static CK_SESSION_HANDLE session_for_store_on_module (const char *name, CK_FUNCTION_LIST *module, bool *found_read_only) { CK_SESSION_HANDLE session = 0; CK_SLOT_ID *slots = NULL; CK_TOKEN_INFO info; CK_ULONG count; CK_ULONG i; CK_RV rv; rv = p11_kit_module_initialize (module); if (rv != CKR_OK) { p11_message ("%s: couldn't initialize: %s", name, p11_kit_message ()); return 0UL; } rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); if (rv == CKR_OK) { slots = calloc (count, sizeof (CK_ULONG)); return_val_if_fail (slots != NULL, 0UL); rv = (module->C_GetSlotList) (CK_TRUE, slots, &count); } if (rv != CKR_OK) { p11_message ("%s: couldn't enumerate slots: %s", name, p11_kit_strerror (rv)); free (slots); return 0UL; } for (i = 0; session == 0 && i < count; i++) { rv = (module->C_GetTokenInfo) (slots[i], &info); if (rv != CKR_OK) { p11_message ("%s: couldn't get token info: %s", name, p11_kit_strerror (rv)); continue; } if (info.flags & CKF_WRITE_PROTECTED) { *found_read_only = true; continue; } rv = (module->C_OpenSession) (slots[i], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); if (rv != CKR_OK) { p11_message ("%s: couldn't open session: %s", name, p11_kit_strerror (rv)); session = 0; } p11_debug ("opened writable session on: %s", name); } free (slots); if (session == 0UL) p11_kit_module_finalize (module); return session; }
gboolean g_pkcs11_propagate_error (GError **error, CK_RV rv) { if (rv == CKR_OK) return FALSE; if (rv == CKR_CANCEL) g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CANCELLED, p11_kit_strerror (rv)); else g_set_error_literal (error, G_PKCS11_ERROR, (gint)rv, p11_kit_strerror (rv)); return TRUE; }
static bool remove_all (p11_kit_iter *iter, bool *changed) { const char *desc; CK_RV rv; while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { desc = description_for_object_at_iter (iter); p11_debug ("removing %s: %lu", desc, p11_kit_iter_get_object (iter)); rv = p11_kit_iter_destroy_object (iter); switch (rv) { case CKR_OK: *changed = true; /* fall through */ case CKR_OBJECT_HANDLE_INVALID: continue; case CKR_TOKEN_WRITE_PROTECTED: case CKR_SESSION_READ_ONLY: case CKR_ATTRIBUTE_READ_ONLY: p11_message ("couldn't remove read-only %s", desc); continue; default: p11_message ("couldn't remove %s: %s", desc, p11_kit_strerror (rv)); break; } } return (rv == CKR_CANCEL); }
static bool create_anchor (CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, CK_ATTRIBUTE *attrs) { CK_BBOOL truev = CK_TRUE; CK_OBJECT_HANDLE object; char *string; CK_RV rv; CK_ULONG klass; CK_ATTRIBUTE basics_certificate[] = { { CKA_TOKEN, &truev, sizeof (truev) }, { CKA_TRUSTED, &truev, sizeof (truev) }, { CKA_INVALID, }, }; CK_ATTRIBUTE basics_extension[] = { { CKA_TOKEN, &truev, sizeof (truev) }, { CKA_INVALID, }, }; CK_ATTRIBUTE basics_empty[] = { { CKA_INVALID, }, }; CK_ATTRIBUTE *basics = basics_empty; if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass)) { switch (klass) { case CKO_CERTIFICATE: basics = basics_certificate; break; case CKO_X_CERTIFICATE_EXTENSION: basics = basics_extension; break; } } attrs = p11_attrs_merge (attrs, p11_attrs_dup (basics), true); p11_attrs_remove (attrs, CKA_MODIFIABLE); if (p11_debugging) { string = p11_attrs_to_string (attrs, -1); p11_debug ("storing: %s", string); free (string); } rv = (module->C_CreateObject) (session, attrs, p11_attrs_count (attrs), &object); p11_attrs_free (attrs); if (rv != CKR_OK) { p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); return false; } return true; }
bool p11_extract_x509_file (p11_enumerate *ex, const char *destination) { bool found = false; p11_save_file *file; CK_RV rv; while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { if (found) { p11_message ("multiple certificates found but could only write one to file"); break; } file = p11_save_open_file (destination, NULL, ex->flags); if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) return false; /* Wrote something */ found = true; } if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); return false; /* Remember that an empty DER file is not a valid file, so complain if nothing */ } else if (!found) { p11_message ("no certificate found"); return false; } return true; }
bool p11_extract_openssl_bundle (p11_enumerate *ex, const char *destination) { p11_save_file *file; p11_buffer output; p11_buffer buf; char *comment; bool ret = true; bool first; CK_RV rv; file = p11_save_open_file (destination, NULL, ex->flags); if (!file) return false; first = true; p11_buffer_init (&output, 0); while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { p11_buffer_init (&buf, 1024); if (!p11_buffer_reset (&output, 2048)) return_val_if_reached (false); if (prepare_pem_contents (ex, &buf)) { if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) return_val_if_reached (false); comment = p11_enumerate_comment (ex, first); first = false; ret = p11_save_write (file, comment, -1) && p11_save_write (file, output.data, output.len); free (comment); } p11_buffer_uninit (&buf); if (!ret) break; } p11_buffer_uninit (&output); if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); ret = false; } /* * This will produce an empty file (which is a valid PEM bundle) if no * certificates were found. */ if (!p11_save_finish_file (file, NULL, ret)) ret = false; return ret; }
void _p11_kit_default_message (CK_RV rv) { const char *msg; if (rv != CKR_OK) { msg = p11_kit_strerror (rv); p11_message_store (msg, strlen (msg)); } }
static bool modify_anchor (CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE *attrs) { CK_BBOOL truev = CK_TRUE; CK_ATTRIBUTE *changes; CK_ATTRIBUTE *label; CK_ULONG klass; char *string; CK_RV rv; CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) }; label = p11_attrs_find_valid (attrs, CKA_LABEL); if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && klass == CKO_CERTIFICATE) changes = p11_attrs_build (NULL, &trusted, label, NULL); else changes = p11_attrs_build (NULL, label, NULL); return_val_if_fail (attrs != NULL, FALSE); /* Don't need the attributes anymore */ p11_attrs_free (attrs); if (p11_debugging) { string = p11_attrs_to_string (changes, -1); p11_debug ("setting: %s", string); free (string); } rv = (module->C_SetAttributeValue) (session, object, changes, p11_attrs_count (changes)); p11_attrs_free (changes); if (rv != CKR_OK) { p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); return false; } return true; }
bool p11_extract_x509_directory (p11_enumerate *ex, const char *destination) { p11_save_file *file; p11_save_dir *dir; char *filename; CK_RV rv; bool ret; dir = p11_save_open_directory (destination, ex->flags); if (dir == NULL) return false; while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { filename = p11_enumerate_filename (ex); return_val_if_fail (filename != NULL, -1); file = p11_save_open_file_in (dir, filename, ".cer"); free (filename); if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) { p11_save_finish_directory (dir, false); return false; } } if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); ret = false; } else { ret = true; } p11_save_finish_directory (dir, ret); return ret; }
bool p11_extract_openssl_directory (p11_enumerate *ex, const char *destination) { char *filename; p11_save_file *file; p11_save_dir *dir; p11_buffer output; p11_buffer buf; bool ret = true; char *path; char *name; CK_RV rv; dir = p11_save_open_directory (destination, ex->flags); if (dir == NULL) return false; p11_buffer_init (&buf, 0); p11_buffer_init (&output, 0); while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { if (!p11_buffer_reset (&buf, 1024)) return_val_if_reached (false); if (!p11_buffer_reset (&output, 2048)) return_val_if_reached (false); if (prepare_pem_contents (ex, &buf)) { if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) return_val_if_reached (false); name = p11_enumerate_filename (ex); return_val_if_fail (name != NULL, false); filename = NULL; path = NULL; ret = false; file = p11_save_open_file_in (dir, name, ".pem"); if (file != NULL) { ret = p11_save_write (file, output.data, output.len); if (!p11_save_finish_file (file, &path, ret)) ret = false; if (ret) filename = p11_path_base (path); } ret = p11_openssl_symlink(ex, dir, filename); free (filename); free (path); free (name); } if (!ret) break; } p11_buffer_uninit (&buf); p11_buffer_uninit (&output); if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); ret = false; } p11_save_finish_directory (dir, ret); return ret; }