static gboolean
gkm_xdg_trust_real_load (GkmSerializable *base,
GkmSecret *login,
GBytes *data)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GNode *asn = NULL;
if (g_bytes_get_size (data) == 0)
return FALSE;
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, FALSE);
if (!egg_asn1x_decode (asn, data)) {
g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
return FALSE;
}
/* Next parse out all the pairs */
if (!load_assertions (self, asn)) {
egg_asn1x_destroy (asn);
return FALSE;
}
/* Take ownership of this new data */
if (self->pv->bytes)
g_bytes_unref (self->pv->bytes);
self->pv->bytes = g_bytes_ref (data);
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = asn;
return TRUE;
}
static gboolean
gkm_xdg_trust_real_save (GkmSerializable *base, GkmSecret *login, gpointer *data, gsize *n_data)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE);
g_return_val_if_fail (data, FALSE);
g_return_val_if_fail (n_data, FALSE);
g_return_val_if_fail (self->pv->asn, FALSE);
if (!save_assertions (self, self->pv->asn))
return FALSE;
*data = egg_asn1x_encode (self->pv->asn, NULL, n_data);
if (*data == NULL) {
g_warning ("encoding trust failed: %s", egg_asn1x_message (self->pv->asn));
return FALSE;
}
/* ASN.1 now refers to this data, take ownership */
g_free (self->pv->data);
self->pv->data = *data;
self->pv->n_data = *n_data;
/* Return a duplicate, since we own encoded */
*data = g_memdup (*data, *n_data);
return TRUE;
}
static GkmTrustLevel
gkm_xdg_trust_get_level (GkmTrust *base, const gchar *purpose)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GkmAssertion *assertion;
GBytes *key;
gulong type;
key = create_assertion_key (purpose, NULL);
assertion = g_hash_table_lookup (self->pv->assertions, key);
g_bytes_unref (key);
if (!assertion)
return GKM_TRUST_UNKNOWN;
type = gkm_assertion_get_trust_type (assertion);
if (type == CKT_X_ANCHORED_CERTIFICATE)
return GKM_TRUST_ANCHOR;
else if (type == CKT_X_PINNED_CERTIFICATE)
return GKM_TRUST_TRUSTED;
else if (type == CKT_X_DISTRUSTED_CERTIFICATE)
return GKM_TRUST_DISTRUSTED;
else
g_return_val_if_reached (GKM_TRUST_UNKNOWN);
}
static void
gkm_xdg_trust_expose_object (GkmObject *base, gboolean expose)
{
GHashTableIter iter;
gpointer value;
GKM_OBJECT_CLASS (gkm_xdg_trust_parent_class)->expose_object (base, expose);
g_hash_table_iter_init (&iter, GKM_XDG_TRUST (base)->pv->assertions);
while (g_hash_table_iter_next (&iter, NULL, &value))
gkm_object_expose (value, expose);
}
static gboolean
complete_add_assertion (GkmTransaction *transaction, GObject *object, gpointer user_data)
{
GkmAssertion *assertion = GKM_ASSERTION (user_data);
GkmXdgTrust *self = GKM_XDG_TRUST (object);
if (gkm_transaction_get_failed (transaction))
remove_assertion_from_trust (self, assertion, NULL);
g_object_unref (assertion);
return TRUE;
}
static void
gkm_xdg_trust_finalize (GObject *obj)
{
GkmXdgTrust *self = GKM_XDG_TRUST (obj);
if (self->pv->asn)
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = NULL;
if (self->pv->assertions)
g_hash_table_destroy (self->pv->assertions);
self->pv->assertions = NULL;
G_OBJECT_CLASS (gkm_xdg_trust_parent_class)->finalize (obj);
}
static gboolean
gkm_xdg_trust_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GNode *asn = NULL;
gpointer copy;
g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE);
g_return_val_if_fail (data, FALSE);
if (n_data == 0)
return FALSE;
copy = g_memdup (data, n_data);
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, FALSE);
if (!egg_asn1x_decode (asn, copy, n_data)) {
g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
g_free (copy);
return FALSE;
}
/* Next parse out all the pairs */
if (!load_assertions (self, asn)) {
egg_asn1x_destroy (asn);
g_free (copy);
return FALSE;
}
/* Take ownership of this new data */
g_free (self->pv->data);
self->pv->data = copy;
self->pv->n_data = n_data;
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = asn;
return TRUE;
}
static CK_RV
gkm_xdg_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
switch (attr->type)
{
case CKA_PRIVATE:
return gkm_attribute_set_bool (attr, CK_FALSE);
case CKA_TRUST_STEP_UP_APPROVED:
return gkm_attribute_set_bool (attr, CK_FALSE);
case CKA_CLASS:
return gkm_attribute_set_ulong (attr, CKO_NETSCAPE_TRUST);
case CKA_MODIFIABLE:
return gkm_attribute_set_bool (attr, CK_FALSE);
/* Certificate reference values */
case CKA_SUBJECT:
return trust_get_der (self, "subject", attr);
case CKA_SERIAL_NUMBER:
return trust_get_integer (self, "serialNumber", attr);
case CKA_ISSUER:
return trust_get_der (self, "issuer", attr);
case CKA_X_CERTIFICATE_VALUE:
return trust_get_complete (self, attr);
/* Certificate hash values */
case CKA_CERT_MD5_HASH:
return trust_get_hash (self, G_CHECKSUM_MD5, attr);
case CKA_CERT_SHA1_HASH:
return trust_get_hash (self, G_CHECKSUM_SHA1, attr);
default:
break;
};
return GKM_OBJECT_CLASS (gkm_xdg_trust_parent_class)->get_attribute (base, session, attr);
}
static GBytes *
gkm_xdg_trust_real_save (GkmSerializable *base, GkmSecret *login)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GBytes *bytes;
g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE);
g_return_val_if_fail (self->pv->asn, FALSE);
if (!save_assertions (self, self->pv->asn))
return FALSE;
bytes = egg_asn1x_encode (self->pv->asn, NULL);
if (bytes == NULL) {
g_warning ("encoding trust failed: %s", egg_asn1x_message (self->pv->asn));
return FALSE;
}
if (self->pv->bytes)
g_bytes_unref (self->pv->bytes);
self->pv->bytes = bytes;
return g_bytes_ref (bytes);
}
