static void
dump_assertion (GNode *asn)
{
gchar *purpose, *peer;
GQuark level;
purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL);
g_return_if_fail (purpose);
level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL));
g_return_if_fail (level);
if (egg_asn1x_have (egg_asn1x_node (asn, "peer", NULL)))
peer = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "peer", NULL), NULL);
else
peer = NULL;
g_print ("Assertion\n");
g_print (" purpose: %s\n", purpose);
g_print (" level: %s\n", g_quark_to_string (level));
if (peer)
g_print (" peer: %s\n", peer);
g_free (purpose);
g_free (peer);
}
static CK_RV
trust_get_complete (GkmXdgTrust *self, CK_ATTRIBUTE_PTR attr)
{
GNode *cert;
GBytes *element;
CK_RV rv;
cert = egg_asn1x_node (self->pv->asn, "reference", "certComplete", NULL);
g_return_val_if_fail (cert, CKR_GENERAL_ERROR);
/* If it's not stored, then this attribute is not present */
if (!egg_asn1x_have (cert)) {
gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants certComplete which is not part of assertion",
gkm_log_attr_type (attr->type));
return CKR_ATTRIBUTE_TYPE_INVALID;
}
element = egg_asn1x_get_element_raw (cert);
g_return_val_if_fail (element != NULL, CKR_GENERAL_ERROR);
rv = gkm_attribute_set_bytes (attr, element);
g_bytes_unref (element);
return rv;
}
static CK_RV
trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
GNode *node;
GBytes *integer;
CK_RV rv;
g_assert (GKM_XDG_IS_TRUST (self));
node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
/* If the assertion doesn't contain this info ... */
if (!egg_asn1x_have (node)) {
gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants %s which is not part of assertion",
gkm_log_attr_type (attr->type), part);
return CKR_ATTRIBUTE_TYPE_INVALID;
}
integer = egg_asn1x_get_integer_as_raw (node);
g_return_val_if_fail (integer, CKR_GENERAL_ERROR);
rv = gkm_attribute_set_bytes (attr, integer);
g_bytes_unref (integer);
return rv;
}
static CK_RV
trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
GNode *node;
gpointer integer;
gsize n_integer;
CK_RV rv;
g_assert (GKM_XDG_IS_TRUST (self));
node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
/* If the assertion doesn't contain this info ... */
if (!egg_asn1x_have (node))
return CKR_ATTRIBUTE_TYPE_INVALID;
integer = egg_asn1x_get_integer_as_raw (node, NULL, &n_integer);
g_return_val_if_fail (integer, CKR_GENERAL_ERROR);
rv = gkm_attribute_set_data (attr, integer, n_integer);
g_free (integer);
return rv;
}
int
main(int argc, char* argv[])
{
GError *err = NULL;
gchar *contents;
gsize n_contents;
GNode *asn, *node;
gint i, count;
if (argc != 2) {
g_printerr ("usage: dump-trust-file file\n");
return 2;
}
if (!g_file_get_contents (argv[1], &contents, &n_contents, &err))
barf_and_die ("couldn't load file", egg_error_message (err));
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, 1);
if (!egg_asn1x_decode (asn, contents, n_contents))
barf_and_die ("couldn't parse file", egg_asn1x_message (asn));
/* Print out the certificate we refer to first */
node = egg_asn1x_node (asn, "reference", "certReference", NULL);
if (egg_asn1x_have (node)) {
dump_certificate_reference (node);
} else {
node = egg_asn1x_node (asn, "reference", "certComplete", NULL);
if (egg_asn1x_have (node))
dump_certificate_complete (node);
else
barf_and_die ("unsupported certificate reference", NULL);
}
/* Then the assertions */
count = egg_asn1x_count (egg_asn1x_node (asn, "assertions", NULL));
for (i = 0; i < count; ++i) {
node = egg_asn1x_node (asn, "assertions", i + 1, NULL);
dump_assertion (node);
}
egg_asn1x_destroy (asn);
g_free (contents);
return 0;
}
GkmDataResult
gkm_data_der_read_basic_constraints (GBytes *data,
gboolean *is_ca,
gint *path_len)
{
GkmDataResult ret = GKM_DATA_UNRECOGNIZED;
GNode *asn = NULL;
GNode *node;
gulong value;
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "BasicConstraints", data);
if (!asn)
goto done;
ret = GKM_DATA_FAILURE;
if (path_len) {
node = egg_asn1x_node (asn, "pathLenConstraint", NULL);
if (!egg_asn1x_have (node))
*path_len = -1;
else if (!egg_asn1x_get_integer_as_ulong (node, &value))
goto done;
else
*path_len = value;
}
if (is_ca) {
node = egg_asn1x_node (asn, "cA", NULL);
if (!egg_asn1x_have (node))
*is_ca = FALSE;
else if (!egg_asn1x_get_boolean (node, is_ca))
goto done;
}
ret = GKM_DATA_SUCCESS;
done:
egg_asn1x_destroy (asn);
if (ret == GKM_DATA_FAILURE)
g_message ("invalid basic constraints");
return ret;
}
static GkmAssertion*
create_assertion (GkmXdgTrust *self, GNode *asn)
{
CK_X_ASSERTION_TYPE type = 0;
GkmAssertion *assertion;
GQuark level;
gchar *purpose;
gchar *peer;
GNode *node;
/* Get the trust level */
level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL));
g_return_val_if_fail (level != 0, NULL);
if (!level_enum_to_assertion_type (level, &type))
g_message ("unsupported trust level %s in trust object", g_quark_to_string (level));
else if (type == 0)
return NULL;
/* A purpose */
purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL);
g_return_val_if_fail (purpose, NULL);
/* A peer name */
node = egg_asn1x_node (asn, "peer", NULL);
if (egg_asn1x_have (node))
peer = egg_asn1x_get_string_as_utf8 (node, NULL);
else
peer = NULL;
assertion = g_object_new (GKM_XDG_TYPE_ASSERTION,
"module", gkm_object_get_module (GKM_OBJECT (self)),
"manager", gkm_object_get_manager (GKM_OBJECT (self)),
"trust", self,
"type", type,
"purpose", purpose,
"peer", peer,
NULL);
g_free (purpose);
g_free (peer);
return assertion;
}
static CK_RV
trust_get_complete (GkmXdgTrust *self, CK_ATTRIBUTE_PTR attr)
{
GNode *cert;
gconstpointer element;
gsize n_element;
cert = egg_asn1x_node (self->pv->asn, "reference", "certComplete", NULL);
g_return_val_if_fail (cert, CKR_GENERAL_ERROR);
/* If it's not stored, then this attribute is not present */
if (!egg_asn1x_have (cert))
return CKR_ATTRIBUTE_TYPE_INVALID;
element = egg_asn1x_get_raw_element (cert, &n_element);
g_return_val_if_fail (element, CKR_GENERAL_ERROR);
return gkm_attribute_set_data (attr, element, n_element);
}
static CK_RV
trust_get_der (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
GNode *node;
gconstpointer element;
gsize n_element;
g_assert (GKM_XDG_IS_TRUST (self));
node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
/* If the assertion doesn't contain this info ... */
if (!egg_asn1x_have (node))
return CKR_ATTRIBUTE_TYPE_INVALID;
element = egg_asn1x_get_raw_element (node, &n_element);
return gkm_attribute_set_data (attr, element, n_element);
}