From 959ddec2a4711813abed7e0999bb5bbc88522e56 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 9 Jul 2025 15:05:39 +0200
Subject: [PATCH] contrib/nm-vpn-plugin-utils: add
 nm_vpn_plugin_utils_get_cert_path()

Add a function to generate the path for imported certificates.

See https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/95
---
 src/contrib/nm-vpn-plugin-utils.c | 30 ++++++++++++++++++++++++++++++
 src/contrib/nm-vpn-plugin-utils.h |  2 ++
 2 files changed, 32 insertions(+)

diff --git a/src/contrib/nm-vpn-plugin-utils.c b/src/contrib/nm-vpn-plugin-utils.c
index a9407608db..24b08ac6df 100644
--- a/src/contrib/nm-vpn-plugin-utils.c
+++ b/src/contrib/nm-vpn-plugin-utils.c
@@ -155,3 +155,33 @@ nm_vpn_plugin_utils_load_editor(const char                   *module_path,
     g_return_val_if_fail(NM_IS_VPN_EDITOR(editor), NULL);
     return editor;
 }
+
+char *
+nm_vpn_plugin_utils_get_cert_path(const char *plugin)
+{
+    const char *path;
+
+    g_return_val_if_fail(plugin, NULL);
+
+    /* Users can set NM_CERT_PATH=~/.cert to be compatible with the certificate
+     * directory used in the past. */
+    path = g_getenv("NM_CERT_PATH");
+    if (path)
+        return g_build_filename(path, plugin, NULL);
+
+    /* Otherwise use XDG_DATA_HOME. We use subdirectory "networkmanagement/certificates"
+     * because the SELinux policy already has rules to set the correct labels in that
+     * directory. */
+    path = g_getenv("XDG_DATA_HOME");
+    if (path)
+        return g_build_filename(path, "networkmanagement", "certificates", plugin, NULL);
+
+    /* Use the default value for XDG_DATA_HOME */
+    return g_build_filename(g_get_home_dir(),
+                            ".local",
+                            "share",
+                            "networkmanagement",
+                            "certificates",
+                            plugin,
+                            NULL);
+}
diff --git a/src/contrib/nm-vpn-plugin-utils.h b/src/contrib/nm-vpn-plugin-utils.h
index 6a6ea0b99c..78e29d0bf8 100644
--- a/src/contrib/nm-vpn-plugin-utils.h
+++ b/src/contrib/nm-vpn-plugin-utils.h
@@ -24,4 +24,6 @@ NMVpnEditor *nm_vpn_plugin_utils_load_editor(const char                   *modul
                                              gpointer                      user_data,
                                              GError                      **error);
 
+char *nm_vpn_plugin_utils_get_cert_path(const char *plugin);
+
 #endif /* __NM_VPN_PLUGIN_UTILS_H__ */