1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
2 /*
3 * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
4 *
5 * This library is free software: you can redistribute it and/or modify it
6 * under the terms of the GNU Lesser General Public License as published by
7 * the Free Software Foundation.
8 *
9 * This library is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
12 * for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with this library. If not, see <http://www.gnu.org/licenses/>.
16 *
17 * Authors: Jeffrey Stedfast <fejj@ximian.com>
18 */
19
20 #include "evolution-data-server-config.h"
21
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <stdio.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29
30 #include <glib/gstdio.h>
31
32 #include "camel-certdb.h"
33 #include "camel-file-utils.h"
34 #include "camel-win32.h"
35
36 #define CAMEL_CERTDB_VERSION 0x100
37
38 struct _CamelCertDBPrivate {
39 gchar *filename;
40 guint32 version;
41 guint32 saved_certs;
42 gboolean dirty;
43
44 GPtrArray *certs;
45 GHashTable *cert_hash;
46
47 GMutex db_lock; /* for the db hashtable/array */
48 GMutex io_lock; /* load/save lock, for access to saved_count, etc */
49 };
50
51 G_DEFINE_TYPE_WITH_PRIVATE (CamelCertDB, camel_certdb, G_TYPE_OBJECT)
52
53 G_DEFINE_BOXED_TYPE (CamelCert,
54 camel_cert,
55 camel_cert_ref,
56 camel_cert_unref)
57
58 typedef struct {
59 gchar *hostname;
60 gchar *fingerprint;
61 } CamelCertDBKey;
62
63 static CamelCertDBKey *
certdb_key_new(const gchar * hostname,const gchar * fingerprint)64 certdb_key_new (const gchar *hostname,
65 const gchar *fingerprint)
66 {
67 CamelCertDBKey *key;
68
69 key = g_new0 (CamelCertDBKey, 1);
70 key->hostname = g_strdup (hostname);
71 key->fingerprint = g_strdup (fingerprint);
72
73 return key;
74 }
75
76 static void
certdb_key_free(gpointer ptr)77 certdb_key_free (gpointer ptr)
78 {
79 CamelCertDBKey *key = ptr;
80
81 if (!key)
82 return;
83
84 g_free (key->hostname);
85 g_free (key->fingerprint);
86 g_free (key);
87 }
88
89 static guint
certdb_key_hash(gconstpointer ptr)90 certdb_key_hash (gconstpointer ptr)
91 {
92 const CamelCertDBKey *key = ptr;
93
94 if (!key)
95 return 0;
96
97 /* hash by fingerprint only, but compare by both hostname and fingerprint */
98 return g_str_hash (key->fingerprint);
99 }
100
101 static gboolean
certdb_key_equal(gconstpointer ptr1,gconstpointer ptr2)102 certdb_key_equal (gconstpointer ptr1,
103 gconstpointer ptr2)
104 {
105 const CamelCertDBKey *key1 = ptr1, *key2 = ptr2;
106 gboolean same_hostname;
107
108 if (!key1 || !key2)
109 return key1 == key2;
110
111 if (!key1->hostname || !key2->hostname)
112 same_hostname = key1->hostname == key2->hostname;
113 else
114 same_hostname = g_ascii_strcasecmp (key1->hostname, key2->hostname) == 0;
115
116 if (same_hostname) {
117 if (!key1->fingerprint || !key2->fingerprint)
118 return key1->fingerprint == key2->fingerprint;
119
120 return g_ascii_strcasecmp (key1->fingerprint, key2->fingerprint) == 0;
121 }
122
123 return same_hostname;
124 }
125
126 static void
certdb_finalize(GObject * object)127 certdb_finalize (GObject *object)
128 {
129 CamelCertDBPrivate *priv;
130
131 priv = CAMEL_CERTDB (object)->priv;
132
133 if (priv->dirty)
134 camel_certdb_save (CAMEL_CERTDB (object));
135
136 camel_certdb_clear (CAMEL_CERTDB (object));
137 g_ptr_array_free (priv->certs, TRUE);
138 g_hash_table_destroy (priv->cert_hash);
139
140 g_free (priv->filename);
141
142 g_mutex_clear (&priv->db_lock);
143 g_mutex_clear (&priv->io_lock);
144
145 /* Chain up to parent's finalize() method. */
146 G_OBJECT_CLASS (camel_certdb_parent_class)->finalize (object);
147 }
148
149 static gint
certdb_header_load(CamelCertDB * certdb,FILE * istream)150 certdb_header_load (CamelCertDB *certdb,
151 FILE *istream)
152 {
153 if (camel_file_util_decode_uint32 (
154 istream, &certdb->priv->version) == -1)
155 return -1;
156 if (camel_file_util_decode_uint32 (
157 istream, &certdb->priv->saved_certs) == -1)
158 return -1;
159
160 return 0;
161 }
162
163 static gint
certdb_header_save(CamelCertDB * certdb,FILE * ostream)164 certdb_header_save (CamelCertDB *certdb,
165 FILE *ostream)
166 {
167 if (camel_file_util_encode_uint32 (
168 ostream, certdb->priv->version) == -1)
169 return -1;
170 if (camel_file_util_encode_uint32 (
171 ostream, certdb->priv->saved_certs) == -1)
172 return -1;
173
174 return 0;
175 }
176
177 static CamelCert *
certdb_cert_load(CamelCertDB * certdb,FILE * istream)178 certdb_cert_load (CamelCertDB *certdb,
179 FILE *istream)
180 {
181 CamelCert *cert;
182
183 cert = camel_cert_new ();
184
185 if (camel_file_util_decode_string (istream, &cert->issuer) == -1)
186 goto error;
187 if (camel_file_util_decode_string (istream, &cert->subject) == -1)
188 goto error;
189 if (camel_file_util_decode_string (istream, &cert->hostname) == -1)
190 goto error;
191 if (camel_file_util_decode_string (istream, &cert->fingerprint) == -1)
192 goto error;
193 if (camel_file_util_decode_uint32 (istream, &cert->trust) == -1)
194 goto error;
195
196 /* unset temporary trusts on load */
197 if (cert->trust == CAMEL_CERT_TRUST_TEMPORARY)
198 cert->trust = CAMEL_CERT_TRUST_UNKNOWN;
199
200 return cert;
201
202 error:
203 camel_cert_unref (cert);
204
205 return NULL;
206 }
207
208 static gint
certdb_cert_save(CamelCertDB * certdb,CamelCert * cert,FILE * ostream)209 certdb_cert_save (CamelCertDB *certdb,
210 CamelCert *cert,
211 FILE *ostream)
212 {
213 if (camel_file_util_encode_string (ostream, cert->issuer) == -1)
214 return -1;
215 if (camel_file_util_encode_string (ostream, cert->subject) == -1)
216 return -1;
217 if (camel_file_util_encode_string (ostream, cert->hostname) == -1)
218 return -1;
219 if (camel_file_util_encode_string (ostream, cert->fingerprint) == -1)
220 return -1;
221 if (camel_file_util_encode_uint32 (ostream, cert->trust) == -1)
222 return -1;
223
224 return 0;
225 }
226
227 static void
camel_certdb_class_init(CamelCertDBClass * class)228 camel_certdb_class_init (CamelCertDBClass *class)
229 {
230 GObjectClass *object_class;
231
232 object_class = G_OBJECT_CLASS (class);
233 object_class->finalize = certdb_finalize;
234
235 class->header_load = certdb_header_load;
236 class->header_save = certdb_header_save;
237 class->cert_load = certdb_cert_load;
238 class->cert_save = certdb_cert_save;
239 }
240
241 static void
camel_certdb_init(CamelCertDB * certdb)242 camel_certdb_init (CamelCertDB *certdb)
243 {
244 certdb->priv = camel_certdb_get_instance_private (certdb);
245
246 certdb->priv->version = CAMEL_CERTDB_VERSION;
247
248 certdb->priv->certs = g_ptr_array_new ();
249 certdb->priv->cert_hash = g_hash_table_new_full (
250 (GHashFunc) certdb_key_hash,
251 (GEqualFunc) certdb_key_equal,
252 (GDestroyNotify) certdb_key_free,
253 (GDestroyNotify) NULL);
254
255 g_mutex_init (&certdb->priv->db_lock);
256 g_mutex_init (&certdb->priv->io_lock);
257 }
258
259 CamelCert *
camel_cert_new(void)260 camel_cert_new (void)
261 {
262 CamelCert *cert;
263
264 cert = g_slice_new0 (CamelCert);
265 cert->refcount = 1;
266
267 return cert;
268 }
269
270 CamelCert *
camel_cert_ref(CamelCert * cert)271 camel_cert_ref (CamelCert *cert)
272 {
273 g_return_val_if_fail (cert != NULL, NULL);
274 g_return_val_if_fail (cert->refcount > 0, NULL);
275
276 g_atomic_int_inc (&cert->refcount);
277 return cert;
278 }
279
280 void
camel_cert_unref(CamelCert * cert)281 camel_cert_unref (CamelCert *cert)
282 {
283 g_return_if_fail (cert != NULL);
284 g_return_if_fail (cert->refcount > 0);
285
286 if (g_atomic_int_dec_and_test (&cert->refcount)) {
287 g_free (cert->issuer);
288 g_free (cert->subject);
289 g_free (cert->hostname);
290 g_free (cert->fingerprint);
291
292 if (cert->rawcert != NULL)
293 g_bytes_unref (cert->rawcert);
294
295 g_slice_free (CamelCert, cert);
296 }
297 }
298
299 static const gchar *
certdb_get_cert_dir(void)300 certdb_get_cert_dir (void)
301 {
302 static gchar *cert_dir = NULL;
303
304 if (G_UNLIKELY (cert_dir == NULL)) {
305 const gchar *data_dir;
306 const gchar *home_dir;
307 gchar *old_dir;
308
309 home_dir = g_get_home_dir ();
310 data_dir = g_get_user_data_dir ();
311
312 cert_dir = g_build_filename (data_dir, "camel_certs", NULL);
313
314 /* Move the old certificate directory if present. */
315 old_dir = g_build_filename (home_dir, ".camel_certs", NULL);
316 if (g_file_test (old_dir, G_FILE_TEST_IS_DIR)) {
317 if (g_rename (old_dir, cert_dir) == -1) {
318 g_warning ("%s: Failed to rename '%s' to '%s': %s", G_STRFUNC, old_dir, cert_dir, g_strerror (errno));
319 }
320 }
321 g_free (old_dir);
322
323 g_mkdir_with_parents (cert_dir, 0700);
324 }
325
326 return cert_dir;
327 }
328
329 gboolean
camel_cert_load_cert_file(CamelCert * cert,GError ** error)330 camel_cert_load_cert_file (CamelCert *cert,
331 GError **error)
332 {
333 gchar *contents = NULL;
334 gchar *filename;
335 gsize length;
336 const gchar *cert_dir;
337
338 g_return_val_if_fail (cert != NULL, FALSE);
339
340 g_clear_pointer (&cert->rawcert, g_bytes_unref);
341
342 cert_dir = certdb_get_cert_dir ();
343 filename = g_build_filename (cert_dir, cert->fingerprint, NULL);
344
345 if (g_file_get_contents (filename, &contents, &length, error))
346 cert->rawcert = g_bytes_new_take (contents, length);
347
348 g_free (filename);
349
350 return cert->rawcert != NULL;
351 }
352
353 gboolean
camel_cert_save_cert_file(CamelCert * cert,const GByteArray * der_data,GError ** error)354 camel_cert_save_cert_file (CamelCert *cert,
355 const GByteArray *der_data,
356 GError **error)
357 {
358 GFile *file;
359 GFileOutputStream *output_stream;
360 gchar *filename;
361 const gchar *cert_dir;
362
363 g_return_val_if_fail (cert != NULL, FALSE);
364 g_return_val_if_fail (der_data != NULL, FALSE);
365
366 g_clear_pointer (&cert->rawcert, g_bytes_unref);
367
368 cert_dir = certdb_get_cert_dir ();
369 filename = g_build_filename (cert_dir, cert->fingerprint, NULL);
370 file = g_file_new_for_path (filename);
371
372 output_stream = g_file_replace (
373 file, NULL, FALSE,
374 G_FILE_CREATE_REPLACE_DESTINATION,
375 NULL, error);
376
377 g_object_unref (file);
378 g_free (filename);
379
380 if (output_stream != NULL) {
381 gssize n_written;
382 GBytes *bytes;
383
384 /* XXX Treat GByteArray as though its data is owned by
385 * GTlsCertificate. That means avoiding functions
386 * like g_byte_array_free_to_bytes() that alter or
387 * reset the GByteArray. */
388 bytes = g_bytes_new (der_data->data, der_data->len);
389
390 /* XXX Not handling partial writes, but GIO does not make
391 * it easy. Need a g_output_stream_write_all_bytes().
392 * (see: https://bugzilla.gnome.org/708838) */
393 n_written = g_output_stream_write_bytes (
394 G_OUTPUT_STREAM (output_stream),
395 bytes, NULL, error);
396
397 if (n_written < 0) {
398 g_bytes_unref (bytes);
399 bytes = NULL;
400 }
401
402 cert->rawcert = bytes;
403
404 g_object_unref (output_stream);
405 }
406
407 return cert->rawcert != NULL;
408 }
409
410 CamelCertDB *
camel_certdb_new(void)411 camel_certdb_new (void)
412 {
413 return g_object_new (CAMEL_TYPE_CERTDB, NULL);
414 }
415
416 static CamelCertDB *default_certdb = NULL;
417 static GMutex default_certdb_lock;
418
419 void
camel_certdb_set_default(CamelCertDB * certdb)420 camel_certdb_set_default (CamelCertDB *certdb)
421 {
422 g_mutex_lock (&default_certdb_lock);
423
424 if (default_certdb)
425 g_object_unref (default_certdb);
426
427 if (certdb)
428 g_object_ref (certdb);
429
430 default_certdb = certdb;
431
432 g_mutex_unlock (&default_certdb_lock);
433 }
434
435
436 /**
437 * camel_certdb_get_default:
438 *
439 * FIXME Document me!
440 *
441 * Returns: (transfer full):
442 **/
443 CamelCertDB *
camel_certdb_get_default(void)444 camel_certdb_get_default (void)
445 {
446 CamelCertDB *certdb;
447
448 g_mutex_lock (&default_certdb_lock);
449
450 if (default_certdb)
451 g_object_ref (default_certdb);
452
453 certdb = default_certdb;
454
455 g_mutex_unlock (&default_certdb_lock);
456
457 return certdb;
458 }
459
460 void
camel_certdb_set_filename(CamelCertDB * certdb,const gchar * filename)461 camel_certdb_set_filename (CamelCertDB *certdb,
462 const gchar *filename)
463 {
464 g_return_if_fail (CAMEL_IS_CERTDB (certdb));
465 g_return_if_fail (filename != NULL);
466
467 g_mutex_lock (&certdb->priv->db_lock);
468
469 g_free (certdb->priv->filename);
470 certdb->priv->filename = g_strdup (filename);
471
472 g_mutex_unlock (&certdb->priv->db_lock);
473 }
474
475 gint
camel_certdb_load(CamelCertDB * certdb)476 camel_certdb_load (CamelCertDB *certdb)
477 {
478 CamelCertDBClass *class;
479 CamelCert *cert;
480 FILE *in;
481 gint i;
482
483 g_return_val_if_fail (CAMEL_IS_CERTDB (certdb), -1);
484 g_return_val_if_fail (certdb->priv->filename != NULL, -1);
485
486 in = g_fopen (certdb->priv->filename, "rb");
487 if (in == NULL)
488 return -1;
489
490 class = CAMEL_CERTDB_GET_CLASS (certdb);
491 if (!class || !class->header_load || !class->cert_load) {
492 fclose (in);
493 in = NULL;
494 g_warn_if_reached ();
495
496 return -1;
497 }
498
499 g_mutex_lock (&certdb->priv->io_lock);
500 if (class->header_load (certdb, in) == -1)
501 goto error;
502
503 for (i = 0; i < certdb->priv->saved_certs; i++) {
504 cert = class->cert_load (certdb, in);
505
506 if (cert == NULL)
507 goto error;
508
509 /* NOTE: If we are upgrading from an evolution-data-server version
510 * prior to the change to look up certs by hostname (bug 606181),
511 * this "put" will result in duplicate entries for the same
512 * hostname being dropped. The change will become permanent on
513 * disk the next time the certdb is dirtied for some reason and
514 * has to be saved. */
515 camel_certdb_put (certdb, cert);
516 }
517
518 g_mutex_unlock (&certdb->priv->io_lock);
519
520 if (fclose (in) != 0)
521 return -1;
522
523 certdb->priv->dirty = FALSE;
524
525 return 0;
526
527 error:
528
529 g_warning ("Cannot load certificate database: %s", g_strerror (ferror (in)));
530
531 g_mutex_unlock (&certdb->priv->io_lock);
532
533 fclose (in);
534
535 return -1;
536 }
537
538 gint
camel_certdb_save(CamelCertDB * certdb)539 camel_certdb_save (CamelCertDB *certdb)
540 {
541 CamelCertDBClass *class;
542 CamelCert *cert;
543 gchar *filename;
544 gsize filename_len;
545 gint fd, i;
546 FILE *out;
547
548 g_return_val_if_fail (CAMEL_IS_CERTDB (certdb), -1);
549 g_return_val_if_fail (certdb->priv->filename != NULL, -1);
550
551 /* no change, nothing new to save, simply return success */
552 if (!certdb->priv->dirty)
553 return 0;
554
555 filename_len = strlen (certdb->priv->filename) + 4;
556 filename = alloca (filename_len);
557 g_snprintf (filename, filename_len, "%s~", certdb->priv->filename);
558
559 fd = g_open (filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0600);
560 if (fd == -1)
561 return -1;
562
563 out = fdopen (fd, "wb");
564 if (out == NULL) {
565 i = errno;
566 close (fd);
567 g_unlink (filename);
568 errno = i;
569 return -1;
570 }
571
572 class = CAMEL_CERTDB_GET_CLASS (certdb);
573 if (!class || !class->header_save || !class->cert_save) {
574 fclose (out);
575 out = NULL;
576 g_warn_if_reached ();
577
578 return -1;
579 }
580
581 g_mutex_lock (&certdb->priv->io_lock);
582
583 certdb->priv->saved_certs = certdb->priv->certs->len;
584 if (class->header_save (certdb, out) == -1)
585 goto error;
586
587 for (i = 0; i < certdb->priv->saved_certs; i++) {
588 cert = (CamelCert *) certdb->priv->certs->pdata[i];
589
590 if (class->cert_save (certdb, cert, out) == -1)
591 goto error;
592 }
593
594 g_mutex_unlock (&certdb->priv->io_lock);
595
596 if (fflush (out) != 0 || fsync (fileno (out)) == -1) {
597 i = errno;
598 fclose (out);
599 g_unlink (filename);
600 errno = i;
601 return -1;
602 }
603
604 if (fclose (out) != 0) {
605 i = errno;
606 g_unlink (filename);
607 errno = i;
608 return -1;
609 }
610
611 if (g_rename (filename, certdb->priv->filename) == -1) {
612 i = errno;
613 g_unlink (filename);
614 errno = i;
615 return -1;
616 }
617
618 certdb->priv->dirty = FALSE;
619
620 return 0;
621
622 error:
623
624 g_warning ("Cannot save certificate database: %s", g_strerror (ferror (out)));
625
626 g_mutex_unlock (&certdb->priv->io_lock);
627
628 i = errno;
629 fclose (out);
630 g_unlink (filename);
631 errno = i;
632
633 return -1;
634 }
635
636 void
camel_certdb_touch(CamelCertDB * certdb)637 camel_certdb_touch (CamelCertDB *certdb)
638 {
639 g_return_if_fail (CAMEL_IS_CERTDB (certdb));
640
641 certdb->priv->dirty = TRUE;
642 }
643
644 /**
645 * camel_certdb_get_host:
646 * @certdb: a #CamelCertDB
647 * @hostname: a host name of a certificate
648 * @fingerprint: a fingerprint of a certificate
649 *
650 * Returns: (nullable) (transfer full): a #CamelCert corresponding to the pair of @hostname
651 * and @fingerprint, or %NULL, if no such certificate is stored in the @certdb.
652 *
653 * Since: 3.6
654 **/
655 CamelCert *
camel_certdb_get_host(CamelCertDB * certdb,const gchar * hostname,const gchar * fingerprint)656 camel_certdb_get_host (CamelCertDB *certdb,
657 const gchar *hostname,
658 const gchar *fingerprint)
659 {
660 CamelCert *cert;
661 CamelCertDBKey *key;
662
663 g_return_val_if_fail (CAMEL_IS_CERTDB (certdb), NULL);
664
665 g_mutex_lock (&certdb->priv->db_lock);
666
667 key = certdb_key_new (hostname, fingerprint);
668
669 cert = g_hash_table_lookup (certdb->priv->cert_hash, key);
670 if (cert != NULL)
671 camel_cert_ref (cert);
672
673 certdb_key_free (key);
674
675 g_mutex_unlock (&certdb->priv->db_lock);
676
677 return cert;
678 }
679
680 /**
681 * camel_certdb_put:
682 * @certdb: a #CamelCertDB
683 * @cert: a #CamelCert
684 *
685 * Puts a certificate to the database. In case there exists a certificate
686 * with the same hostname and fingerprint, then it is replaced. This adds
687 * its own reference on the @cert.
688 *
689 * Since: 3.6
690 **/
691 void
camel_certdb_put(CamelCertDB * certdb,CamelCert * cert)692 camel_certdb_put (CamelCertDB *certdb,
693 CamelCert *cert)
694 {
695 CamelCert *old_cert;
696 CamelCertDBKey *key;
697
698 g_return_if_fail (CAMEL_IS_CERTDB (certdb));
699
700 g_mutex_lock (&certdb->priv->db_lock);
701
702 key = certdb_key_new (cert->hostname, cert->fingerprint);
703
704 /* Replace an existing entry with the same hostname. */
705 old_cert = g_hash_table_lookup (certdb->priv->cert_hash, key);
706 if (old_cert != NULL) {
707 g_hash_table_remove (certdb->priv->cert_hash, key);
708 g_ptr_array_remove (certdb->priv->certs, old_cert);
709 camel_cert_unref (old_cert);
710 }
711
712 camel_cert_ref (cert);
713 g_ptr_array_add (certdb->priv->certs, cert);
714 /* takes ownership of 'key' */
715 g_hash_table_insert (certdb->priv->cert_hash, key, cert);
716
717 certdb->priv->dirty = TRUE;
718
719 g_mutex_unlock (&certdb->priv->db_lock);
720 }
721
722 /**
723 * camel_certdb_remove_host:
724 * @certdb: a #CamelCertDB
725 * @hostname: a host name of a certificate
726 * @fingerprint: a fingerprint of a certificate
727 *
728 * Removes a certificate identified by the @hostname and @fingerprint.
729 *
730 * Since: 3.6
731 **/
732 void
camel_certdb_remove_host(CamelCertDB * certdb,const gchar * hostname,const gchar * fingerprint)733 camel_certdb_remove_host (CamelCertDB *certdb,
734 const gchar *hostname,
735 const gchar *fingerprint)
736 {
737 CamelCert *cert;
738 CamelCertDBKey *key;
739
740 g_return_if_fail (CAMEL_IS_CERTDB (certdb));
741
742 g_mutex_lock (&certdb->priv->db_lock);
743
744 key = certdb_key_new (hostname, fingerprint);
745 cert = g_hash_table_lookup (certdb->priv->cert_hash, key);
746 if (cert != NULL) {
747 g_hash_table_remove (certdb->priv->cert_hash, key);
748 g_ptr_array_remove (certdb->priv->certs, cert);
749 camel_cert_unref (cert);
750
751 certdb->priv->dirty = TRUE;
752 }
753
754 certdb_key_free (key);
755
756 g_mutex_unlock (&certdb->priv->db_lock);
757 }
758
759 static gboolean
cert_remove(gpointer key,gpointer value,gpointer user_data)760 cert_remove (gpointer key,
761 gpointer value,
762 gpointer user_data)
763 {
764 return TRUE;
765 }
766
767 void
camel_certdb_clear(CamelCertDB * certdb)768 camel_certdb_clear (CamelCertDB *certdb)
769 {
770 CamelCert *cert;
771 gint i;
772
773 g_return_if_fail (CAMEL_IS_CERTDB (certdb));
774
775 g_mutex_lock (&certdb->priv->db_lock);
776
777 g_hash_table_foreach_remove (certdb->priv->cert_hash, cert_remove, NULL);
778 for (i = 0; i < certdb->priv->certs->len; i++) {
779 cert = (CamelCert *) certdb->priv->certs->pdata[i];
780 camel_cert_unref (cert);
781 }
782
783 certdb->priv->saved_certs = 0;
784 g_ptr_array_set_size (certdb->priv->certs, 0);
785 certdb->priv->dirty = TRUE;
786
787 g_mutex_unlock (&certdb->priv->db_lock);
788 }
789
790 /**
791 * camel_certdb_list_certs:
792 * @certdb: a #CamelCertDB
793 *
794 * Gathers a list of known certificates. Each certificate in the returned #GSList
795 * is referenced, thus unref it with camel_cert_unref() when done with it, the same
796 * as free the list itself.
797 *
798 * Returns: (transfer full) (element-type CamelCert): Newly allocated list of
799 * referenced CamelCert-s, which are stored in the @certdb.
800 *
801 * Since: 3.16
802 **/
803 GSList *
camel_certdb_list_certs(CamelCertDB * certdb)804 camel_certdb_list_certs (CamelCertDB *certdb)
805 {
806 GSList *certs = NULL;
807 gint ii;
808
809 g_return_val_if_fail (CAMEL_IS_CERTDB (certdb), NULL);
810
811 g_mutex_lock (&certdb->priv->db_lock);
812
813 for (ii = 0; ii < certdb->priv->certs->len; ii++) {
814 CamelCert *cert = (CamelCert *) certdb->priv->certs->pdata[ii];
815
816 camel_cert_ref (cert);
817 certs = g_slist_prepend (certs, cert);
818 }
819
820 g_mutex_unlock (&certdb->priv->db_lock);
821
822 return g_slist_reverse (certs);
823 }
824