static void test_some_asn1_stuff (const ASN1_ARRAY_TYPE *defs, const gchar *file, const gchar *identifier) { GNode *asn; gpointer data, encoded; gsize n_data, n_encoded; if (!g_file_get_contents (file, (gchar**)&data, &n_data, NULL)) g_assert_not_reached (); asn = egg_asn1x_create (defs, identifier); egg_asn1x_dump (asn); if (!egg_asn1x_decode (asn, data, n_data)) g_warning ("decode of %s failed: %s", identifier, egg_asn1x_message (asn)); encoded = egg_asn1x_encode (asn, NULL, &n_encoded); if (encoded == NULL) g_warning ("encode of %s failed: %s", identifier, egg_asn1x_message (asn)); /* Decode the encoding */ if (!egg_asn1x_decode (asn, encoded, n_encoded)) g_warning ("decode of encoded %s failed: %s", identifier, egg_asn1x_message (asn)); egg_asn1x_clear (asn); egg_asn1x_destroy (asn); g_free (encoded); g_free (data); }
static void test_decode_encode (Test *test, gconstpointer data) { const Fixture *fixture = data; GNode *asn; GBytes *encoded; gboolean ret; asn = egg_asn1x_create (fixture->defs, fixture->identifier); if (g_test_verbose ()) egg_asn1x_dump (asn); ret = egg_asn1x_decode (asn, test->data); egg_asn1x_assert (ret == TRUE, asn); encoded = egg_asn1x_encode (asn, NULL); egg_asn1x_assert (encoded != NULL, asn); /* Decode the encoding */ ret = egg_asn1x_decode (asn, encoded); egg_asn1x_assert (ret == TRUE, asn); egg_asn1x_clear (asn); egg_asn1x_destroy (asn); g_bytes_unref (encoded); }
static gboolean gkm_xdg_trust_real_load (GkmSerializable *base, GkmSecret *login, GBytes *data) { GkmXdgTrust *self = GKM_XDG_TRUST (base); GNode *asn = NULL; if (g_bytes_get_size (data) == 0) return FALSE; asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_val_if_fail (asn, FALSE); if (!egg_asn1x_decode (asn, data)) { g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); return FALSE; } /* Next parse out all the pairs */ if (!load_assertions (self, asn)) { egg_asn1x_destroy (asn); return FALSE; } /* Take ownership of this new data */ if (self->pv->bytes) g_bytes_unref (self->pv->bytes); self->pv->bytes = g_bytes_ref (data); egg_asn1x_destroy (self->pv->asn); self->pv->asn = asn; return TRUE; }
static gboolean validate_der (CK_ATTRIBUTE_PTR attr, const gchar *asn_type) { GNode *asn; gboolean valid = TRUE; GBytes *data; if (!attr->pValue || attr->ulValueLen == (CK_ULONG)-1) return FALSE; asn = egg_asn1x_create (pkix_asn1_tab, asn_type); g_return_val_if_fail (asn, FALSE); data = g_bytes_new_static (attr->pValue, attr->ulValueLen); valid = egg_asn1x_decode (asn, data); g_bytes_unref (data); if (!valid) g_message ("failed to parse certificate passed to trust assertion: %s", egg_asn1x_message (asn)); /* Yes, this is an expensive check, but worthwhile */ egg_asn1x_destroy (asn); return valid; }
int main(int argc, char* argv[]) { GError *err = NULL; gchar *contents; gsize n_contents; GNode *asn, *node; gint i, count; if (argc != 2) { g_printerr ("usage: dump-trust-file file\n"); return 2; } if (!g_file_get_contents (argv[1], &contents, &n_contents, &err)) barf_and_die ("couldn't load file", egg_error_message (err)); asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_val_if_fail (asn, 1); if (!egg_asn1x_decode (asn, contents, n_contents)) barf_and_die ("couldn't parse file", egg_asn1x_message (asn)); /* Print out the certificate we refer to first */ node = egg_asn1x_node (asn, "reference", "certReference", NULL); if (egg_asn1x_have (node)) { dump_certificate_reference (node); } else { node = egg_asn1x_node (asn, "reference", "certComplete", NULL); if (egg_asn1x_have (node)) dump_certificate_complete (node); else barf_and_die ("unsupported certificate reference", NULL); } /* Then the assertions */ count = egg_asn1x_count (egg_asn1x_node (asn, "assertions", NULL)); for (i = 0; i < count; ++i) { node = egg_asn1x_node (asn, "assertions", i + 1, NULL); dump_assertion (node); } egg_asn1x_destroy (asn); g_free (contents); return 0; }
static gboolean prepare_subject_public_key_and_mechanisms (GcrCertificateRequest *self, GNode *subject_public_key, GQuark *algorithm, const gulong **mechanisms, gsize *n_mechanisms, GError **error) { GBytes *encoded; GNode *node; GQuark oid; g_assert (algorithm != NULL); g_assert (mechanisms != NULL); g_assert (n_mechanisms != NULL); encoded = egg_asn1x_encode (subject_public_key, NULL); g_return_val_if_fail (encoded != NULL, FALSE); node = egg_asn1x_node (subject_public_key, "algorithm", "algorithm", NULL); oid = egg_asn1x_get_oid_as_quark (node); if (oid == GCR_OID_PKIX1_RSA) { *mechanisms = RSA_MECHANISMS; *n_mechanisms = G_N_ELEMENTS (RSA_MECHANISMS); *algorithm = GCR_OID_PKIX1_SHA1_WITH_RSA; } else if (oid == GCR_OID_PKIX1_DSA) { *mechanisms = DSA_MECHANISMS; *n_mechanisms = G_N_ELEMENTS (DSA_MECHANISMS); *algorithm = GCR_OID_PKIX1_SHA1_WITH_DSA; } else { g_bytes_unref (encoded); g_set_error (error, GCR_DATA_ERROR, GCR_ERROR_UNRECOGNIZED, _("Unsupported key type for certificate request")); return FALSE; } node = egg_asn1x_node (self->asn, "certificationRequestInfo", "subjectPKInfo", NULL); if (!egg_asn1x_decode (node, encoded)) g_return_val_if_reached (FALSE); g_bytes_unref (encoded); return TRUE; }
static void test_pkcs12_decode (Test *test, gconstpointer unused) { GNode *asn; gboolean ret; asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PFX"); if (g_test_verbose ()) egg_asn1x_dump (asn); ret = egg_asn1x_decode (asn, test->data); egg_asn1x_assert (ret == TRUE, asn); egg_asn1x_destroy (asn); }
static void test_personal_name_invalid (Test *test, gconstpointer unused) { GNode *asn; gboolean ret; asn = egg_asn1x_create (pkix_asn1_tab, "PersonalName"); if (g_test_verbose ()) egg_asn1x_dump (asn); ret = egg_asn1x_decode (asn, test->data); g_assert (ret == FALSE); g_assert (strstr (egg_asn1x_message (asn), "content size is out of bounds") != NULL); egg_asn1x_destroy (asn); }
static void create_trust_file_for_certificate (const gchar *filename, const gchar *certificate) { GError *err = NULL; GNode *asn, *cert, *choice, *ref; GBytes *bytes, *result; gchar *data; gsize n_data; if (!g_file_get_contents (certificate, &data, &n_data, &err)) barf_and_die ("couldn't read certificate file", egg_error_message (err)); /* Make sure the certificate is */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (cert, bytes)) barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert)); asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); ref = egg_asn1x_node (asn, "reference", NULL); choice = egg_asn1x_node (ref, "certComplete", NULL); if (!egg_asn1x_set_choice (ref, choice) || !egg_asn1x_set_any_raw (choice, bytes)) g_return_if_reached (); g_bytes_unref (bytes); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); egg_asn1x_destroy (cert); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
static void add_trust_purpose_to_file (const gchar *filename, const gchar *purpose) { GError *err = NULL; gchar *data; GBytes *result; gsize n_data; GNode *asn, *assertion; GBytes *bytes; if (!g_file_get_contents (filename, &data, &n_data, &err)) barf_and_die ("couldn't read trust file", egg_error_message (err)); /* Create up the trust structure */ asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); /* And parse it */ bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (asn, bytes)) barf_and_die ("couldn't parse trust file", egg_asn1x_message (asn)); g_bytes_unref (bytes); assertion = egg_asn1x_append (egg_asn1x_node (asn, "assertions", NULL)); g_return_if_fail (assertion); if (!egg_asn1x_set_string_as_utf8 (egg_asn1x_node (assertion, "purpose", NULL), g_strdup (purpose), g_free)) g_return_if_reached (); egg_asn1x_set_enumerated (egg_asn1x_node (assertion, "level", NULL), g_quark_from_string ("trusted")); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode trust file", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
static gboolean gkm_xdg_trust_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data) { GkmXdgTrust *self = GKM_XDG_TRUST (base); GNode *asn = NULL; gpointer copy; g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE); g_return_val_if_fail (data, FALSE); if (n_data == 0) return FALSE; copy = g_memdup (data, n_data); asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_val_if_fail (asn, FALSE); if (!egg_asn1x_decode (asn, copy, n_data)) { g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); g_free (copy); return FALSE; } /* Next parse out all the pairs */ if (!load_assertions (self, asn)) { egg_asn1x_destroy (asn); g_free (copy); return FALSE; } /* Take ownership of this new data */ g_free (self->pv->data); self->pv->data = copy; self->pv->n_data = n_data; egg_asn1x_destroy (self->pv->asn); self->pv->asn = asn; return TRUE; }
static void dump_certificate_complete (GNode *asn) { GNode *cert; gchar *issuer, *serial, *subject; gconstpointer element; gpointer data; gsize n_data, n_element; /* Parse the certificate out */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); element = egg_asn1x_get_raw_element (asn, &n_element); g_return_if_fail (element); if (!egg_asn1x_decode (cert, element, n_element)) barf_and_die ("couldn't parse certificate", egg_asn1x_message (cert)); issuer = egg_dn_read (egg_asn1x_node (asn, "issuer", NULL)); g_return_if_fail (issuer); subject = egg_dn_read (egg_asn1x_node (asn, "subject", NULL)); g_return_if_fail (subject); data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data); g_return_if_fail (data && n_data); serial = egg_hex_encode (data, n_data); g_free (data); g_print ("Complete\n"); g_print (" issuer: %s\n", issuer); g_print (" subject: %s\n", subject); g_print (" serial: 0x%s\n", serial); egg_asn1x_destroy (cert); g_free (data); g_free (serial); g_free (issuer); g_free (subject); }
static void dump_certificate_reference (GNode *asn) { gchar *issuer, *serial; gpointer data; gsize n_data; GNode *name; gconstpointer element; gsize n_element; /* Parse the name out */ name = egg_asn1x_create (pkix_asn1_tab, "Name"); g_return_if_fail (name); element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "issuer", NULL), &n_element); g_return_if_fail (element); if (!egg_asn1x_decode (name, element, n_element)) barf_and_die ("couldn't parse certificate", egg_asn1x_message (name)); issuer = egg_dn_read (name); g_return_if_fail (issuer); data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data); g_return_if_fail (data && n_data); serial = egg_hex_encode (data, n_data); g_free (data); g_print ("Reference\n"); g_print (" issuer: %s\n", issuer); g_print (" serial: 0x%s\n", serial); egg_asn1x_destroy (name); g_free (data); g_free (serial); g_free (issuer); }
static void create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate) { GError *err = NULL; GNode *asn, *cert, *choice, *ref; GNode *issuer, *serial; gchar *data; GBytes *result; GBytes *value; GBytes *element; gsize n_data; GBytes *bytes; if (!g_file_get_contents (certificate, &data, &n_data, &err)) barf_and_die ("couldn't read certificate file", egg_error_message (err)); /* Make sure the certificate is */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (cert, bytes)) barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert)); g_bytes_unref (bytes); /* Dig out the issuer and serial */ issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL); serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL); g_return_if_fail (issuer && serial); /* Create up the trust structure */ asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); /* Setup the type of trust assertion */ ref = egg_asn1x_node (asn, "reference", NULL); choice = egg_asn1x_node (ref, "certReference", NULL); if (!egg_asn1x_set_choice (ref, choice)) g_return_if_reached (); /* Copy over the serial and issuer */ element = egg_asn1x_get_element_raw (issuer); if (!egg_asn1x_set_any_raw (egg_asn1x_node (choice, "issuer", NULL), element)) g_return_if_reached (); g_bytes_unref (element); value = egg_asn1x_get_integer_as_raw (serial); egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value); g_bytes_unref (value); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn)); g_free (data); egg_asn1x_destroy (cert); egg_asn1x_destroy (asn); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }