static GkmObject* factory_create_generic_key (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { GkmGenericKey *key; GkmManager *manager; CK_ATTRIBUTE_PTR value; value = gkm_attributes_find (attrs, n_attrs, CKA_VALUE); if (value == NULL) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } if (gkm_attributes_find (attrs, n_attrs, CKA_VALUE_LEN)) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return NULL; } manager = gkm_manager_for_template (attrs, n_attrs, session); key = g_object_new (GKM_TYPE_GENERIC_KEY, "module", gkm_session_get_module (session), "manager", manager, NULL); key->value = egg_secure_alloc (value->ulValueLen); key->n_value = value->ulValueLen; memcpy (key->value, value->pValue, key->n_value); gkm_attribute_consume (value); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key), TRUE, attrs, n_attrs); return GKM_OBJECT (key); }
static GkmObject* factory_create_private_key (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { GkmMate2PrivateKey *key; GkmSexp *sexp; g_return_val_if_fail (attrs || !n_attrs, NULL); sexp = gkm_private_xsa_key_create_sexp (session, transaction, attrs, n_attrs); if (sexp == NULL) return NULL; key = g_object_new (GKM_TYPE_MATE2_PRIVATE_KEY, "base-sexp", sexp, "module", gkm_session_get_module (session), "manager", gkm_manager_for_template (attrs, n_attrs, session), NULL); g_return_val_if_fail (!key->private_sexp, NULL); key->private_sexp = gkm_sexp_ref (sexp); gkm_sexp_unref (sexp); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key), TRUE, attrs, n_attrs); return GKM_OBJECT (key); }
static GkmObject* factory_create_private_key (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { GkmGnome2PrivateKey *key; GkmSexp *sexp; g_return_val_if_fail (attrs || !n_attrs, NULL); sexp = gkm_private_xsa_key_create_sexp (session, transaction, attrs, n_attrs); if (sexp == NULL) return NULL; key = g_object_new (GKM_TYPE_GNOME2_PRIVATE_KEY, "base-sexp", sexp, "module", gkm_session_get_module (session), "manager", gkm_manager_for_template (attrs, n_attrs, session), NULL); g_return_val_if_fail (!key->private_sexp, NULL); key->private_sexp = gkm_sexp_ref (sexp); gkm_sexp_unref (sexp); /* TODO: We don't support setting these yet, so ignore them */ gkm_attributes_consume (attrs, n_attrs, CKA_SIGN_RECOVER, CKA_UNWRAP, CKA_ID, G_MAXULONG); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key), TRUE, attrs, n_attrs); return GKM_OBJECT (key); }
static GkmObject* factory_create_item (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { GkmSecretCollection *collection = NULL; GkmSecretItem *item; GkmManager *m_manager; GkmManager *s_manager; CK_ATTRIBUTE *attr; gboolean is_token; gchar *identifier; g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL); g_return_val_if_fail (attrs || !n_attrs, NULL); /* See if a collection attribute was specified */ attr = gkm_attributes_find (attrs, n_attrs, CKA_G_COLLECTION); if (attr == NULL) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } m_manager = gkm_module_get_manager (gkm_session_get_module (session)); s_manager = gkm_session_get_manager (session); gkm_attribute_consume (attr); if (!gkm_attributes_find_boolean (attrs, n_attrs, CKA_TOKEN, &is_token)) collection = gkm_secret_collection_find (session, attr, m_manager, s_manager, NULL); else if (is_token) collection = gkm_secret_collection_find (session, attr, m_manager, NULL); else collection = gkm_secret_collection_find (session, attr, s_manager, NULL); if (!collection) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return NULL; } /* If an ID was specified, then try and see if that ID already exists */ if (gkm_attributes_find_string (attrs, n_attrs, CKA_ID, &identifier)) { item = gkm_secret_collection_get_item (collection, identifier); if (item == NULL) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return NULL; } else { gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (item), FALSE, attrs, n_attrs); return g_object_ref (item); } } /* Create a new collection which will own the item */ item = gkm_secret_collection_create_item (collection, transaction); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (item), TRUE, attrs, n_attrs); return g_object_ref (item); }
static GObject* gkm_roots_certificate_constructor (GType type, guint n_props, GObjectConstructParam *props) { GkmRootsCertificate *self = GKM_ROOTS_CERTIFICATE (G_OBJECT_CLASS (gkm_roots_certificate_parent_class)->constructor(type, n_props, props)); g_return_val_if_fail (self, NULL); self->trust = gkm_roots_trust_new (gkm_object_get_module (GKM_OBJECT (self)), gkm_object_get_manager (GKM_OBJECT (self)), GKM_CERTIFICATE (self)); return G_OBJECT (self); }
static void add_assertion_to_trust (GkmXdgTrust *self, GkmAssertion *assertion, GkmTransaction *transaction) { GBytes *key; key = lookup_or_create_assertion_key (assertion); g_assert (key != NULL); g_hash_table_insert (self->pv->assertions, g_bytes_ref (key), g_object_ref (assertion)); gkm_object_expose (GKM_OBJECT (assertion), gkm_object_is_exposed (GKM_OBJECT (self))); if (transaction != NULL) gkm_transaction_add (transaction, self, complete_add_assertion, g_object_ref (assertion)); }
static void gkm_object_dispose (GObject *obj) { GkmObject *self = GKM_OBJECT (obj); GkmObjectTransient *transient; if (self->pv->manager) { if (self->pv->exposed) gkm_object_expose (self, FALSE); g_return_if_fail (!self->pv->exposed); g_object_remove_weak_pointer (G_OBJECT (self->pv->manager), (gpointer*)&(self->pv->manager)); self->pv->manager = NULL; } g_object_set (self, "store", NULL, NULL); g_assert (self->pv->store == NULL); if (self->pv->transient) { transient = self->pv->transient; if (transient->timer) gkm_timer_cancel (transient->timer); transient->timer = NULL; } G_OBJECT_CLASS (gkm_object_parent_class)->dispose (obj); }
static void gkm_object_get_property (GObject *obj, guint prop_id, GValue *value, GParamSpec *pspec) { GkmObject *self = GKM_OBJECT (obj); switch (prop_id) { case PROP_HANDLE: g_value_set_ulong (value, gkm_object_get_handle (self)); break; case PROP_MODULE: g_return_if_fail (GKM_IS_MODULE (self->pv->module)); g_value_set_object (value, gkm_object_get_module (self)); break; case PROP_MANAGER: g_value_set_object (value, gkm_object_get_manager (self)); break; case PROP_STORE: g_value_set_object (value, self->pv->store); break; case PROP_UNIQUE: g_value_set_string (value, gkm_object_get_unique (self)); break; case PROP_TRANSIENT: g_value_set_boolean (value, gkm_object_is_transient (self)); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec); break; } }
static gboolean find_credential (GkmCredential *cred, GkmObject *object, gpointer user_data) { CK_OBJECT_HANDLE *result = user_data; g_return_val_if_fail (!*result, FALSE); *result = gkm_object_get_handle (GKM_OBJECT (cred)); return TRUE; }
static GkmObject* factory_create_credential (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { CK_OBJECT_HANDLE handle; GkmCredential *cred; CK_ATTRIBUTE *attr; GkmManager *manager; GkmModule *module; GkmObject *object = NULL; CK_RV rv; g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL); g_return_val_if_fail (attrs || !n_attrs, NULL); /* The handle is optional */ if (gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_OBJECT, &handle)) { rv = gkm_session_lookup_readable_object (session, handle, &object); if (rv != CKR_OK) { gkm_transaction_fail (transaction, rv); return NULL; } } else { object = NULL; } /* The value is optional */ attr = gkm_attributes_find (attrs, n_attrs, CKA_VALUE); gkm_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_G_OBJECT, G_MAXULONG); module = gkm_session_get_module (session); manager = gkm_manager_for_template (attrs, n_attrs, session); rv = gkm_credential_create (module, manager, object, attr ? attr->pValue : NULL, attr ? attr->ulValueLen : 0, &cred); if (rv == CKR_OK) { gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (cred), TRUE, attrs, n_attrs); return GKM_OBJECT (cred); } else { gkm_transaction_fail (transaction, rv); return NULL; } }
static void unlock_collection(void) { GkmCredential *cred; GkmObject *object; CK_RV rv; /* Create credential, which unlocks collection */ object = GKM_OBJECT (collection); rv = gkm_credential_create (gkm_object_get_module (object), gkm_session_get_manager (session), object, NULL, 0, &cred); g_assert (rv == CKR_OK); gkm_session_add_session_object (session, NULL, GKM_OBJECT (cred)); g_object_unref (cred); }
static GkmObject* factory_create_null_key (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { GkmNullKey *key; GkmManager *manager; manager = gkm_manager_for_template (attrs, n_attrs, session); key = g_object_new (GKM_TYPE_NULL_KEY, "module", gkm_session_get_module (session), "manager", manager, NULL); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key), TRUE, attrs, n_attrs); return GKM_OBJECT (key); }
static void file_load (EggFileTracker *tracker, const gchar *path, GkmSshModule *self) { GkmSshPrivateKey *key; gchar *private_path; GError *error = NULL; gchar *unique; g_return_if_fail (path); g_return_if_fail (GKM_IS_SSH_MODULE (self)); private_path = private_path_for_public (path); if (!private_path || !g_file_test (private_path, G_FILE_TEST_IS_REGULAR)) { g_message ("no private key present for public key: %s", path); g_free (private_path); return; } /* Create a key if necessary */ key = g_hash_table_lookup (self->keys_by_path, path); if (key == NULL) { unique = g_strdup_printf ("ssh-store:%s", private_path); key = gkm_ssh_private_key_new (GKM_MODULE (self), unique); g_free (unique); g_hash_table_replace (self->keys_by_path, g_strdup (path), key); } /* Parse the data into the key */ if (!gkm_ssh_private_key_parse (key, path, private_path, &error)) { if (error) { g_message ("couldn't parse data: %s: %s", path, egg_error_message (error)); g_clear_error (&error); } gkm_object_expose (GKM_OBJECT (key), FALSE); /* When successful register with the object manager */ } else { gkm_object_expose (GKM_OBJECT (key), TRUE); } g_free (private_path); }
static gboolean complete_set_secret (GkmTransaction *transaction, GObject *obj, gpointer user_data) { if (!gkm_transaction_get_failed (transaction)) { gkm_object_notify_attribute (GKM_OBJECT (obj), CKA_VALUE); } return TRUE; }
static void module_went_away (gpointer data, GObject *old_module) { GkmObject *self = GKM_OBJECT (data); g_return_if_fail (self->pv->module); g_warning ("module destroyed before %s that module contained", G_OBJECT_TYPE_NAME (self)); self->pv->module = NULL; }
static GkmAssertion* create_assertion (GkmXdgTrust *self, GNode *asn) { CK_X_ASSERTION_TYPE type = 0; GkmAssertion *assertion; GQuark level; gchar *purpose; gchar *peer; GNode *node; /* Get the trust level */ level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL)); g_return_val_if_fail (level != 0, NULL); if (!level_enum_to_assertion_type (level, &type)) g_message ("unsupported trust level %s in trust object", g_quark_to_string (level)); else if (type == 0) return NULL; /* A purpose */ purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL); g_return_val_if_fail (purpose, NULL); /* A peer name */ node = egg_asn1x_node (asn, "peer", NULL); if (egg_asn1x_have (node)) peer = egg_asn1x_get_string_as_utf8 (node, NULL); else peer = NULL; assertion = g_object_new (GKM_XDG_TYPE_ASSERTION, "module", gkm_object_get_module (GKM_OBJECT (self)), "manager", gkm_object_get_manager (GKM_OBJECT (self)), "trust", self, "type", type, "purpose", purpose, "peer", peer, NULL); g_free (purpose); g_free (peer); return assertion; }
void gkm_credential_connect (GkmCredential *self, GkmObject *object) { g_return_if_fail (GKM_IS_CREDENTIAL (self)); g_return_if_fail (GKM_IS_OBJECT (object)); g_return_if_fail (self->pv->object == NULL); g_return_if_fail (GKM_OBJECT (self) != object); self->pv->object = object; g_object_weak_ref (G_OBJECT (self->pv->object), object_went_away, self); }
static GObject* gkm_object_constructor (GType type, guint n_props, GObjectConstructParam *props) { GkmObject *self = GKM_OBJECT (G_OBJECT_CLASS (gkm_object_parent_class)->constructor(type, n_props, props)); g_return_val_if_fail (self, NULL); g_return_val_if_fail (GKM_IS_MODULE (self->pv->module), NULL); return G_OBJECT (self); }
gboolean gkm_certificate_calc_category (GkmCertificate *self, GkmSession *session, CK_ULONG* category) { const guchar *extension; GkmManager *manager; gsize n_extension; GkmDataResult res; gboolean is_ca; GkmObject *object; g_return_val_if_fail (GKM_IS_CERTIFICATE (self), CKR_GENERAL_ERROR); g_return_val_if_fail (category, CKR_GENERAL_ERROR); /* First see if we have a private key for this certificate */ manager = gkm_object_get_manager (GKM_OBJECT (self)); if (manager != NULL) { object = gkm_manager_find_related (manager, session, CKO_PRIVATE_KEY, GKM_OBJECT (self)); if (object != NULL) { *category = 1; /* token user */ return TRUE; } } /* Read in the Basic Constraints section */ extension = gkm_certificate_get_extension (self, OID_BASIC_CONSTRAINTS, &n_extension, NULL); if (extension != NULL) { res = gkm_data_der_read_basic_constraints (extension, n_extension, &is_ca, NULL); if (res != GKM_DATA_SUCCESS) return FALSE; if (is_ca) *category = 2; /* authority */ else *category = 3; /* other entity */ } else { *category = 0; /* unspecified */ } return TRUE; }
static gboolean complete_expose (GkmTransaction *transaction, GObject *obj, gpointer user_data) { GkmObject *self = GKM_OBJECT (obj); gboolean expose = GPOINTER_TO_UINT (user_data); if (gkm_transaction_get_failed (transaction)) gkm_object_expose (self, !expose); return TRUE; }
static void gkm_object_set_property (GObject *obj, guint prop_id, const GValue *value, GParamSpec *pspec) { GkmObject *self = GKM_OBJECT (obj); GkmStore *store; switch (prop_id) { case PROP_HANDLE: gkm_object_set_handle (self, g_value_get_ulong (value)); break; case PROP_MODULE: g_return_if_fail (!self->pv->module); self->pv->module = g_value_get_object (value); g_return_if_fail (GKM_IS_MODULE (self->pv->module)); g_object_weak_ref (G_OBJECT (self->pv->module), module_went_away, self); break; case PROP_MANAGER: g_return_if_fail (!self->pv->manager); self->pv->manager = g_value_get_object (value); if (self->pv->manager) { g_object_add_weak_pointer (G_OBJECT (self->pv->manager), (gpointer*)&(self->pv->manager)); } break; case PROP_STORE: store = g_value_get_object (value); if (self->pv->store) { g_return_if_fail (!store); g_object_remove_weak_pointer (G_OBJECT (self->pv->store), (gpointer*)&(self->pv->store)); } self->pv->store = store; if (self->pv->store) g_object_add_weak_pointer (G_OBJECT (self->pv->store), (gpointer*)&(self->pv->store)); g_object_notify (G_OBJECT (self), "store"); break; case PROP_UNIQUE: g_return_if_fail (!self->pv->unique); self->pv->unique = g_value_dup_string (value); break; case PROP_TRANSIENT: g_return_if_fail (!self->pv->transient); if (g_value_get_boolean (value)) mark_object_transient (self); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec); break; } }
void gkm_secret_item_set_schema (GkmSecretItem *self, const gchar *schema) { g_return_if_fail (GKM_IS_SECRET_ITEM (self)); if (schema != self->schema) { g_free (self->schema); self->schema = g_strdup (schema); g_object_notify (G_OBJECT (self), "schema"); gkm_object_notify_attribute (GKM_OBJECT (self), CKA_G_SCHEMA); } }
static gboolean complete_set_secret (GkmTransaction *transaction, GObject *obj, gpointer user_data) { GkmSecretItem *self = GKM_SECRET_ITEM (obj); if (!gkm_transaction_get_failed (transaction)) { gkm_object_notify_attribute (GKM_OBJECT (obj), CKA_VALUE); gkm_secret_object_was_modified (GKM_SECRET_OBJECT (self)); } return TRUE; }
static CK_RV gkm_object_real_get_attribute (GkmObject *self, GkmSession *session, CK_ATTRIBUTE* attr) { CK_OBJECT_HANDLE handle = 0; CK_RV rv; switch (attr->type) { case CKA_CLASS: g_warning ("Derived class should have overridden CKA_CLASS"); return CKR_GENERAL_ERROR; case CKA_MODIFIABLE: return gkm_attribute_set_bool (attr, self->pv->store ? TRUE : FALSE); case CKA_PRIVATE: return gkm_attribute_set_bool (attr, FALSE); case CKA_TOKEN: return gkm_attribute_set_bool (attr, gkm_object_is_token (self)); case CKA_G_CREDENTIAL: gkm_credential_for_each (session, GKM_OBJECT (self), find_credential, &handle); return gkm_attribute_set_ulong (attr, handle); case CKA_MATE_UNIQUE: if (self->pv->unique) return gkm_attribute_set_string (attr, self->pv->unique); return CKR_ATTRIBUTE_TYPE_INVALID; case CKA_MATE_TRANSIENT: return gkm_attribute_set_bool (attr, self->pv->transient ? TRUE : FALSE); case CKA_G_DESTRUCT_AFTER: return gkm_attribute_set_ulong (attr, self->pv->transient ? self->pv->transient->timed_after : 0); case CKA_G_DESTRUCT_IDLE: return gkm_attribute_set_ulong (attr, self->pv->transient ? self->pv->transient->timed_idle : 0); case CKA_G_DESTRUCT_USES: return gkm_attribute_set_ulong (attr, self->pv->transient ? self->pv->transient->uses_remaining : 0); }; /* Give store a shot */ if (self->pv->store) { rv = gkm_store_get_attribute (self->pv->store, self, attr); if (rv != CKR_ATTRIBUTE_TYPE_INVALID) return rv; } /* Now some more defaults */ switch (attr->type) { case CKA_LABEL: return gkm_attribute_set_data (attr, "", 0); } return CKR_ATTRIBUTE_TYPE_INVALID; }
void gkm_secret_item_set_fields (GkmSecretItem *self, GHashTable *fields) { g_return_if_fail (GKM_IS_SECRET_ITEM (self)); if (fields) g_hash_table_ref (fields); if (self->fields) g_hash_table_unref (self->fields); self->fields = fields; g_object_notify (G_OBJECT (self), "fields"); gkm_object_notify_attribute (GKM_OBJECT (self), CKA_G_FIELDS); }
static CK_RV gkm_certificate_key_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr) { GkmCertificateKey *self = GKM_CERTIFICATE_KEY (base); switch (attr->type) { case CKA_LABEL: if (self->pv->certificate) return gkm_object_get_attribute (GKM_OBJECT (self->pv->certificate), session, attr); return gkm_attribute_set_string (attr, ""); } return GKM_OBJECT_CLASS (gkm_certificate_key_parent_class)->get_attribute (base, session, attr); }
static GkmObject* factory_create_certificate (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { CK_ATTRIBUTE_PTR attr; GkmCertificate *cert; g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL); g_return_val_if_fail (attrs || !n_attrs, NULL); /* Dig out the value */ attr = gkm_attributes_find (attrs, n_attrs, CKA_VALUE); if (attr == NULL) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } cert = g_object_new (GKM_TYPE_CERTIFICATE, "module", gkm_session_get_module (session), "manager", gkm_manager_for_template (attrs, n_attrs, session), NULL); /* Load the certificate from the data specified */ if (!gkm_serializable_load (GKM_SERIALIZABLE (cert), NULL, attr->pValue, attr->ulValueLen)) { gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID); g_object_unref (cert); return NULL; } /* Note that we ignore the subject */ gkm_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (cert), TRUE, attrs, n_attrs); return GKM_OBJECT (cert); }
static GObject* gkm_ssh_private_key_constructor (GType type, guint n_props, GObjectConstructParam *props) { GkmSshPrivateKey *self = GKM_SSH_PRIVATE_KEY (G_OBJECT_CLASS (gkm_ssh_private_key_parent_class)->constructor(type, n_props, props)); GkmObject *object; gchar *unique; g_return_val_if_fail (self, NULL); object = GKM_OBJECT (self); unique = g_strdup_printf ("%s.pub", gkm_object_get_unique (object)); self->pubkey = gkm_ssh_public_key_new (gkm_object_get_module (object), unique); g_free (unique); return G_OBJECT (self); }
static gboolean complete_set_schema (GkmTransaction *transaction, GObject *obj, gpointer user_data) { GkmSecretItem *self = GKM_SECRET_ITEM (obj); gchar *old_schema = user_data; if (gkm_transaction_get_failed (transaction)) { g_free (self->schema); self->schema = old_schema; } else { gkm_object_notify_attribute (GKM_OBJECT (obj), CKA_G_SCHEMA); g_object_notify (G_OBJECT (obj), "schema"); g_free (old_schema); } return TRUE; }
static gboolean complete_set_label (GkmTransaction *transaction, GObject *obj, gpointer user_data) { GkmSecretObject *self = GKM_SECRET_OBJECT (obj); gchar *old_label = user_data; if (gkm_transaction_get_failed (transaction)) { g_free (self->pv->label); self->pv->label = old_label; } else { gkm_object_notify_attribute (GKM_OBJECT (obj), CKA_LABEL); g_object_notify (G_OBJECT (obj), "label"); gkm_secret_object_was_modified (self); g_free (old_label); } return TRUE; }