[geary/wip/713247-tls] Cleanup, refactoring in GearyController
- From: Jim Nelson <jnelson src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [geary/wip/713247-tls] Cleanup, refactoring in GearyController
- Date: Thu, 28 Aug 2014 02:46:55 +0000 (UTC)
commit e42178000eab2efd5c5ac07bd09a666a7a16923e
Author: Jim Nelson <jim yorba org>
Date: Wed Aug 27 18:05:03 2014 -0700
Cleanup, refactoring in GearyController
po/POTFILES.in | 1 +
src/client/application/geary-controller.vala | 141 ++++++++++++---------
src/engine/api/geary-endpoint.vala | 2 +-
src/engine/imap-db/outbox/smtp-outbox-folder.vala | 2 +-
4 files changed, 82 insertions(+), 64 deletions(-)
---
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 998dcd6..32ae9a4 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -115,6 +115,7 @@ src/engine/api/geary-named-flag.vala
src/engine/api/geary-progress-monitor.vala
src/engine/api/geary-search-folder.vala
src/engine/api/geary-search-query.vala
+src/engine/api/geary-service.vala
src/engine/api/geary-service-provider.vala
src/engine/api/geary-special-folder-type.vala
src/engine/app/app-conversation-monitor.vala
diff --git a/src/client/application/geary-controller.vala b/src/client/application/geary-controller.vala
index f4d33f1..9f3c90a 100644
--- a/src/client/application/geary-controller.vala
+++ b/src/client/application/geary-controller.vala
@@ -5,6 +5,7 @@
*/
// Required because Gcr's VAPI is behind-the-times
+// TODO: When bindings available, use async variants of these calls
extern const string GCR_PURPOSE_SERVER_AUTH;
extern bool gcr_trust_add_pinned_certificate(Gcr.Certificate cert, string purpose, string peer,
Cancellable? cancellable) throws Error;
@@ -519,33 +520,56 @@ public class GearyController : Geary.BaseObject {
private async void prompt_untrusted_host_async(Geary.AccountInformation account_information,
Geary.Endpoint endpoint, Geary.Endpoint.SecurityType security, TlsConnection cx,
Geary.Service service, TlsCertificateFlags warnings) {
+ // use a mutex to prevent multiple dialogs popping up at the same time
int token = Geary.Nonblocking.Mutex.INVALID_TOKEN;
try {
- // use a mutex to prevent multiple dialogs popping up at the same time
token = yield untrusted_host_prompt_mutex.claim_async();
+ } catch (Error err) {
+ message("Unable to lock mutex to prompt user about invalid certificate: %s", err.message);
- // possible while waiting on mutex that this endpoint became trusted or untrusted
- if (endpoint.trust_untrusted_host != Geary.Trillian.UNKNOWN)
- return;
-
- // Convert into a GCR certificate
- Gcr.Certificate cert = new Gcr.SimpleCertificate(cx.peer_certificate.certificate.data);
- string peer = "%s:%u".printf(endpoint.remote_address.hostname, endpoint.remote_address.port);
+ return;
+ }
+
+ yield locked_prompt_untrusted_host_async(account_information, endpoint, security, cx,
+ service, warnings);
+
+ try {
+ untrusted_host_prompt_mutex.release(ref token);
+ } catch (Error err) {
+ message("Unable to release mutex after prompting user about invalid certificate: %s",
+ err.message);
+ }
+ }
+
+ private async void locked_prompt_untrusted_host_async(Geary.AccountInformation account_information,
+ Geary.Endpoint endpoint, Geary.Endpoint.SecurityType security, TlsConnection cx,
+ Geary.Service service, TlsCertificateFlags warnings) {
+ // possible while waiting on mutex that this endpoint became trusted or untrusted
+ if (endpoint.trust_untrusted_host != Geary.Trillian.UNKNOWN)
+ return;
+
+ // Convert into a GCR certificate
+ Gcr.Certificate cert = new Gcr.SimpleCertificate(cx.peer_certificate.certificate.data);
+ string peer = "%s:%u".printf(endpoint.remote_address.hostname, endpoint.remote_address.port);
+
+ // Geary allows for user to auto-revoke all questionable server certificates without
+ // digging around in a keyring/pk manager
+ if (Args.revoke_certs) {
+ debug("Auto-revoking certificate for %s...", peer);
- // Geary allows for user to auto-revoke all questionable server certificates without
- // digging around in a keyring/pk manager
- if (Args.revoke_certs) {
- debug("Auto-revoking certificate for %s...", peer);
+ try {
+ gcr_trust_remove_pinned_certificate(cert, GCR_PURPOSE_SERVER_AUTH, peer, null);
+ } catch (Error err) {
+ message("Unable to auto-revoke server certificate for %s: %s", peer, err.message);
- try {
- gcr_trust_remove_pinned_certificate(cert, GCR_PURPOSE_SERVER_AUTH, peer, null);
- } catch (Error err) {
- message("Unable to auto-revoke server certificate for %s: %s", peer, err.message);
- }
+ // drop through, not absolutely valid to do this (might also mean certificate
+ // was never pinned)
}
-
- // if pinned, the user has already made an exception for this server and its certificate,
- // so go ahead w/o asking
+ }
+
+ // if pinned, the user has already made an exception for this server and its certificate,
+ // so go ahead w/o asking
+ try {
if (gcr_trust_is_certificate_pinned(cert, GCR_PURPOSE_SERVER_AUTH, peer, null)) {
debug("Certificate for %s is pinned, accepting connection...", peer);
@@ -553,54 +577,47 @@ public class GearyController : Geary.BaseObject {
return;
}
+ } catch (Error err) {
+ message("Unable to check if server certificate for %s is pinned, assuming not: %s",
+ peer, err.message);
+ }
+
+ // question the user about this certificate
+ CertificateWarningDialog dialog = new CertificateWarningDialog(main_window, endpoint,
+ service, warnings);
+ switch (dialog.run()) {
+ case CertificateWarningDialog.Result.TRUST:
+ endpoint.trust_untrusted_host = Geary.Trillian.TRUE;
+ break;
- // question the user about this certificate
- CertificateWarningDialog dialog = new CertificateWarningDialog(main_window, endpoint,
- service, warnings);
- switch (dialog.run()) {
- case CertificateWarningDialog.Result.TRUST:
- endpoint.trust_untrusted_host = Geary.Trillian.TRUE;
- break;
+ case CertificateWarningDialog.Result.ALWAYS_TRUST:
+ endpoint.trust_untrusted_host = Geary.Trillian.TRUE;
- case CertificateWarningDialog.Result.ALWAYS_TRUST:
- endpoint.trust_untrusted_host = Geary.Trillian.TRUE;
-
- // pinning the certificate creates an exception for the next time a connection
- // is attempted
- debug("Pinning certificate for %s...", peer);
- try {
- gcr_trust_add_pinned_certificate(cert, GCR_PURPOSE_SERVER_AUTH, peer, null);
- } catch (Error err) {
- ErrorDialog error_dialog = new ErrorDialog(main_window,
- _("Unable to store server trust exception"), err.message);
- error_dialog.run();
- }
- break;
+ // pinning the certificate creates an exception for the next time a connection
+ // is attempted
+ debug("Pinning certificate for %s...", peer);
+ try {
+ gcr_trust_add_pinned_certificate(cert, GCR_PURPOSE_SERVER_AUTH, peer, null);
+ } catch (Error err) {
+ ErrorDialog error_dialog = new ErrorDialog(main_window,
+ _("Unable to store server trust exception"), err.message);
+ error_dialog.run();
+ }
+ break;
+
+ default:
+ endpoint.trust_untrusted_host = Geary.Trillian.FALSE;
- default:
- endpoint.trust_untrusted_host = Geary.Trillian.FALSE;
-
- // close the account; can't go any further w/o offline mode
- try {
- if (Geary.Engine.instance.get_accounts().has_key(account_information.email)) {
- Geary.Account account =
Geary.Engine.instance.get_account_instance(account_information);
- close_account(account);
- }
- } catch (Error err) {
- message("Unable to close account due to user trust issues: %s", err.message);
- }
- break;
- }
- } catch (Error err) {
- warning("Unable to prompt for certificate security warning: %s", err.message);
- } finally {
- if (token != Geary.Nonblocking.Mutex.INVALID_TOKEN) {
+ // close the account; can't go any further w/o offline mode
try {
- untrusted_host_prompt_mutex.release(ref token);
+ if (Geary.Engine.instance.get_accounts().has_key(account_information.email)) {
+ Geary.Account account =
Geary.Engine.instance.get_account_instance(account_information);
+ close_account(account);
+ }
} catch (Error err) {
- debug("Unable to release mutex: %s", err.message);
+ message("Unable to close account due to user trust issues: %s", err.message);
}
- }
+ break;
}
}
diff --git a/src/engine/api/geary-endpoint.vala b/src/engine/api/geary-endpoint.vala
index 1386c4a..049e87f 100644
--- a/src/engine/api/geary-endpoint.vala
+++ b/src/engine/api/geary-endpoint.vala
@@ -79,7 +79,7 @@ public class Geary.Endpoint : BaseObject {
* @see tls_validation_warnings
* @see trust_untrusted_host
*/
- public bool is_trusted_or_unconnected {
+ public bool is_trusted_or_never_connected {
get {
return (tls_validation_warnings != 0)
? trust_untrusted_host.is_certain()
diff --git a/src/engine/imap-db/outbox/smtp-outbox-folder.vala
b/src/engine/imap-db/outbox/smtp-outbox-folder.vala
index c190e15..69fd30a 100644
--- a/src/engine/imap-db/outbox/smtp-outbox-folder.vala
+++ b/src/engine/imap-db/outbox/smtp-outbox-folder.vala
@@ -220,7 +220,7 @@ private class Geary.SmtpOutboxFolder : Geary.AbstractLocalFolder, Geary.FolderSu
try {
// only try if (a) no TLS issues or (b) user has acknowledged them and says to
// continue
- if (_account.information.get_smtp_endpoint().is_trusted_or_unconnected) {
+ if (_account.information.get_smtp_endpoint().is_trusted_or_never_connected) {
debug("Outbox postman: Sending \"%s\" (ID:%s)...", message_subject(message),
row.outbox_id.to_string());
yield send_email_async(message, null);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
