static void dump_assertion (GNode *asn) { gchar *purpose, *peer; GQuark level; purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL); g_return_if_fail (purpose); level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL)); g_return_if_fail (level); if (egg_asn1x_have (egg_asn1x_node (asn, "peer", NULL))) peer = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "peer", NULL), NULL); else peer = NULL; g_print ("Assertion\n"); g_print (" purpose: %s\n", purpose); g_print (" level: %s\n", g_quark_to_string (level)); if (peer) g_print (" peer: %s\n", peer); g_free (purpose); g_free (peer); }
static CK_RV trust_get_complete (GkmXdgTrust *self, CK_ATTRIBUTE_PTR attr) { GNode *cert; GBytes *element; CK_RV rv; cert = egg_asn1x_node (self->pv->asn, "reference", "certComplete", NULL); g_return_val_if_fail (cert, CKR_GENERAL_ERROR); /* If it's not stored, then this attribute is not present */ if (!egg_asn1x_have (cert)) { gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants certComplete which is not part of assertion", gkm_log_attr_type (attr->type)); return CKR_ATTRIBUTE_TYPE_INVALID; } element = egg_asn1x_get_element_raw (cert); g_return_val_if_fail (element != NULL, CKR_GENERAL_ERROR); rv = gkm_attribute_set_bytes (attr, element); g_bytes_unref (element); return rv; }
static CK_RV trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr) { GNode *node; GBytes *integer; CK_RV rv; g_assert (GKM_XDG_IS_TRUST (self)); node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL); g_return_val_if_fail (node, CKR_GENERAL_ERROR); /* If the assertion doesn't contain this info ... */ if (!egg_asn1x_have (node)) { gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants %s which is not part of assertion", gkm_log_attr_type (attr->type), part); return CKR_ATTRIBUTE_TYPE_INVALID; } integer = egg_asn1x_get_integer_as_raw (node); g_return_val_if_fail (integer, CKR_GENERAL_ERROR); rv = gkm_attribute_set_bytes (attr, integer); g_bytes_unref (integer); return rv; }
static CK_RV trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr) { GNode *node; gpointer integer; gsize n_integer; CK_RV rv; g_assert (GKM_XDG_IS_TRUST (self)); node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL); g_return_val_if_fail (node, CKR_GENERAL_ERROR); /* If the assertion doesn't contain this info ... */ if (!egg_asn1x_have (node)) return CKR_ATTRIBUTE_TYPE_INVALID; integer = egg_asn1x_get_integer_as_raw (node, NULL, &n_integer); g_return_val_if_fail (integer, CKR_GENERAL_ERROR); rv = gkm_attribute_set_data (attr, integer, n_integer); g_free (integer); return rv; }
int main(int argc, char* argv[]) { GError *err = NULL; gchar *contents; gsize n_contents; GNode *asn, *node; gint i, count; if (argc != 2) { g_printerr ("usage: dump-trust-file file\n"); return 2; } if (!g_file_get_contents (argv[1], &contents, &n_contents, &err)) barf_and_die ("couldn't load file", egg_error_message (err)); asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_val_if_fail (asn, 1); if (!egg_asn1x_decode (asn, contents, n_contents)) barf_and_die ("couldn't parse file", egg_asn1x_message (asn)); /* Print out the certificate we refer to first */ node = egg_asn1x_node (asn, "reference", "certReference", NULL); if (egg_asn1x_have (node)) { dump_certificate_reference (node); } else { node = egg_asn1x_node (asn, "reference", "certComplete", NULL); if (egg_asn1x_have (node)) dump_certificate_complete (node); else barf_and_die ("unsupported certificate reference", NULL); } /* Then the assertions */ count = egg_asn1x_count (egg_asn1x_node (asn, "assertions", NULL)); for (i = 0; i < count; ++i) { node = egg_asn1x_node (asn, "assertions", i + 1, NULL); dump_assertion (node); } egg_asn1x_destroy (asn); g_free (contents); return 0; }
GkmDataResult gkm_data_der_read_basic_constraints (GBytes *data, gboolean *is_ca, gint *path_len) { GkmDataResult ret = GKM_DATA_UNRECOGNIZED; GNode *asn = NULL; GNode *node; gulong value; asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "BasicConstraints", data); if (!asn) goto done; ret = GKM_DATA_FAILURE; if (path_len) { node = egg_asn1x_node (asn, "pathLenConstraint", NULL); if (!egg_asn1x_have (node)) *path_len = -1; else if (!egg_asn1x_get_integer_as_ulong (node, &value)) goto done; else *path_len = value; } if (is_ca) { node = egg_asn1x_node (asn, "cA", NULL); if (!egg_asn1x_have (node)) *is_ca = FALSE; else if (!egg_asn1x_get_boolean (node, is_ca)) goto done; } ret = GKM_DATA_SUCCESS; done: egg_asn1x_destroy (asn); if (ret == GKM_DATA_FAILURE) g_message ("invalid basic constraints"); return ret; }
static GkmAssertion* create_assertion (GkmXdgTrust *self, GNode *asn) { CK_X_ASSERTION_TYPE type = 0; GkmAssertion *assertion; GQuark level; gchar *purpose; gchar *peer; GNode *node; /* Get the trust level */ level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL)); g_return_val_if_fail (level != 0, NULL); if (!level_enum_to_assertion_type (level, &type)) g_message ("unsupported trust level %s in trust object", g_quark_to_string (level)); else if (type == 0) return NULL; /* A purpose */ purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL); g_return_val_if_fail (purpose, NULL); /* A peer name */ node = egg_asn1x_node (asn, "peer", NULL); if (egg_asn1x_have (node)) peer = egg_asn1x_get_string_as_utf8 (node, NULL); else peer = NULL; assertion = g_object_new (GKM_XDG_TYPE_ASSERTION, "module", gkm_object_get_module (GKM_OBJECT (self)), "manager", gkm_object_get_manager (GKM_OBJECT (self)), "trust", self, "type", type, "purpose", purpose, "peer", peer, NULL); g_free (purpose); g_free (peer); return assertion; }
static CK_RV trust_get_complete (GkmXdgTrust *self, CK_ATTRIBUTE_PTR attr) { GNode *cert; gconstpointer element; gsize n_element; cert = egg_asn1x_node (self->pv->asn, "reference", "certComplete", NULL); g_return_val_if_fail (cert, CKR_GENERAL_ERROR); /* If it's not stored, then this attribute is not present */ if (!egg_asn1x_have (cert)) return CKR_ATTRIBUTE_TYPE_INVALID; element = egg_asn1x_get_raw_element (cert, &n_element); g_return_val_if_fail (element, CKR_GENERAL_ERROR); return gkm_attribute_set_data (attr, element, n_element); }
static CK_RV trust_get_der (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr) { GNode *node; gconstpointer element; gsize n_element; g_assert (GKM_XDG_IS_TRUST (self)); node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL); g_return_val_if_fail (node, CKR_GENERAL_ERROR); /* If the assertion doesn't contain this info ... */ if (!egg_asn1x_have (node)) return CKR_ATTRIBUTE_TYPE_INVALID; element = egg_asn1x_get_raw_element (node, &n_element); return gkm_attribute_set_data (attr, element, n_element); }