static bool
create_anchor (CK_FUNCTION_LIST *module,
CK_SESSION_HANDLE session,
CK_ATTRIBUTE *attrs)
{
CK_BBOOL truev = CK_TRUE;
CK_OBJECT_HANDLE object;
char *string;
CK_RV rv;
CK_ULONG klass;
CK_ATTRIBUTE basics_certificate[] = {
{ CKA_TOKEN, &truev, sizeof (truev) },
{ CKA_TRUSTED, &truev, sizeof (truev) },
{ CKA_INVALID, },
};
CK_ATTRIBUTE basics_extension[] = {
{ CKA_TOKEN, &truev, sizeof (truev) },
{ CKA_INVALID, },
};
CK_ATTRIBUTE basics_empty[] = {
{ CKA_INVALID, },
};
CK_ATTRIBUTE *basics = basics_empty;
if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass)) {
switch (klass) {
case CKO_CERTIFICATE:
basics = basics_certificate;
break;
case CKO_X_CERTIFICATE_EXTENSION:
basics = basics_extension;
break;
}
}
attrs = p11_attrs_merge (attrs, p11_attrs_dup (basics), true);
p11_attrs_remove (attrs, CKA_MODIFIABLE);
if (p11_debugging) {
string = p11_attrs_to_string (attrs, -1);
p11_debug ("storing: %s", string);
free (string);
}
rv = (module->C_CreateObject) (session, attrs,
p11_attrs_count (attrs), &object);
p11_attrs_free (attrs);
if (rv != CKR_OK) {
p11_message ("couldn't create object: %s", p11_kit_strerror (rv));
return false;
}
return true;
}
static bool
modify_anchor (CK_FUNCTION_LIST *module,
CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE object,
CK_ATTRIBUTE *attrs)
{
CK_BBOOL truev = CK_TRUE;
CK_ATTRIBUTE *changes;
CK_ATTRIBUTE *label;
CK_ULONG klass;
char *string;
CK_RV rv;
CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) };
label = p11_attrs_find_valid (attrs, CKA_LABEL);
if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) &&
klass == CKO_CERTIFICATE)
changes = p11_attrs_build (NULL, &trusted, label, NULL);
else
changes = p11_attrs_build (NULL, label, NULL);
return_val_if_fail (attrs != NULL, FALSE);
/* Don't need the attributes anymore */
p11_attrs_free (attrs);
if (p11_debugging) {
string = p11_attrs_to_string (changes, -1);
p11_debug ("setting: %s", string);
free (string);
}
rv = (module->C_SetAttributeValue) (session, object, changes,
p11_attrs_count (changes));
p11_attrs_free (changes);
if (rv != CKR_OK) {
p11_message ("couldn't create object: %s", p11_kit_strerror (rv));
return false;
}
return true;
}
/**
* p11_kit_iter_next:
* @iter: the iterator
*
* Iterate to the next matching object.
*
* To access the object, session and so on, use the p11_kit_iter_get_object(),
* p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions.
*
* This call must only be called after either p11_kit_iter_begin()
* or p11_kit_iter_begin_with() have been called.
*
* Objects which are skipped by callbacks will not be returned here
* as matching objects.
*
* Returns: CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error
*/
CK_RV
p11_kit_iter_next (P11KitIter *iter)
{
CK_ULONG batch;
CK_ULONG count;
CK_BBOOL matches;
CK_RV rv;
return_val_if_fail (iter->iterating, CKR_OPERATION_NOT_INITIALIZED);
iter->object = 0;
if (iter->match_nothing)
return finish_iterating (iter, CKR_CANCEL);
/*
* If we have outstanding objects, then iterate one through those
* Note that we pass each object through the filters, and only
* assume it's iterated if it matches
*/
while (iter->saw_objects < iter->num_objects) {
iter->object = iter->objects[iter->saw_objects++];
rv = call_all_filters (iter, &matches);
if (rv != CKR_OK)
return finish_iterating (iter, rv);
if (matches)
return CKR_OK;
}
/* If we have finished searching then move to next session */
if (iter->searched) {
rv = move_next_session (iter);
if (rv != CKR_OK)
return finish_iterating (iter, rv);
}
/* Ready to start searching */
if (!iter->searching && !iter->searched) {
count = p11_attrs_count (iter->match_attrs);
rv = (iter->module->C_FindObjectsInit) (iter->session, iter->match_attrs, count);
if (rv != CKR_OK)
return finish_iterating (iter, rv);
iter->searching = 1;
iter->searched = 0;
}
/* If we have searched on this session then try to continue */
if (iter->searching) {
assert (iter->module != NULL);
assert (iter->session != 0);
iter->num_objects = 0;
iter->saw_objects = 0;
for (;;) {
if (iter->max_objects - iter->num_objects == 0) {
iter->max_objects = iter->max_objects ? iter->max_objects * 2 : 64;
iter->objects = realloc (iter->objects, iter->max_objects * sizeof (CK_ULONG));
return_val_if_fail (iter->objects != NULL, CKR_HOST_MEMORY);
}
batch = iter->max_objects - iter->num_objects;
rv = (iter->module->C_FindObjects) (iter->session,
iter->objects + iter->num_objects,
batch, &count);
if (rv != CKR_OK)
return finish_iterating (iter, rv);
iter->num_objects += count;
/*
* Done searching on this session, although there are still
* objects outstanding, which will be returned on next
* iterations.
*/
if (batch != count) {
iter->searching = 0;
iter->searched = 1;
(iter->module->C_FindObjectsFinal) (iter->session);
break;
}
if (!iter->preload_results)
break;
}
}
/* Try again */
return p11_kit_iter_next (iter);
}
attrs_build (CK_ATTRIBUTE *attrs,
CK_ULONG count_to_add,
bool take_values,
bool override,
CK_ATTRIBUTE * (*generator) (void *),
void *state)
{
CK_ATTRIBUTE *attr;
CK_ATTRIBUTE *add;
CK_ULONG current;
CK_ULONG at;
CK_ULONG j;
CK_ULONG i;
/* How many attributes we already have */
current = p11_attrs_count (attrs);
/* Reallocate for how many we need */
attrs = realloc (attrs, (current + count_to_add + 1) * sizeof (CK_ATTRIBUTE));
return_val_if_fail (attrs != NULL, NULL);
at = current;
for (i = 0; i < count_to_add; i++) {
add = (generator) (state);
/* Skip with invalid type */
if (!add || add->type == CKA_INVALID)
continue;
attr = NULL;
