Boring certificate check dialogs still there with aqbanking4

Rainer Dorsch rdorsch at web.de
Thu Dec 31 12:30:50 EST 2009


Micha,

you posted a "Fix for boring certificate check dialogs (module 
import.aqbanking)" 
http://www.mail-archive.com/gnucash-devel%40gnucash.org/msg22523.html  and 
commented on  https://bugzilla.gnome.org/show_bug.cgi?id=559670 . I did a 
checkout of the latest 2.2 branch and applied two patches for aqbanking4 (the 
first is yours)

svn co http://svn.gnucash.org/repo/gnucash/branches/2.2/ gnucash-2.2-branch
svn merge -c r18037 http://svn.gnucash.org/repo/gnucash/trunk
 (see https://bugzilla.gnome.org/show_bug.cgi?id=559670 )
svn merge -c r18167 http://svn.gnucash.org/repo/gnucash/trunk
 (see https://bugzilla.gnome.org/show_bug.cgi?id=582048 )

but no luck. I verified the gnucash really finds aqbanking4 during 
configuration phase:

rd at blackbox:~/SW.nobackup/gnucash-2.2-branch$ grep aqbanking config.log
configure:28916: checking for aqbanking >= 3.0.0 gwenhywfar
configure:28927: 
result: -I/opt/aqbanking-4.2.1/include -I/opt/gwenhywfar-3.11.2/include/gwenhywfar3
configure:28933: 
result: -L/opt/aqbanking-4.2.1/lib -L/opt/gwenhywfar-3.11.2/lib -laqbanking -lgwenhywfar
| #define QT3_WIZARD_PACKAGE "aqbanking"
| #define QT3_WIZARD_PACKAGE "aqbanking"
config.status:987: creating src/import-export/aqbanking/Makefile
config.status:987: creating src/import-export/aqbanking/schemas/Makefile
  Optional components....: ofx aqbanking
AQBANKING_CFLAGS='-I/opt/aqbanking-4.2.1/include -I/opt/gwenhywfar-3.11.2/include/gwenhywfar3'
AQBANKING_DIR='aqbanking'
AQBANKING_LIBS='-L/opt/aqbanking-4.2.1/lib -L/opt/gwenhywfar-3.11.2/lib -laqbanking -lgwenhywfar  '
#define QT3_WIZARD_PACKAGE "aqbanking"

For reference this is the diff to gnucash 2.2 trunk:


rd at blackbox:~/SW.nobackup/gnucash-2.2-branch$ svn diff

Eigenschaftsänderungen: .
___________________________________________________________________
Hinzugefügt: svn:mergeinfo
   Zusammengeführt /gnucash/trunk:r18037,18167

Index: src/import-export/aqbanking/gnc-ab-transfer.c
===================================================================
--- src/import-export/aqbanking/gnc-ab-transfer.c       (Revision 18540)
+++ src/import-export/aqbanking/gnc-ab-transfer.c       (Arbeitskopie)
@@ -236,6 +236,13 @@
             /* Create a context to store possible results */
             context = AB_ImExporterContext_new();

+            gui = gnc_GWEN_Gui_get(parent);
+            if (!gui) {
+                g_warning("gnc_ab_maketrans: Couldn't initialize Gwenhywfar 
GUI");
+                aborted = TRUE;
+                goto repeat;
+            }
+
             /* Finally, execute the job */
             AB_Banking_ExecuteJobs(api, job_list, context, 0);

Index: src/import-export/aqbanking/gnc-ab-utils.c
===================================================================
--- src/import-export/aqbanking/gnc-ab-utils.c  (Revision 18540)
+++ src/import-export/aqbanking/gnc-ab-utils.c  (Arbeitskopie)
@@ -804,3 +804,24 @@

     return gnc_gen_trans_list_run(ieci->generic_importer);
 }
+
+GWEN_DB_NODE *
+gnc_ab_get_permanent_certs(void)
+{
+    int rv;
+    GWEN_DB_NODE *perm_certs = NULL;
+    AB_BANKING *banking = gnc_AB_BANKING_new();
+
+    g_return_val_if_fail(banking, NULL);
+#ifdef AQBANKING_VERSION_4_PLUS
+    rv = AB_Banking_LoadSharedConfig(banking, "certs", &perm_certs, 0);
+#else
+    /* FIXME: Add code for older AqBanking versions */
+    /* See QBankmanager 0.9.50 in src/kbanking/libs/kbanking.cpp lines 323ff
+       for a proper example of how to do this */
+    rv = 0;
+#endif
+    gnc_AB_BANKING_fini(banking);
+    g_return_val_if_fail(rv >= 0, NULL);
+    return perm_certs;
+}
Index: src/import-export/aqbanking/gnc-gwen-gui.c
===================================================================
--- src/import-export/aqbanking/gnc-gwen-gui.c  (Revision 18540)
+++ src/import-export/aqbanking/gnc-gwen-gui.c  (Arbeitskopie)
@@ -184,6 +184,7 @@

     /* Certificates handling */
     GHashTable *accepted_certs;
+    GWEN_DB_NODE *permanently_accepted_certs;
     GWEN_GUI_CHECKCERT_FN builtin_checkcert;

     /* Dialogs */
@@ -285,6 +286,8 @@
         g_hash_table_destroy(gui->passwords);
     if (gui->showbox_hash)
         g_hash_table_destroy(gui->showbox_hash);
+    if (gui->permanently_accepted_certs)
+        GWEN_DB_Group_free(gui->permanently_accepted_certs);
     if (gui->accepted_certs)
         g_hash_table_destroy(gui->accepted_certs);
     gtk_widget_destroy(gui->dialog);
@@ -371,6 +374,7 @@
     gui->close_button = glade_xml_get_widget(xml, "close_button");
     gui->close_checkbutton = glade_xml_get_widget(xml, "close_checkbutton");
     gui->accepted_certs = NULL;
+    gui->permanently_accepted_certs = NULL;
     gui->showbox_hash = NULL;
     gui->showbox_id = 1;

@@ -448,6 +452,8 @@
     if (!gui->accepted_certs)
         gui->accepted_certs = g_hash_table_new_full(
             g_str_hash, g_str_equal, (GDestroyNotify) g_free, NULL);
+    if (!gui->permanently_accepted_certs)
+        gui->permanently_accepted_certs = gnc_ab_get_permanent_certs();

     LEAVE(" ");
 }
@@ -1251,7 +1257,8 @@
     const gchar *hash, *status;
     struct md5_ctx md5_context;
     gchar cert_hash[16];
-    gint retval;
+    gchar *cert_hash_hex;
+    gint retval, i;

     g_return_val_if_fail(gui && gui->accepted_certs, -1);

@@ -1266,8 +1273,26 @@
     md5_process_bytes(status, strlen(status), &md5_context);
     md5_finish_ctx(&md5_context, cert_hash);

+    /* Did we get the permanently accepted certs from AqBanking? */
+    if (gui->permanently_accepted_certs) {
+        /* Generate a hex string of the cert_hash for usage by AqBanking cert 
store */
+        cert_hash_hex = g_new0(gchar, 33);
+        for (i = 0; i < 16; i++)
+            g_snprintf(cert_hash_hex+2*i, 3, "%02X", (unsigned 
char)cert_hash[i]);
+
+        retval=GWEN_DB_GetIntValue(gui->permanently_accepted_certs, 
cert_hash_hex, 0, -1);
+        g_free(cert_hash_hex);
+        if (retval == 0) {
+            /* Certificate is marked as accepted in AqBanking's cert store */
+            LEAVE("Certificate accepted by AqBanking's permanent cert 
store");
+            return 0;
+        }
+    } else {
+        g_warning("Can't check permanently accepted certs from invalid 
AqBanking cert store.");
+    }
+
     if (g_hash_table_lookup(gui->accepted_certs, cert_hash)) {
-        /* Certificate has been accepted before */
+        /* Certificate has been accepted by Gnucash before */
         LEAVE("Automatically accepting certificate");
         return 0;
     }
Index: src/import-export/aqbanking/gnc-ab-utils.h
===================================================================
--- src/import-export/aqbanking/gnc-ab-utils.h  (Revision 18540)
+++ src/import-export/aqbanking/gnc-ab-utils.h  (Arbeitskopie)
@@ -225,6 +225,14 @@
  */
 gboolean gnc_ab_ieci_run_matcher(GncABImExContextImport *ieci);

+
+/**
+ * get the GWEN_DB_NODE from AqBanking configuration files
+ *
+ * @return a GWEN_DB containing all permanently accepted SSL certificates 
(hashed).
+ */
+GWEN_DB_NODE *gnc_ab_get_permanent_certs(void);
+
 G_END_DECLS

 /** @} */
rd at blackbox:~/SW.nobackup/gnucash-2.2-branch$


Do you have an idea why I still get several times the annoying certificate 
confirmation for each transaction?

Thanks,
Rainer

-- 
Rainer Dorsch
Lärchenstr. 6
D-72135 Dettenhausen
07157-734133
email: rdorsch at web.de
jabber: rdorsch at jabber.org
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F  8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.gnucash.org/pipermail/gnucash-devel/attachments/20091231/8908cd50/attachment.bin>


More information about the gnucash-devel mailing list