Merge branch 'tls-connection'

5 files changed, 635 insertions, 0 deletions

diff --git a/libempathy-gtk/Makefile.am b/libempathy-gtk/Makefile.am
index 377e86a05..de6cba2f1 100644
--- a/libempathy-gtk/Makefile.am
+++ b/libempathy-gtk/Makefile.am
@@ -6,6 +6,7 @@ AM_CPPFLAGS =                                           \
 	-I$(top_srcdir)                                 \
 	-DDATADIR=\""$(datadir)"\"              	\
 	-DPKGDATADIR=\""$(pkgdatadir)"\"		\
+	-DGCR_API_SUBJECT_TO_CHANGE			\
 	$(EMPATHY_CFLAGS)				\
 	$(GTK_CFLAGS)				\
 	$(LIBNOTIFY_CFLAGS)				\
@@ -82,6 +83,7 @@ libempathy_gtk_handwritten_source =            	\
 	empathy-theme-boxes.c			\
 	empathy-theme-irc.c			\
 	empathy-theme-manager.c			\
+	empathy-tls-dialog.c			\
 	empathy-ui-utils.c			\
 	empathy-video-src.c			\
 	empathy-video-widget.c
@@ -141,6 +143,7 @@ libempathy_gtk_headers =			\
 	empathy-theme-boxes.h			\
 	empathy-theme-irc.h			\
 	empathy-theme-manager.h			\
+	empathy-tls-dialog.h			\
 	empathy-ui-utils.h			\
 	empathy-video-src.h			\
 	empathy-video-widget.h
@@ -148,6 +151,7 @@ libempathy_gtk_headers =			\
 libempathy_gtk_la_SOURCES =			\
 	$(libempathy_gtk_handwritten_source)	\
 	$(libempathy_gtk_headers)		\
+	gcr-simple-certificate.c gcr-simple-certificate.h \
 	totem-subtitle-encoding.c totem-subtitle-encoding.h
 
 # do not distribute generated files
diff --git a/libempathy-gtk/empathy-tls-dialog.c b/libempathy-gtk/empathy-tls-dialog.c
new file mode 100644
index 000000000..bcfe92e65
--- /dev/null
+++ b/libempathy-gtk/empathy-tls-dialog.c
@@ -0,0 +1,367 @@
+/*
+ * empathy-tls-dialog.c - Source for EmpathyTLSDialog
+ * Copyright (C) 2010 Collabora Ltd.
+ * @author Cosimo Cecchi <cosimo.cecchi@collabora.co.uk>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#include <config.h>
+
+#include "empathy-tls-dialog.h"
+
+#include <glib/gi18n-lib.h>
+#include <gcr/gcr.h>
+#include <telepathy-glib/util.h>
+
+#include "gcr-simple-certificate.h"
+
+#define DEBUG_FLAG EMPATHY_DEBUG_TLS
+#include <libempathy/empathy-debug.h>
+#include <libempathy/empathy-utils.h>
+
+G_DEFINE_TYPE (EmpathyTLSDialog, empathy_tls_dialog,
+    GTK_TYPE_MESSAGE_DIALOG)
+
+#define GET_PRIV(obj) EMPATHY_GET_PRIV (obj, EmpathyTLSDialog);
+
+enum {
+  PROP_TLS_CERTIFICATE = 1,
+  PROP_REASON,
+  PROP_REMEMBER,
+  PROP_DETAILS,
+
+  LAST_PROPERTY,
+};
+
+typedef struct {
+  EmpathyTLSCertificate *certificate;
+  EmpTLSCertificateRejectReason reason;
+  GHashTable *details;
+
+  gboolean remember;
+
+  gboolean dispose_run;
+} EmpathyTLSDialogPriv;
+
+static void
+empathy_tls_dialog_get_property (GObject *object,
+    guint property_id,
+    GValue *value,
+    GParamSpec *pspec)
+{
+  EmpathyTLSDialogPriv *priv = GET_PRIV (object);
+
+  switch (property_id)
+    {
+    case PROP_TLS_CERTIFICATE:
+      g_value_set_object (value, priv->certificate);
+      break;
+    case PROP_REASON:
+      g_value_set_uint (value, priv->reason);
+      break;
+    case PROP_REMEMBER:
+      g_value_set_boolean (value, priv->remember);
+      break;
+    case PROP_DETAILS:
+      g_value_set_boxed (value, priv->details);
+      break;
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
+      break;
+    }
+}
+
+static void
+empathy_tls_dialog_set_property (GObject *object,
+    guint property_id,
+    const GValue *value,
+    GParamSpec *pspec)
+{
+  EmpathyTLSDialogPriv *priv = GET_PRIV (object);
+
+  switch (property_id)
+    {
+    case PROP_TLS_CERTIFICATE:
+      priv->certificate = g_value_dup_object (value);
+      break;
+    case PROP_REASON:
+      priv->reason = g_value_get_uint (value);
+      break;
+    case PROP_DETAILS:
+      priv->details = g_value_dup_boxed (value);
+      break;
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
+      break;
+    }
+}
+
+static void
+empathy_tls_dialog_dispose (GObject *object)
+{
+  EmpathyTLSDialogPriv *priv = GET_PRIV (object);
+
+  if (priv->dispose_run)
+    return;
+
+  priv->dispose_run = TRUE;
+
+  tp_clear_object (&priv->certificate);
+
+  G_OBJECT_CLASS (empathy_tls_dialog_parent_class)->dispose (object);
+}
+
+static void
+empathy_tls_dialog_finalize (GObject *object)
+{
+  EmpathyTLSDialogPriv *priv = GET_PRIV (object);
+
+  tp_clear_boxed (G_TYPE_HASH_TABLE, &priv->details);
+
+  G_OBJECT_CLASS (empathy_tls_dialog_parent_class)->finalize (object);
+}
+
+static gchar *
+reason_to_string (EmpathyTLSDialog *self)
+{
+  GString *str;
+  const gchar *reason_str;
+  EmpTLSCertificateRejectReason reason;
+  GHashTable *details;
+  EmpathyTLSDialogPriv *priv = GET_PRIV (self);
+
+  str = g_string_new (NULL);
+  reason = priv->reason;
+  details = priv->details;
+
+  g_string_append (str, _("The identity provided by the chat server cannot be "
+          "verified.\n"));
+
+  switch (reason)
+    {
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED:
+      reason_str = _("The certrificate is not signed by a Certification "
+          "Authority");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_EXPIRED:
+      reason_str = _("The certificate is expired");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_NOT_ACTIVATED:
+      reason_str = _("The certificate hasn't yet been activated");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_FINGERPRINT_MISMATCH:
+      reason_str = _("The certificate does not have the expected fingerprint");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH:
+      reason_str = _("The hostname verified by the certificate doesn't match "
+          "the server name");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED:
+      reason_str = _("The certificate is self-signed");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_REVOKED:
+      reason_str = _("The certificate has been revoked by the issuing "
+          "Certification Authority");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_INSECURE:
+      reason_str = _("The certificate is cryptographically weak");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_LIMIT_EXCEEDED:
+      reason_str = _("The certificate length exceeds verifiable limits");
+      break;
+    case EMP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN:
+    default:
+      reason_str = _("The certificate is malformed");
+      break;
+    }
+
+  g_string_append_printf (str, "%s.", reason_str);
+
+  /* add more information in case of HOSTNAME_MISMATCH */
+  if (reason == EMP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH)
+    {
+      const gchar *expected_hostname, *certificate_hostname;
+
+      expected_hostname = tp_asv_get_string (details, "expected-hostname");
+      certificate_hostname = tp_asv_get_string (details,
+          "certificate-hostname");
+
+      if (expected_hostname != NULL && certificate_hostname != NULL)
+        {
+          g_string_append (str, "\n");
+          g_string_append_printf (str, _("Expected hostname: %s"),
+              expected_hostname);
+          g_string_append (str, "\n");
+          g_string_append_printf (str, _("Certificate hostname: %s"),
+              certificate_hostname);
+        }
+    }
+
+  return g_string_free (str, FALSE);
+}
+
+static GtkWidget *
+build_gcr_widget (EmpathyTLSDialog *self)
+{
+  GcrCertificateBasicsWidget *widget;
+  GcrCertificate *certificate;
+  GPtrArray *cert_chain = NULL;
+  GArray *first_cert;
+  EmpathyTLSDialogPriv *priv = GET_PRIV (self);
+
+  g_object_get (priv->certificate,
+      "cert-data", &cert_chain,
+      NULL);
+  first_cert = g_ptr_array_index (cert_chain, 0);
+
+  certificate = gcr_simple_certificate_new ((const guchar *) first_cert->data,
+      first_cert->len);
+  widget = gcr_certificate_basics_widget_new (certificate);
+
+  g_object_unref (certificate);
+  g_ptr_array_unref (cert_chain);
+
+  return GTK_WIDGET (widget);
+}
+
+static void
+checkbox_toggled_cb (GtkToggleButton *checkbox,
+    gpointer user_data)
+{
+  EmpathyTLSDialog *self = user_data;
+  EmpathyTLSDialogPriv *priv = GET_PRIV (self);
+
+  priv->remember = gtk_toggle_button_get_active (checkbox);
+  g_object_notify (G_OBJECT (self), "remember");
+}
+
+static void
+empathy_tls_dialog_constructed (GObject *object)
+{
+  GtkWidget *content_area, *expander, *details, *checkbox;
+  gchar *text;
+  EmpathyTLSDialog *self = EMPATHY_TLS_DIALOG (object);
+  GtkMessageDialog *message_dialog = GTK_MESSAGE_DIALOG (self);
+  GtkDialog *dialog = GTK_DIALOG (self);
+  EmpathyTLSDialogPriv *priv = GET_PRIV (self);
+
+  gtk_dialog_add_buttons (dialog,
+      GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
+      _("Continue"), GTK_RESPONSE_YES,
+      NULL);
+
+  text = reason_to_string (self);
+
+  g_object_set (message_dialog,
+      "text", _("This connection is untrusted, would you like to "
+          "continue anyway?"),
+      "secondary-text", text,
+      NULL);
+
+  g_free (text);
+
+  content_area = gtk_dialog_get_content_area (dialog);
+
+  /* FIXME: right now we do this only if the error is SelfSigned, as we can
+   * easily store the new CA cert in $XDG_CONFIG_DIR/telepathy/certs in that
+   * case. For the other errors, we probably need a smarter/more powerful
+   * certificate storage.
+   */
+  if (priv->reason == EMP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED)
+    {
+      checkbox = gtk_check_button_new_with_label (
+          _("Remember this choice for future connections"));
+      gtk_box_pack_end (GTK_BOX (content_area), checkbox, FALSE, FALSE, 0);
+      gtk_widget_show (checkbox);
+
+      g_signal_connect (checkbox, "toggled",
+          G_CALLBACK (checkbox_toggled_cb), self);
+    }
+
+  text = g_strdup_printf ("<b>%s</b>", _("Certificate Details"));
+  expander = gtk_expander_new (text);
+  gtk_expander_set_use_markup (GTK_EXPANDER (expander), TRUE);
+  gtk_box_pack_end (GTK_BOX (content_area), expander, TRUE, TRUE, 0);
+  gtk_widget_show (expander);
+
+  g_free (text);
+
+  details = build_gcr_widget (self);
+  gtk_container_add (GTK_CONTAINER (expander), details);
+  gtk_widget_show (details);
+}
+
+static void
+empathy_tls_dialog_init (EmpathyTLSDialog *self)
+{
+  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
+      EMPATHY_TYPE_TLS_DIALOG, EmpathyTLSDialogPriv);
+}
+
+static void
+empathy_tls_dialog_class_init (EmpathyTLSDialogClass *klass)
+{
+  GParamSpec *pspec;
+  GObjectClass *oclass = G_OBJECT_CLASS (klass);
+
+  g_type_class_add_private (klass, sizeof (EmpathyTLSDialogPriv));
+
+  oclass->set_property = empathy_tls_dialog_set_property;
+  oclass->get_property = empathy_tls_dialog_get_property;
+  oclass->dispose = empathy_tls_dialog_dispose;
+  oclass->finalize = empathy_tls_dialog_finalize;
+  oclass->constructed = empathy_tls_dialog_constructed;
+
+  pspec = g_param_spec_object ("certificate", "The EmpathyTLSCertificate",
+      "The EmpathyTLSCertificate to be displayed.",
+      EMPATHY_TYPE_TLS_CERTIFICATE,
+      G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
+  g_object_class_install_property (oclass, PROP_TLS_CERTIFICATE, pspec);
+
+  pspec = g_param_spec_uint ("reason", "The reason",
+      "The reason why the certificate is being asked for confirmation.",
+      0, NUM_EMP_TLS_CERTIFICATE_REJECT_REASONS - 1,
+      EMP_TLS_CERTIFICATE_REJECT_REASON_UNKNOWN,
+      G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
+  g_object_class_install_property (oclass, PROP_REASON, pspec);
+
+  pspec = g_param_spec_boolean ("remember", "Whether to remember the decision",
+      "Whether we should remember the decision for this certificate.",
+      FALSE,
+      G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+  g_object_class_install_property (oclass, PROP_REMEMBER, pspec);
+
+  pspec = g_param_spec_boxed ("details", "Rejection details",
+      "Additional details about the rejection of this certificate.",
+      G_TYPE_HASH_TABLE,
+      G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
+  g_object_class_install_property (oclass, PROP_DETAILS, pspec);
+}
+
+GtkWidget *
+empathy_tls_dialog_new (EmpathyTLSCertificate *certificate,
+    EmpTLSCertificateRejectReason reason,
+    GHashTable *details)
+{
+  g_assert (EMPATHY_IS_TLS_CERTIFICATE (certificate));
+
+  return g_object_new (EMPATHY_TYPE_TLS_DIALOG,
+      "message-type", GTK_MESSAGE_WARNING,
+      "certificate", certificate,
+      "reason", reason,
+      "details", details,
+      NULL);
+}
diff --git a/libempathy-gtk/empathy-tls-dialog.h b/libempathy-gtk/empathy-tls-dialog.h
new file mode 100644
index 000000000..fcf72fe9b
--- /dev/null
+++ b/libempathy-gtk/empathy-tls-dialog.h
@@ -0,0 +1,69 @@
+/*
+ * empathy-tls-dialog.h - Header for EmpathyTLSDialog
+ * Copyright (C) 2010 Collabora Ltd.
+ * @author Cosimo Cecchi <cosimo.cecchi@collabora.co.uk>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifndef __EMPATHY_TLS_DIALOG_H__
+#define __EMPATHY_TLS_DIALOG_H__
+
+#include <glib-object.h>
+#include <gtk/gtk.h>
+
+#include <libempathy/empathy-tls-certificate.h>
+
+#include <extensions/extensions.h>
+
+G_BEGIN_DECLS
+
+typedef struct _EmpathyTLSDialog EmpathyTLSDialog;
+typedef struct _EmpathyTLSDialogClass EmpathyTLSDialogClass;
+
+struct _EmpathyTLSDialogClass {
+    GtkMessageDialogClass parent_class;
+};
+
+struct _EmpathyTLSDialog {
+    GtkMessageDialog parent;
+    gpointer priv;
+};
+
+GType empathy_tls_dialog_get_type (void);
+
+#define EMPATHY_TYPE_TLS_DIALOG \
+  (empathy_tls_dialog_get_type ())
+#define EMPATHY_TLS_DIALOG(obj) \
+  (G_TYPE_CHECK_INSTANCE_CAST((obj), EMPATHY_TYPE_TLS_DIALOG, \
+    EmpathyTLSDialog))
+#define EMPATHY_TLS_DIALOG_CLASS(klass) \
+  (G_TYPE_CHECK_CLASS_CAST((klass), EMPATHY_TYPE_TLS_DIALOG, \
+  EmpathyTLSDialogClass))
+#define EMPATHY_IS_TLS_DIALOG(obj) \
+  (G_TYPE_CHECK_INSTANCE_TYPE((obj), EMPATHY_TYPE_TLS_DIALOG))
+#define EMPATHY_IS_TLS_DIALOG_CLASS(klass) \
+  (G_TYPE_CHECK_CLASS_TYPE((klass), EMPATHY_TYPE_TLS_DIALOG))
+#define EMPATHY_TLS_DIALOG_GET_CLASS(obj) \
+  (G_TYPE_INSTANCE_GET_CLASS ((obj), EMPATHY_TYPE_TLS_DIALOG, \
+  EmpathyTLSDialogClass))
+
+GtkWidget * empathy_tls_dialog_new (EmpathyTLSCertificate *certificate,
+    EmpTLSCertificateRejectReason reason,
+    GHashTable *details);
+
+G_END_DECLS
+
+#endif /* #ifndef __EMPATHY_TLS_DIALOG_H__*/
diff --git a/libempathy-gtk/gcr-simple-certificate.c b/libempathy-gtk/gcr-simple-certificate.c
new file mode 100644
index 000000000..072cbac97
--- /dev/null
+++ b/libempathy-gtk/gcr-simple-certificate.c
@@ -0,0 +1,134 @@
+/* 
+ * gnome-keyring
+ * 
+ * Copyright (C) 2008 Stefan Walter
+ *
+ * This file is copied from the gnome-keyring gcr library, which can be
+ * found at git://git.gnome.org/gnome-keyring
+ * 
+ * This program is free software; you can redistribute it and/or modify 
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *  
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *  
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.  
+ */
+
+#include "config.h"
+
+#include <gcr/gcr.h>
+#include "gcr-simple-certificate.h"
+
+#include <string.h>
+
+struct _GcrSimpleCertificatePrivate {
+	guchar *owned_data;
+	gsize n_owned_data;
+};
+
+static void gcr_certificate_iface (GcrCertificateIface *iface); 
+G_DEFINE_TYPE_WITH_CODE (GcrSimpleCertificate, gcr_simple_certificate, G_TYPE_OBJECT, 
+                         G_IMPLEMENT_INTERFACE (GCR_TYPE_CERTIFICATE, gcr_certificate_iface));
+
+/* -----------------------------------------------------------------------------
+ * OBJECT 
+ */
+
+static void
+gcr_simple_certificate_init (GcrSimpleCertificate *self)
+{
+	self->pv = G_TYPE_INSTANCE_GET_PRIVATE (self, GCR_TYPE_SIMPLE_CERTIFICATE, GcrSimpleCertificatePrivate);
+}
+
+static void
+gcr_simple_certificate_finalize (GObject *obj)
+{
+	GcrSimpleCertificate *self = GCR_SIMPLE_CERTIFICATE (obj);
+	
+	g_free (self->pv->owned_data);
+	self->pv->owned_data = NULL;
+	self->pv->n_owned_data = 0;
+
+	G_OBJECT_CLASS (gcr_simple_certificate_parent_class)->finalize (obj);
+}
+
+static void
+gcr_simple_certificate_set_property (GObject *obj, guint prop_id, const GValue *value, 
+                                     GParamSpec *pspec)
+{
+	switch (prop_id) {
+	default:
+		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
+		break;
+	}
+}
+
+static void
+gcr_simple_certificate_get_property (GObject *obj, guint prop_id, GValue *value, 
+                                     GParamSpec *pspec)
+{
+	switch (prop_id) {
+	default:
+		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
+		break;
+	}
+}
+
+static void
+gcr_simple_certificate_class_init (GcrSimpleCertificateClass *klass)
+{
+	GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+    
+	gobject_class->finalize = gcr_simple_certificate_finalize;
+	gobject_class->set_property = gcr_simple_certificate_set_property;
+	gobject_class->get_property = gcr_simple_certificate_get_property;
+	
+	g_type_class_add_private (gobject_class, sizeof (GcrSimpleCertificatePrivate));
+}
+
+static const guchar* 
+gcr_simple_certificate_real_get_der_data (GcrCertificate *base, gsize *n_data)
+{
+	GcrSimpleCertificate *self = GCR_SIMPLE_CERTIFICATE (base);
+	
+	g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
+	g_return_val_if_fail (n_data, NULL);
+	g_return_val_if_fail (self->pv->owned_data, NULL);
+	
+	/* This is called when we're not a base class */
+	*n_data = self->pv->n_owned_data;
+	return self->pv->owned_data;
+}
+
+static void 
+gcr_certificate_iface (GcrCertificateIface *iface) 
+{
+	iface->get_der_data = (gpointer)gcr_simple_certificate_real_get_der_data;
+}
+
+/* -----------------------------------------------------------------------------
+ * PUBLIC 
+ */
+
+GcrCertificate*
+gcr_simple_certificate_new (const guchar *data, gsize n_data)
+{
+	GcrSimpleCertificate *cert;
+	
+	g_return_val_if_fail (data, NULL);
+	g_return_val_if_fail (n_data, NULL);
+	
+	cert = g_object_new (GCR_TYPE_SIMPLE_CERTIFICATE, NULL);
+	
+	cert->pv->owned_data = g_memdup (data, n_data);
+	cert->pv->n_owned_data = n_data;
+	return GCR_CERTIFICATE (cert);
+}
diff --git a/libempathy-gtk/gcr-simple-certificate.h b/libempathy-gtk/gcr-simple-certificate.h
new file mode 100644
index 000000000..ee46b4817
--- /dev/null
+++ b/libempathy-gtk/gcr-simple-certificate.h
@@ -0,0 +1,61 @@
+/* 
+ * gnome-keyring
+ * 
+ * Copyright (C) 2008 Stefan Walter
+ *
+ * This file is copied from the gnome-keyring gcr library, which can be
+ * found at git://git.gnome.org/gnome-keyring
+ * 
+ * This program is free software; you can redistribute it and/or modify 
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *  
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *  
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.  
+ */
+
+#ifndef __GCR_SIMPLE_CERTIFICATE_H__
+#define __GCR_SIMPLE_CERTIFICATE_H__
+
+#include <gcr/gcr.h>
+
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+
+#define GCR_TYPE_SIMPLE_CERTIFICATE               (gcr_simple_certificate_get_type ())
+#define GCR_SIMPLE_CERTIFICATE(obj)               (G_TYPE_CHECK_INSTANCE_CAST ((obj), GCR_TYPE_CERTIFICATE, GcrSimpleCertificate))
+#define GCR_SIMPLE_CERTIFICATE_CLASS(klass)       (G_TYPE_CHECK_CLASS_CAST ((klass), GCR_TYPE_CERTIFICATE, GcrSimpleCertificateClass))
+#define GCR_IS_SIMPLE_CERTIFICATE(obj)            (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GCR_TYPE_CERTIFICATE))
+#define GCR_IS_SIMPLE_CERTIFICATE_CLASS(klass)    (G_TYPE_CHECK_CLASS_TYPE ((klass), GCR_TYPE_CERTIFICATE))
+#define GCR_SIMPLE_CERTIFICATE_GET_CLASS(obj)     (G_TYPE_INSTANCE_GET_CLASS ((obj), GCR_TYPE_CERTIFICATE, GcrSimpleCertificateClass))
+
+typedef struct _GcrSimpleCertificate GcrSimpleCertificate;
+typedef struct _GcrSimpleCertificateClass GcrSimpleCertificateClass;
+typedef struct _GcrSimpleCertificatePrivate GcrSimpleCertificatePrivate;
+
+struct _GcrSimpleCertificate {
+	GObject parent;
+	GcrSimpleCertificatePrivate *pv;
+};
+
+struct _GcrSimpleCertificateClass {
+	GObjectClass parent_class;
+};
+
+GType               gcr_simple_certificate_get_type               (void);
+
+GcrCertificate*     gcr_simple_certificate_new                    (const guchar *data,
+                                                                   gsize n_data);
+
+G_END_DECLS
+
+#endif /* __GCR_SIMPLE_CERTIFICATE_H__ */