[CA] Move ca-certificate path to domain section, using key _ca-certif…

…icate
sailfishos · Jul 6, 2013 · 5bf1178 · 5bf1178
1 parent b3e422a
commit 5bf1178
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 8 deletions.
diff --git a/libssu/ssu.cpp b/libssu/ssu.cpp
@@ -284,11 +284,11 @@ void Ssu::sendRegistration(QString usernameDomain, QString password){
       username = usernameDomain;
   }
 
-  if (!settings->contains("ca-certificate")){
-    setError("CA certificate for SSU not set (config key 'ca-certificate')");
+  ssuCaCertificate = SsuRepoManager::caCertificatePath();
+  if (ssuCaCertificate.isEmpty()){
+    setError("CA certificate for SSU not set ('_ca-certificate in domain')");
     return;
-  } else
-    ssuCaCertificate = settings->value("ca-certificate").toString();
+  }
 
   if (!settings->contains("register-url")){
     ssuRegisterUrl = repoUrl("register-url");
@@ -459,11 +459,11 @@ void Ssu::updateCredentials(bool force){
   }
 
   QString ssuCaCertificate, ssuCredentialsUrl;
-  if (!settings->contains("ca-certificate")){
-    setError("CA certificate for SSU not set (config key 'ca-certificate')");
+  ssuCaCertificate = SsuRepoManager::caCertificatePath();
+  if (ssuCaCertificate.isEmpty()){
+    setError("CA certificate for SSU not set ('_ca-certificate in domain')");
     return;
-  } else
-    ssuCaCertificate = settings->value("ca-certificate").toString();
+  }
 
   if (!settings->contains("credentials-url")){
     ssuCredentialsUrl = repoUrl("credentials-url");

diff --git a/libssu/ssurepomanager.cpp b/libssu/ssurepomanager.cpp
@@ -41,6 +41,25 @@ void SsuRepoManager::add(QString repo, QString repoUrl){
   ssuSettings->sync();
 }
 
+QString SsuRepoManager::caCertificatePath(QString domain){
+  SsuCoreConfig *settings = SsuCoreConfig::instance();
+  SsuSettings repoSettings(SSU_REPO_CONFIGURATION, QSettings::IniFormat);
+
+  if (domain.isEmpty())
+    domain = settings->domain();
+
+  QString ca = SsuVariables::variable(&repoSettings, domain + "-domain",
+                                      "_ca-certificate").toString();
+  if (!ca.isEmpty())
+    return ca;
+
+  // compat setting, can go away after some time
+  if (settings->contains("ca-certificate"))
+    return settings->value("ca-certificate").toString();
+
+  return "";
+}
+
 void SsuRepoManager::disable(QString repo){
   SsuCoreConfig *ssuSettings = SsuCoreConfig::instance();
   QStringList disabledRepos;

diff --git a/libssu/ssurepomanager.h b/libssu/ssurepomanager.h
@@ -33,6 +33,11 @@ class SsuRepoManager: public QObject {
      * parameter set to debug instead.
      */
     void add(QString repo, QString repoUrl="");
+    /**
+     * Return the path to the CA certificate to be used for the given domain,
+     * or default domain, if omitted
+     */
+    static QString caCertificatePath(QString domain="");
     /**
      * Disable a repository
      */