Move the extra domains to trust from the TLS channel to the manager

1 files changed, 67 insertions, 2 deletions

diff --git a/src/server-tls-manager.c b/src/server-tls-manager.c
index dd07c9e6a..62ab8865f 100644
--- a/src/server-tls-manager.c
+++ b/src/server-tls-manager.c
@@ -204,6 +204,69 @@ tls_certificate_rejected_cb (GabbleTLSCertificate *certificate,
 }
 
 static void
+extend_string_ptr_array (GPtrArray *array,
+    GStrv new_elements)
+{
+  gint i;
+
+  if (new_elements != NULL)
+    {
+      for (i = 0; new_elements[i] != NULL; i++)
+        {
+          if (!tp_str_empty (new_elements[i]))
+            g_ptr_array_add (array, g_strdup (new_elements[i]));
+        }
+    }
+}
+
+static void
+fill_reference_identities (GabbleServerTLSManager *self,
+    const gchar *peername,
+    GStrv original_extra_identities)
+{
+  GPtrArray *identities;
+  gchar *connect_server = NULL;
+  gchar *explicit_server = NULL;
+  GStrv extra_certificate_identities = NULL;
+
+  g_return_if_fail (self->priv->reference_identities == NULL);
+
+  g_object_get (self->priv->connection,
+      "connect-server", &connect_server,
+      "explicit-server", &explicit_server,
+      "extra-certificate-identities", &extra_certificate_identities,
+      NULL);
+
+  identities = g_ptr_array_new ();
+
+  /* The peer name, i.e, the domain part of the JID */
+  g_ptr_array_add (identities, g_strdup (peername));
+
+  /* The extra identities that the caller of verify_async() passed */
+  extend_string_ptr_array (identities, original_extra_identities);
+
+  /* The explicitly overridden server (if in use) */
+  if (!tp_str_empty (explicit_server) &&
+      !tp_strdiff (connect_server, explicit_server))
+    {
+      g_ptr_array_add (identities, g_strdup (explicit_server));
+    }
+
+  /* Extra identities added to the account as a result of user choices */
+  extend_string_ptr_array (identities, extra_certificate_identities);
+
+  /* Null terminate, since this is a gchar** */
+  g_ptr_array_add (identities, NULL);
+
+  self->priv->reference_identities = (GStrv) g_ptr_array_free (identities,
+      FALSE);
+
+  g_strfreev (extra_certificate_identities);
+  g_free (explicit_server);
+  g_free (connect_server);
+}
+
+static void
 gabble_server_tls_manager_verify_async (WockyTLSHandler *handler,
     WockyTLSSession *tls_session,
     const gchar *peername,
@@ -235,6 +298,8 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler,
       return;
     }
 
+  fill_reference_identities (self, peername, extra_identities);
+
   if (!self->priv->interactive_tls)
     {
       DEBUG ("ignore-ssl-errors is set, fallback to non-interactive "
@@ -245,7 +310,7 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler,
       WOCKY_TLS_HANDLER_CLASS
         (gabble_server_tls_manager_parent_class)->verify_async_func (
             WOCKY_TLS_HANDLER (self), tls_session, peername,
-            extra_identities, callback, user_data);
+            self->priv->reference_identities, callback, user_data);
 
       return;
     }
@@ -253,7 +318,6 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler,
   self->priv->async_result = result;
   self->priv->tls_session = g_object_ref (tls_session);
   self->priv->peername = g_strdup (peername);
-  self->priv->reference_identities = g_strdupv (extra_identities);
   self->priv->async_callback = callback;
   self->priv->async_data = user_data;
 
@@ -261,6 +325,7 @@ gabble_server_tls_manager_verify_async (WockyTLSHandler *handler,
       "connection", self->priv->connection,
       "tls-session", tls_session,
       "hostname", peername,
+      "reference-identities", self->priv->reference_identities,
       NULL);
 
   g_signal_connect (self->priv->channel, "closed",