static void
test_some_asn1_stuff (const ASN1_ARRAY_TYPE *defs, const gchar *file, const gchar *identifier)
{
GNode *asn;
gpointer data, encoded;
gsize n_data, n_encoded;
if (!g_file_get_contents (file, (gchar**)&data, &n_data, NULL))
g_assert_not_reached ();
asn = egg_asn1x_create (defs, identifier);
egg_asn1x_dump (asn);
if (!egg_asn1x_decode (asn, data, n_data))
g_warning ("decode of %s failed: %s", identifier, egg_asn1x_message (asn));
encoded = egg_asn1x_encode (asn, NULL, &n_encoded);
if (encoded == NULL)
g_warning ("encode of %s failed: %s", identifier, egg_asn1x_message (asn));
/* Decode the encoding */
if (!egg_asn1x_decode (asn, encoded, n_encoded))
g_warning ("decode of encoded %s failed: %s", identifier, egg_asn1x_message (asn));
egg_asn1x_clear (asn);
egg_asn1x_destroy (asn);
g_free (encoded);
g_free (data);
}
static void
test_decode_encode (Test *test,
gconstpointer data)
{
const Fixture *fixture = data;
GNode *asn;
GBytes *encoded;
gboolean ret;
asn = egg_asn1x_create (fixture->defs, fixture->identifier);
if (g_test_verbose ())
egg_asn1x_dump (asn);
ret = egg_asn1x_decode (asn, test->data);
egg_asn1x_assert (ret == TRUE, asn);
encoded = egg_asn1x_encode (asn, NULL);
egg_asn1x_assert (encoded != NULL, asn);
/* Decode the encoding */
ret = egg_asn1x_decode (asn, encoded);
egg_asn1x_assert (ret == TRUE, asn);
egg_asn1x_clear (asn);
egg_asn1x_destroy (asn);
g_bytes_unref (encoded);
}
static gboolean
gkm_xdg_trust_real_load (GkmSerializable *base,
GkmSecret *login,
GBytes *data)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GNode *asn = NULL;
if (g_bytes_get_size (data) == 0)
return FALSE;
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, FALSE);
if (!egg_asn1x_decode (asn, data)) {
g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
return FALSE;
}
/* Next parse out all the pairs */
if (!load_assertions (self, asn)) {
egg_asn1x_destroy (asn);
return FALSE;
}
/* Take ownership of this new data */
if (self->pv->bytes)
g_bytes_unref (self->pv->bytes);
self->pv->bytes = g_bytes_ref (data);
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = asn;
return TRUE;
}
static gboolean
validate_der (CK_ATTRIBUTE_PTR attr, const gchar *asn_type)
{
GNode *asn;
gboolean valid = TRUE;
GBytes *data;
if (!attr->pValue || attr->ulValueLen == (CK_ULONG)-1)
return FALSE;
asn = egg_asn1x_create (pkix_asn1_tab, asn_type);
g_return_val_if_fail (asn, FALSE);
data = g_bytes_new_static (attr->pValue, attr->ulValueLen);
valid = egg_asn1x_decode (asn, data);
g_bytes_unref (data);
if (!valid)
g_message ("failed to parse certificate passed to trust assertion: %s",
egg_asn1x_message (asn));
/* Yes, this is an expensive check, but worthwhile */
egg_asn1x_destroy (asn);
return valid;
}
int
main(int argc, char* argv[])
{
GError *err = NULL;
gchar *contents;
gsize n_contents;
GNode *asn, *node;
gint i, count;
if (argc != 2) {
g_printerr ("usage: dump-trust-file file\n");
return 2;
}
if (!g_file_get_contents (argv[1], &contents, &n_contents, &err))
barf_and_die ("couldn't load file", egg_error_message (err));
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, 1);
if (!egg_asn1x_decode (asn, contents, n_contents))
barf_and_die ("couldn't parse file", egg_asn1x_message (asn));
/* Print out the certificate we refer to first */
node = egg_asn1x_node (asn, "reference", "certReference", NULL);
if (egg_asn1x_have (node)) {
dump_certificate_reference (node);
} else {
node = egg_asn1x_node (asn, "reference", "certComplete", NULL);
if (egg_asn1x_have (node))
dump_certificate_complete (node);
else
barf_and_die ("unsupported certificate reference", NULL);
}
/* Then the assertions */
count = egg_asn1x_count (egg_asn1x_node (asn, "assertions", NULL));
for (i = 0; i < count; ++i) {
node = egg_asn1x_node (asn, "assertions", i + 1, NULL);
dump_assertion (node);
}
egg_asn1x_destroy (asn);
g_free (contents);
return 0;
}
static gboolean
prepare_subject_public_key_and_mechanisms (GcrCertificateRequest *self,
GNode *subject_public_key,
GQuark *algorithm,
const gulong **mechanisms,
gsize *n_mechanisms,
GError **error)
{
GBytes *encoded;
GNode *node;
GQuark oid;
g_assert (algorithm != NULL);
g_assert (mechanisms != NULL);
g_assert (n_mechanisms != NULL);
encoded = egg_asn1x_encode (subject_public_key, NULL);
g_return_val_if_fail (encoded != NULL, FALSE);
node = egg_asn1x_node (subject_public_key, "algorithm", "algorithm", NULL);
oid = egg_asn1x_get_oid_as_quark (node);
if (oid == GCR_OID_PKIX1_RSA) {
*mechanisms = RSA_MECHANISMS;
*n_mechanisms = G_N_ELEMENTS (RSA_MECHANISMS);
*algorithm = GCR_OID_PKIX1_SHA1_WITH_RSA;
} else if (oid == GCR_OID_PKIX1_DSA) {
*mechanisms = DSA_MECHANISMS;
*n_mechanisms = G_N_ELEMENTS (DSA_MECHANISMS);
*algorithm = GCR_OID_PKIX1_SHA1_WITH_DSA;
} else {
g_bytes_unref (encoded);
g_set_error (error, GCR_DATA_ERROR, GCR_ERROR_UNRECOGNIZED,
_("Unsupported key type for certificate request"));
return FALSE;
}
node = egg_asn1x_node (self->asn, "certificationRequestInfo", "subjectPKInfo", NULL);
if (!egg_asn1x_decode (node, encoded))
g_return_val_if_reached (FALSE);
g_bytes_unref (encoded);
return TRUE;
}
static void
test_pkcs12_decode (Test *test,
gconstpointer unused)
{
GNode *asn;
gboolean ret;
asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PFX");
if (g_test_verbose ())
egg_asn1x_dump (asn);
ret = egg_asn1x_decode (asn, test->data);
egg_asn1x_assert (ret == TRUE, asn);
egg_asn1x_destroy (asn);
}
static void
test_personal_name_invalid (Test *test,
gconstpointer unused)
{
GNode *asn;
gboolean ret;
asn = egg_asn1x_create (pkix_asn1_tab, "PersonalName");
if (g_test_verbose ())
egg_asn1x_dump (asn);
ret = egg_asn1x_decode (asn, test->data);
g_assert (ret == FALSE);
g_assert (strstr (egg_asn1x_message (asn), "content size is out of bounds") != NULL);
egg_asn1x_destroy (asn);
}
static void
create_trust_file_for_certificate (const gchar *filename, const gchar *certificate)
{
GError *err = NULL;
GNode *asn, *cert, *choice, *ref;
GBytes *bytes, *result;
gchar *data;
gsize n_data;
if (!g_file_get_contents (certificate, &data, &n_data, &err))
barf_and_die ("couldn't read certificate file", egg_error_message (err));
/* Make sure the certificate is */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
bytes = g_bytes_new_take (data, n_data);
if (!egg_asn1x_decode (cert, bytes))
barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_if_fail (asn);
ref = egg_asn1x_node (asn, "reference", NULL);
choice = egg_asn1x_node (ref, "certComplete", NULL);
if (!egg_asn1x_set_choice (ref, choice) || !egg_asn1x_set_any_raw (choice, bytes))
g_return_if_reached ();
g_bytes_unref (bytes);
result = egg_asn1x_encode (asn, NULL);
if (result == NULL)
barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
egg_asn1x_destroy (cert);
if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL),
g_bytes_get_size (result), &err))
barf_and_die ("couldn't write trust file", egg_error_message (err));
g_bytes_unref (result);
}
static void
add_trust_purpose_to_file (const gchar *filename, const gchar *purpose)
{
GError *err = NULL;
gchar *data;
GBytes *result;
gsize n_data;
GNode *asn, *assertion;
GBytes *bytes;
if (!g_file_get_contents (filename, &data, &n_data, &err))
barf_and_die ("couldn't read trust file", egg_error_message (err));
/* Create up the trust structure */
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_if_fail (asn);
/* And parse it */
bytes = g_bytes_new_take (data, n_data);
if (!egg_asn1x_decode (asn, bytes))
barf_and_die ("couldn't parse trust file", egg_asn1x_message (asn));
g_bytes_unref (bytes);
assertion = egg_asn1x_append (egg_asn1x_node (asn, "assertions", NULL));
g_return_if_fail (assertion);
if (!egg_asn1x_set_string_as_utf8 (egg_asn1x_node (assertion, "purpose", NULL), g_strdup (purpose), g_free))
g_return_if_reached ();
egg_asn1x_set_enumerated (egg_asn1x_node (assertion, "level", NULL), g_quark_from_string ("trusted"));
result = egg_asn1x_encode (asn, NULL);
if (result == NULL)
barf_and_die ("couldn't encode trust file", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL),
g_bytes_get_size (result), &err))
barf_and_die ("couldn't write trust file", egg_error_message (err));
g_bytes_unref (result);
}
static gboolean
gkm_xdg_trust_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GNode *asn = NULL;
gpointer copy;
g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE);
g_return_val_if_fail (data, FALSE);
if (n_data == 0)
return FALSE;
copy = g_memdup (data, n_data);
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, FALSE);
if (!egg_asn1x_decode (asn, copy, n_data)) {
g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
g_free (copy);
return FALSE;
}
/* Next parse out all the pairs */
if (!load_assertions (self, asn)) {
egg_asn1x_destroy (asn);
g_free (copy);
return FALSE;
}
/* Take ownership of this new data */
g_free (self->pv->data);
self->pv->data = copy;
self->pv->n_data = n_data;
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = asn;
return TRUE;
}
static void
dump_certificate_complete (GNode *asn)
{
GNode *cert;
gchar *issuer, *serial, *subject;
gconstpointer element;
gpointer data;
gsize n_data, n_element;
/* Parse the certificate out */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
element = egg_asn1x_get_raw_element (asn, &n_element);
g_return_if_fail (element);
if (!egg_asn1x_decode (cert, element, n_element))
barf_and_die ("couldn't parse certificate", egg_asn1x_message (cert));
issuer = egg_dn_read (egg_asn1x_node (asn, "issuer", NULL));
g_return_if_fail (issuer);
subject = egg_dn_read (egg_asn1x_node (asn, "subject", NULL));
g_return_if_fail (subject);
data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data);
g_return_if_fail (data && n_data);
serial = egg_hex_encode (data, n_data);
g_free (data);
g_print ("Complete\n");
g_print (" issuer: %s\n", issuer);
g_print (" subject: %s\n", subject);
g_print (" serial: 0x%s\n", serial);
egg_asn1x_destroy (cert);
g_free (data);
g_free (serial);
g_free (issuer);
g_free (subject);
}
static void
dump_certificate_reference (GNode *asn)
{
gchar *issuer, *serial;
gpointer data;
gsize n_data;
GNode *name;
gconstpointer element;
gsize n_element;
/* Parse the name out */
name = egg_asn1x_create (pkix_asn1_tab, "Name");
g_return_if_fail (name);
element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "issuer", NULL), &n_element);
g_return_if_fail (element);
if (!egg_asn1x_decode (name, element, n_element))
barf_and_die ("couldn't parse certificate", egg_asn1x_message (name));
issuer = egg_dn_read (name);
g_return_if_fail (issuer);
data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data);
g_return_if_fail (data && n_data);
serial = egg_hex_encode (data, n_data);
g_free (data);
g_print ("Reference\n");
g_print (" issuer: %s\n", issuer);
g_print (" serial: 0x%s\n", serial);
egg_asn1x_destroy (name);
g_free (data);
g_free (serial);
g_free (issuer);
}
static void
create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate)
{
GError *err = NULL;
GNode *asn, *cert, *choice, *ref;
GNode *issuer, *serial;
gchar *data;
GBytes *result;
GBytes *value;
GBytes *element;
gsize n_data;
GBytes *bytes;
if (!g_file_get_contents (certificate, &data, &n_data, &err))
barf_and_die ("couldn't read certificate file", egg_error_message (err));
/* Make sure the certificate is */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
bytes = g_bytes_new_take (data, n_data);
if (!egg_asn1x_decode (cert, bytes))
barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
g_bytes_unref (bytes);
/* Dig out the issuer and serial */
issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL);
serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL);
g_return_if_fail (issuer && serial);
/* Create up the trust structure */
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_if_fail (asn);
/* Setup the type of trust assertion */
ref = egg_asn1x_node (asn, "reference", NULL);
choice = egg_asn1x_node (ref, "certReference", NULL);
if (!egg_asn1x_set_choice (ref, choice))
g_return_if_reached ();
/* Copy over the serial and issuer */
element = egg_asn1x_get_element_raw (issuer);
if (!egg_asn1x_set_any_raw (egg_asn1x_node (choice, "issuer", NULL), element))
g_return_if_reached ();
g_bytes_unref (element);
value = egg_asn1x_get_integer_as_raw (serial);
egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value);
g_bytes_unref (value);
result = egg_asn1x_encode (asn, NULL);
if (result == NULL)
barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
g_free (data);
egg_asn1x_destroy (cert);
egg_asn1x_destroy (asn);
if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL),
g_bytes_get_size (result), &err))
barf_and_die ("couldn't write trust file", egg_error_message (err));
g_bytes_unref (result);
}
