static char *
symlink_for_subject_hash (p11_enumerate *ex)
{
unsigned char md[P11_DIGEST_SHA1_LEN];
p11_buffer der;
CK_ATTRIBUTE *subject;
unsigned long hash;
char *linkname = NULL;
subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT);
if (!subject || !subject->pValue || !subject->ulValueLen)
return NULL;
p11_buffer_init_full (&der, memdup (subject->pValue, subject->ulValueLen),
subject->ulValueLen, 0, realloc, free);
return_val_if_fail (der.data != NULL, NULL);
if (p11_openssl_canon_name_der (ex->asn1_defs, &der)) {
p11_digest_sha1 (md, der.data, der.len, NULL);
hash = (
((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
if (asprintf (&linkname, "%08lx", hash) < 0)
return_val_if_reached (NULL);
}
p11_buffer_uninit (&der);
return linkname;
}
static void
dump_object (P11KitIter *iter,
CK_ATTRIBUTE *attrs)
{
CK_ATTRIBUTE label = { CKA_LABEL, };
CK_ATTRIBUTE *attr;
char *string;
char *name;
CK_RV rv;
attr = p11_attrs_find_valid (attrs, CKA_LABEL);
if (!attr) {
rv = p11_kit_iter_load_attributes (iter, &label, 1);
if (rv == CKR_OK)
attr = &label;
}
if (attr)
name = strndup (attr->pValue, attr->ulValueLen);
else
name = strdup ("unknown");
string = p11_attrs_to_string (attrs, -1);
printf ("\"%s\" = %s\n", name, string);
free (string);
free (label.pValue);
free (name);
}
static CK_OBJECT_HANDLE
find_anchor (CK_FUNCTION_LIST *module,
CK_SESSION_HANDLE session,
CK_ATTRIBUTE *attrs)
{
CK_OBJECT_HANDLE object = 0UL;
CK_ATTRIBUTE *attr;
p11_kit_iter *iter;
attr = p11_attrs_find_valid (attrs, CKA_CLASS);
return_val_if_fail (attr != NULL, 0);
iter = p11_kit_iter_new (NULL, 0);
return_val_if_fail (iter != NULL, 0);
if (iter_match_anchor (iter, attrs)) {
p11_kit_iter_begin_with (iter, module, 0, session);
if (p11_kit_iter_next (iter) == CKR_OK)
object = p11_kit_iter_get_object (iter);
}
p11_kit_iter_free (iter);
return object;
}
static bool
iter_match_anchor (p11_kit_iter *iter,
CK_ATTRIBUTE *attrs)
{
CK_ATTRIBUTE *attr;
attr = p11_attrs_find_valid (attrs, CKA_CLASS);
if (attr == NULL)
return false;
p11_kit_iter_add_filter (iter, attr, 1);
attr = p11_attrs_find_valid (attrs, CKA_VALUE);
if (attr == NULL)
return false;
p11_kit_iter_add_filter (iter, attr, 1);
return true;
}
static bool
modify_anchor (CK_FUNCTION_LIST *module,
CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE object,
CK_ATTRIBUTE *attrs)
{
CK_BBOOL truev = CK_TRUE;
CK_ATTRIBUTE *changes;
CK_ATTRIBUTE *label;
CK_ULONG klass;
char *string;
CK_RV rv;
CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) };
label = p11_attrs_find_valid (attrs, CKA_LABEL);
if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) &&
klass == CKO_CERTIFICATE)
changes = p11_attrs_build (NULL, &trusted, label, NULL);
else
changes = p11_attrs_build (NULL, label, NULL);
return_val_if_fail (attrs != NULL, FALSE);
/* Don't need the attributes anymore */
p11_attrs_free (attrs);
if (p11_debugging) {
string = p11_attrs_to_string (changes, -1);
p11_debug ("setting: %s", string);
free (string);
}
rv = (module->C_SetAttributeValue) (session, object, changes,
p11_attrs_count (changes));
p11_attrs_free (changes);
if (rv != CKR_OK) {
p11_message ("couldn't create object: %s", p11_kit_strerror (rv));
return false;
}
return true;
}
static bool
write_alias (p11_enumerate *ex,
node_asn *asn)
{
CK_ATTRIBUTE *label;
int ret;
label = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
if (label == NULL) {
ret = asn1_write_value (asn, "alias", NULL, 0);
return_val_if_fail (ret == ASN1_SUCCESS, false);
} else {
ret = asn1_write_value (asn, "alias", label->pValue, label->ulValueLen);
return_val_if_fail (ret == ASN1_SUCCESS, false);
}
return true;
}
static char *
symlink_for_subject_old_hash (p11_enumerate *ex)
{
unsigned char md[P11_DIGEST_MD5_LEN];
CK_ATTRIBUTE *subject;
unsigned long hash;
char *linkname;
subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT);
if (!subject)
return NULL;
p11_digest_md5 (md, subject->pValue, (size_t)subject->ulValueLen, NULL);
hash = (
((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
if (asprintf (&linkname, "%08lx", hash) < 0)
return_val_if_reached (NULL);
return linkname;
}
