static GkmObject*
factory_create_private_key (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmGnome2PrivateKey *key;
GkmSexp *sexp;
g_return_val_if_fail (attrs || !n_attrs, NULL);
sexp = gkm_private_xsa_key_create_sexp (session, transaction, attrs, n_attrs);
if (sexp == NULL)
return NULL;
key = g_object_new (GKM_TYPE_GNOME2_PRIVATE_KEY, "base-sexp", sexp,
"module", gkm_session_get_module (session),
"manager", gkm_manager_for_template (attrs, n_attrs, session),
NULL);
g_return_val_if_fail (!key->private_sexp, NULL);
key->private_sexp = gkm_sexp_ref (sexp);
gkm_sexp_unref (sexp);
/* TODO: We don't support setting these yet, so ignore them */
gkm_attributes_consume (attrs, n_attrs,
CKA_SIGN_RECOVER, CKA_UNWRAP, CKA_ID,
G_MAXULONG);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key),
TRUE, attrs, n_attrs);
return GKM_OBJECT (key);
}
static GkmObject*
factory_create_generic_key (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmGenericKey *key;
GkmManager *manager;
CK_ATTRIBUTE_PTR value;
value = gkm_attributes_find (attrs, n_attrs, CKA_VALUE);
if (value == NULL) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
if (gkm_attributes_find (attrs, n_attrs, CKA_VALUE_LEN)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
return NULL;
}
manager = gkm_manager_for_template (attrs, n_attrs, session);
key = g_object_new (GKM_TYPE_GENERIC_KEY,
"module", gkm_session_get_module (session),
"manager", manager,
NULL);
key->value = egg_secure_alloc (value->ulValueLen);
key->n_value = value->ulValueLen;
memcpy (key->value, value->pValue, key->n_value);
gkm_attribute_consume (value);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key),
TRUE, attrs, n_attrs);
return GKM_OBJECT (key);
}
static GkmObject*
factory_create_private_key (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmMate2PrivateKey *key;
GkmSexp *sexp;
g_return_val_if_fail (attrs || !n_attrs, NULL);
sexp = gkm_private_xsa_key_create_sexp (session, transaction, attrs, n_attrs);
if (sexp == NULL)
return NULL;
key = g_object_new (GKM_TYPE_MATE2_PRIVATE_KEY, "base-sexp", sexp,
"module", gkm_session_get_module (session),
"manager", gkm_manager_for_template (attrs, n_attrs, session),
NULL);
g_return_val_if_fail (!key->private_sexp, NULL);
key->private_sexp = gkm_sexp_ref (sexp);
gkm_sexp_unref (sexp);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key),
TRUE, attrs, n_attrs);
return GKM_OBJECT (key);
}
static GkmObject*
factory_create_credential (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
CK_OBJECT_HANDLE handle;
GkmCredential *cred;
CK_ATTRIBUTE *attr;
GkmManager *manager;
GkmModule *module;
GkmObject *object = NULL;
CK_RV rv;
g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL);
g_return_val_if_fail (attrs || !n_attrs, NULL);
/* The handle is optional */
if (gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_OBJECT, &handle)) {
rv = gkm_session_lookup_readable_object (session, handle, &object);
if (rv != CKR_OK) {
gkm_transaction_fail (transaction, rv);
return NULL;
}
} else {
object = NULL;
}
/* The value is optional */
attr = gkm_attributes_find (attrs, n_attrs, CKA_VALUE);
gkm_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_G_OBJECT, G_MAXULONG);
module = gkm_session_get_module (session);
manager = gkm_manager_for_template (attrs, n_attrs, session);
rv = gkm_credential_create (module, manager, object,
attr ? attr->pValue : NULL,
attr ? attr->ulValueLen : 0, &cred);
if (rv == CKR_OK) {
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (cred),
TRUE, attrs, n_attrs);
return GKM_OBJECT (cred);
} else {
gkm_transaction_fail (transaction, rv);
return NULL;
}
}
static GkmObject*
factory_create_null_key (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmNullKey *key;
GkmManager *manager;
manager = gkm_manager_for_template (attrs, n_attrs, session);
key = g_object_new (GKM_TYPE_NULL_KEY,
"module", gkm_session_get_module (session),
"manager", manager,
NULL);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key),
TRUE, attrs, n_attrs);
return GKM_OBJECT (key);
}
static GkmObject*
factory_create_public_key (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmObject *object = NULL;
GkmSexp *sexp;
g_return_val_if_fail (attrs || !n_attrs, NULL);
sexp = gkm_public_xsa_key_create_sexp (session, transaction, attrs, n_attrs);
if (sexp != NULL) {
object = g_object_new (GKM_TYPE_MATE2_PUBLIC_KEY, "base-sexp", sexp,
"module", gkm_session_get_module (session),
"manager", gkm_manager_for_template (attrs, n_attrs, session),
NULL);
gkm_sexp_unref (sexp);
gkm_session_complete_object_creation (session, transaction, object,
TRUE, attrs, n_attrs);
}
return object;
}
static GkmObject*
factory_create_certificate (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
CK_ATTRIBUTE_PTR attr;
GkmCertificate *cert;
g_return_val_if_fail (GKM_IS_TRANSACTION (transaction), NULL);
g_return_val_if_fail (attrs || !n_attrs, NULL);
/* Dig out the value */
attr = gkm_attributes_find (attrs, n_attrs, CKA_VALUE);
if (attr == NULL) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
cert = g_object_new (GKM_TYPE_CERTIFICATE,
"module", gkm_session_get_module (session),
"manager", gkm_manager_for_template (attrs, n_attrs, session),
NULL);
/* Load the certificate from the data specified */
if (!gkm_serializable_load (GKM_SERIALIZABLE (cert), NULL, attr->pValue, attr->ulValueLen)) {
gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID);
g_object_unref (cert);
return NULL;
}
/* Note that we ignore the subject */
gkm_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_SUBJECT, G_MAXULONG);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (cert),
TRUE, attrs, n_attrs);
return GKM_OBJECT (cert);
}
static GkmObject*
factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmAssertion *assertion;
CK_X_ASSERTION_TYPE type;
GkmManager *manager;
gboolean created = FALSE;
GkmXdgTrust *trust;
gchar *purpose;
gchar *peer;
g_return_val_if_fail (attrs || !n_attrs, NULL);
if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_X_ASSERTION_TYPE, &type)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PURPOSE, &purpose)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PEER, &peer))
peer = NULL;
/* Try to find or create an appropriate trust object for this assertion */
manager = gkm_manager_for_template (attrs, n_attrs, session);
trust = lookup_or_create_trust_object (session, manager, transaction,
type, attrs, n_attrs, &created);
/* Creating the trust object failed */
if (trust == NULL) {
g_return_val_if_fail (gkm_transaction_get_failed (transaction), NULL);
g_free (purpose);
g_free (peer);
return NULL;
}
assertion = g_object_new (GKM_XDG_TYPE_ASSERTION,
"module", gkm_session_get_module (session),
"manager", manager,
"trust", trust,
"type", type,
"purpose", purpose,
"peer", peer,
NULL);
g_free (purpose);
g_free (peer);
/* Add the assertion to the trust object */
if (!gkm_transaction_get_failed (transaction)) {
gkm_xdg_trust_replace_assertion (trust, GKM_ASSERTION (assertion), transaction);
if (gkm_transaction_get_failed (transaction)) {
gkm_transaction_fail (transaction, CKR_GENERAL_ERROR);
/* A new trust assertion */
} else {
gkm_attributes_consume (attrs, n_attrs, CKA_X_ASSERTION_TYPE, CKA_X_PURPOSE, G_MAXULONG);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (assertion),
TRUE, attrs, n_attrs);
}
}
g_object_unref (trust);
return GKM_OBJECT (assertion);
}
