9578053 Jan 22 2022 distfiles.gentoo.org/distfiles/gajim-1.3.3-2.tar.gz

2022-10-19 18:09:31 +00:00 · 2022-10-19 18:09:31 +00:00 · 4c1b226bff
commit 4c1b226bff
parent a5b3822651
1045 changed files with 753037 additions and 18 deletions
--- a/gajim/common/cert_store.py
+++ b/gajim/common/cert_store.py
@ -0,0 +1,89 @@
+# This file is part of Gajim.
+#
+# Gajim is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation; version 3 only.
+#
+# Gajim is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Gajim.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import logging
+
+from gi.repository import GLib
+from gi.repository import Gio
+
+from gajim.common import configpaths
+
+from gajim.common.helpers import get_random_string
+from gajim.common.helpers import write_file_async
+
+
+log = logging.getLogger('gajim.c.cert_store')
+
+
+class CertificateStore:
+    def __init__(self):
+        self._path = configpaths.get('CERT_STORE')
+        self._certs = []
+
+        self._load_certificates()
+
+    def _get_random_path(self):
+        filename = get_random_string()
+        path = self._path / filename
+        if path.exists():
+            return self._get_random_path()
+        return path
+
+    def _load_certificates(self):
+        for path in self._path.iterdir():
+            if path.is_dir():
+                continue
+            try:
+                cert = Gio.TlsCertificate.new_from_file(str(path))
+            except GLib.Error as error:
+                log.warning('Can\'t load certificate: %s, %s', path, error)
+                continue
+
+            log.info('Loaded: %s', path.stem)
+            self._certs.append(cert)
+
+        log.info('%s Certificates loaded', len(self._certs))
+
+    def get_certificates(self):
+        return list(self._certs)
+
+    def add_certificate(self, certificate):
+        log.info('Add certificate to trust store')
+        self._certs.append(certificate)
+        pem = certificate.props.certificate_pem
+        path = self._get_random_path()
+        write_file_async(path,
+                         pem.encode(),
+                         self._on_certificate_write_finished,
+                         path)
+
+    def verify(self, certificate, tls_errors):
+        if Gio.TlsCertificateFlags.UNKNOWN_CA in tls_errors:
+            for trusted_certificate in self._certs:
+                if trusted_certificate.is_same(certificate):
+                    tls_errors.remove(Gio.TlsCertificateFlags.UNKNOWN_CA)
+                    break
+
+        if not tls_errors:
+            return True
+        return False
+
+    @staticmethod
+    def _on_certificate_write_finished(data, error, path):
+        if data is None:
+            log.error('Can\'t store certificate: %s', error)
+            return
+
+        log.info('Certificate stored: %s', path)