static bool remove_all (p11_kit_iter *iter, bool *changed) { const char *desc; CK_RV rv; while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { desc = description_for_object_at_iter (iter); p11_debug ("removing %s: %lu", desc, p11_kit_iter_get_object (iter)); rv = p11_kit_iter_destroy_object (iter); switch (rv) { case CKR_OK: *changed = true; /* fall through */ case CKR_OBJECT_HANDLE_INVALID: continue; case CKR_TOKEN_WRITE_PROTECTED: case CKR_SESSION_READ_ONLY: case CKR_ATTRIBUTE_READ_ONLY: p11_message ("couldn't remove read-only %s", desc); continue; default: p11_message ("couldn't remove %s: %s", desc, p11_kit_strerror (rv)); break; } } return (rv == CKR_CANCEL); }
static CK_OBJECT_HANDLE find_anchor (CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, CK_ATTRIBUTE *attrs) { CK_OBJECT_HANDLE object = 0UL; CK_ATTRIBUTE *attr; p11_kit_iter *iter; attr = p11_attrs_find_valid (attrs, CKA_CLASS); return_val_if_fail (attr != NULL, 0); iter = p11_kit_iter_new (NULL, 0); return_val_if_fail (iter != NULL, 0); if (iter_match_anchor (iter, attrs)) { p11_kit_iter_begin_with (iter, module, 0, session); if (p11_kit_iter_next (iter) == CKR_OK) object = p11_kit_iter_get_object (iter); } p11_kit_iter_free (iter); return object; }
bool p11_extract_x509_file (p11_enumerate *ex, const char *destination) { bool found = false; p11_save_file *file; CK_RV rv; while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { if (found) { p11_message ("multiple certificates found but could only write one to file"); break; } file = p11_save_open_file (destination, NULL, ex->flags); if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) return false; /* Wrote something */ found = true; } if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); return false; /* Remember that an empty DER file is not a valid file, so complain if nothing */ } else if (!found) { p11_message ("no certificate found"); return false; } return true; }
bool p11_extract_openssl_bundle (p11_enumerate *ex, const char *destination) { p11_save_file *file; p11_buffer output; p11_buffer buf; char *comment; bool ret = true; bool first; CK_RV rv; file = p11_save_open_file (destination, NULL, ex->flags); if (!file) return false; first = true; p11_buffer_init (&output, 0); while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { p11_buffer_init (&buf, 1024); if (!p11_buffer_reset (&output, 2048)) return_val_if_reached (false); if (prepare_pem_contents (ex, &buf)) { if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) return_val_if_reached (false); comment = p11_enumerate_comment (ex, first); first = false; ret = p11_save_write (file, comment, -1) && p11_save_write (file, output.data, output.len); free (comment); } p11_buffer_uninit (&buf); if (!ret) break; } p11_buffer_uninit (&output); if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); ret = false; } /* * This will produce an empty file (which is a valid PEM bundle) if no * certificates were found. */ if (!p11_save_finish_file (file, NULL, ret)) ret = false; return ret; }
bool p11_extract_x509_directory (p11_enumerate *ex, const char *destination) { p11_save_file *file; p11_save_dir *dir; char *filename; CK_RV rv; bool ret; dir = p11_save_open_directory (destination, ex->flags); if (dir == NULL) return false; while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { filename = p11_enumerate_filename (ex); return_val_if_fail (filename != NULL, -1); file = p11_save_open_file_in (dir, filename, ".cer"); free (filename); if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) { p11_save_finish_directory (dir, false); return false; } } if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); ret = false; } else { ret = true; } p11_save_finish_directory (dir, ret); return ret; }
bool p11_extract_openssl_directory (p11_enumerate *ex, const char *destination) { char *filename; p11_save_file *file; p11_save_dir *dir; p11_buffer output; p11_buffer buf; bool ret = true; char *path; char *name; CK_RV rv; dir = p11_save_open_directory (destination, ex->flags); if (dir == NULL) return false; p11_buffer_init (&buf, 0); p11_buffer_init (&output, 0); while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { if (!p11_buffer_reset (&buf, 1024)) return_val_if_reached (false); if (!p11_buffer_reset (&output, 2048)) return_val_if_reached (false); if (prepare_pem_contents (ex, &buf)) { if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) return_val_if_reached (false); name = p11_enumerate_filename (ex); return_val_if_fail (name != NULL, false); filename = NULL; path = NULL; ret = false; file = p11_save_open_file_in (dir, name, ".pem"); if (file != NULL) { ret = p11_save_write (file, output.data, output.len); if (!p11_save_finish_file (file, &path, ret)) ret = false; if (ret) filename = p11_path_base (path); } ret = p11_openssl_symlink(ex, dir, filename); free (filename); free (path); free (name); } if (!ret) break; } p11_buffer_uninit (&buf); p11_buffer_uninit (&output); if (rv != CKR_OK && rv != CKR_CANCEL) { p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); ret = false; } p11_save_finish_directory (dir, ret); return ret; }
/** * p11_kit_iter_next: * @iter: the iterator * * Iterate to the next matching object. * * To access the object, session and so on, use the p11_kit_iter_get_object(), * p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions. * * This call must only be called after either p11_kit_iter_begin() * or p11_kit_iter_begin_with() have been called. * * Objects which are skipped by callbacks will not be returned here * as matching objects. * * Returns: CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error */ CK_RV p11_kit_iter_next (P11KitIter *iter) { CK_ULONG batch; CK_ULONG count; CK_BBOOL matches; CK_RV rv; return_val_if_fail (iter->iterating, CKR_OPERATION_NOT_INITIALIZED); iter->object = 0; if (iter->match_nothing) return finish_iterating (iter, CKR_CANCEL); /* * If we have outstanding objects, then iterate one through those * Note that we pass each object through the filters, and only * assume it's iterated if it matches */ while (iter->saw_objects < iter->num_objects) { iter->object = iter->objects[iter->saw_objects++]; rv = call_all_filters (iter, &matches); if (rv != CKR_OK) return finish_iterating (iter, rv); if (matches) return CKR_OK; } /* If we have finished searching then move to next session */ if (iter->searched) { rv = move_next_session (iter); if (rv != CKR_OK) return finish_iterating (iter, rv); } /* Ready to start searching */ if (!iter->searching && !iter->searched) { count = p11_attrs_count (iter->match_attrs); rv = (iter->module->C_FindObjectsInit) (iter->session, iter->match_attrs, count); if (rv != CKR_OK) return finish_iterating (iter, rv); iter->searching = 1; iter->searched = 0; } /* If we have searched on this session then try to continue */ if (iter->searching) { assert (iter->module != NULL); assert (iter->session != 0); iter->num_objects = 0; iter->saw_objects = 0; for (;;) { if (iter->max_objects - iter->num_objects == 0) { iter->max_objects = iter->max_objects ? iter->max_objects * 2 : 64; iter->objects = realloc (iter->objects, iter->max_objects * sizeof (CK_ULONG)); return_val_if_fail (iter->objects != NULL, CKR_HOST_MEMORY); } batch = iter->max_objects - iter->num_objects; rv = (iter->module->C_FindObjects) (iter->session, iter->objects + iter->num_objects, batch, &count); if (rv != CKR_OK) return finish_iterating (iter, rv); iter->num_objects += count; /* * Done searching on this session, although there are still * objects outstanding, which will be returned on next * iterations. */ if (batch != count) { iter->searching = 0; iter->searched = 1; (iter->module->C_FindObjectsFinal) (iter->session); break; } if (!iter->preload_results) break; } } /* Try again */ return p11_kit_iter_next (iter); }