static CK_RV
gkm_secret_object_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
GkmSecretObject *self = GKM_SECRET_OBJECT (base);
switch (attr->type) {
case CKA_MODIFIABLE:
return gkm_attribute_set_bool (attr, TRUE);
case CKA_ID:
return gkm_attribute_set_string (attr, gkm_secret_object_get_identifier (self));
case CKA_LABEL:
return gkm_attribute_set_string (attr, gkm_secret_object_get_label (self));
case CKA_G_LOCKED:
return gkm_attribute_set_bool (attr, gkm_secret_object_is_locked (self, session));
case CKA_G_CREATED:
return gkm_attribute_set_time (attr, gkm_secret_object_get_created (self));
case CKA_G_MODIFIED:
return gkm_attribute_set_time (attr, gkm_secret_object_get_modified (self));
}
return GKM_OBJECT_CLASS (gkm_secret_object_parent_class)->get_attribute (base, session, attr);
}
static CK_RV
gkm_generic_key_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE *attr)
{
GkmGenericKey *self = GKM_GENERIC_KEY (base);
switch (attr->type)
{
case CKA_KEY_TYPE:
return gkm_attribute_set_ulong (attr, CKK_GENERIC_SECRET);
case CKA_DERIVE:
return gkm_attribute_set_bool (attr, CK_TRUE);
case CKA_UNWRAP:
case CKA_WRAP:
return gkm_attribute_set_bool (attr, CK_FALSE);
case CKA_VALUE:
return gkm_attribute_set_data (attr, self->value, self->n_value);
case CKA_VALUE_LEN:
return gkm_attribute_set_ulong (attr, self->n_value);
case CKA_CHECK_VALUE:
return attribute_set_check_value (self, attr);
case CKA_ALLOWED_MECHANISMS:
return gkm_attribute_set_data (attr, (CK_VOID_PTR)GKM_GENERIC_MECHANISMS,
sizeof (GKM_GENERIC_MECHANISMS));
};
return GKM_OBJECT_CLASS (gkm_generic_key_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_secret_object_class_init (GkmSecretObjectClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gkm_secret_object_parent_class = g_type_class_peek_parent (klass);
g_type_class_add_private (klass, sizeof (GkmSecretObjectPrivate));
gobject_class->constructor = gkm_secret_object_constructor;
gobject_class->finalize = gkm_secret_object_finalize;
gobject_class->set_property = gkm_secret_object_set_property;
gobject_class->get_property = gkm_secret_object_get_property;
gkm_class->get_attribute = gkm_secret_object_get_attribute;
gkm_class->set_attribute = gkm_secret_object_set_attribute;
klass->is_locked = gkm_secret_object_real_is_locked;
g_object_class_install_property (gobject_class, PROP_IDENTIFIER,
g_param_spec_string ("identifier", "Identifier", "Object Identifier",
NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (gobject_class, PROP_LABEL,
g_param_spec_string ("label", "Label", "Object Label",
"", G_PARAM_READWRITE | G_PARAM_CONSTRUCT));
g_object_class_install_property (gobject_class, PROP_CREATED,
g_param_spec_long ("created", "Created", "Object Create Time",
0, G_MAXLONG, 0, G_PARAM_READABLE));
g_object_class_install_property (gobject_class, PROP_MODIFIED,
g_param_spec_long ("modified", "Modified", "Object Modify Time",
0, G_MAXLONG, 0, G_PARAM_READABLE));
}
static void
gkm_secret_object_set_attribute (GkmObject *base, GkmSession *session,
GkmTransaction *transaction, CK_ATTRIBUTE_PTR attr)
{
GkmSecretObject *self = GKM_SECRET_OBJECT (base);
gchar *label;
CK_RV rv;
switch (attr->type) {
case CKA_LABEL:
/* Check that the object is not locked */
if (gkm_secret_object_is_locked (self, session))
rv = CKR_USER_NOT_LOGGED_IN;
else
rv = gkm_attribute_get_string (attr, &label);
if (rv != CKR_OK)
gkm_transaction_fail (transaction, rv);
else
begin_set_label (self, transaction, label);
return;
}
GKM_OBJECT_CLASS (gkm_secret_object_parent_class)->set_attribute (base, session, transaction, attr);
}
static void
gkm_credential_class_init (GkmCredentialClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gkm_credential_parent_class = g_type_class_peek_parent (klass);
g_type_class_add_private (klass, sizeof (GkmCredentialPrivate));
gobject_class->constructor = gkm_credential_constructor;
gobject_class->dispose = gkm_credential_dispose;
gobject_class->finalize = gkm_credential_finalize;
gobject_class->set_property = gkm_credential_set_property;
gobject_class->get_property = gkm_credential_get_property;
gkm_class->get_attribute = gkm_credential_real_get_attribute;
g_object_class_install_property (gobject_class, PROP_OBJECT,
g_param_spec_object ("object", "Object", "Object authenticated",
GKM_TYPE_OBJECT, G_PARAM_READWRITE));
g_object_class_install_property (gobject_class, PROP_SECRET,
g_param_spec_object ("secret", "Secret", "Optiontal secret",
GKM_TYPE_SECRET, G_PARAM_READWRITE));
}
static void
gkm_trust_class_init (GkmTrustClass *klass)
{
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gkm_class->get_attribute = gkm_trust_get_attribute;
klass->get_trust_level = gkm_trust_real_get_trust_level;
}
static void
gkm_secret_item_real_set_attribute (GkmObject *base, GkmSession *session,
GkmTransaction *transaction, CK_ATTRIBUTE_PTR attr)
{
GkmSecretItem *self = GKM_SECRET_ITEM (base);
const gchar *identifier;
GkmSecretData *sdata;
GHashTable *fields;
gchar *schema_name;
GkmSecret *secret;
gchar *schema;
CK_RV rv;
if (!self->collection) {
gkm_transaction_fail (transaction, CKR_GENERAL_ERROR);
g_return_if_reached ();
}
/* Check that the object is not locked */
if (!gkm_secret_collection_unlocked_have (self->collection, session)) {
gkm_transaction_fail (transaction, CKR_USER_NOT_LOGGED_IN);
return;
}
switch (attr->type) {
case CKA_VALUE:
sdata = gkm_secret_collection_unlocked_use (self->collection, session);
g_return_if_fail (sdata);
identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self));
secret = gkm_secret_new (attr->pValue, attr->ulValueLen);
gkm_secret_data_set_transacted (sdata, transaction, identifier, secret);
g_object_unref (secret);
g_object_unref (sdata);
gkm_secret_object_begin_modified (GKM_SECRET_OBJECT (self), transaction);
if (!gkm_transaction_get_failed (transaction))
gkm_transaction_add (transaction, self, complete_set_secret, NULL);
return;
case CKA_G_FIELDS:
rv = gkm_secret_fields_parse (attr, &fields, &schema_name);
if (rv != CKR_OK) {
gkm_transaction_fail (transaction, rv);
} else {
begin_set_fields (self, transaction, fields);
if (schema_name)
begin_set_schema (self, transaction, schema_name);
}
return;
case CKA_G_SCHEMA:
rv = gkm_attribute_get_string (attr, &schema);
if (rv != CKR_OK)
gkm_transaction_fail (transaction, rv);
else
begin_set_schema (self, transaction, schema);
return;
}
GKM_OBJECT_CLASS (gkm_secret_item_parent_class)->set_attribute (base, session, transaction, attr);
}
static CK_RV
gkm_credential_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE *attr)
{
GkmCredential *self = GKM_CREDENTIAL (base);
CK_OBJECT_HANDLE handle;
gconstpointer value;
gsize n_value;
switch (attr->type) {
case CKA_CLASS:
return gkm_attribute_set_ulong (attr, CKO_G_CREDENTIAL);
case CKA_PRIVATE:
return gkm_attribute_set_bool (attr, TRUE);
case CKA_G_OBJECT:
handle = self->pv->object ? gkm_object_get_handle (self->pv->object) : 0;
return gkm_attribute_set_ulong (attr, handle);
case CKA_VALUE:
if (gkm_session_is_for_application (session))
return CKR_ATTRIBUTE_SENSITIVE;
if (!self->pv->secret) {
value = NULL;
n_value = 0;
} else {
value = gkm_secret_get (self->pv->secret, &n_value);
}
return gkm_attribute_set_data (attr, value, n_value);
};
return GKM_OBJECT_CLASS (gkm_credential_parent_class)->get_attribute (base, session, attr);
}
static CK_RV
gkm_ssh_private_key_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
GkmSshPrivateKey *self = GKM_SSH_PRIVATE_KEY (base);
gchar *digest;
CK_RV rv;
switch (attr->type) {
case CKA_LABEL:
return gkm_attribute_set_string (attr, self->label);
/* COMPAT: Previous versions of gnome-keyring used this to save unlock passwords */
case CKA_GNOME_INTERNAL_SHA1:
if (!self->private_bytes) {
gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: no CKA_GNOME_INTERNAL_SHA1 attribute");
return CKR_ATTRIBUTE_TYPE_INVALID;
}
digest = gkm_ssh_openssh_digest_private_key (self->private_bytes);
rv = gkm_attribute_set_string (attr, digest);
g_free (digest);
return rv;
}
return GKM_OBJECT_CLASS (gkm_ssh_private_key_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_secret_item_class_init (GkmSecretItemClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
GkmSecretObjectClass *secret_class = GKM_SECRET_OBJECT_CLASS (klass);
gkm_secret_item_parent_class = g_type_class_peek_parent (klass);
gobject_class->constructor = gkm_secret_item_constructor;
gobject_class->dispose = gkm_secret_item_dispose;
gobject_class->finalize = gkm_secret_item_finalize;
gobject_class->set_property = gkm_secret_item_set_property;
gobject_class->get_property = gkm_secret_item_get_property;
gkm_class->get_attribute = gkm_secret_item_real_get_attribute;
gkm_class->set_attribute = gkm_secret_item_real_set_attribute;
secret_class->is_locked = gkm_secret_item_real_is_locked;
g_object_class_install_property (gobject_class, PROP_COLLECTION,
g_param_spec_object ("collection", "Collection", "Item's Collection",
GKM_TYPE_SECRET_COLLECTION, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (gobject_class, PROP_FIELDS,
g_param_spec_boxed ("fields", "Fields", "Item's fields",
GKM_BOXED_SECRET_FIELDS, G_PARAM_READWRITE));
g_object_class_install_property (gobject_class, PROP_SCHEMA,
g_param_spec_string ("schema", "Schema", "Item's type or schema",
NULL, G_PARAM_READWRITE));
}
static void
gkm_certificate_class_init (GkmCertificateClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gkm_certificate_parent_class = g_type_class_peek_parent (klass);
g_type_class_add_private (klass, sizeof (GkmCertificatePrivate));
gobject_class->constructor = gkm_certificate_constructor;
gobject_class->dispose = gkm_certificate_dispose;
gobject_class->finalize = gkm_certificate_finalize;
gobject_class->set_property = gkm_certificate_set_property;
gobject_class->get_property = gkm_certificate_get_property;
gkm_class->get_attribute = gkm_certificate_real_get_attribute;
g_object_class_install_property (gobject_class, PROP_PUBLIC_KEY,
g_param_spec_object ("public-key", "Public Key", "Public key contained in certificate",
GKM_TYPE_CERTIFICATE_KEY, G_PARAM_READABLE));
g_object_class_install_property (gobject_class, PROP_PUBLIC_KEY,
g_param_spec_string ("label", "Label", "Label of the certificate",
"", G_PARAM_READWRITE));
init_quarks ();
}
static CK_RV
gkm_null_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE *attr)
{
switch (attr->type)
{
case CKA_KEY_TYPE:
return gkm_attribute_set_ulong (attr, CKK_G_NULL);
case CKA_UNWRAP:
case CKA_WRAP:
return gkm_attribute_set_bool (attr, CK_TRUE);
case CKA_VALUE:
return gkm_attribute_set_empty (attr);
case CKA_VALUE_LEN:
return gkm_attribute_set_ulong (attr, 0);
case CKA_CHECK_VALUE:
return gkm_attribute_set_data (attr, "\0\0\0", 3);
case CKA_ALLOWED_MECHANISMS:
return gkm_attribute_set_data (attr, (CK_VOID_PTR)GKM_NULL_MECHANISMS,
sizeof (GKM_NULL_MECHANISMS));
};
return GKM_OBJECT_CLASS (gkm_null_key_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_null_key_class_init (GkmNullKeyClass *klass)
{
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gkm_null_key_parent_class = g_type_class_peek_parent (klass);
gkm_class->get_attribute = gkm_null_key_real_get_attribute;
}
static CK_RV
gkm_gnome2_private_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
switch (attr->type) {
case CKA_ALWAYS_AUTHENTICATE:
return gkm_attribute_set_bool (attr, FALSE);
}
return GKM_OBJECT_CLASS (gkm_gnome2_private_key_parent_class)->get_attribute (base, session, attr);
}
static CK_RV
gkm_secret_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE* attr)
{
GkmSecretKey *self = GKM_SECRET_KEY (base);
switch (attr->type)
{
case CKA_CLASS:
return gkm_attribute_set_ulong (attr, CKO_SECRET_KEY);
case CKA_SENSITIVE:
case CKA_ENCRYPT:
case CKA_DECRYPT:
case CKA_SIGN:
case CKA_VERIFY:
case CKA_WRAP:
case CKA_UNWRAP:
case CKA_DERIVE:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_EXTRACTABLE:
return gkm_attribute_set_bool (attr, TRUE);
case CKA_ALWAYS_SENSITIVE:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_NEVER_EXTRACTABLE:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_WRAP_WITH_TRUSTED:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_TRUSTED:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_WRAP_TEMPLATE:
case CKA_UNWRAP_TEMPLATE:
return CKR_ATTRIBUTE_TYPE_INVALID;
case CKA_START_DATE:
case CKA_END_DATE:
return gkm_attribute_set_empty (attr);
case CKA_LOCAL:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_ID:
return gkm_attribute_set_data (attr, self->pv->id, self->pv->n_id);
case CKA_KEY_GEN_MECHANISM:
return gkm_attribute_set_ulong (attr, CK_UNAVAILABLE_INFORMATION);
};
return GKM_OBJECT_CLASS (gkm_secret_key_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_xdg_trust_expose_object (GkmObject *base, gboolean expose)
{
GHashTableIter iter;
gpointer value;
GKM_OBJECT_CLASS (gkm_xdg_trust_parent_class)->expose_object (base, expose);
g_hash_table_iter_init (&iter, GKM_XDG_TRUST (base)->pv->assertions);
while (g_hash_table_iter_next (&iter, NULL, &value))
gkm_object_expose (value, expose);
}
static void
gkm_dh_key_class_init (GkmDhKeyClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gkm_dh_key_parent_class = g_type_class_peek_parent (klass);
gobject_class->finalize = gkm_dh_key_finalize;
gkm_class->get_attribute = gkm_dh_key_real_get_attribute;
g_type_class_add_private (klass, sizeof (GkmDhKeyPrivate));
}
static CK_RV
gkm_certificate_key_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
GkmCertificateKey *self = GKM_CERTIFICATE_KEY (base);
switch (attr->type) {
case CKA_LABEL:
if (self->pv->certificate)
return gkm_object_get_attribute (GKM_OBJECT (self->pv->certificate), session, attr);
return gkm_attribute_set_string (attr, "");
}
return GKM_OBJECT_CLASS (gkm_certificate_key_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_generic_key_class_init (GkmGenericKeyClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
GkmSecretKeyClass *key_class = GKM_SECRET_KEY_CLASS (klass);
gkm_generic_key_parent_class = g_type_class_peek_parent (klass);
gobject_class->finalize = gkm_generic_key_finalize;
gkm_class->get_attribute = gkm_generic_key_get_attribute;
key_class->get_key_value = gkm_generic_key_get_key_value;
}
static void
gkm_gnome2_private_key_class_init (GkmGnome2PrivateKeyClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
GkmSexpKeyClass *key_class = GKM_SEXP_KEY_CLASS (klass);
gobject_class->dispose = gkm_gnome2_private_key_dispose;
gobject_class->finalize = gkm_gnome2_private_key_finalize;
gobject_class->set_property = gkm_gnome2_private_key_set_property;
gobject_class->get_property = gkm_gnome2_private_key_get_property;
gkm_class->get_attribute = gkm_gnome2_private_key_real_get_attribute;
key_class->acquire_crypto_sexp = gkm_gnome2_private_key_real_acquire_crypto_sexp;
}
static void
gkm_xdg_trust_class_init (GkmXdgTrustClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
GkmTrustClass *trust_class = GKM_TRUST_CLASS (klass);
gobject_class->finalize = gkm_xdg_trust_finalize;
gkm_class->get_attribute = gkm_xdg_trust_get_attribute;
gkm_class->expose_object = gkm_xdg_trust_expose_object;
trust_class->get_trust_level = gkm_xdg_trust_get_level;
QDATA_ASSERTION_KEY = g_quark_from_static_string ("gkm-xdg-trust-assertion-key");
g_type_class_add_private (klass, sizeof (GkmXdgTrustPrivate));
init_quarks ();
}
static void
gkm_certificate_key_class_init (GkmCertificateKeyClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gobject_class->finalize = gkm_certificate_key_finalize;
gobject_class->set_property = gkm_certificate_key_set_property;
gobject_class->get_property = gkm_certificate_key_get_property;
gkm_class->get_attribute = gkm_certificate_key_get_attribute;
g_type_class_add_private (klass, sizeof (GkmCertificateKeyPrivate));
g_object_class_install_property (gobject_class, PROP_CERTIFICATE,
g_param_spec_object ("certificate", "Certificate", "Certificate this key belongs to",
GKM_TYPE_CERTIFICATE, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
}
static CK_RV
gkm_secret_item_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
GkmSecretItem *self = GKM_SECRET_ITEM (base);
GkmSecretData *sdata;
const gchar *identifier;
const guchar *secret;
gsize n_secret = 0;
CK_RV rv;
g_return_val_if_fail (self->collection, CKR_GENERAL_ERROR);
switch (attr->type) {
case CKA_CLASS:
return gkm_attribute_set_ulong (attr, CKO_SECRET_KEY);
case CKA_VALUE:
sdata = gkm_secret_collection_unlocked_use (self->collection, session);
if (sdata == NULL)
return CKR_USER_NOT_LOGGED_IN;
identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self));
secret = gkm_secret_data_get_raw (sdata, identifier, &n_secret);
rv = gkm_attribute_set_data (attr, secret, n_secret);
gkm_object_mark_used (base);
g_object_unref (sdata);
return rv;
case CKA_G_COLLECTION:
g_return_val_if_fail (self->collection, CKR_GENERAL_ERROR);
identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self->collection));
return gkm_attribute_set_string (attr, identifier);
case CKA_G_FIELDS:
if (!self->fields)
return gkm_attribute_set_data (attr, NULL, 0);
return gkm_secret_fields_serialize (attr, self->fields, self->schema);
case CKA_G_SCHEMA:
return gkm_attribute_set_string (attr, self->schema);
}
return GKM_OBJECT_CLASS (gkm_secret_item_parent_class)->get_attribute (base, session, attr);
}
static CK_RV
gkm_roots_certificate_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
GkmRootsCertificate *self = GKM_ROOTS_CERTIFICATE (base);
CK_ULONG category;
switch (attr->type) {
case CKA_TRUSTED:
return gkm_attribute_set_bool (attr, TRUE);
case CKA_CERTIFICATE_CATEGORY:
if (!gkm_certificate_calc_category (GKM_CERTIFICATE (self), session, &category))
return CKR_FUNCTION_FAILED;
/* Unknown category, is CA by default in this slot */
if (category == 0)
category = 2;
return gkm_attribute_set_ulong (attr, category);
}
return GKM_OBJECT_CLASS (gkm_roots_certificate_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_roots_certificate_class_init (GkmRootsCertificateClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gkm_roots_certificate_parent_class = g_type_class_peek_parent (klass);
gobject_class->constructor = gkm_roots_certificate_constructor;
gobject_class->dispose = gkm_roots_certificate_dispose;
gobject_class->finalize = gkm_roots_certificate_finalize;
gobject_class->set_property = gkm_roots_certificate_set_property;
gobject_class->get_property = gkm_roots_certificate_get_property;
gkm_class->get_attribute = gkm_roots_certificate_get_attribute;
gkm_class->expose_object = gkm_roots_certificate_expose_object;
g_object_class_install_property (gobject_class, PROP_PATH,
g_param_spec_string ("path", "Path", "Certificate origin path",
"", G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
}
static CK_RV
gkm_dh_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE* attr)
{
GkmDhKey *self = GKM_DH_KEY (base);
switch (attr->type)
{
case CKA_KEY_TYPE:
return gkm_attribute_set_ulong (attr, CKK_DH);
case CKA_START_DATE:
case CKA_END_DATE:
return gkm_attribute_set_empty (attr);
case CKA_LOCAL:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_KEY_GEN_MECHANISM:
return gkm_attribute_set_ulong (attr, CK_UNAVAILABLE_INFORMATION);
case CKA_ALLOWED_MECHANISMS:
return gkm_attribute_set_data (attr, (CK_VOID_PTR)GKM_DH_MECHANISMS,
sizeof (GKM_DH_MECHANISMS));
case CKA_ID:
return gkm_attribute_set_data (attr, self->pv->id, self->pv->n_id);
case CKA_SUBJECT:
return gkm_attribute_set_empty (attr);
case CKA_PRIME:
return gkm_attribute_set_mpi (attr, self->pv->prime);
case CKA_BASE:
return gkm_attribute_set_mpi (attr, self->pv->base);
};
return GKM_OBJECT_CLASS (gkm_dh_key_parent_class)->get_attribute (base, session, attr);
}
static CK_RV
gkm_xdg_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
switch (attr->type)
{
case CKA_PRIVATE:
return gkm_attribute_set_bool (attr, CK_FALSE);
case CKA_TRUST_STEP_UP_APPROVED:
return gkm_attribute_set_bool (attr, CK_FALSE);
case CKA_CLASS:
return gkm_attribute_set_ulong (attr, CKO_NETSCAPE_TRUST);
case CKA_MODIFIABLE:
return gkm_attribute_set_bool (attr, CK_FALSE);
/* Certificate reference values */
case CKA_SUBJECT:
return trust_get_der (self, "subject", attr);
case CKA_SERIAL_NUMBER:
return trust_get_integer (self, "serialNumber", attr);
case CKA_ISSUER:
return trust_get_der (self, "issuer", attr);
case CKA_X_CERTIFICATE_VALUE:
return trust_get_complete (self, attr);
/* Certificate hash values */
case CKA_CERT_MD5_HASH:
return trust_get_hash (self, G_CHECKSUM_MD5, attr);
case CKA_CERT_SHA1_HASH:
return trust_get_hash (self, G_CHECKSUM_SHA1, attr);
default:
break;
};
return GKM_OBJECT_CLASS (gkm_xdg_trust_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_ssh_private_key_class_init (GkmSshPrivateKeyClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
gobject_class->constructor = gkm_ssh_private_key_constructor;
gobject_class->dispose = gkm_ssh_private_key_dispose;
gobject_class->finalize = gkm_ssh_private_key_finalize;
gobject_class->set_property = gkm_ssh_private_key_set_property;
gobject_class->get_property = gkm_ssh_private_key_get_property;
gkm_class->get_attribute = gkm_ssh_private_key_get_attribute;
gkm_class->unlock = gkm_ssh_private_key_unlock;
gkm_class->expose_object = gkm_ssh_private_key_expose;
g_object_class_install_property (gobject_class, PROP_LABEL,
g_param_spec_string ("label", "Label", "Object Label",
"", G_PARAM_READWRITE));
g_object_class_install_property (gobject_class, PROP_PUBLIC_KEY,
g_param_spec_object ("public-key", "Public Key", "Public key belonging to this private key",
GKM_TYPE_SSH_PUBLIC_KEY, G_PARAM_READABLE));
}
static CK_RV
gkm_certificate_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE* attr)
{
GkmCertificate *self = GKM_CERTIFICATE (base);
CK_ULONG category;
const guchar *cdata;
guchar *data;
gsize n_data;
time_t when;
CK_RV rv;
switch (attr->type) {
case CKA_CLASS:
return gkm_attribute_set_ulong (attr, CKO_CERTIFICATE);
case CKA_PRIVATE:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_LABEL:
return gkm_attribute_set_string (attr, gkm_certificate_get_label (self));
case CKA_CERTIFICATE_TYPE:
return gkm_attribute_set_ulong (attr, CKC_X_509);
case CKA_TRUSTED:
return gkm_attribute_set_bool (attr, FALSE);
case CKA_CERTIFICATE_CATEGORY:
if (!gkm_certificate_calc_category (self, session, &category))
return CKR_FUNCTION_FAILED;
return gkm_attribute_set_ulong (attr, category);
case CKA_CHECK_VALUE:
g_return_val_if_fail (self->pv->data, CKR_GENERAL_ERROR);
n_data = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
g_return_val_if_fail (n_data && n_data > 3, CKR_GENERAL_ERROR);
data = g_new0 (guchar, n_data);
gcry_md_hash_buffer (GCRY_MD_SHA1, data, self->pv->data, self->pv->n_data);
rv = gkm_attribute_set_data (attr, data, 3);
g_free (data);
return rv;
case CKA_START_DATE:
case CKA_END_DATE:
g_return_val_if_fail (self->pv->asn1, CKR_GENERAL_ERROR);
when = egg_asn1x_get_time_as_long (egg_asn1x_node (self->pv->asn1,
"tbsCertificate", "validity",
attr->type == CKA_START_DATE ? "notBefore" : "notAfter",
NULL));
if (when < 0)
return CKR_FUNCTION_FAILED;
return gkm_attribute_set_date (attr, when);
case CKA_SUBJECT:
g_return_val_if_fail (self->pv->asn1, CKR_GENERAL_ERROR);
cdata = egg_asn1x_get_raw_element (egg_asn1x_node (self->pv->asn1, "tbsCertificate", "subject", NULL), &n_data);
g_return_val_if_fail (cdata, CKR_GENERAL_ERROR);
return gkm_attribute_set_data (attr, cdata, n_data);
case CKA_ID:
if (!self->pv->key)
return gkm_attribute_set_data (attr, NULL, 0);
return gkm_object_get_attribute (GKM_OBJECT (self->pv->key), session, attr);
case CKA_ISSUER:
g_return_val_if_fail (self->pv->asn1, CKR_GENERAL_ERROR);
cdata = egg_asn1x_get_raw_element (egg_asn1x_node (self->pv->asn1, "tbsCertificate", "issuer", NULL), &n_data);
g_return_val_if_fail (cdata, CKR_GENERAL_ERROR);
return gkm_attribute_set_data (attr, cdata, n_data);
case CKA_SERIAL_NUMBER:
g_return_val_if_fail (self->pv->asn1, CKR_GENERAL_ERROR);
cdata = egg_asn1x_get_raw_element (egg_asn1x_node (self->pv->asn1, "tbsCertificate", "serialNumber", NULL), &n_data);
g_return_val_if_fail (cdata, CKR_GENERAL_ERROR);
return gkm_attribute_set_data (attr, cdata, n_data);
case CKA_VALUE:
g_return_val_if_fail (self->pv->data, CKR_GENERAL_ERROR);
return gkm_attribute_set_data (attr, self->pv->data, self->pv->n_data);
/* These are only used for strange online certificates which we don't support */
case CKA_URL:
case CKA_HASH_OF_SUBJECT_PUBLIC_KEY:
case CKA_HASH_OF_ISSUER_PUBLIC_KEY:
return gkm_attribute_set_data (attr, "", 0);
/* What in the world is this doing in the spec? */
case CKA_JAVA_MIDP_SECURITY_DOMAIN:
return gkm_attribute_set_ulong (attr, 0); /* 0 = unspecified */
};
return GKM_OBJECT_CLASS (gkm_certificate_parent_class)->get_attribute (base, session, attr);
}
static void
gkm_roots_certificate_expose_object (GkmObject *obj, gboolean expose)
{
GKM_OBJECT_CLASS (gkm_roots_certificate_parent_class)->expose_object (obj, expose);
gkm_object_expose (GKM_OBJECT (GKM_ROOTS_CERTIFICATE (obj)->trust), expose);
}
