static GkmObject* factory_create_private_key (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { GkmGnome2PrivateKey *key; GkmSexp *sexp; g_return_val_if_fail (attrs || !n_attrs, NULL); sexp = gkm_private_xsa_key_create_sexp (session, transaction, attrs, n_attrs); if (sexp == NULL) return NULL; key = g_object_new (GKM_TYPE_GNOME2_PRIVATE_KEY, "base-sexp", sexp, "module", gkm_session_get_module (session), "manager", gkm_manager_for_template (attrs, n_attrs, session), NULL); g_return_val_if_fail (!key->private_sexp, NULL); key->private_sexp = gkm_sexp_ref (sexp); gkm_sexp_unref (sexp); /* TODO: We don't support setting these yet, so ignore them */ gkm_attributes_consume (attrs, n_attrs, CKA_SIGN_RECOVER, CKA_UNWRAP, CKA_ID, G_MAXULONG); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key), TRUE, attrs, n_attrs); return GKM_OBJECT (key); }
GkmXdgTrust* gkm_xdg_trust_create_for_assertion (GkmModule *module, GkmManager *manager, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { CK_ATTRIBUTE_PTR serial, issuer, cert; GkmXdgTrust *trust; g_return_val_if_fail (GKM_IS_MODULE (module), NULL); g_return_val_if_fail (GKM_IS_MANAGER (manager), NULL); g_return_val_if_fail (attrs || !n_attrs, NULL); serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER); issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER); cert = gkm_attributes_find (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE); /* A trust object with just serial + issuer */ if (serial != NULL && issuer != NULL) { if (cert != NULL) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return NULL; } if (!validate_der (issuer, "Name") || !validate_integer (serial)) { gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID); return NULL; } trust = create_trust_for_reference (module, manager, serial, issuer); /* A trust object with a full certificate */ } else if (cert != NULL) { if (serial != NULL || issuer != NULL) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return NULL; } if (!validate_der (cert, "Certificate")) { gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID); return NULL; } trust = create_trust_for_complete (module, manager, cert); /* Not sure what this is */ } else { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } gkm_attributes_consume (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE, CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG); return trust; }
static void gkm_object_real_create_attributes (GkmObject *self, GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE *attrs, CK_ULONG n_attrs) { CK_ATTRIBUTE_PTR transient_attr; gboolean transient = FALSE; gulong after = 0; gulong idle = 0; CK_RV rv; /* Parse the transient attribute */ transient_attr = gkm_attributes_find (attrs, n_attrs, CKA_MATE_TRANSIENT); if (transient_attr) { rv = gkm_attribute_get_bool (transient_attr, &transient); if (rv != CKR_OK) { gkm_transaction_fail (transaction, rv); return; } } /* Parse the auto destruct attribute */ if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_DESTRUCT_AFTER, &after)) after = 0; if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_DESTRUCT_IDLE, &idle)) idle = 0; /* Default for the transient attribute */ if (!transient_attr && (idle || after)) transient = TRUE; /* Used up these attributes */ gkm_attributes_consume (attrs, n_attrs, CKA_G_DESTRUCT_AFTER, CKA_G_DESTRUCT_IDLE, CKA_MATE_TRANSIENT, G_MAXULONG); if (transient) { mark_object_transient (self); self->pv->transient->timed_after = after; self->pv->transient->timed_idle = idle; } if (after || idle) { if (!self->pv->transient) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return; } gkm_transaction_add (transaction, self, start_callback, NULL); } }
static GkmObject* factory_create_credential (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { CK_OBJECT_HANDLE handle; GkmCredential *cred; CK_ATTRIBUTE *attr; GkmManager *manager; GkmModule *module; GkmObject *object = NULL; CK_RV rv; g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL); g_return_val_if_fail (attrs || !n_attrs, NULL); /* The handle is optional */ if (gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_OBJECT, &handle)) { rv = gkm_session_lookup_readable_object (session, handle, &object); if (rv != CKR_OK) { gkm_transaction_fail (transaction, rv); return NULL; } } else { object = NULL; } /* The value is optional */ attr = gkm_attributes_find (attrs, n_attrs, CKA_VALUE); gkm_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_G_OBJECT, G_MAXULONG); module = gkm_session_get_module (session); manager = gkm_manager_for_template (attrs, n_attrs, session); rv = gkm_credential_create (module, manager, object, attr ? attr->pValue : NULL, attr ? attr->ulValueLen : 0, &cred); if (rv == CKR_OK) { gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (cred), TRUE, attrs, n_attrs); return GKM_OBJECT (cred); } else { gkm_transaction_fail (transaction, rv); return NULL; } }
static GkmObject* factory_create_certificate (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { CK_ATTRIBUTE_PTR attr; GkmCertificate *cert; g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL); g_return_val_if_fail (attrs || !n_attrs, NULL); /* Dig out the value */ attr = gkm_attributes_find (attrs, n_attrs, CKA_VALUE); if (attr == NULL) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } cert = g_object_new (GKM_TYPE_CERTIFICATE, "module", gkm_session_get_module (session), "manager", gkm_manager_for_template (attrs, n_attrs, session), NULL); /* Load the certificate from the data specified */ if (!gkm_serializable_load (GKM_SERIALIZABLE (cert), NULL, attr->pValue, attr->ulValueLen)) { gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID); g_object_unref (cert); return NULL; } /* Note that we ignore the subject */ gkm_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (cert), TRUE, attrs, n_attrs); return GKM_OBJECT (cert); }
static GkmXdgTrust* lookup_or_create_trust_object (GkmSession *session, GkmManager *manager, GkmTransaction *transaction, CK_X_ASSERTION_TYPE type, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, gboolean *created) { CK_ATTRIBUTE_PTR serial, issuer, value; CK_ATTRIBUTE lookups[3]; CK_OBJECT_CLASS klass; CK_ULONG n_lookups; GList *objects; GkmXdgTrust *trust; GkmModule *module; klass = CKO_NETSCAPE_TRUST; lookups[0].type = CKA_CLASS; lookups[0].pValue = &klass; lookups[0].ulValueLen = sizeof (klass); switch (type) { case CKT_X_ANCHORED_CERTIFICATE: case CKT_X_PINNED_CERTIFICATE: value = gkm_attributes_find (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE); if (!value) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } /* Attributes used for looking up trust object */ memcpy (&lookups[1], value, sizeof (CK_ATTRIBUTE)); n_lookups = 2; break; case CKT_X_DISTRUSTED_CERTIFICATE: serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER); issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER); if (!serial || !issuer) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } /* Attributes used for looking up trust object */ memcpy (&lookups[1], issuer, sizeof (CK_ATTRIBUTE)); memcpy (&lookups[2], serial, sizeof (CK_ATTRIBUTE)); n_lookups = 3; break; default: gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT); return NULL; }; objects = gkm_manager_find_by_attributes (manager, session, lookups, n_lookups); module = gkm_session_get_module (session); /* Found a matching trust object for this assertion */ if (objects) { g_return_val_if_fail (GKM_XDG_IS_TRUST (objects->data), NULL); trust = g_object_ref (objects->data); g_list_free (objects); /* Create a trust object for this assertion */ } else { trust = gkm_xdg_trust_create_for_assertion (module, manager, transaction, lookups, n_lookups); gkm_attributes_consume (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE, CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG); gkm_attributes_consume (lookups, n_lookups, CKA_X_CERTIFICATE_VALUE, CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG); if (!gkm_transaction_get_failed (transaction)) gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (trust), TRUE, lookups, n_lookups); } return trust; }
static GkmObject* factory_create_assertion (GkmSession *session, GkmTransaction *transaction, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs) { GkmAssertion *assertion; CK_X_ASSERTION_TYPE type; GkmManager *manager; gboolean created = FALSE; GkmXdgTrust *trust; gchar *purpose; gchar *peer; g_return_val_if_fail (attrs || !n_attrs, NULL); if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_X_ASSERTION_TYPE, &type)) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PURPOSE, &purpose)) { gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE); return NULL; } if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PEER, &peer)) peer = NULL; /* Try to find or create an appropriate trust object for this assertion */ manager = gkm_manager_for_template (attrs, n_attrs, session); trust = lookup_or_create_trust_object (session, manager, transaction, type, attrs, n_attrs, &created); /* Creating the trust object failed */ if (trust == NULL) { g_return_val_if_fail (gkm_transaction_get_failed (transaction), NULL); g_free (purpose); g_free (peer); return NULL; } assertion = g_object_new (GKM_XDG_TYPE_ASSERTION, "module", gkm_session_get_module (session), "manager", manager, "trust", trust, "type", type, "purpose", purpose, "peer", peer, NULL); g_free (purpose); g_free (peer); /* Add the assertion to the trust object */ if (!gkm_transaction_get_failed (transaction)) { gkm_xdg_trust_replace_assertion (trust, GKM_ASSERTION (assertion), transaction); if (gkm_transaction_get_failed (transaction)) { gkm_transaction_fail (transaction, CKR_GENERAL_ERROR); /* A new trust assertion */ } else { gkm_attributes_consume (attrs, n_attrs, CKA_X_ASSERTION_TYPE, CKA_X_PURPOSE, G_MAXULONG); gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (assertion), TRUE, attrs, n_attrs); } } g_object_unref (trust); return GKM_OBJECT (assertion); }