From 5bf1178a70511b1893765b13be5d471a25078bba Mon Sep 17 00:00:00 2001
From: Bernd Wachter <bernd.wachter@jollamobile.com>
Date: Sat, 6 Jul 2013 14:46:33 +0300
Subject: [PATCH] [CA] Move ca-certificate path to domain section, using key
 _ca-certificate

---
 libssu/ssu.cpp            | 16 ++++++++--------
 libssu/ssurepomanager.cpp | 19 +++++++++++++++++++
 libssu/ssurepomanager.h   |  5 +++++
 3 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/libssu/ssu.cpp b/libssu/ssu.cpp
index f186b4b..128dad0 100644
--- a/libssu/ssu.cpp
+++ b/libssu/ssu.cpp
@@ -284,11 +284,11 @@ void Ssu::sendRegistration(QString usernameDomain, QString password){
       username = usernameDomain;
   }
 
-  if (!settings->contains("ca-certificate")){
-    setError("CA certificate for SSU not set (config key 'ca-certificate')");
+  ssuCaCertificate = SsuRepoManager::caCertificatePath();
+  if (ssuCaCertificate.isEmpty()){
+    setError("CA certificate for SSU not set ('_ca-certificate in domain')");
     return;
-  } else
-    ssuCaCertificate = settings->value("ca-certificate").toString();
+  }
 
   if (!settings->contains("register-url")){
     ssuRegisterUrl = repoUrl("register-url");
@@ -459,11 +459,11 @@ void Ssu::updateCredentials(bool force){
   }
 
   QString ssuCaCertificate, ssuCredentialsUrl;
-  if (!settings->contains("ca-certificate")){
-    setError("CA certificate for SSU not set (config key 'ca-certificate')");
+  ssuCaCertificate = SsuRepoManager::caCertificatePath();
+  if (ssuCaCertificate.isEmpty()){
+    setError("CA certificate for SSU not set ('_ca-certificate in domain')");
     return;
-  } else
-    ssuCaCertificate = settings->value("ca-certificate").toString();
+  }
 
   if (!settings->contains("credentials-url")){
     ssuCredentialsUrl = repoUrl("credentials-url");
diff --git a/libssu/ssurepomanager.cpp b/libssu/ssurepomanager.cpp
index c156bec..d026256 100644
--- a/libssu/ssurepomanager.cpp
+++ b/libssu/ssurepomanager.cpp
@@ -41,6 +41,25 @@ void SsuRepoManager::add(QString repo, QString repoUrl){
   ssuSettings->sync();
 }
 
+QString SsuRepoManager::caCertificatePath(QString domain){
+  SsuCoreConfig *settings = SsuCoreConfig::instance();
+  SsuSettings repoSettings(SSU_REPO_CONFIGURATION, QSettings::IniFormat);
+
+  if (domain.isEmpty())
+    domain = settings->domain();
+
+  QString ca = SsuVariables::variable(&repoSettings, domain + "-domain",
+                                      "_ca-certificate").toString();
+  if (!ca.isEmpty())
+    return ca;
+
+  // compat setting, can go away after some time
+  if (settings->contains("ca-certificate"))
+    return settings->value("ca-certificate").toString();
+
+  return "";
+}
+
 void SsuRepoManager::disable(QString repo){
   SsuCoreConfig *ssuSettings = SsuCoreConfig::instance();
   QStringList disabledRepos;
diff --git a/libssu/ssurepomanager.h b/libssu/ssurepomanager.h
index 2ec215d..6b20087 100644
--- a/libssu/ssurepomanager.h
+++ b/libssu/ssurepomanager.h
@@ -33,6 +33,11 @@ class SsuRepoManager: public QObject {
      * parameter set to debug instead.
      */
     void add(QString repo, QString repoUrl="");
+    /**
+     * Return the path to the CA certificate to be used for the given domain,
+     * or default domain, if omitted
+     */
+    static QString caCertificatePath(QString domain="");
     /**
      * Disable a repository
      */