void gkm_object_destroy (GkmObject *self, GkmTransaction *transaction) { GkmSession *session; GkmManager *manager; GkmModule *module; g_return_if_fail (GKM_IS_OBJECT (self)); g_return_if_fail (GKM_IS_TRANSACTION (transaction)); g_return_if_fail (!gkm_transaction_get_failed (transaction)); g_return_if_fail (self->pv->module); g_object_ref (self); session = gkm_session_for_session_object (self); if (session != NULL) { gkm_session_destroy_session_object (session, transaction, self); } else { manager = gkm_object_get_manager (self); module = gkm_object_get_module (self); if (manager == gkm_module_get_manager (module)) gkm_module_remove_token_object (module, transaction, self); } /* Forcefully dispose of the object once the transaction completes */ gkm_transaction_add (transaction, NULL, complete_destroy, g_object_ref (self)); g_object_unref (self); }
static void gkm_object_get_property (GObject *obj, guint prop_id, GValue *value, GParamSpec *pspec) { GkmObject *self = GKM_OBJECT (obj); switch (prop_id) { case PROP_HANDLE: g_value_set_ulong (value, gkm_object_get_handle (self)); break; case PROP_MODULE: g_return_if_fail (GKM_IS_MODULE (self->pv->module)); g_value_set_object (value, gkm_object_get_module (self)); break; case PROP_MANAGER: g_value_set_object (value, gkm_object_get_manager (self)); break; case PROP_STORE: g_value_set_object (value, self->pv->store); break; case PROP_UNIQUE: g_value_set_string (value, gkm_object_get_unique (self)); break; case PROP_TRANSIENT: g_value_set_boolean (value, gkm_object_is_transient (self)); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec); break; } }
static GObject* gkm_roots_certificate_constructor (GType type, guint n_props, GObjectConstructParam *props) { GkmRootsCertificate *self = GKM_ROOTS_CERTIFICATE (G_OBJECT_CLASS (gkm_roots_certificate_parent_class)->constructor(type, n_props, props)); g_return_val_if_fail (self, NULL); self->trust = gkm_roots_trust_new (gkm_object_get_module (GKM_OBJECT (self)), gkm_object_get_manager (GKM_OBJECT (self)), GKM_CERTIFICATE (self)); return G_OBJECT (self); }
static GkmAssertion* create_assertion (GkmXdgTrust *self, GNode *asn) { CK_X_ASSERTION_TYPE type = 0; GkmAssertion *assertion; GQuark level; gchar *purpose; gchar *peer; GNode *node; /* Get the trust level */ level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL)); g_return_val_if_fail (level != 0, NULL); if (!level_enum_to_assertion_type (level, &type)) g_message ("unsupported trust level %s in trust object", g_quark_to_string (level)); else if (type == 0) return NULL; /* A purpose */ purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL); g_return_val_if_fail (purpose, NULL); /* A peer name */ node = egg_asn1x_node (asn, "peer", NULL); if (egg_asn1x_have (node)) peer = egg_asn1x_get_string_as_utf8 (node, NULL); else peer = NULL; assertion = g_object_new (GKM_XDG_TYPE_ASSERTION, "module", gkm_object_get_module (GKM_OBJECT (self)), "manager", gkm_object_get_manager (GKM_OBJECT (self)), "trust", self, "type", type, "purpose", purpose, "peer", peer, NULL); g_free (purpose); g_free (peer); return assertion; }
gboolean gkm_certificate_calc_category (GkmCertificate *self, GkmSession *session, CK_ULONG* category) { const guchar *extension; GkmManager *manager; gsize n_extension; GkmDataResult res; gboolean is_ca; GkmObject *object; g_return_val_if_fail (GKM_IS_CERTIFICATE (self), CKR_GENERAL_ERROR); g_return_val_if_fail (category, CKR_GENERAL_ERROR); /* First see if we have a private key for this certificate */ manager = gkm_object_get_manager (GKM_OBJECT (self)); if (manager != NULL) { object = gkm_manager_find_related (manager, session, CKO_PRIVATE_KEY, GKM_OBJECT (self)); if (object != NULL) { *category = 1; /* token user */ return TRUE; } } /* Read in the Basic Constraints section */ extension = gkm_certificate_get_extension (self, OID_BASIC_CONSTRAINTS, &n_extension, NULL); if (extension != NULL) { res = gkm_data_der_read_basic_constraints (extension, n_extension, &is_ca, NULL); if (res != GKM_DATA_SUCCESS) return FALSE; if (is_ca) *category = 2; /* authority */ else *category = 3; /* other entity */ } else { *category = 0; /* unspecified */ } return TRUE; }
static void add_transient_object (GkmModule *self, GkmTransaction *transaction, GkmObject *object) { g_assert (GKM_IS_MODULE (self)); g_assert (GKM_IS_OBJECT (object)); /* Must not already be associated with a session or manager */ g_return_if_fail (gkm_object_get_manager (object) == self->pv->token_manager); g_return_if_fail (g_hash_table_lookup (self->pv->transient_objects, object) == NULL); g_hash_table_insert (self->pv->transient_objects, object, g_object_ref (object)); g_object_set (object, "store", self->pv->transient_store, NULL); gkm_object_expose (object, TRUE); if (transaction) { gkm_transaction_add (transaction, self, (GkmTransactionFunc)complete_transient_add, g_object_ref (object)); } }
static gboolean gkm_certificate_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data) { GkmCertificate *self = GKM_CERTIFICATE (base); GNode *asn1 = NULL; GkmDataResult res; guchar *copy, *keydata; gsize n_keydata; gcry_sexp_t sexp; GkmSexp *wrapper; g_return_val_if_fail (GKM_IS_CERTIFICATE (self), FALSE); if (!data || !n_data) { g_message ("cannot load empty certificate file"); return FALSE; } copy = g_memdup (data, n_data); /* Parse the ASN1 data */ res = gkm_data_der_read_certificate (copy, n_data, &asn1); if (res != GKM_DATA_SUCCESS) { g_message ("couldn't parse certificate data"); g_free (copy); return FALSE; } /* Generate a raw public key from our certificate */ keydata = egg_asn1x_encode (egg_asn1x_node (asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL), NULL, &n_keydata); g_return_val_if_fail (keydata, FALSE); /* Now create us a nice public key with that identifier */ res = gkm_data_der_read_public_key_info (keydata, n_keydata, &sexp); g_free (keydata); switch (res) { /* Create ourselves a public key with that */ case GKM_DATA_SUCCESS: wrapper = gkm_sexp_new (sexp); if (!self->pv->key) self->pv->key = gkm_certificate_key_new (gkm_object_get_module (GKM_OBJECT (self)), gkm_object_get_manager (GKM_OBJECT (self)), self); gkm_sexp_key_set_base (GKM_SEXP_KEY (self->pv->key), wrapper); gkm_sexp_unref (wrapper); break; /* Unknown type of public key for this certificate, just ignore */ case GKM_DATA_UNRECOGNIZED: if (self->pv->key) g_object_unref (self->pv->key); self->pv->key = NULL; break; /* Bad key, drop certificate */ case GKM_DATA_FAILURE: case GKM_DATA_LOCKED: g_warning ("couldn't parse certificate key data"); g_free (copy); egg_asn1x_destroy (asn1); return FALSE; default: g_assert_not_reached (); break; } g_free (self->pv->data); self->pv->data = copy; self->pv->n_data = n_data; egg_asn1x_destroy (self->pv->asn1); self->pv->asn1 = asn1; return TRUE; }