[gnome-keyring/trust-store] [tool] Implement setting of trust-exception

[Stefan Walter <stefw src gnome org>]

commit 577ae10c0fe9b2bf508541ede7ce3cb1d44f48aa
Author: Stef Walter <stef memberwebs com>
Date:   Sun Sep 19 02:33:06 2010 +0000

    [tool] Implement setting of trust-exception
    
    Implement '--set trusted' in trust-exception gnome-keyring tool.

 tool/gkr-tool-trust.c |   97 ++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 83 insertions(+), 14 deletions(-)
---
diff --git a/tool/gkr-tool-trust.c b/tool/gkr-tool-trust.c
index a04c4fa..a2184e6 100644
--- a/tool/gkr-tool-trust.c
+++ b/tool/gkr-tool-trust.c
@@ -50,19 +50,49 @@ struct {
 	{ "ipsec-ike-intermediate", GCR_PURPOSE_IKE_INTERMEDIATE },
 };
 
-static GcrPurpose
-purpose_for_string (const gchar *string)
+struct {
+	const gchar *name;
+	GcrPurpose trust;
+} trust_names[] = {
+	{ "trusted", GCR_TRUST_TRUSTED },
+	{ "untrusted", GCR_TRUST_UNTRUSTED },
+	{ "unknown", GCR_TRUST_UNKNOWN },
+};
+
+static gboolean
+purpose_for_string (const gchar *string, GcrPurpose *purpose)
 {
 	guint i;
 
 	g_assert (string);
+	g_assert (purpose);
 
 	for (i = 0; i < G_N_ELEMENTS (purpose_names); ++i) {
-		if (g_str_equal (purpose_names[i].name, string))
-			return purpose_names[i].purpose;
+		if (g_str_equal (purpose_names[i].name, string)) {
+			*purpose = purpose_names[i].purpose;
+			return TRUE;
+		}
 	}
 
-	return 0;
+	return FALSE;
+}
+
+static gboolean
+trust_for_string (const gchar *string, GcrTrust *trust)
+{
+	guint i;
+
+	g_assert (string);
+	g_assert (trust);
+
+	for (i = 0; i < G_N_ELEMENTS (trust_names); ++i) {
+		if (g_str_equal (trust_names[i].name, string)) {
+			*trust = trust_names[i].trust;
+			return TRUE;
+		}
+	}
+
+	return FALSE;
 }
 
 static const gchar*
@@ -78,13 +108,8 @@ purpose_to_string (GcrPurpose purpose)
 	return NULL;
 }
 
-static GOptionEntry trust_entries[] = {
-	GKR_TOOL_BASIC_OPTIONS
-	{ NULL }
-};
-
 static int
-get_certificate_exceptions (GcrCertificate *certificate, GcrPurpose purpose)
+get_certificate_exception (GcrCertificate *certificate, GcrPurpose purpose)
 {
 	GError *error = NULL;
 	const gchar *string;
@@ -107,6 +132,38 @@ get_certificate_exceptions (GcrCertificate *certificate, GcrPurpose purpose)
 	return 0;
 }
 
+static int
+set_certificate_exception (GcrCertificate *certificate, GcrPurpose purpose, GcrTrust trust)
+{
+	GError *error = NULL;
+	const gchar *string;
+
+	if (!gcr_trust_set_certificate_exception (certificate, purpose, trust, NULL, &error)) {
+		gkr_tool_handle_error (&error, "setting trust exception failed");
+		return 1;
+	}
+
+	if (!gkr_tool_mode_quiet) {
+		string = purpose_to_string (purpose);
+		if (trust == GCR_TRUST_UNKNOWN)
+			g_print ("%s: no trust exception\n", string);
+		else if (trust == GCR_TRUST_TRUSTED)
+			g_print ("%s: certificate is explicitly trusted\n", string);
+		else if (trust == GCR_TRUST_UNTRUSTED)
+			g_print ("%s: certificate is explicitly untrusted\n", string);
+	}
+
+	return 0;
+}
+
+static gchar *set_trust = NULL;
+
+static GOptionEntry trust_entries[] = {
+	GKR_TOOL_BASIC_OPTIONS
+	{ "set", 0, 0, G_OPTION_ARG_STRING, &set_trust, "Set trust exception", "trust" },
+	{ NULL }
+};
+
 int
 gkr_tool_trust (int argc, char *argv[])
 {
@@ -117,6 +174,7 @@ gkr_tool_trust (int argc, char *argv[])
 	GFile *file = NULL;
 	gchar *contents;
 	gsize length;
+	GcrTrust trust;
 	int ret = 2;
 	guint i;
 
@@ -131,14 +189,20 @@ gkr_tool_trust (int argc, char *argv[])
 
 	purposes = g_array_new (FALSE, TRUE, sizeof (GcrPurpose));
 	for (i = 2; i < argc; ++i) {
-		purpose = purpose_for_string (argv[i]);
-		if (purpose == 0) {
+		if (!purpose_for_string (argv[i], &purpose)) {
 			gkr_tool_handle_error (NULL, "invalid purpose: %s", argv[i]);
 			goto done;
 		}
 		g_array_append_val (purposes, purpose);
 	}
 
+	if (set_trust) {
+		if (!trust_for_string (set_trust, &trust)) {
+			gkr_tool_handle_error (NULL, "invalid trust string: %s", set_trust);
+			goto done;
+		}
+	}
+
 	ret = 1;
 
 	file = g_file_new_for_commandline_arg (argv[1]);
@@ -151,7 +215,11 @@ gkr_tool_trust (int argc, char *argv[])
 	g_free (contents);
 
 	for (i = 0; i < purposes->len; ++i) {
-		ret = get_certificate_exceptions (certificate, g_array_index (purposes, GcrPurpose, i));
+		purpose = g_array_index (purposes, GcrPurpose, i);
+		if (set_trust)
+			ret = set_certificate_exception (certificate, purpose, trust);
+		else
+			ret = get_certificate_exception (certificate, purpose);
 		if (ret != 0)
 			break;
 	}
@@ -163,5 +231,6 @@ done:
 		g_array_free (purposes, TRUE);
 	if (certificate != NULL)
 		g_object_unref (certificate);
+	g_free (set_trust);
 	return ret;
 }