Commit eeeaa5c0 authored by Stef Walter's avatar Stef Walter

Rename CKA_G_ trust prefix to CKA_X_ and move to own file.

Move the PKCS#11 trust extensions to its own file and give it
its own prefix.
parent 2ac2d39c
......@@ -27,7 +27,6 @@
#include "gck/gck.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "egg/egg-error.h"
......
......@@ -32,6 +32,7 @@
#include <string.h>
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11x.h"
static void
dump_class_value (gulong klass)
......@@ -49,7 +50,7 @@ dump_class_value (gulong klass)
DX(CKO_G_COLLECTION);
DX(CKO_G_SEARCH);
DX(CKO_G_CREDENTIAL);
DX(CKO_G_TRUST_ASSERTION);
DX(CKO_X_TRUST_ASSERTION);
#undef DX
default:
......@@ -66,9 +67,9 @@ dump_assertion_type_value (gulong type)
{
switch (type) {
#define DX(x) case x: g_printerr ("%s", #x); break;
DX(CKT_G_UNTRUSTED_CERTIFICATE);
DX(CKT_G_PINNED_CERTIFICATE);
DX(CKT_G_ANCHORED_CERTIFICATE);
DX(CKT_X_UNTRUSTED_CERTIFICATE);
DX(CKT_X_PINNED_CERTIFICATE);
DX(CKT_X_ANCHORED_CERTIFICATE);
#undef DX
default:
......@@ -98,9 +99,9 @@ dump_attribute_value (GckAttribute *attr)
}
break;
case CKA_G_ASSERTION_TYPE:
if (attr->length == sizeof (CK_ASSERTION_TYPE)) {
dump_assertion_type_value (*(CK_ASSERTION_TYPE*)attr->value);
case CKA_X_ASSERTION_TYPE:
if (attr->length == sizeof (CK_X_ASSERTION_TYPE)) {
dump_assertion_type_value (*(CK_X_ASSERTION_TYPE*)attr->value);
return;
}
break;
......@@ -171,8 +172,8 @@ dump_attribute_value (GckAttribute *attr)
case CKA_MIME_TYPES:
case CKA_G_COLLECTION:
case CKA_G_SCHEMA:
case CKA_G_PURPOSE:
case CKA_G_PEER:
case CKA_X_PURPOSE:
case CKA_X_PEER:
if (g_utf8_validate (attr->value, attr->length, NULL)) {
int length = MIN (32, attr->length);
g_printerr ("%.*s%s", length, (gchar*)attr->value,
......@@ -307,10 +308,10 @@ dump_attribute_type (GckAttribute *attr)
DX(CKA_G_OBJECT);
DX(CKA_G_CREDENTIAL);
DX(CKA_G_CREDENTIAL_TEMPLATE);
DX(CKA_G_ASSERTION_TYPE);
DX(CKA_G_CERTIFICATE_VALUE);
DX(CKA_G_PURPOSE);
DX(CKA_G_PEER);
DX(CKA_X_ASSERTION_TYPE);
DX(CKA_X_CERTIFICATE_VALUE);
DX(CKA_X_PURPOSE);
DX(CKA_X_PEER);
#undef DX
default:
......
......@@ -33,6 +33,7 @@
#include "pkcs11/pkcs11n.h"
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11x.h"
/**
* SECTION:gcr-trust
......@@ -148,19 +149,19 @@ trust_operation_get (GckEnumerator *en)
}
static GckAttributes*
prepare_trust_attrs (GcrCertificate *certificate, CK_ASSERTION_TYPE type)
prepare_trust_attrs (GcrCertificate *certificate, CK_X_ASSERTION_TYPE type)
{
GckAttributes *attrs;
gconstpointer data;
gsize n_data;
attrs = gck_attributes_new ();
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, type);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, type);
data = gcr_certificate_get_der_data (certificate, &n_data);
g_return_val_if_fail (data, NULL);
gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data);
return attrs;
}
......@@ -176,11 +177,11 @@ prepare_is_certificate_pinned (GcrCertificate *certificate, const gchar *purpose
GckEnumerator *en;
GList *modules;
attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
attrs = prepare_trust_attrs (certificate, CKT_X_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_G_PEER, peer);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_X_PEER, peer);
/*
* TODO: We need to be able to sort the modules by preference
......@@ -361,11 +362,11 @@ prepare_add_pinned_certificate (GcrCertificate *certificate, const gchar *purpos
GckEnumerator *en;
GList *modules;
attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
attrs = prepare_trust_attrs (certificate, CKT_X_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_G_PEER, peer);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_X_PEER, peer);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
/*
......@@ -586,11 +587,11 @@ prepare_remove_pinned_certificate (GcrCertificate *certificate, const gchar *pur
GckEnumerator *en;
GList *modules;
attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
attrs = prepare_trust_attrs (certificate, CKT_X_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_G_PEER, peer);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_X_PEER, peer);
/*
* TODO: We need to be able to sort the modules by preference
......@@ -783,10 +784,10 @@ prepare_is_certificate_anchored (GcrCertificate *certificate, const gchar *purpo
GckEnumerator *en;
GList *modules;
attrs = prepare_trust_attrs (certificate, CKT_G_ANCHORED_CERTIFICATE);
attrs = prepare_trust_attrs (certificate, CKT_X_ANCHORED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
/*
* TODO: We need to be able to sort the modules by preference
......
......@@ -10,6 +10,9 @@
#include "gck/gck-mock.h"
#include "gck/gck-test.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11x.h"
#include <glib.h>
#include <string.h>
......@@ -173,10 +176,10 @@ add_anchor_to_module (GcrCertificate *certificate, const gchar *purpose)
/* And add a pinned certificate for the signed certificate */
attrs = gck_attributes_new ();
gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_ANCHORED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
gck_mock_module_take_object (attrs);
}
......@@ -192,11 +195,11 @@ add_pinned_to_module (GcrCertificate *certificate, const gchar *purpose, const g
/* And add a pinned certificate for the signed certificate */
attrs = gck_attributes_new ();
gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_PINNED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_G_PEER, host);
gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_PINNED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_X_PEER, host);
gck_mock_module_take_object (attrs);
}
......
......@@ -29,7 +29,9 @@
#include "gck/gck-mock.h"
#include "gck/gck-test.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11n.h"
#include "pkcs11/pkcs11x.h"
#include <glib.h>
......@@ -252,11 +254,11 @@ TESTING_TEST (trust_is_certificate_anchored_yes)
/* Create a certificate root trust */
attrs = gck_attributes_new ();
der = gcr_certificate_get_der_data (certificate, &n_der);
gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, der, n_der);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, der, n_der);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, GCR_PURPOSE_CLIENT_AUTH);
gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_ANCHORED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_X_PURPOSE, GCR_PURPOSE_CLIENT_AUTH);
gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
gck_mock_module_take_object (attrs);
ret = gcr_trust_is_certificate_anchored (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
......
......@@ -4,8 +4,8 @@ incdir = $(includedir)/gck
inc_HEADERS = \
pkcs11.h \
pkcs11g.h \
pkcs11n.h
pkcs11n.h \
pkcs11x.h
EXTRA_DIST = \
pkcs11i.h
......
......@@ -27,8 +27,8 @@
#include "gkm-trust.h"
#include "gkm-util.h"
#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11x.h"
#include <glib/gi18n.h>
......@@ -68,16 +68,16 @@ gkm_assertion_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
case CKA_PRIVATE:
return gkm_attribute_set_bool (attr, CK_FALSE);
case CKA_CLASS:
return gkm_attribute_set_ulong (attr, CKO_G_TRUST_ASSERTION);
return gkm_attribute_set_ulong (attr, CKO_X_TRUST_ASSERTION);
case CKA_MODIFIABLE:
return gkm_attribute_set_bool (attr, CK_FALSE);
/* Various trust flags */
case CKA_G_ASSERTION_TYPE:
case CKA_X_ASSERTION_TYPE:
return gkm_attribute_set_ulong (attr, self->pv->type);
case CKA_G_PURPOSE:
case CKA_X_PURPOSE:
return gkm_attribute_set_string (attr, self->pv->purpose);
case CKA_G_PEER:
case CKA_X_PEER:
if (!self->pv->peer)
return CKR_ATTRIBUTE_TYPE_INVALID;
return gkm_attribute_set_string (attr, self->pv->peer);
......@@ -85,7 +85,7 @@ gkm_assertion_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
/* Certificate reference values */
case CKA_SERIAL_NUMBER:
case CKA_ISSUER:
case CKA_G_CERTIFICATE_VALUE:
case CKA_X_CERTIFICATE_VALUE:
return gkm_object_get_attribute (GKM_OBJECT (self->pv->trust), session, attr);
default:
......
......@@ -40,7 +40,7 @@
#include "egg/egg-asn1x.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include <glib/gi18n.h>
......
......@@ -22,7 +22,6 @@
#include "config.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "gkm-aes-key.h"
......
......@@ -22,7 +22,6 @@
#include "config.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "gkm-attributes.h"
......
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/* pkcs11g.h - GNOME extensions to PKCS#11
Copyright (C) 2008, Stef Walter
The Gnome Keyring Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
The Gnome Keyring Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with the Gnome Library; see the file COPYING.LIB. If not,
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
Author: Stef Walter <stef@memberwebs.com>
*/
#ifndef PKCS11G_H
#define PKCS11G_H
#include "pkcs11.h"
#define CKA_GNOME (CKA_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKO_GNOME (CKO_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKR_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKM_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKK_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
/* -------------------------------------------------------------------
* OBJECT UNIQUE IDENTIFIER
*/
/* A string unique among all objects on a given machine */
#define CKA_GNOME_UNIQUE (CKA_GNOME + 350)
/* -------------------------------------------------------------------
*/
#define CKA_GNOME_TRANSIENT (CKA_GNOME + 201)
#endif /* PKCS11G_H */
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/* pkcs11g.h - GNOME internal definitions to PKCS#11
/* pkcs11i.h - GNOME internal definitions to PKCS#11
Copyright (C) 2008, Stef Walter
......@@ -25,7 +25,24 @@
#define PKCS11I_H
#include "pkcs11.h"
#include "pkcs11g.h"
#define CKA_GNOME (CKA_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKO_GNOME (CKO_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKR_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKM_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
#define CKK_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
/* -------------------------------------------------------------------
* OBJECT UNIQUE IDENTIFIER
*/
/* A string unique among all objects on a given machine */
#define CKA_GNOME_UNIQUE (CKA_GNOME + 350)
/* -------------------------------------------------------------------
*/
#define CKA_GNOME_TRANSIENT (CKA_GNOME + 201)
/* Signifies that nobody is logged in */
#define CKU_NONE G_MAXULONG
......@@ -119,26 +136,4 @@ typedef CK_G_APPLICATION* CK_G_APPLICATION_PTR;
#define CKA_G_CREDENTIAL_TEMPLATE (CKA_GNOME + 205)
/* -------------------------------------------------------------------
* TRUST ASSERTIONS
*/
#define CKO_G_TRUST_ASSERTION (CKO_GNOME + 400)
#define CKA_G_ASSERTION_TYPE (CKO_GNOME + 401)
#define CKA_G_CERTIFICATE_VALUE (CKO_GNOME + 402)
#define CKA_G_PURPOSE (CKO_GNOME + 403)
#define CKA_G_PEER (CKO_GNOME + 404)
typedef CK_ULONG CK_ASSERTION_TYPE;
#define CKT_G_UNTRUSTED_CERTIFICATE 1UL
#define CKT_G_PINNED_CERTIFICATE 2UL
#define CKT_G_ANCHORED_CERTIFICATE 3UL
#endif /* PKCS11I_H */
/* pkcs11x.h
Copyright 2010 Collabora Ltd
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. */
#ifndef PKCS11X_H
#define PKCS11X_H
#include "pkcs11.h"
#define CKA_XDG (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ )
#define CKO_XDG (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ )
/* -------------------------------------------------------------------
* TRUST ASSERTIONS
*/
#define CKO_X_TRUST_ASSERTION (CKO_XDG + 100)
#define CKA_X_ASSERTION_TYPE (CKA_XDG + 1)
#define CKA_X_CERTIFICATE_VALUE (CKA_XDG + 2)
#define CKA_X_PURPOSE (CKA_XDG + 3)
#define CKA_X_PEER (CKA_XDG + 4)
typedef CK_ULONG CK_X_ASSERTION_TYPE;
#define CKT_X_UNTRUSTED_CERTIFICATE 1UL
#define CKT_X_PINNED_CERTIFICATE 2UL
#define CKT_X_ANCHORED_CERTIFICATE 3UL
#endif /* PKCS11X_H */
......@@ -34,6 +34,7 @@
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11n.h"
#include "pkcs11/pkcs11x.h"
#include <glib/gi18n.h>
......@@ -175,13 +176,13 @@ build_linked_assertion (GkmRootsTrust *self, GkmTrustLevel level, const gchar *p
case GKM_TRUST_UNKNOWN:
return;
case GKM_TRUST_TRUSTED:
type = CKT_G_PINNED_CERTIFICATE;
type = CKT_X_PINNED_CERTIFICATE;
break;
case GKM_TRUST_UNTRUSTED:
type = CKT_G_UNTRUSTED_CERTIFICATE;
type = CKT_X_UNTRUSTED_CERTIFICATE;
break;
case GKM_TRUST_ANCHOR:
type = CKT_G_ANCHORED_CERTIFICATE;
type = CKT_X_ANCHORED_CERTIFICATE;
break;
default:
g_assert_not_reached ();
......@@ -240,7 +241,7 @@ gkm_roots_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUT
return hash_certificate (self, GCRY_MD_MD5, attr);
case CKA_CERT_SHA1_HASH:
return hash_certificate (self, GCRY_MD_SHA1, attr);
case CKA_G_CERTIFICATE_VALUE:
case CKA_X_CERTIFICATE_VALUE:
return full_certificate (self, attr);
default:
......
......@@ -27,7 +27,6 @@
#include "gkm-rpc-private.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "egg/egg-error.h"
......
......@@ -30,7 +30,7 @@
#include "ssh-store/gkm-ssh-private-key.h"
#include "pkcs11g.h"
#include "pkcs11i.h"
static GkmModule *module = NULL;
static GkmSession *session = NULL;
......
......@@ -25,7 +25,6 @@
#include "gkm-wrap-prompt.h"
#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include <glib.h>
......
......@@ -34,6 +34,7 @@
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11n.h"
#include "pkcs11/pkcs11x.h"
#include <glib/gi18n.h>
......@@ -49,7 +50,7 @@ G_DEFINE_TYPE (GkmXdgAssertion, gkm_xdg_assertion, GKM_TYPE_ASSERTION);
static GkmXdgTrust*
lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
GkmTransaction *transaction, CK_ASSERTION_TYPE type,
GkmTransaction *transaction, CK_X_ASSERTION_TYPE type,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, gboolean *created)
{
CK_ATTRIBUTE_PTR serial, issuer, value;
......@@ -66,9 +67,9 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
lookups[0].ulValueLen = sizeof (klass);
switch (type) {
case CKT_G_ANCHORED_CERTIFICATE:
case CKT_G_PINNED_CERTIFICATE:
value = gkm_attributes_find (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE);
case CKT_X_ANCHORED_CERTIFICATE:
case CKT_X_PINNED_CERTIFICATE:
value = gkm_attributes_find (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE);
if (!value) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
......@@ -79,7 +80,7 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
n_lookups = 2;
break;
case CKT_G_UNTRUSTED_CERTIFICATE:
case CKT_X_UNTRUSTED_CERTIFICATE:
serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER);
issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER);
if (!serial || !issuer) {
......@@ -112,9 +113,9 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
trust = gkm_xdg_trust_create_for_assertion (module, manager, transaction,
lookups, n_lookups);
gkm_attributes_consume (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE,
gkm_attributes_consume (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE,
CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
gkm_attributes_consume (lookups, n_lookups, CKA_G_CERTIFICATE_VALUE,
gkm_attributes_consume (lookups, n_lookups, CKA_X_CERTIFICATE_VALUE,
CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
if (!gkm_transaction_get_failed (transaction))
......@@ -130,7 +131,7 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmAssertion *assertion;
CK_ASSERTION_TYPE type;
CK_X_ASSERTION_TYPE type;
GkmManager *manager;
gboolean created = FALSE;
GkmXdgTrust *trust;
......@@ -139,17 +140,17 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
g_return_val_if_fail (attrs || !n_attrs, NULL);
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_ASSERTION_TYPE, &type)) {
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_X_ASSERTION_TYPE, &type)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_G_PURPOSE, &purpose)) {
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PURPOSE, &purpose)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_G_PEER, &peer))
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PEER, &peer))
peer = NULL;
/* Try to find or create an appropriate trust object for this assertion */
......@@ -182,7 +183,7 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
/* A new trust assertion */
} else {
gkm_attributes_consume (attrs, n_attrs, CKA_G_ASSERTION_TYPE, CKA_G_PURPOSE, G_MAXULONG);
gkm_attributes_consume (attrs, n_attrs, CKA_X_ASSERTION_TYPE, CKA_X_PURPOSE, G_MAXULONG);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (assertion),
TRUE, attrs, n_attrs);
}
......@@ -216,7 +217,7 @@ gkm_xdg_assertion_class_init (GkmXdgAssertionClass *klass)
GkmFactory*
gkm_xdg_assertion_get_factory (void)
{
static CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
static CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
static CK_ATTRIBUTE attributes[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
......
......@@ -39,6 +39,7 @@
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11n.h"
#include "pkcs11/pkcs11x.h"
#include <libtasn1.h>
......@@ -220,14 +221,14 @@ validate_integer (CK_ATTRIBUTE_PTR attr)
}
static GQuark
assertion_type_to_level_enum (CK_ASSERTION_TYPE type)
assertion_type_to_level_enum (CK_X_ASSERTION_TYPE type)
{
switch (type) {
case CKT_G_UNTRUSTED_CERTIFICATE:
case CKT_X_UNTRUSTED_CERTIFICATE:
return TRUST_UNTRUSTED;
case CKT_G_ANCHORED_CERTIFICATE:
case CKT_X_ANCHORED_CERTIFICATE:
return TRUST_TRUSTED_ANCHOR;
case CKT_G_PINNED_CERTIFICATE:
case CKT_X_PINNED_CERTIFICATE:
return TRUST_TRUSTED;
default:
return 0;
......@@ -235,14 +236,14 @@ assertion_type_to_level_enum (CK_ASSERTION_TYPE type)
}
static gboolean
level_enum_to_assertion_type (GQuark level, CK_ASSERTION_TYPE *type)
level_enum_to_assertion_type (GQuark level, CK_X_ASSERTION_TYPE *type)
{
if (level == TRUST_UNTRUSTED)
*type = CKT_G_UNTRUSTED_CERTIFICATE;
*type = CKT_X_UNTRUSTED_CERTIFICATE;
else if (level == TRUST_TRUSTED_ANCHOR)
*type = CKT_G_ANCHORED_CERTIFICATE;
*type = CKT_X_ANCHORED_CERTIFICATE;
else if (level == TRUST_TRUSTED)
*type = CKT_G_PINNED_CERTIFICATE;
*type = CKT_X_PINNED_CERTIFICATE;
else if (level == TRUST_UNKNOWN)
*type = 0;
else
......@@ -270,7 +271,7 @@ create_assertions (void)
static GkmAssertion*
create_assertion (GkmXdgTrust *self, GNode *asn)
{
CK_ASSERTION_TYPE type;
CK_X_ASSERTION_TYPE type;
GkmAssertion *assertion;
GQuark level;
gchar *purpose;
......@@ -608,7 +609,7 @@ gkm_xdg_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
return trust_get_integer (self, "serialNumber", attr);
case CKA_ISSUER:
return trust_get_der (self, "issuer", attr);
case CKA_G_CERTIFICATE_VALUE:
case CKA_X_CERTIFICATE_VALUE:
return trust_get_complete (self, attr);
/* Certificate hash values */
......@@ -653,11 +654,11 @@ gkm_xdg_trust_get_level (GkmTrust *base, const gchar *purpose)
return GKM_TRUST_UNKNOWN;
type = gkm_assertion_get_trust_type (assertion);
if (type == CKT_G_ANCHORED_CERTIFICATE)
if (type == CKT_X_ANCHORED_CERTIFICATE)
return GKM_TRUST_ANCHOR;
else if (type == CKT_G_PINNED_CERTIFICATE)
else if (type == CKT_X_PINNED_CERTIFICATE)
return GKM_TRUST_TRUSTED;
else if (type == CKT_G_UNTRUSTED_CERTIFICATE)
else if (type == CKT_X_UNTRUSTED_CERTIFICATE)
return GKM_TRUST_UNTRUSTED;
else
g_return_val_if_reached (GKM_TRUST_UNKNOWN);
......@@ -802,7 +803,7 @@ gkm_xdg_trust_create_for_assertion (GkmModule *module, GkmManager *manager,
serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER);
issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER);
cert = gkm_attributes_find (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE);
cert = gkm_attributes_find (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE);
/* A trust object with just serial + issuer */
if (serial != NULL && issuer != NULL) {
......@@ -836,7 +837,7 @@ gkm_xdg_trust_create_for_assertion (GkmModule *module, GkmManager *manager,
return NULL;
}
gkm_attributes_consume (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE, CKA_ISSUER,
gkm_attributes_consume (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE, CKA_ISSUER,
CKA_SERIAL_NUMBER, G_MAXULONG);
return trust;
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment