void
gkm_object_destroy (GkmObject *self, GkmTransaction *transaction)
{
GkmSession *session;
GkmManager *manager;
GkmModule *module;
g_return_if_fail (GKM_IS_OBJECT (self));
g_return_if_fail (GKM_IS_TRANSACTION (transaction));
g_return_if_fail (!gkm_transaction_get_failed (transaction));
g_return_if_fail (self->pv->module);
g_object_ref (self);
session = gkm_session_for_session_object (self);
if (session != NULL) {
gkm_session_destroy_session_object (session, transaction, self);
} else {
manager = gkm_object_get_manager (self);
module = gkm_object_get_module (self);
if (manager == gkm_module_get_manager (module))
gkm_module_remove_token_object (module, transaction, self);
}
/* Forcefully dispose of the object once the transaction completes */
gkm_transaction_add (transaction, NULL, complete_destroy, g_object_ref (self));
g_object_unref (self);
}
static void
gkm_object_get_property (GObject *obj, guint prop_id, GValue *value,
GParamSpec *pspec)
{
GkmObject *self = GKM_OBJECT (obj);
switch (prop_id) {
case PROP_HANDLE:
g_value_set_ulong (value, gkm_object_get_handle (self));
break;
case PROP_MODULE:
g_return_if_fail (GKM_IS_MODULE (self->pv->module));
g_value_set_object (value, gkm_object_get_module (self));
break;
case PROP_MANAGER:
g_value_set_object (value, gkm_object_get_manager (self));
break;
case PROP_STORE:
g_value_set_object (value, self->pv->store);
break;
case PROP_UNIQUE:
g_value_set_string (value, gkm_object_get_unique (self));
break;
case PROP_TRANSIENT:
g_value_set_boolean (value, gkm_object_is_transient (self));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
}
}
static GObject*
gkm_roots_certificate_constructor (GType type, guint n_props, GObjectConstructParam *props)
{
GkmRootsCertificate *self = GKM_ROOTS_CERTIFICATE (G_OBJECT_CLASS (gkm_roots_certificate_parent_class)->constructor(type, n_props, props));
g_return_val_if_fail (self, NULL);
self->trust = gkm_roots_trust_new (gkm_object_get_module (GKM_OBJECT (self)),
gkm_object_get_manager (GKM_OBJECT (self)),
GKM_CERTIFICATE (self));
return G_OBJECT (self);
}
static GObject*
gkm_ssh_private_key_constructor (GType type, guint n_props, GObjectConstructParam *props)
{
GkmSshPrivateKey *self = GKM_SSH_PRIVATE_KEY (G_OBJECT_CLASS (gkm_ssh_private_key_parent_class)->constructor(type, n_props, props));
GkmObject *object;
gchar *unique;
g_return_val_if_fail (self, NULL);
object = GKM_OBJECT (self);
unique = g_strdup_printf ("%s.pub", gkm_object_get_unique (object));
self->pubkey = gkm_ssh_public_key_new (gkm_object_get_module (object), unique);
g_free (unique);
return G_OBJECT (self);
}
static void
unlock_collection(void)
{
GkmCredential *cred;
GkmObject *object;
CK_RV rv;
/* Create credential, which unlocks collection */
object = GKM_OBJECT (collection);
rv = gkm_credential_create (gkm_object_get_module (object),
gkm_session_get_manager (session),
object, NULL, 0, &cred);
g_assert (rv == CKR_OK);
gkm_session_add_session_object (session, NULL, GKM_OBJECT (cred));
g_object_unref (cred);
}
static GkmAssertion*
create_assertion (GkmXdgTrust *self, GNode *asn)
{
CK_X_ASSERTION_TYPE type = 0;
GkmAssertion *assertion;
GQuark level;
gchar *purpose;
gchar *peer;
GNode *node;
/* Get the trust level */
level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL));
g_return_val_if_fail (level != 0, NULL);
if (!level_enum_to_assertion_type (level, &type))
g_message ("unsupported trust level %s in trust object", g_quark_to_string (level));
else if (type == 0)
return NULL;
/* A purpose */
purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL);
g_return_val_if_fail (purpose, NULL);
/* A peer name */
node = egg_asn1x_node (asn, "peer", NULL);
if (egg_asn1x_have (node))
peer = egg_asn1x_get_string_as_utf8 (node, NULL);
else
peer = NULL;
assertion = g_object_new (GKM_XDG_TYPE_ASSERTION,
"module", gkm_object_get_module (GKM_OBJECT (self)),
"manager", gkm_object_get_manager (GKM_OBJECT (self)),
"trust", self,
"type", type,
"purpose", purpose,
"peer", peer,
NULL);
g_free (purpose);
g_free (peer);
return assertion;
}
static gboolean
gkm_certificate_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data)
{
GkmCertificate *self = GKM_CERTIFICATE (base);
GNode *asn1 = NULL;
GkmDataResult res;
guchar *copy, *keydata;
gsize n_keydata;
gcry_sexp_t sexp;
GkmSexp *wrapper;
g_return_val_if_fail (GKM_IS_CERTIFICATE (self), FALSE);
if (!data || !n_data) {
g_message ("cannot load empty certificate file");
return FALSE;
}
copy = g_memdup (data, n_data);
/* Parse the ASN1 data */
res = gkm_data_der_read_certificate (copy, n_data, &asn1);
if (res != GKM_DATA_SUCCESS) {
g_message ("couldn't parse certificate data");
g_free (copy);
return FALSE;
}
/* Generate a raw public key from our certificate */
keydata = egg_asn1x_encode (egg_asn1x_node (asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL), NULL, &n_keydata);
g_return_val_if_fail (keydata, FALSE);
/* Now create us a nice public key with that identifier */
res = gkm_data_der_read_public_key_info (keydata, n_keydata, &sexp);
g_free (keydata);
switch (res) {
/* Create ourselves a public key with that */
case GKM_DATA_SUCCESS:
wrapper = gkm_sexp_new (sexp);
if (!self->pv->key)
self->pv->key = gkm_certificate_key_new (gkm_object_get_module (GKM_OBJECT (self)),
gkm_object_get_manager (GKM_OBJECT (self)),
self);
gkm_sexp_key_set_base (GKM_SEXP_KEY (self->pv->key), wrapper);
gkm_sexp_unref (wrapper);
break;
/* Unknown type of public key for this certificate, just ignore */
case GKM_DATA_UNRECOGNIZED:
if (self->pv->key)
g_object_unref (self->pv->key);
self->pv->key = NULL;
break;
/* Bad key, drop certificate */
case GKM_DATA_FAILURE:
case GKM_DATA_LOCKED:
g_warning ("couldn't parse certificate key data");
g_free (copy);
egg_asn1x_destroy (asn1);
return FALSE;
default:
g_assert_not_reached ();
break;
}
g_free (self->pv->data);
self->pv->data = copy;
self->pv->n_data = n_data;
egg_asn1x_destroy (self->pv->asn1);
self->pv->asn1 = asn1;
return TRUE;
}
