
+ gpointer data;
+ gsize n_data;
+
+ modules = _gcr_get_pkcs11_modules ();
+
+ attrs = prepare_trust_attrs (cert);
+ g_return_val_if_fail (attrs, NULL);
+
+ gck_attributes_add_boolean (attrs, CKA_MODIFIABLE, TRUE);
+ gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
+
+ data = gcr_certificate_get_subject_raw (cert, &n_data);
+ g_return_val_if_fail (data, NULL);
+ gck_attributes_add_data (attrs, CKA_SUBJECT, data, n_data);
+ g_free (data);
+
+ data = gcr_certificate_get_fingerprint (cert, G_CHECKSUM_MD5, &n_data);
+ g_return_val_if_fail (data, NULL);
+ gck_attributes_add_data (attrs, CKA_CERT_MD5_HASH, data, n_data);
+ g_free (data);
+
+ /*
+ * TODO: We need to be able to sort the modules by preference
+ * on which sources of trust storage we want to read over which
+ * others.
+ */
+
+ en = gck_modules_enumerate_objects (modules, attrs, CKF_RW_SESSION);
+ trust_operation_init (en, attrs, purpose, trust);
+ gck_attributes_unref (attrs);
+
+ return en;
+}
+
+static gboolean
+perform_set_certificate_exception (GckEnumerator *en, GCancellable *cancel, GError **error)
+{
+ CK_ATTRIBUTE_TYPE type;
+ GcrTrustOperation *op;
+ GckAttributes *attrs;
+ gboolean ret = FALSE;
+ GError *lerr = NULL;
+ GckObject *object;
+ GckSession *session;
+ gulong value;
+ GckSlot *slot;
+
+ op = trust_operation_get (en);
+ g_assert (op != NULL);
+
+ /* We need an error below */
+ if (error && !*error)
+ *error = lerr;
+
+ switch (op->trust) {
+ case GCR_TRUST_UNKNOWN:
+ value = CKT_NETSCAPE_TRUST_UNKNOWN;
+ break;
+ case GCR_TRUST_UNTRUSTED:
+ value = CKT_NETSCAPE_UNTRUSTED;
+ break;
+ case GCR_TRUST_TRUSTED:
+ value = CKT_NETSCAPE_TRUSTED;
+ break;
+ }
+
+ type = attribute_type_for_purpose (op->purpose);
+ attrs = gck_attributes_new ();
+
+ object = gck_enumerator_next (en, cancel, error);
+
+ /* Only set this one attribute */
+ if (object) {
+
+ gck_attributes_add_ulong (attrs, type, value);
+ ret = gck_object_set (object, attrs, cancel, error);
+
+ /* Use all trust attributes to create trust object */
+ } else if (!*error) {
+
+ gck_attributes_add_all (attrs, op->attrs);
+ gck_attributes_add_ulong (attrs, type, value);
+
+ /* Find an appropriate token */
+ slot = _gcr_slot_for_storing_trust (error);
+ if (slot != NULL) {
- session = gck_slot_open_session (slot, CKF_RW_SESSION, error);
++ session = gck_slot_open_session (slot, CKF_RW_SESSION, NULL, error);
+ if (session != NULL) {
+
+ object = gck_session_create_object (session, attrs, cancel, error);
+ if (object != NULL) {
+ g_object_unref (object);
+ ret = TRUE;
+ }
+
+ g_object_unref (session);
+ }
+
+ g_object_unref (slot);
+ }
+ }
+
+ gck_attributes_unref (attrs);
+
+ /* Our own local error pointer */
+ g_clear_error (&lerr);
+
+ return ret;
+}
+
+gboolean
+gcr_trust_set_certificate_exception (GcrCertificate *cert, GcrPurpose purpose, GcrTrust trust,
+ GCancellable *cancel, GError **error)
+{
+ GckEnumerator *en;
+ gboolean ret;
+
+ en = prepare_set_certificate_exception (cert, purpose, trust);
+ g_return_val_if_fail (en, FALSE);
+
+ ret = perform_set_certificate_exception (en, cancel, error);
+
+ g_object_unref (en);
+
+ return ret;
+}
+
+static void
+thread_set_certificate_exception (GSimpleAsyncResult *res, GObject *object, GCancellable *cancel)
+{
+ GError *error = NULL;
+
+ perform_set_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+
+ if (error != NULL) {
+ g_simple_async_result_set_from_error (res, error);
+ g_clear_error (&error);
+ }
+}
+
+void
+gcr_trust_set_certificate_exception_async (GcrCertificate *cert, GcrPurpose purpose,
+ GcrTrust trust, GCancellable *cancel,
+ GAsyncReadyCallback callback, gpointer user_data)
+{
+ GSimpleAsyncResult *async;
+ GckEnumerator *en;
+
+ en = prepare_set_certificate_exception (cert, purpose, trust);
+ g_return_if_fail (en);
+
+ async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
+ gcr_trust_set_certificate_exception_async);
+
+ g_simple_async_result_run_in_thread (async, thread_set_certificate_exception,
+ G_PRIORITY_DEFAULT, cancel);
+
+ g_object_unref (async);
+ g_object_unref (en);
+}
+
+gboolean
+gcr_trust_set_certificate_exception_finish (GAsyncResult *res, GError **error)
+{
+ GObject *object;
+
+ object = g_async_result_get_source_object (res);
+ g_return_val_if_fail (g_simple_async_result_is_valid (res, object,
+ gcr_trust_set_certificate_exception_async), FALSE);
+
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error))
+ return FALSE;
+
+ return TRUE;
+}
+
+/* ----------------------------------------------------------------------------------
+ * CERTIFICATE ROOT
+ */
+
+static GckEnumerator*
+prepare_is_certificate_root (GcrCertificate *cert, GcrPurpose purpose)
+{
+ GckAttributes *attrs;
+ GckEnumerator *en;
+ GList *modules;
+
+ modules = _gcr_get_pkcs11_modules ();
+
+ attrs = prepare_trust_attrs (cert);
+ g_return_val_if_fail (attrs, NULL);
+
+ gck_attributes_add_ulong (attrs, attribute_type_for_purpose (purpose),
+ CKT_NETSCAPE_TRUSTED_DELEGATOR);
+
+ /*
+ * TODO: We need to be able to sort the modules by preference
+ * on which sources of trust storage we want to read over which
+ * others.
+ */
+
+ en = gck_modules_enumerate_objects (modules, attrs, CKF_RW_SESSION);
+ trust_operation_init (en, attrs, purpose, GCR_TRUST_UNKNOWN);
+ gck_attributes_unref (attrs);
+
+ return en;
+}
+
+static gboolean
+perform_is_certificate_root (GckEnumerator *en, GCancellable *cancel, GError **error)
+{
+ GcrTrustOperation *op;
+ GckObject *object;
+
+ op = trust_operation_get (en);
+ g_assert (op != NULL);
+
+ object = gck_enumerator_next (en, cancel, error);
+ if (object != NULL) {
+ op->trust = GCR_TRUST_TRUSTED;
+ g_object_unref (object);
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+gboolean
+gcr_trust_is_certificate_root (GcrCertificate *cert, GcrPurpose purpose,
+ GCancellable *cancel, GError **error)
+{
+ GckEnumerator *en;
+ gboolean ret;
+
+ en = prepare_is_certificate_root (cert, purpose);
+ g_return_val_if_fail (en, FALSE);
+
+ ret = perform_is_certificate_root (en, cancel, error);
+
+ g_object_unref (en);
+
+ return ret;
+}
+
+static void
+thread_is_certificate_root (GSimpleAsyncResult *res, GObject *object, GCancellable *cancel)
+{
+ GError *error = NULL;
+
+ perform_is_certificate_root (GCK_ENUMERATOR (object), cancel, &error);
+
+ if (error != NULL) {
+ g_simple_async_result_set_from_error (res, error);
+ g_clear_error (&error);
+ }
+}
+
+void
+gcr_trust_is_certificate_root_async (GcrCertificate *cert, GcrPurpose purpose,
+ GCancellable *cancel, GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GSimpleAsyncResult *async;
+ GckEnumerator *en;
+
+ en = prepare_is_certificate_root (cert, purpose);
+ g_return_if_fail (en);
+
+ async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
+ gcr_trust_is_certificate_root_async);
+
+ g_simple_async_result_run_in_thread (async, thread_is_certificate_root,
+ G_PRIORITY_DEFAULT, cancel);
+
+ g_object_unref (async);
+ g_object_unref (en);
+}
+
+gboolean
+gcr_trust_is_certificate_root_finish (GAsyncResult *res, GError **error)
+{
+ GcrTrustOperation *op;
+ GObject *object;
+
+ object = g_async_result_get_source_object (res);
+ g_return_val_if_fail (g_simple_async_result_is_valid (res, object,
+ gcr_trust_is_certificate_root_async), FALSE);
+
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error))
+ return FALSE;
+
+ op = trust_operation_get (GCK_ENUMERATOR (object));
+ return op->trust == GCR_TRUST_TRUSTED;
+}
diff --cc gcr/gcr.h
index c150a34,aac35fa..2d0ba4b
--- a/gcr/gcr.h
+++ b/gcr/gcr.h
@@@ -25,12 -25,9 +25,11 @@@
#include <glib.h>
#include "gcr-certificate.h"
- #include "gcr-certificate-basics-widget.h"
- #include "gcr-certificate-details-widget.h"
+ #include "gcr-certificate-widget.h"
#include "gcr-importer.h"
#include "gcr-parser.h"
+#include "gcr-simple-certificate.h"
+#include "gcr-trust.h"
#include "gcr-types.h"
#endif /* __GCR_H__ */
diff --cc po/POTFILES.in
index 8dcd2e5,2719deb..8345edb
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@@ -18,9 -17,8 +17,9 @@@ gcr/gcr-certificate-widget.
[type: gettext/glade]gcr/gcr-import-dialog.ui
[type: gettext/glade]gcr/gcr-unlock-options-widget.ui
gcr/gcr-importer.c
+gcr/gcr-library.c
+ gcr/gcr-key-renderer.c
gcr/gcr-parser.c
- gp11/gp11-misc.c
gck/gck-uri.c
gck/gck-misc.c
pkcs11/gkm/gkm-certificate.c
diff --cc po/el.po
index d7a4f95,db8877b..e747be6
--- a/po/el.po
+++ b/po/el.po
@@@ -1077,6 -1037,7 +1037,6 @@@ msgstr "Î?_νομα:
msgid "_Old Password:"
msgstr "_ΠαλιÏ?Ï? κÏ?δικÏ?Ï?:"
- #: ../ui/gku-prompt.ui.h:8
+ #: ../ui/gku-prompt.ui.h:7
msgid "_Password:"
msgstr "_Î?Ï?δικÏ?Ï?:"
-
diff --cc po/it.po
index f2edb5a,fb36c4b..2460546
--- a/po/it.po
+++ b/po/it.po
@@@ -183,178 -93,53 +93,53 @@@ msgstr "Portachiavi di GNOME: agente SS
# [NdT] ecco il nome completo: "il mio nome è Agent, Key Agent" :-D
#: ../daemon/gnome-keyring-ssh.desktop.in.in.h:2
msgid "SSH Key Agent"
- msgstr "Agente chiave SSH "
-
- #. TRANSLATORS: This is the display label for the login keyring
- #: ../daemon/login/gkd-login.c:174
- msgid "Login"
- msgstr "Login"
-
- #: ../daemon/login/gkd-login.c:596
- #, c-format
- msgid "Unlock password for: %s"
- msgstr "Password di sblocco per: %s"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:294
- msgid "New Password Required"
- msgstr "Richiesta nuova password"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:295
- msgid "New password required for secure storage"
- msgstr "Richiesta una nuova password per l'archivio sicuro"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:297
- #, c-format
- msgid ""
- "In order to prepare '%s' for storage of certificates or keys, a password is "
- "required"
- msgstr ""
- "Per poter preparare \"%s\" per l'archiviazione di certificati o chiavi, è "
- "richiesta una password"
+ msgstr "Agente della chiave SSH"
- # sarebbe titolo dialogo
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:360
- msgid "Unlock private key"
- msgstr "Sblocca chiave privata"
-
- # sarebbe titolo dialogo
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:362
- msgid "Unlock certificate"
- msgstr "Sblocca certificato"
-
- # sarebbe titolo dialogo
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:364
- msgid "Unlock public key"
- msgstr "Sblocca chiave pubblica"
-
- # sarebbe titolo dialogo
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:366
- msgid "Unlock"
- msgstr "Sblocca"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:375 ../gcr/gcr-importer.c:436
- msgid "Enter password to unlock the private key"
- msgstr "Inserire la password per sbloccare la chiave privata"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:377 ../gcr/gcr-importer.c:438
- msgid "Enter password to unlock the certificate"
- msgstr "Inserire la password per sbloccare il certificato"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:379
- msgid "Enter password to unlock the public key"
- msgstr "Inserire la password per sbloccare la chiave pubblica"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:381 ../gcr/gcr-importer.c:440
- msgid "Enter password to unlock"
- msgstr "Inserire la password per sbloccare"
-
- #. TRANSLATORS: The private key is locked
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:391
- #, c-format
- msgid "An application wants access to the private key '%s', but it is locked"
- msgstr ""
- "Un'applicazione vuole accedere alla chiave privata \"%s\", ma la chiave è "
- "bloccata"
-
- #. TRANSLATORS: The certificate is locked
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:394
- #, c-format
- msgid "An application wants access to the certificate '%s', but it is locked"
- msgstr ""
- "Un'applicazione vuole accedere al certificato \"%s\", ma il certificato è "
- "bloccato"
-
- #. TRANSLATORS: The public key is locked
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:397
- #, c-format
- msgid "An application wants access to the public key '%s', but it is locked"
- msgstr ""
- "Un'applicazione vuole accedere alla chiave pubblica \"%s\", ma la chiave è "
- "bloccata"
-
- #. TRANSLATORS: The object '%s' is locked
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:400
- #, c-format
- msgid "An application wants access to '%s', but it is locked"
- msgstr "Un'applicazione vuole accedere a \"%s\", ma tale elemento è bloccato"
-
- # sarebbe titolo dialogo
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:595
- msgid "Unlock certificate/key storage"
- msgstr "Sblocca archivio certificato/chiave"
-
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:596
- msgid "Enter password to unlock the certificate/key storage"
- msgstr ""
- "Inserire la password per sbloccare l'archivio del certificato/della chiave"
-
- #. TRANSLATORS: The storage is locked, and needs unlocking before the application can use it.
- #: ../daemon/pkcs11/gkd-pkcs11-auth.c:599
-# [NdT] no, più che l'agente Bond, c'è l'agente SSH
++# [NdT] no, più che l'agente Bond, c'è l'agente SSH
+ # (chissà che numero 00 ha) :-D
+ #: ../daemon/gnome-keyring-gpg.desktop.in.in.h:1
+ #| msgid "GNOME Keyring: SSH Agent"
+ msgid "GNOME Keyring: GPG Agent"
+ msgstr "Portachiavi di GNOME: agente GPG"
+
+ #: ../daemon/gnome-keyring-gpg.desktop.in.in.h:2
+ #| msgid "New password strength"
+ msgid "GPG Password Agent"
+ msgstr "Agente della password GPG"
+
+ #: ../daemon/gpg-agent/gkd-gpg-agent-ops.c:104
+ #| msgid "Unknown error"
+ msgid "Unknown"
+ msgstr "Sconosciuto"
+
+ #: ../daemon/gpg-agent/gkd-gpg-agent-ops.c:202
#, c-format
- msgid ""
- "An application wants access to the certificate/key storage '%s', but it is "
- "locked"
- msgstr ""
- "Un'applicazione vuole accedere all'archivio del certificato/della chiave \"%s"
- "\", ma è bloccato"
-
- #: ../daemon/prompt/gkd-prompt-tool.c:393
- msgid "Store passwords unencrypted?"
- msgstr "Archiviare le password senza cifrarle?"
-
- #: ../daemon/prompt/gkd-prompt-tool.c:394
- msgid ""
- "By choosing to use a blank password, your stored passwords will not be "
- "safely encrypted. They will be accessible by anyone with access to your "
- "files."
- msgstr ""
- "Scegliendo di usare una password vuota, le proprie password archiviate non "
- "saranno cifrate in modo sicuro. In questo modo esse saranno accessibili da "
- "chiunque ha accesso ai propri file."
-
- #: ../daemon/prompt/gkd-prompt-tool.c:401
- msgid "Use Unsafe Storage"
- msgstr "Usa archiviazione non sicura"
-
- #: ../daemon/prompt/gkd-prompt-tool.c:431
- msgid "Passwords do not match."
- msgstr "Le password non corrispondono."
-
- #: ../daemon/prompt/gkd-prompt-tool.c:441
- msgid "Password cannot be blank"
- msgstr "La password non può essere vuota"
-
- #: ../daemon/prompt/gkd-prompt.ui.h:1
- msgid "Automatically unlock this keyring whenever I'm logged in"
- msgstr "Sblocca automaticamente questo portachiavi all'accesso"
+ msgid "PGP Key: %s"
+ msgstr "Chiave PGP: %s"
- #: ../daemon/prompt/gkd-prompt.ui.h:2
- msgid "New password strength"
- msgstr "Robustezza della nuova password"
-
- #: ../daemon/prompt/gkd-prompt.ui.h:3
- msgid "_Application:"
- msgstr "_Applicazione:"
+ #: ../daemon/gpg-agent/gkd-gpg-agent-ops.c:352
+ #: ../daemon/gpg-agent/gkd-gpg-agent-ops.c:353
+ msgid "Enter Passphrase"
+ msgstr "Inserire passphrase"
- #: ../daemon/prompt/gkd-prompt.ui.h:4
- msgid "_Confirm:"
- msgstr "_Conferma:"
+ #: ../daemon/gpg-agent/gkd-gpg-agent-ops.c:385
+ #| msgid "Lock this keyring if idle for"
+ msgid "Forget this password if idle for"
+ msgstr "Dimentica questa password se inattivo per"
- #: ../daemon/prompt/gkd-prompt.ui.h:5
- msgid "_Details:"
- msgstr "_Dettagli:"
+ #: ../daemon/gpg-agent/gkd-gpg-agent-ops.c:386
+ msgid "Forget this password after"
+ msgstr "Dimentica questa password dopo"
- #: ../daemon/prompt/gkd-prompt.ui.h:6
- msgid "_Name:"
- msgstr "_Nome:"
+ #: ../daemon/gpg-agent/gkd-gpg-agent-ops.c:387
+ #| msgid "Lock this keyring when I log out"
+ msgid "Forget this password when I log out"
+ msgstr "Dimentica questa password al termine della sessione"
- #: ../daemon/prompt/gkd-prompt.ui.h:7
- msgid "_Old Password:"
- msgstr "_Vecchia password:"
-
- #: ../daemon/prompt/gkd-prompt.ui.h:8
- msgid "_Password:"
- msgstr "_Password:"
+ #. TRANSLATORS: This is the display label for the login keyring
+ #: ../daemon/login/gkd-login.c:159
+ msgid "Login"
+ msgstr "Login"
#: ../egg/egg-oid.c:41
msgid "Domain Component"
diff --cc tool/Makefile.am
index 56c2cea,75c3aa3..441939e
--- a/tool/Makefile.am
+++ b/tool/Makefile.am
@@@ -6,12 -6,12 +6,13 @@@ INCLUDES=
-I$(top_builddir) \
$(GTK_CFLAGS) \
$(GOBJECT_CFLAGS) \
- $(GLIB_CFLAGS)
-
+ $(GLIB_CFLAGS) \
+ -DGCK_API_SUBJECT_TO_CHANGE
+
gnome_keyring GCR_VERSION_SUFFIX@_SOURCES = \
gkr-tool.c gkr-tool.h \
- gkr-tool-import.c
+ gkr-tool-import.c \
+ gkr-tool-trust.c
gnome_keyring GCR_VERSION_SUFFIX@_CFLAGS = \
-DGCR_API_SUBJECT_TO_CHANGE \
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
