static int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; unsigned int pcrt_list_size = 0, i; int ret; ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, url, GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, 0); if (ret < 0) return gnutls_assert_val(ret); if (pcrt_list_size == 0) { ret = 0; goto cleanup; } xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size); if (xcrt_list == NULL) { ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } ret = gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, pcrt_list, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_x509_trust_list_remove_cas(list, xcrt_list, pcrt_list_size); cleanup: for (i = 0; i < pcrt_list_size; i++) { gnutls_pkcs11_obj_deinit(pcrt_list[i]); if (xcrt_list) gnutls_x509_crt_deinit(xcrt_list[i]); } gnutls_free(pcrt_list); gnutls_free(xcrt_list); return ret; }
static int import_pkcs11_url(gnutls_x509_trust_list_t list, const char* ca_file, unsigned int flags) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; unsigned int pcrt_list_size = 0, i; int ret; ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, ca_file, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0); if (ret < 0) return gnutls_assert_val(ret); if (pcrt_list_size == 0) { ret = 0; goto cleanup; } xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t)*pcrt_list_size); if (xcrt_list == NULL) { ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } ret = gnutls_x509_crt_list_import_pkcs11( xcrt_list, pcrt_list_size, pcrt_list, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size, flags); cleanup: for (i=0;i<pcrt_list_size;i++) gnutls_pkcs11_obj_deinit(pcrt_list[i]); gnutls_free(pcrt_list); gnutls_free(xcrt_list); return ret; }
static int advance_iter(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_iter_t iter) { int ret; if (iter->node_index < list->size) { ++iter->ca_index; /* skip entries */ while (iter->node_index < list->size && iter->ca_index >= list->node[iter->node_index].trusted_ca_size) { ++iter->node_index; iter->ca_index = 0; } if (iter->node_index < list->size) return 0; } #ifdef ENABLE_PKCS11 if (list->pkcs11_token != NULL) { if (iter->pkcs11_list == NULL) { ret = gnutls_pkcs11_obj_list_import_url2(&iter->pkcs11_list, &iter->pkcs11_size, list->pkcs11_token, (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), 0); if (ret < 0) return gnutls_assert_val(ret); if (iter->pkcs11_size > 0) return 0; } else if (iter->pkcs11_index < iter->pkcs11_size) { ++iter->pkcs11_index; if (iter->pkcs11_index < iter->pkcs11_size) return 0; } } #endif return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); }
/* lists certificates from a token */ void pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, unsigned int detailed, common_info_st * info) { gnutls_pkcs11_obj_t *crt_list; unsigned int crt_list_size = 0, i, j; int ret, otype; char *output, *str; int attrs, print_exts = 0; gnutls_x509_ext_st *exts; unsigned exts_size; unsigned int obj_flags = flags; pkcs11_common(info); FIX(url, outfile, detailed, info); gnutls_pkcs11_token_get_flags(url, &flags); if (flags & GNUTLS_PKCS11_TOKEN_TRUSTED) print_exts = 1; if (type == PKCS11_TYPE_TRUSTED) { attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; } else if (type == PKCS11_TYPE_PK) { attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; } else if (type == PKCS11_TYPE_CRT_ALL) { attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; if (print_exts != 0) print_exts++; } else if (type == PKCS11_TYPE_PRIVKEY) { attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; } else if (type == PKCS11_TYPE_INFO) { attrs = GNUTLS_PKCS11_OBJ_ATTR_MATCH; } else { attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; } /* give some initial value to avoid asking for the pkcs11 pin twice. */ ret = gnutls_pkcs11_obj_list_import_url2(&crt_list, &crt_list_size, url, attrs, obj_flags); if (ret < 0) { fprintf(stderr, "Error in crt_list_import (1): %s\n", gnutls_strerror(ret)); exit(1); } if (crt_list_size == 0) { fprintf(stderr, "No matching objects found\n"); exit(2); } for (i = 0; i < crt_list_size; i++) { char buf[128]; size_t size; unsigned int oflags; ret = gnutls_pkcs11_obj_export_url(crt_list[i], detailed, &output); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } if (info->only_urls) { fprintf(outfile, "%s\n", output); gnutls_free(output); continue; } else { fprintf(outfile, "Object %d:\n\tURL: %s\n", i, output); gnutls_free(output); } otype = gnutls_pkcs11_obj_get_type(crt_list[i]); fprintf(outfile, "\tType: %s\n", gnutls_pkcs11_type_get_name(otype)); size = sizeof(buf); ret = gnutls_pkcs11_obj_get_info(crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, &size); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } fprintf(outfile, "\tLabel: %s\n", buf); oflags = 0; ret = gnutls_pkcs11_obj_get_flags(crt_list[i], &oflags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } str = gnutls_pkcs11_obj_flags_get_str(oflags); if (str != NULL) { fprintf(outfile, "\tFlags: %s\n", str); gnutls_free(str); } size = sizeof(buf); ret = gnutls_pkcs11_obj_get_info(crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, buf, &size); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } fprintf(outfile, "\tID: %s\n", buf); if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && print_exts > 0) { ret = gnutls_pkcs11_obj_get_exts(crt_list[i], &exts, &exts_size, 0); if (ret >= 0 && exts_size > 0) { gnutls_datum_t txt; if (print_exts > 1) { fprintf(outfile, "\tAttached extensions:\n"); ret = gnutls_x509_ext_print(exts, exts_size, 0, &txt); if (ret >= 0) { fprintf(outfile, "%s", (char*)txt.data); gnutls_free(txt.data); } } else { fprintf(outfile, "\tAttached extensions:"); for (j=0;j<exts_size;j++) { fprintf(outfile, "%s%s", exts[j].oid, (j!=exts_size-1)?",":" "); } } for (j=0;j<exts_size;j++) { gnutls_x509_ext_deinit(&exts[j]); } gnutls_free(exts); fprintf(outfile, "\n"); } } fprintf(outfile, "\n"); } UNFIX; return; }