[gnome-keyring/gnome-3-0] gcr: Implement debug tracing
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/gnome-3-0] gcr: Implement debug tracing
- Date: Mon, 18 Apr 2011 11:23:03 +0000 (UTC)
commit 908351a45a37e66fc2bc45883961f21385789045
Author: Stef Walter <stefw collabora co uk>
Date: Wed Apr 13 07:25:42 2011 +0200
gcr: Implement debug tracing
* Instrument the certificate chain code.
docs/reference/gcr/gcr-sections.txt | 4 +-
gcr/Makefile.am | 3 +-
gcr/gcr-certificate-chain.c | 46 ++++++++++++++-
gcr/gcr-debug.c | 106 +++++++++++++++++++++++++++++++++++
gcr/gcr-debug.h | 86 ++++++++++++++++++++++++++++
gcr/gcr-library.c | 4 +
gcr/tests/frob-certificate.c | 1 +
gcr/tests/frob-key.c | 1 +
gcr/tests/frob-unlock-options.c | 1 +
gcr/tests/test-certificate-chain.c | 1 +
gcr/tests/test-certificate.c | 1 +
gcr/tests/test-parser.c | 1 +
gcr/tests/test-pkcs11-certificate.c | 1 +
gcr/tests/test-simple-certificate.c | 1 +
gcr/tests/test-trust.c | 1 +
15 files changed, 254 insertions(+), 4 deletions(-)
---
diff --git a/docs/reference/gcr/gcr-sections.txt b/docs/reference/gcr/gcr-sections.txt
index 3fe7059..094dce7 100644
--- a/docs/reference/gcr/gcr-sections.txt
+++ b/docs/reference/gcr/gcr-sections.txt
@@ -154,6 +154,8 @@ gcr_pkcs11_get_trust_lookup_uris
gcr_pkcs11_set_trust_lookup_uris
gcr_pkcs11_get_trust_store_uri
gcr_pkcs11_set_trust_store_uri
+<SUBSECTION Private>
+GcrDebugFlags
</SECTION>
<SECTION>
@@ -320,4 +322,4 @@ GcrUnlockOptionsWidgetPrivate
<SUBSECTION Standard>
gcr_data_error_get_domain
GCK_API_SUBJECT_TO_CHANGE
-</SECTION>
\ No newline at end of file
+</SECTION>
diff --git a/gcr/Makefile.am b/gcr/Makefile.am
index 2ab8ab1..e68e550 100644
--- a/gcr/Makefile.am
+++ b/gcr/Makefile.am
@@ -69,6 +69,7 @@ libgcr GCR_VERSION_SUFFIX@_la_SOURCES = \
gcr-certificate-chain.c gcr-certificate-chain.h \
gcr-certificate-renderer.c gcr-certificate-renderer.h \
gcr-certificate-widget.c gcr-certificate-widget.h \
+ gcr-debug.c gcr-debug.h \
gcr-display-scrolled.c gcr-display-scrolled.h \
gcr-display-view.c gcr-display-view.h \
gcr-icons.c gcr-icons.h \
@@ -135,4 +136,4 @@ CLEANFILES = \
$(pkgconfig_DATA)
DISTCLEANFILES = \
- $(pkgconfig_DATA)
\ No newline at end of file
+ $(pkgconfig_DATA)
diff --git a/gcr/gcr-certificate-chain.c b/gcr/gcr-certificate-chain.c
index 047ac5f..0c38582 100644
--- a/gcr/gcr-certificate-chain.c
+++ b/gcr/gcr-certificate-chain.c
@@ -26,11 +26,14 @@
#include "gcr-certificate-chain.h"
#include "gcr-certificate.h"
+#define DEBUG_FLAG GCR_DEBUG_CERTIFICATE_CHAIN
+#include "gcr-debug.h"
#include "gcr-pkcs11-certificate.h"
#include "gcr-simple-certificate.h"
-
#include "gcr-trust.h"
+#include "egg/egg-error.h"
+
/**
* SECTION:gcr-certificate-chain
* @title: GcrCertificateChain
@@ -182,6 +185,8 @@ prep_chain_private_thread_safe (GcrCertificateChainPrivate *orig, const gchar *p
g_return_val_if_fail (der, NULL);
safe = gcr_simple_certificate_new (der, n_der);
+ _gcr_debug ("copying certificate so it's thread safe");
+
/* Always set the original certificate onto the safe one */
g_object_set_qdata_full (G_OBJECT (safe), Q_ORIGINAL_CERT,
g_object_ref (certificate), g_object_unref);
@@ -223,6 +228,7 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
gboolean lookups;
gboolean ret;
guint length;
+ gchar *subject;
g_assert (pv);
g_assert (pv->certificates);
@@ -231,15 +237,25 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
lookups = !((pv->flags & GCR_CERTIFICATE_CHAIN_FLAG_NO_LOOKUPS) == GCR_CERTIFICATE_CHAIN_FLAG_NO_LOOKUPS);
/* This chain is built */
- if (!pv->certificates->len)
+ if (!pv->certificates->len) {
+ _gcr_debug ("empty certificate chain");
return TRUE;
+ }
/* First check for pinned certificates */
certificate = g_ptr_array_index (pv->certificates, 0);
+ if (_gcr_debugging) {
+ subject = gcr_certificate_get_subject_dn (certificate);
+ _gcr_debug ("first certificate: %s", subject);
+ g_free (subject);
+ }
+
if (lookups && pv->peer) {
ret = gcr_trust_is_certificate_pinned (certificate, pv->purpose,
pv->peer, cancellable, &error);
if (!ret && error) {
+ _gcr_debug ("failed to lookup pinned certificate: %s",
+ egg_error_message (error));
g_propagate_error (rerror, error);
return FALSE;
}
@@ -249,6 +265,9 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
* is irrelevant, so truncate chain and consider built.
*/
if (ret) {
+ _gcr_debug ("found pinned certificate for peer '%s', truncating chain",
+ pv->peer);
+
g_ptr_array_set_size (pv->certificates, 1);
pv->status = GCR_CERTIFICATE_CHAIN_PINNED;
return TRUE;
@@ -262,6 +281,7 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
/* Stop the chain if previous was self-signed */
if (gcr_certificate_is_issuer (certificate, certificate)) {
+ _gcr_debug ("found self-signed certificate");
pv->status = GCR_CERTIFICATE_CHAIN_SELFSIGNED;
break;
}
@@ -269,25 +289,42 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
/* Try the next certificate in the chain */
if (length < pv->certificates->len) {
certificate = g_ptr_array_index (pv->certificates, length);
+ if (_gcr_debugging) {
+ subject = gcr_certificate_get_subject_dn (certificate);
+ _gcr_debug ("next certificate: %s", subject);
+ g_free (subject);
+ }
/* No more in chain, try to lookup */
} else if (lookups) {
certificate = gcr_pkcs11_certificate_lookup_issuer (certificate,
cancellable, &error);
if (error != NULL) {
+ _gcr_debug ("failed to lookup issuer: %s", error->message);
g_propagate_error (rerror, error);
return FALSE;
+
} else if (certificate) {
g_ptr_array_add (pv->certificates, certificate);
+ if (_gcr_debugging) {
+ subject = gcr_certificate_get_subject_dn (certificate);
+ _gcr_debug ("found issuer certificate: %s", subject);
+ g_free (subject);
+ }
+
+ } else {
+ _gcr_debug ("no issuer found");
}
/* No more in chain, and can't lookup */
} else {
+ _gcr_debug ("no more certificates available, and no lookups");
certificate = NULL;
}
/* Stop the chain if nothing found */
if (certificate == NULL) {
+ _gcr_debug ("chain is incomplete");
pv->status = GCR_CERTIFICATE_CHAIN_INCOMPLETE;
break;
}
@@ -300,11 +337,14 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
cancellable, &error);
if (!ret && error) {
+ _gcr_debug ("failed to lookup anchored certificate: %s",
+ egg_error_message (error));
g_propagate_error (rerror, error);
return FALSE;
/* Stop the chain at the first anchor */
} else if (ret) {
+ _gcr_debug ("found anchored certificate");
pv->status = GCR_CERTIFICATE_CHAIN_ANCHORED;
break;
}
@@ -329,6 +369,8 @@ thread_build_chain (GSimpleAsyncResult *result, GObject *object,
pv = g_object_get_qdata (G_OBJECT (result), Q_OPERATION_DATA);
g_assert (pv);
+ _gcr_debug ("building asynchronously in another thread");
+
if (!perform_build_chain (pv, cancellable, &error)) {
g_simple_async_result_set_from_error (result, error);
g_clear_error (&error);
diff --git a/gcr/gcr-debug.c b/gcr/gcr-debug.c
new file mode 100644
index 0000000..04a3530
--- /dev/null
+++ b/gcr/gcr-debug.c
@@ -0,0 +1,106 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2; -*- */
+/*
+ * Copyright (C) 2007 Collabora Ltd.
+ * Copyright (C) 2007 Nokia Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "config.h"
+
+#include "gcr-debug.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <glib.h>
+#include <glib/gstdio.h>
+
+#ifdef WITH_DEBUG
+
+static GcrDebugFlags current_flags = 0;
+
+static GDebugKey keys[] = {
+ { "certificate-chain", GCR_DEBUG_CERTIFICATE_CHAIN },
+ { 0, }
+};
+
+static void
+debug_set_flags (GcrDebugFlags new_flags)
+{
+ current_flags |= new_flags;
+}
+
+void
+_gcr_debug_set_flags (const gchar *flags_string)
+{
+ guint nkeys;
+
+ for (nkeys = 0; keys[nkeys].value; nkeys++);
+
+ if (flags_string)
+ debug_set_flags (g_parse_debug_string (flags_string, keys, nkeys));
+}
+
+gboolean
+_gcr_debug_flag_is_set (GcrDebugFlags flag)
+{
+ return (flag & current_flags) != 0;
+}
+
+void
+_gcr_debug_message (GcrDebugFlags flag, const gchar *format, ...)
+{
+ static gsize initialized_flags = 0;
+ gchar *message;
+ va_list args;
+
+ if (g_once_init_enter (&initialized_flags)) {
+ _gcr_debug_set_flags (g_getenv ("GCR_DEBUG"));
+ g_once_init_leave (&initialized_flags, 1);
+ }
+
+ va_start (args, format);
+ message = g_strdup_vprintf (format, args);
+ va_end (args);
+
+ if (flag & current_flags)
+ g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", message);
+
+ g_free (message);
+}
+
+#else /* !WITH_DEBUG */
+
+gboolean
+_gcr_debug_flag_is_set (GcrDebugFlags flag)
+{
+ return FALSE;
+}
+
+void
+_gcr_debug_message (GcrDebugFlags flag, const gchar *format, ...)
+{
+}
+
+void
+_gcr_debug_set_flags (const gchar *flags_string)
+{
+}
+
+#endif /* !WITH_DEBUG */
diff --git a/gcr/gcr-debug.h b/gcr/gcr-debug.h
new file mode 100644
index 0000000..46de32c
--- /dev/null
+++ b/gcr/gcr-debug.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2007 Nokia Corporation
+ * Copyright (C) 2007-2011 Collabora Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef GCR_DEBUG_H
+#define GCR_DEBUG_H
+
+#include "config.h"
+
+#include <glib.h>
+
+G_BEGIN_DECLS
+
+/* Please keep this enum in sync with #keys in gcr-debug.c */
+typedef enum {
+ GCR_DEBUG_LIBRARY = 1 << 1,
+ GCR_DEBUG_CERTIFICATE_CHAIN = 1 << 2,
+} GcrDebugFlags;
+
+gboolean _gcr_debug_flag_is_set (GcrDebugFlags flag);
+
+void _gcr_debug_set_flags (const gchar *flags_string);
+
+void _gcr_debug_message (GcrDebugFlags flag,
+ const gchar *format,
+ ...) G_GNUC_PRINTF (2, 3);
+
+G_END_DECLS
+
+#endif /* GCR_DEBUG_H */
+
+/* -----------------------------------------------------------------------------
+ * Below this point is outside the GCR_DEBUG_H guard - so it can take effect
+ * more than once. So you can do:
+ *
+ * #define DEBUG_FLAG GCR_DEBUG_ONE_THING
+ * #include "gcr-debug.h"
+ * ...
+ * DEBUG ("if we're debugging one thing");
+ * ...
+ * #undef DEBUG_FLAG
+ * #define DEBUG_FLAG GCR_DEBUG_OTHER_THING
+ * #include "gcr-debug.h"
+ * ...
+ * DEBUG ("if we're debugging the other thing");
+ * ...
+ */
+
+#ifdef DEBUG_FLAG
+#ifdef WITH_DEBUG
+
+#undef _gcr_debug
+#define _gcr_debug(format, ...) \
+ _gcr_debug_message (DEBUG_FLAG, "%s: " format, G_STRFUNC, ##__VA_ARGS__)
+
+#undef _gcr_debugging
+#define _gcr_debugging \
+ _gcr_debug_flag_is_set (DEBUG_FLAG)
+
+#else /* !defined (WITH_DEBUG) */
+
+#undef _gcr_debug
+#define _gcr_debug(format, ...) \
+ do {} while (0)
+
+#undef _gcr_debugging
+#define _gcr_debugging 0
+
+#endif /* !defined (WITH_DEBUG) */
+
+#endif /* defined (DEBUG_FLAG) */
diff --git a/gcr/gcr-library.c b/gcr/gcr-library.c
index 5991a2a..0f338ed 100644
--- a/gcr/gcr-library.c
+++ b/gcr/gcr-library.c
@@ -22,6 +22,8 @@
#include "config.h"
#include "gcr-types.h"
+#define DEBUG_FLAG GCR_DEBUG_LIBRARY
+#include "gcr-debug.h"
#include "gcr-internal.h"
#include "gcr-library.h"
@@ -176,6 +178,8 @@ _gcr_initialize (void)
g_once_init_leave (&gcr_initialized, 1);
}
+
+ _gcr_debug ("initialized library");
}
/**
diff --git a/gcr/tests/frob-certificate.c b/gcr/tests/frob-certificate.c
index 2a181ac..827eb6c 100644
--- a/gcr/tests/frob-certificate.c
+++ b/gcr/tests/frob-certificate.c
@@ -99,6 +99,7 @@ int
main(int argc, char *argv[])
{
gtk_init (&argc, &argv);
+ g_set_prgname ("frob-certificate");
if (argc > 1) {
test_certificate (argv[1]);
diff --git a/gcr/tests/frob-key.c b/gcr/tests/frob-key.c
index cd02be6..0c79504 100644
--- a/gcr/tests/frob-key.c
+++ b/gcr/tests/frob-key.c
@@ -97,6 +97,7 @@ int
main(int argc, char *argv[])
{
gtk_init (&argc, &argv);
+ g_set_prgname ("frob-key");
if (argc > 1) {
test_key (argv[1]);
diff --git a/gcr/tests/frob-unlock-options.c b/gcr/tests/frob-unlock-options.c
index 96b9ff5..eb604e0 100644
--- a/gcr/tests/frob-unlock-options.c
+++ b/gcr/tests/frob-unlock-options.c
@@ -97,6 +97,7 @@ int
main(int argc, char *argv[])
{
gtk_init (&argc, &argv);
+ g_set_prgname ("frob-unlock-options");
chdir_base_dir (argv[0]);
test_unlock_options ();
diff --git a/gcr/tests/test-certificate-chain.c b/gcr/tests/test-certificate-chain.c
index 1656262..ade0eac 100644
--- a/gcr/tests/test-certificate-chain.c
+++ b/gcr/tests/test-certificate-chain.c
@@ -636,6 +636,7 @@ main (int argc, char **argv)
g_type_init ();
g_test_init (&argc, &argv, NULL);
+ g_set_prgname ("test-certificate-chain");
srcdir = g_getenv ("SRCDIR");
if (srcdir && chdir (srcdir) < 0)
diff --git a/gcr/tests/test-certificate.c b/gcr/tests/test-certificate.c
index 89d1741..137fe2a 100644
--- a/gcr/tests/test-certificate.c
+++ b/gcr/tests/test-certificate.c
@@ -259,6 +259,7 @@ main (int argc, char **argv)
g_type_init ();
g_test_init (&argc, &argv, NULL);
+ g_set_prgname ("test-certificate");
srcdir = g_getenv ("SRCDIR");
if (srcdir && chdir (srcdir) < 0)
diff --git a/gcr/tests/test-parser.c b/gcr/tests/test-parser.c
index ae2c466..e23b2a8 100644
--- a/gcr/tests/test-parser.c
+++ b/gcr/tests/test-parser.c
@@ -156,6 +156,7 @@ main (int argc, char **argv)
g_type_init ();
g_test_init (&argc, &argv, NULL);
+ g_set_prgname ("test-parser");
srcdir = g_getenv ("SRCDIR");
if (srcdir && chdir (srcdir) < 0)
diff --git a/gcr/tests/test-pkcs11-certificate.c b/gcr/tests/test-pkcs11-certificate.c
index 52379aa..c5d4c90 100644
--- a/gcr/tests/test-pkcs11-certificate.c
+++ b/gcr/tests/test-pkcs11-certificate.c
@@ -269,6 +269,7 @@ main (int argc, char **argv)
g_type_init ();
g_test_init (&argc, &argv, NULL);
+ g_set_prgname ("test-pkcs11-certificate");
srcdir = g_getenv ("SRCDIR");
if (srcdir && chdir (srcdir) < 0)
diff --git a/gcr/tests/test-simple-certificate.c b/gcr/tests/test-simple-certificate.c
index 8b7d416..707d294 100644
--- a/gcr/tests/test-simple-certificate.c
+++ b/gcr/tests/test-simple-certificate.c
@@ -97,6 +97,7 @@ main (int argc, char **argv)
g_type_init ();
g_test_init (&argc, &argv, NULL);
+ g_set_prgname ("test-simple-certificate");
srcdir = g_getenv ("SRCDIR");
if (srcdir && chdir (srcdir) < 0)
diff --git a/gcr/tests/test-trust.c b/gcr/tests/test-trust.c
index f21f80d..a7a33eb 100644
--- a/gcr/tests/test-trust.c
+++ b/gcr/tests/test-trust.c
@@ -313,6 +313,7 @@ main (int argc, char **argv)
g_type_init ();
g_test_init (&argc, &argv, NULL);
+ g_set_prgname ("test-trust");
srcdir = g_getenv ("SRCDIR");
if (srcdir && chdir (srcdir) < 0)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
