On 07/26/2011 07:29 PM, Saleem Edah-Tally wrote:



Yep I'll do that.
Which version of Gajim do you use? Do you use development version? If I
send you a patch for this version, could you test it as I cannot test
that myself?

 From debian repos : Gajim 0.14.0.1-51c9600fc1f1

But I did also compile 0.14.4 from source successfully.

As for the development version, if you post a relevant link, I could compile it
also.

Usually we patch a reference source tree, in its simplest form, with

patch -p1<  patch.file

I just have to know what the reference version is and grab it.

Thanks.


Ok nice, just:
hg clone http://hg.gajim.org/gajim gajim-dev
cd gajim-dev
patch -p1 < cert.diff (attached)
./launch.sh

There is now a checkbox near the place where you set the path of the certificate.

Thanks for testing!
--
Yann
diff -r b79c7258181f data/gui/accounts_window.ui
--- a/data/gui/accounts_window.ui       Tue Jul 26 16:02:22 2011 +0200
+++ b/data/gui/accounts_window.ui       Tue Jul 26 19:55:34 2011 +0200
@@ -451,48 +451,70 @@
                                 <property name="visible">True</property>
                                 <property name="can_focus">True</property>
                                 <child>
-                                  <object class="GtkHBox" id="hbox2">
+                                  <object class="GtkVBox" id="vbox13">
                                     <property name="visible">True</property>
+                                    <property 
name="orientation">vertical</property>
                                     <property name="spacing">6</property>
                                     <child>
-                                      <object class="GtkLabel" id="label28">
+                                      <object class="GtkHBox" id="hbox2">
                                         <property 
name="visible">True</property>
-                                        <property name="xalign">0</property>
-                                        <property name="label" 
translatable="yes">_Client Cert File:</property>
-                                        <property 
name="use_underline">True</property>
-                                        <property 
name="mnemonic_widget">cert_entry1</property>
+                                        <property name="spacing">6</property>
+                                        <child>
+                                          <object class="GtkLabel" 
id="label28">
+                                            <property 
name="visible">True</property>
+                                            <property 
name="xalign">0</property>
+                                            <property name="label" 
translatable="yes">_Client Cert File:</property>
+                                            <property 
name="use_underline">True</property>
+                                            <property 
name="mnemonic_widget">cert_entry1</property>
+                                          </object>
+                                          <packing>
+                                            <property 
name="expand">False</property>
+                                            <property 
name="position">0</property>
+                                          </packing>
+                                        </child>
+                                        <child>
+                                          <object class="GtkEntry" 
id="cert_entry1">
+                                            <property 
name="visible">True</property>
+                                            <property 
name="can_focus">True</property>
+                                            <property 
name="invisible_char">&#x25CF;</property>
+                                          </object>
+                                          <packing>
+                                            <property 
name="position">1</property>
+                                          </packing>
+                                        </child>
+                                        <child>
+                                          <object class="GtkButton" 
id="browse_for_client_cert_button">
+                                            <property name="label" 
translatable="yes">Browse...</property>
+                                            <property 
name="visible">True</property>
+                                            <property 
name="can_focus">True</property>
+                                            <property 
name="receives_default">True</property>
+                                            <signal name="clicked" 
handler="on_browse_for_client_cert_button_clicked"/>
+                                          </object>
+                                          <packing>
+                                            <property 
name="expand">False</property>
+                                            <property 
name="fill">False</property>
+                                            <property 
name="position">2</property>
+                                          </packing>
+                                        </child>
                                       </object>
                                       <packing>
-                                        <property 
name="expand">False</property>
                                         <property name="position">0</property>
                                       </packing>
                                     </child>
                                     <child>
-                                      <object class="GtkEntry" 
id="cert_entry1">
+                                      <object class="GtkCheckButton" 
id="client_cert_encrypted_checkbutton1">
+                                        <property name="label" 
translatable="yes">Certificate is e_ncrypted</property>
                                         <property 
name="visible">True</property>
                                         <property 
name="can_focus">True</property>
-                                        <property name="tooltip_text" 
translatable="yes">The path to the client certificate and key in PKCS#12 
format</property>
-                                        <property 
name="invisible_char">&#x25CF;</property>
+                                        <property 
name="receives_default">False</property>
+                                        <property 
name="use_underline">True</property>
+                                        <property 
name="draw_indicator">True</property>
+                                        <signal name="toggled" 
handler="on_client_cert_encrypted_checkbutton1_toggled"/>
                                       </object>
                                       <packing>
                                         <property name="position">1</property>
                                       </packing>
                                     </child>
-                                    <child>
-                                      <object class="GtkButton" 
id="browse_for_client_cert_button">
-                                        <property name="label" 
translatable="yes">Browse...</property>
-                                        <property 
name="visible">True</property>
-                                        <property 
name="can_focus">True</property>
-                                        <property 
name="receives_default">True</property>
-                                        <property name="tooltip_text" 
translatable="yes">Choose Client Cert</property>
-                                        <signal name="clicked" 
handler="on_browse_for_client_cert_button_clicked"/>
-                                      </object>
-                                      <packing>
-                                        <property 
name="expand">False</property>
-                                        <property name="fill">False</property>
-                                        <property name="position">2</property>
-                                      </packing>
-                                    </child>
                                   </object>
                                 </child>
                                 <child type="label">
diff -r b79c7258181f src/common/config.py
--- a/src/common/config.py      Tue Jul 26 16:02:22 2011 +0200
+++ b/src/common/config.py      Tue Jul 26 19:55:34 2011 +0200
@@ -298,6 +298,7 @@
                     'hostname': [ opt_str, '', '', True ],
                     'anonymous_auth': [ opt_bool, False ],
                     'client_cert': [ opt_str, '', '', True ],
+                    'client_cert_encrypted': [ opt_bool, False, '', False ],
                     'savepass': [ opt_bool, False ],
                     'password': [ opt_str, '' ],
                     'resource': [ opt_str, 'gajim', '', True ],
diff -r b79c7258181f src/common/connection.py
--- a/src/common/connection.py  Tue Jul 26 16:02:22 2011 +0200
+++ b/src/common/connection.py  Tue Jul 26 19:55:34 2011 +0200
@@ -749,6 +749,7 @@
             self.pingalives = 0
         self.client_cert = gajim.config.get_per('accounts', self.name,
             'client_cert')
+        self.client_cert_passphrase = None
 
     def check_jid(self, jid):
         return helpers.parse_jid(jid)
@@ -1155,29 +1156,44 @@
             secure_tuple = (self._current_type, cacerts, mycerts)
 
             con = common.xmpp.NonBlockingClient(
-                    domain=self._hostname,
-                    caller=self,
-                    idlequeue=gajim.idlequeue)
+                domain=self._hostname,
+                caller=self,
+                idlequeue=gajim.idlequeue)
 
             self.last_connection = con
             # increase default timeout for server responses
-            common.xmpp.dispatcher_nb.DEFAULT_TIMEOUT_SECONDS = 
self.try_connecting_for_foo_secs
+            common.xmpp.dispatcher_nb.DEFAULT_TIMEOUT_SECONDS = \
+                self.try_connecting_for_foo_secs
             # FIXME: this is a hack; need a better way
             if self.on_connect_success == self._on_new_account:
                 con.RegisterDisconnectHandler(self._on_new_account)
 
-            self.log_hosttype_info(port)
-            con.connect(
-                    hostname=self._current_host['host'],
-                    port=port,
-                    on_connect=self.on_connect_success,
-                    on_proxy_failure=self.on_proxy_failure,
-                    on_connect_failure=self.connect_to_next_type,
-                    proxy=self._proxy,
-                    secure_tuple = secure_tuple)
+            print 'ici'
+            if self.client_cert and gajim.config.get_per('accounts', self.name,
+            'client_cert_encrypted'):
+                print 'la'
+                gajim.nec.push_incoming_event(ClientCertPassphraseEvent(
+                    None, conn=self, con=con, port=port,
+                    secure_tuple=secure_tuple))
+                return
+            self.on_client_cert_passphrase(None, con, port, secure_tuple)
+
         else:
             self._connect_to_next_host(retry)
 
+    def on_client_cert_passphrase(self, passphrase, con, port, secure_tuple):
+        self.client_cert_passphrase = passphrase
+
+        self.log_hosttype_info(port)
+        con.connect(
+            hostname=self._current_host['host'],
+            port=port,
+            on_connect=self.on_connect_success,
+            on_proxy_failure=self.on_proxy_failure,
+            on_connect_failure=self.connect_to_next_type,
+            proxy=self._proxy,
+            secure_tuple = secure_tuple)
+
     def log_hosttype_info(self, port):
         msg = '>>>>>> Connecting to %s [%s:%d], type = %s' % (self.name,
                 self._current_host['host'], port, self._current_type)
diff -r b79c7258181f src/common/connection_handlers_events.py
--- a/src/common/connection_handlers_events.py  Tue Jul 26 16:02:22 2011 +0200
+++ b/src/common/connection_handlers_events.py  Tue Jul 26 19:55:34 2011 +0200
@@ -2069,3 +2069,7 @@
 
     def generate(self):
         return True
+
+class ClientCertPassphraseEvent(nec.NetworkIncomingEvent):
+    name = 'client-cert-passphrase'
+    base_network_events = []
diff -r b79c7258181f src/common/xmpp/tls_nb.py
--- a/src/common/xmpp/tls_nb.py Tue Jul 26 16:02:22 2011 +0200
+++ b/src/common/xmpp/tls_nb.py Tue Jul 26 19:55:34 2011 +0200
@@ -359,7 +359,8 @@
             tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
             log.debug('Using client cert and key from %s' % conn.client_cert)
             try:
-                p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())
+                p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(),
+                    conn.client_cert_passphrase)
             except OpenSSL.crypto.Error, exception_obj:
                 log.warning('Unable to load client pkcs12 certificate from '
                     'file %s: %s ... Is it a valid PKCS12 cert?' % \
diff -r b79c7258181f src/config.py
--- a/src/config.py     Tue Jul 26 16:02:22 2011 +0200
+++ b/src/config.py     Tue Jul 26 19:55:34 2011 +0200
@@ -1851,6 +1851,10 @@
 
         client_cert = gajim.config.get_per('accounts', account, 'client_cert')
         self.xml.get_object('cert_entry1').set_text(client_cert)
+        client_cert_encrypted = gajim.config.get_per('accounts', account,
+            'client_cert_encrypted')
+        self.xml.get_object('client_cert_encrypted_checkbutton1').\
+            set_active(client_cert_encrypted)
 
         self.xml.get_object('adjust_priority_with_status_checkbutton1').\
             set_active(gajim.config.get_per('accounts', account,
@@ -2222,6 +2226,12 @@
             # if we showed ErrorDialog, there will not be dialog instance
             return
 
+    def on_client_cert_encrypted_checkbutton1_toggled(self, widget):
+        if self.ignore_events:
+            return
+        self.on_checkbutton_toggled(widget, 'client_cert_encrypted',
+            account=self.current_account)
+
     def on_autoconnect_checkbutton_toggled(self, widget):
         if self.ignore_events:
             return
diff -r b79c7258181f src/gui_interface.py
--- a/src/gui_interface.py      Tue Jul 26 16:02:22 2011 +0200
+++ b/src/gui_interface.py      Tue Jul 26 19:55:34 2011 +0200
@@ -671,6 +671,19 @@
                 _('You are currently connected without your OpenPGP key.'))
         self.forget_gpg_passphrase(obj.keyID)
 
+    def handle_event_client_cert_passphrase(self, obj):
+        def on_ok(passphrase, checked):
+            obj.conn.on_client_cert_passphrase(passphrase, obj.con, obj.port,
+                obj.secure_tuple)
+
+        def on_cancel():
+            obj.conn.on_client_cert_passphrase(None. obj.con, obj.port,
+                obj.secure_tuple)
+
+        dialogs.PassphraseDialog(_('Certificate Passphrase Required'),
+            _('Enter the passphrase for the certificate for account %s') % \
+            obj.conn.name, ok_handler=on_ok, cancel_handler=on_cancel)
+
     def handle_event_gpg_password_required(self, obj):
         #('GPG_PASSWORD_REQUIRED', account, (callback,))
         if obj.keyid in self.gpg_passphrase:
@@ -1401,6 +1414,8 @@
             'atom-entry-received': [self.handle_atom_entry],
             'bad-gpg-passphrase': [self.handle_event_bad_gpg_passphrase],
             'bookmarks-received': [self.handle_event_bookmarks],
+            'client-cert-passphrase': [
+                self.handle_event_client_cert_passphrase],
             'connection-lost': [self.handle_event_connection_lost],
             'failed-decrypt': [(self.handle_event_failed_decrypt, ged.GUI2)],
             'file-request-error': [self.handle_event_file_request_error],
_______________________________________________
Gajim-devel mailing list
Gajim-devel@gajim.org
http://lists.gajim.org/cgi-bin/listinfo/gajim-devel

Reply via email to