GkmManager*
gkm_module_get_manager (GkmModule *self)
{
g_return_val_if_fail (GKM_IS_MODULE (self), NULL);
g_return_val_if_fail (GKM_IS_MANAGER (self->pv->token_manager), NULL);
return self->pv->token_manager;
}
static void
apartment_free (gpointer data)
{
Apartment *apt;
GList *l;
g_assert (data != NULL);
apt = (Apartment*)data;
g_return_if_fail (GKM_IS_MANAGER (apt->session_manager));
/* Unreference all the sessions */
for (l = apt->sessions; l; l = g_list_next (l)) {
/* Some sanity checks to make sure things have remained as expected */
g_return_if_fail (GKM_IS_SESSION (l->data));
g_return_if_fail (gkm_session_get_apartment (l->data) == apt->apt_id);
g_return_if_fail (gkm_session_get_manager (l->data) == apt->session_manager);
g_return_if_fail (gkm_session_get_logged_in (l->data) == apt->logged_in);
g_object_unref (l->data);
}
g_list_free (apt->sessions);
g_object_unref (apt->session_manager);
g_slice_free (Apartment, apt);
}
GkmXdgTrust*
gkm_xdg_trust_create_for_assertion (GkmModule *module, GkmManager *manager,
GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
CK_ATTRIBUTE_PTR serial, issuer, cert;
GkmXdgTrust *trust;
g_return_val_if_fail (GKM_IS_MODULE (module), NULL);
g_return_val_if_fail (GKM_IS_MANAGER (manager), NULL);
g_return_val_if_fail (attrs || !n_attrs, NULL);
serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER);
issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER);
cert = gkm_attributes_find (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE);
/* A trust object with just serial + issuer */
if (serial != NULL && issuer != NULL) {
if (cert != NULL) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
return NULL;
}
if (!validate_der (issuer, "Name") || !validate_integer (serial)) {
gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID);
return NULL;
}
trust = create_trust_for_reference (module, manager, serial, issuer);
/* A trust object with a full certificate */
} else if (cert != NULL) {
if (serial != NULL || issuer != NULL) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
return NULL;
}
if (!validate_der (cert, "Certificate")) {
gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID);
return NULL;
}
trust = create_trust_for_complete (module, manager, cert);
/* Not sure what this is */
} else {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
gkm_attributes_consume (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE, CKA_ISSUER,
CKA_SERIAL_NUMBER, G_MAXULONG);
return trust;
}
GkmMate2Storage*
gkm_mate2_storage_new (GkmModule *module, const gchar *directory)
{
GkmManager *manager;
g_return_val_if_fail (GKM_IS_MODULE (module), NULL);
g_return_val_if_fail (directory, NULL);
manager = gkm_module_get_manager (module);
g_return_val_if_fail (GKM_IS_MANAGER (manager), NULL);
return g_object_new (GKM_TYPE_MATE2_STORAGE,
"module", module,
"manager", manager,
"directory", directory,
NULL);
}
CK_RV
gkm_credential_create (GkmModule *module, GkmManager *manager, GkmObject *object,
CK_UTF8CHAR_PTR pin, CK_ULONG n_pin, GkmCredential **result)
{
GkmCredential *cred;
GkmSecret *secret = NULL;
CK_RV rv;
g_return_val_if_fail (GKM_IS_MODULE (module), CKR_GENERAL_ERROR);
g_return_val_if_fail (!object || GKM_IS_OBJECT (object), CKR_GENERAL_ERROR);
g_return_val_if_fail (!manager || GKM_IS_MANAGER (manager), CKR_GENERAL_ERROR);
g_return_val_if_fail (result, CKR_GENERAL_ERROR);
secret = gkm_secret_new_from_login (pin, n_pin);
cred = g_object_new (GKM_TYPE_CREDENTIAL,
"module", module,
"manager", manager,
"secret", secret,
"object", object,
NULL);
g_object_unref (secret);
/* If we have an object, the unlock must work */
if (object) {
rv = gkm_object_unlock (object, cred);
if (rv == CKR_OK)
*result = cred;
else
g_object_unref (cred);
/* Created credentials without object */
} else {
*result = cred;
rv = CKR_OK;
}
return rv;
}
