Esempio n. 1
0
static void
dump_assertion (GNode *asn)
{
	gchar *purpose, *peer;
	GQuark level;

	purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL);
	g_return_if_fail (purpose);

	level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL));
	g_return_if_fail (level);

	if (egg_asn1x_have (egg_asn1x_node (asn, "peer", NULL)))
		peer = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "peer", NULL), NULL);
	else
		peer = NULL;

	g_print ("Assertion\n");
	g_print ("    purpose: %s\n", purpose);
	g_print ("    level: %s\n", g_quark_to_string (level));
	if (peer)
		g_print ("    peer: %s\n", peer);

	g_free (purpose);
	g_free (peer);
}
Esempio n. 2
0
static CK_RV
trust_get_complete (GkmXdgTrust *self, CK_ATTRIBUTE_PTR attr)
{
	GNode *cert;
	GBytes *element;
	CK_RV rv;

	cert = egg_asn1x_node (self->pv->asn, "reference", "certComplete", NULL);
	g_return_val_if_fail (cert, CKR_GENERAL_ERROR);

	/* If it's not stored, then this attribute is not present */
	if (!egg_asn1x_have (cert)) {
		gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants certComplete which is not part of assertion",
		           gkm_log_attr_type (attr->type));
		return CKR_ATTRIBUTE_TYPE_INVALID;
	}

	element = egg_asn1x_get_element_raw (cert);
	g_return_val_if_fail (element != NULL, CKR_GENERAL_ERROR);

	rv = gkm_attribute_set_bytes (attr, element);
	g_bytes_unref (element);

	return rv;
}
Esempio n. 3
0
static CK_RV
trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
	GNode *node;
	GBytes *integer;
	CK_RV rv;

	g_assert (GKM_XDG_IS_TRUST (self));

	node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
	g_return_val_if_fail (node, CKR_GENERAL_ERROR);

	/* If the assertion doesn't contain this info ... */
	if (!egg_asn1x_have (node)) {
		gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants %s which is not part of assertion",
		           gkm_log_attr_type (attr->type), part);
		return CKR_ATTRIBUTE_TYPE_INVALID;
	}

	integer = egg_asn1x_get_integer_as_raw (node);
	g_return_val_if_fail (integer, CKR_GENERAL_ERROR);

	rv = gkm_attribute_set_bytes (attr, integer);
	g_bytes_unref (integer);

	return rv;
}
Esempio n. 4
0
static CK_RV
trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
	GNode *node;
	gpointer integer;
	gsize n_integer;
	CK_RV rv;

	g_assert (GKM_XDG_IS_TRUST (self));

	node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
	g_return_val_if_fail (node, CKR_GENERAL_ERROR);

	/* If the assertion doesn't contain this info ... */
	if (!egg_asn1x_have (node))
		return CKR_ATTRIBUTE_TYPE_INVALID;

	integer = egg_asn1x_get_integer_as_raw (node, NULL, &n_integer);
	g_return_val_if_fail (integer, CKR_GENERAL_ERROR);

	rv = gkm_attribute_set_data (attr, integer, n_integer);
	g_free (integer);

	return rv;
}
Esempio n. 5
0
int
main(int argc, char* argv[])
{
	GError *err = NULL;
	gchar *contents;
	gsize n_contents;
	GNode *asn, *node;
	gint i, count;

	if (argc != 2) {
		g_printerr ("usage: dump-trust-file file\n");
		return 2;
	}

	if (!g_file_get_contents (argv[1], &contents, &n_contents, &err))
		barf_and_die ("couldn't load file", egg_error_message (err));

	asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
	g_return_val_if_fail (asn, 1);

	if (!egg_asn1x_decode (asn, contents, n_contents))
		barf_and_die ("couldn't parse file", egg_asn1x_message (asn));

	/* Print out the certificate we refer to first */
	node = egg_asn1x_node (asn, "reference", "certReference", NULL);
	if (egg_asn1x_have (node)) {
		dump_certificate_reference (node);
	} else {
		node = egg_asn1x_node (asn, "reference", "certComplete", NULL);
		if (egg_asn1x_have (node))
			dump_certificate_complete (node);
		else
			barf_and_die ("unsupported certificate reference", NULL);
	}

	/* Then the assertions */
	count = egg_asn1x_count (egg_asn1x_node (asn, "assertions", NULL));
	for (i = 0; i < count; ++i) {
		node = egg_asn1x_node (asn, "assertions", i + 1, NULL);
		dump_assertion (node);
	}

	egg_asn1x_destroy (asn);
	g_free (contents);

	return 0;
}
Esempio n. 6
0
GkmDataResult
gkm_data_der_read_basic_constraints (GBytes *data,
                                     gboolean *is_ca,
                                     gint *path_len)
{
	GkmDataResult ret = GKM_DATA_UNRECOGNIZED;
	GNode *asn = NULL;
	GNode *node;
	gulong value;

	asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "BasicConstraints", data);
	if (!asn)
		goto done;

	ret = GKM_DATA_FAILURE;

	if (path_len) {
		node = egg_asn1x_node (asn, "pathLenConstraint", NULL);
		if (!egg_asn1x_have (node))
			*path_len = -1;
		else if (!egg_asn1x_get_integer_as_ulong (node, &value))
			goto done;
		else
			*path_len = value;
	}

	if (is_ca) {
		node = egg_asn1x_node (asn, "cA", NULL);
		if (!egg_asn1x_have (node))
			*is_ca = FALSE;
		else if (!egg_asn1x_get_boolean (node, is_ca))
			goto done;
	}

	ret = GKM_DATA_SUCCESS;

done:
	egg_asn1x_destroy (asn);
	if (ret == GKM_DATA_FAILURE)
		g_message ("invalid basic constraints");

	return ret;
}
Esempio n. 7
0
static GkmAssertion*
create_assertion (GkmXdgTrust *self, GNode *asn)
{
	CK_X_ASSERTION_TYPE type = 0;
	GkmAssertion *assertion;
	GQuark level;
	gchar *purpose;
	gchar *peer;
	GNode *node;

	/* Get the trust level */
	level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL));
	g_return_val_if_fail (level != 0, NULL);
	if (!level_enum_to_assertion_type (level, &type))
		g_message ("unsupported trust level %s in trust object", g_quark_to_string (level));
	else if (type == 0)
		return NULL;

	/* A purpose */
	purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL);
	g_return_val_if_fail (purpose, NULL);

	/* A peer name */
	node = egg_asn1x_node (asn, "peer", NULL);
	if (egg_asn1x_have (node))
		peer = egg_asn1x_get_string_as_utf8 (node, NULL);
	else
		peer = NULL;

	assertion = g_object_new (GKM_XDG_TYPE_ASSERTION,
	                          "module", gkm_object_get_module (GKM_OBJECT (self)),
	                          "manager", gkm_object_get_manager (GKM_OBJECT (self)),
	                          "trust", self,
	                          "type", type,
	                          "purpose", purpose,
	                          "peer", peer,
	                          NULL);

	g_free (purpose);
	g_free (peer);

	return assertion;
}
Esempio n. 8
0
static CK_RV
trust_get_complete (GkmXdgTrust *self, CK_ATTRIBUTE_PTR attr)
{
	GNode *cert;
	gconstpointer element;
	gsize n_element;

	cert = egg_asn1x_node (self->pv->asn, "reference", "certComplete", NULL);
	g_return_val_if_fail (cert, CKR_GENERAL_ERROR);

	/* If it's not stored, then this attribute is not present */
	if (!egg_asn1x_have (cert))
		return CKR_ATTRIBUTE_TYPE_INVALID;

	element = egg_asn1x_get_raw_element (cert, &n_element);
	g_return_val_if_fail (element, CKR_GENERAL_ERROR);

	return gkm_attribute_set_data (attr, element, n_element);
}
Esempio n. 9
0
static CK_RV
trust_get_der (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
	GNode *node;
	gconstpointer element;
	gsize n_element;

	g_assert (GKM_XDG_IS_TRUST (self));

	node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
	g_return_val_if_fail (node, CKR_GENERAL_ERROR);

	/* If the assertion doesn't contain this info ... */
	if (!egg_asn1x_have (node))
		return CKR_ATTRIBUTE_TYPE_INVALID;

	element = egg_asn1x_get_raw_element (node, &n_element);
	return gkm_attribute_set_data (attr, element, n_element);
}