void
gkm_object_destroy (GkmObject *self, GkmTransaction *transaction)
{
GkmSession *session;
GkmManager *manager;
GkmModule *module;
g_return_if_fail (GKM_IS_OBJECT (self));
g_return_if_fail (GKM_IS_TRANSACTION (transaction));
g_return_if_fail (!gkm_transaction_get_failed (transaction));
g_return_if_fail (self->pv->module);
g_object_ref (self);
session = gkm_session_for_session_object (self);
if (session != NULL) {
gkm_session_destroy_session_object (session, transaction, self);
} else {
manager = gkm_object_get_manager (self);
module = gkm_object_get_module (self);
if (manager == gkm_module_get_manager (module))
gkm_module_remove_token_object (module, transaction, self);
}
/* Forcefully dispose of the object once the transaction completes */
gkm_transaction_add (transaction, NULL, complete_destroy, g_object_ref (self));
g_object_unref (self);
}
static void
gkm_object_get_property (GObject *obj, guint prop_id, GValue *value,
GParamSpec *pspec)
{
GkmObject *self = GKM_OBJECT (obj);
switch (prop_id) {
case PROP_HANDLE:
g_value_set_ulong (value, gkm_object_get_handle (self));
break;
case PROP_MODULE:
g_return_if_fail (GKM_IS_MODULE (self->pv->module));
g_value_set_object (value, gkm_object_get_module (self));
break;
case PROP_MANAGER:
g_value_set_object (value, gkm_object_get_manager (self));
break;
case PROP_STORE:
g_value_set_object (value, self->pv->store);
break;
case PROP_UNIQUE:
g_value_set_string (value, gkm_object_get_unique (self));
break;
case PROP_TRANSIENT:
g_value_set_boolean (value, gkm_object_is_transient (self));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
}
}
static GObject*
gkm_roots_certificate_constructor (GType type, guint n_props, GObjectConstructParam *props)
{
GkmRootsCertificate *self = GKM_ROOTS_CERTIFICATE (G_OBJECT_CLASS (gkm_roots_certificate_parent_class)->constructor(type, n_props, props));
g_return_val_if_fail (self, NULL);
self->trust = gkm_roots_trust_new (gkm_object_get_module (GKM_OBJECT (self)),
gkm_object_get_manager (GKM_OBJECT (self)),
GKM_CERTIFICATE (self));
return G_OBJECT (self);
}
static GkmAssertion*
create_assertion (GkmXdgTrust *self, GNode *asn)
{
CK_X_ASSERTION_TYPE type = 0;
GkmAssertion *assertion;
GQuark level;
gchar *purpose;
gchar *peer;
GNode *node;
/* Get the trust level */
level = egg_asn1x_get_enumerated (egg_asn1x_node (asn, "level", NULL));
g_return_val_if_fail (level != 0, NULL);
if (!level_enum_to_assertion_type (level, &type))
g_message ("unsupported trust level %s in trust object", g_quark_to_string (level));
else if (type == 0)
return NULL;
/* A purpose */
purpose = egg_asn1x_get_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL), NULL);
g_return_val_if_fail (purpose, NULL);
/* A peer name */
node = egg_asn1x_node (asn, "peer", NULL);
if (egg_asn1x_have (node))
peer = egg_asn1x_get_string_as_utf8 (node, NULL);
else
peer = NULL;
assertion = g_object_new (GKM_XDG_TYPE_ASSERTION,
"module", gkm_object_get_module (GKM_OBJECT (self)),
"manager", gkm_object_get_manager (GKM_OBJECT (self)),
"trust", self,
"type", type,
"purpose", purpose,
"peer", peer,
NULL);
g_free (purpose);
g_free (peer);
return assertion;
}
gboolean
gkm_certificate_calc_category (GkmCertificate *self, GkmSession *session, CK_ULONG* category)
{
const guchar *extension;
GkmManager *manager;
gsize n_extension;
GkmDataResult res;
gboolean is_ca;
GkmObject *object;
g_return_val_if_fail (GKM_IS_CERTIFICATE (self), CKR_GENERAL_ERROR);
g_return_val_if_fail (category, CKR_GENERAL_ERROR);
/* First see if we have a private key for this certificate */
manager = gkm_object_get_manager (GKM_OBJECT (self));
if (manager != NULL) {
object = gkm_manager_find_related (manager, session, CKO_PRIVATE_KEY, GKM_OBJECT (self));
if (object != NULL) {
*category = 1; /* token user */
return TRUE;
}
}
/* Read in the Basic Constraints section */
extension = gkm_certificate_get_extension (self, OID_BASIC_CONSTRAINTS, &n_extension, NULL);
if (extension != NULL) {
res = gkm_data_der_read_basic_constraints (extension, n_extension, &is_ca, NULL);
if (res != GKM_DATA_SUCCESS)
return FALSE;
if (is_ca)
*category = 2; /* authority */
else
*category = 3; /* other entity */
} else {
*category = 0; /* unspecified */
}
return TRUE;
}
static void
add_transient_object (GkmModule *self, GkmTransaction *transaction, GkmObject *object)
{
g_assert (GKM_IS_MODULE (self));
g_assert (GKM_IS_OBJECT (object));
/* Must not already be associated with a session or manager */
g_return_if_fail (gkm_object_get_manager (object) == self->pv->token_manager);
g_return_if_fail (g_hash_table_lookup (self->pv->transient_objects, object) == NULL);
g_hash_table_insert (self->pv->transient_objects, object, g_object_ref (object));
g_object_set (object, "store", self->pv->transient_store, NULL);
gkm_object_expose (object, TRUE);
if (transaction) {
gkm_transaction_add (transaction, self,
(GkmTransactionFunc)complete_transient_add,
g_object_ref (object));
}
}
static gboolean
gkm_certificate_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data)
{
GkmCertificate *self = GKM_CERTIFICATE (base);
GNode *asn1 = NULL;
GkmDataResult res;
guchar *copy, *keydata;
gsize n_keydata;
gcry_sexp_t sexp;
GkmSexp *wrapper;
g_return_val_if_fail (GKM_IS_CERTIFICATE (self), FALSE);
if (!data || !n_data) {
g_message ("cannot load empty certificate file");
return FALSE;
}
copy = g_memdup (data, n_data);
/* Parse the ASN1 data */
res = gkm_data_der_read_certificate (copy, n_data, &asn1);
if (res != GKM_DATA_SUCCESS) {
g_message ("couldn't parse certificate data");
g_free (copy);
return FALSE;
}
/* Generate a raw public key from our certificate */
keydata = egg_asn1x_encode (egg_asn1x_node (asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL), NULL, &n_keydata);
g_return_val_if_fail (keydata, FALSE);
/* Now create us a nice public key with that identifier */
res = gkm_data_der_read_public_key_info (keydata, n_keydata, &sexp);
g_free (keydata);
switch (res) {
/* Create ourselves a public key with that */
case GKM_DATA_SUCCESS:
wrapper = gkm_sexp_new (sexp);
if (!self->pv->key)
self->pv->key = gkm_certificate_key_new (gkm_object_get_module (GKM_OBJECT (self)),
gkm_object_get_manager (GKM_OBJECT (self)),
self);
gkm_sexp_key_set_base (GKM_SEXP_KEY (self->pv->key), wrapper);
gkm_sexp_unref (wrapper);
break;
/* Unknown type of public key for this certificate, just ignore */
case GKM_DATA_UNRECOGNIZED:
if (self->pv->key)
g_object_unref (self->pv->key);
self->pv->key = NULL;
break;
/* Bad key, drop certificate */
case GKM_DATA_FAILURE:
case GKM_DATA_LOCKED:
g_warning ("couldn't parse certificate key data");
g_free (copy);
egg_asn1x_destroy (asn1);
return FALSE;
default:
g_assert_not_reached ();
break;
}
g_free (self->pv->data);
self->pv->data = copy;
self->pv->n_data = n_data;
egg_asn1x_destroy (self->pv->asn1);
self->pv->asn1 = asn1;
return TRUE;
}