From 6f8ad6b8e80da98273870ea1b241065418a26367 Mon Sep 17 00:00:00 2001
From: James Booth <boothj5@gmail.com>
Date: Thu, 24 Sep 2015 00:43:41 +0100
Subject: [PATCH] Added /tls trusted command

---
 src/command/command.c  |  3 +++
 src/command/commands.c | 34 ++++++++++++++++++++++++++++++++++
 src/config/tlscerts.c  | 28 ++++++++++++++++++++++++++++
 src/config/tlscerts.h  |  2 ++
 4 files changed, 67 insertions(+)

diff --git a/src/command/command.c b/src/command/command.c
index 669fb066..bb440bbf 100644
--- a/src/command/command.c
+++ b/src/command/command.c
@@ -195,6 +195,7 @@ static struct cmd_t command_defs[] =
             "/tls allow",
             "/tls always",
             "/tls deny",
+            "/tls trusted",
             "/tls certpath",
             "/tls certpath set <path>",
             "/tls certpath clear")
@@ -204,6 +205,7 @@ static struct cmd_t command_defs[] =
             { "allow",               "Allow connection to continue with an invalid TLS certificate." },
             { "always",              "Always allow connections with this invalid TLS certificate." },
             { "deny",                "Terminate TLS connection." },
+            { "trusted",             "List manually trusted certificates." },
             { "certpath",            "Show the trusted certificate path." },
             { "certpath set <path>", "Specify filesystem path containing trusted certificates." },
             { "certpath clear",      "Clear the trusted certificate path." })
@@ -2100,6 +2102,7 @@ cmd_init(void)
     autocomplete_add(tls_ac, "allow");
     autocomplete_add(tls_ac, "always");
     autocomplete_add(tls_ac, "deny");
+    autocomplete_add(tls_ac, "trusted");
     autocomplete_add(tls_ac, "certpath");
 
     tls_certpath_ac = autocomplete_new();
diff --git a/src/command/commands.c b/src/command/commands.c
index 8c2b70ec..70f41a6d 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -49,6 +49,7 @@
 #include "config/account.h"
 #include "config/preferences.h"
 #include "config/theme.h"
+#include "config/tlscerts.h"
 #include "contact.h"
 #include "roster_list.h"
 #include "jid.h"
@@ -190,6 +191,39 @@ cmd_tls(ProfWin *window, const char * const command, gchar **args)
             cons_bad_cmd_usage(command);
             return TRUE;
         }
+    } else if (g_strcmp0(args[0], "trusted") == 0) {
+        GList *certs = tlscerts_list();
+        GList *curr = certs;
+
+        if (curr) {
+            cons_show("Trusted certificates:");
+            cons_show("");
+        }
+        while (curr) {
+            TLSCertificate *cert = curr->data;
+            if (cert->domain) {
+                cons_show("Domain       : %s", cert->domain);
+            }
+            if (cert->organisation) {
+                cons_show("Organisation : %s", cert->organisation);
+            }
+            if (cert->email) {
+                cons_show("Email        : %s", cert->email);
+            }
+            if (cert->notbefore) {
+                cons_show("Start        : %s", cert->notbefore);
+            }
+            if (cert->notafter) {
+                cons_show("End          : %s", cert->notafter);
+            }
+            if (cert->fingerprint) {
+                cons_show("Fingerprint  : %s", cert->fingerprint);
+            }
+            cons_show("");
+            curr = g_list_next(curr);
+        }
+        g_list_free_full(certs, (GDestroyNotify)tlscerts_free);
+        return TRUE;
     } else {
         cons_bad_cmd_usage(command);
         return TRUE;
diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c
index 562e3b0b..7d2220cf 100644
--- a/src/config/tlscerts.c
+++ b/src/config/tlscerts.c
@@ -68,6 +68,34 @@ tlscerts_exists(const char * const fingerprint)
     return g_key_file_has_group(tlscerts, fingerprint);
 }
 
+GList*
+tlscerts_list(void)
+{
+    GList *res = NULL;
+    gsize len = 0;
+    gchar **groups = g_key_file_get_groups(tlscerts, &len);
+
+    int i = 0;
+    for (i = 0; i < g_strv_length(groups); i++) {
+        char *fingerprint = strdup(groups[i]);
+        char *domain = g_key_file_get_string(tlscerts, fingerprint, "domain", NULL);
+        char *organisation = g_key_file_get_string(tlscerts, fingerprint, "organisation", NULL);
+        char *email = g_key_file_get_string(tlscerts, fingerprint, "email", NULL);
+        char *notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
+        char *notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
+
+        TLSCertificate *cert = tlscerts_new(fingerprint, domain, organisation, email, notbefore, notafter);
+
+        res = g_list_append(res, cert);
+    }
+
+    if (groups) {
+        g_strfreev(groups);
+    }
+
+    return res;
+}
+
 TLSCertificate*
 tlscerts_new(const char * const fingerprint, const char * const domain, const char * const organisation,
     const char * const email, const char * const notbefore, const char * const notafter)
diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h
index 782d4430..56e81dd6 100644
--- a/src/config/tlscerts.h
+++ b/src/config/tlscerts.h
@@ -56,6 +56,8 @@ void tlscerts_add(TLSCertificate *cert);
 
 void tlscerts_free(TLSCertificate *cert);
 
+GList* tlscerts_list(void);
+
 void tlscerts_close(void);
 
 #endif