static bool create_anchor (CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, CK_ATTRIBUTE *attrs) { CK_BBOOL truev = CK_TRUE; CK_OBJECT_HANDLE object; char *string; CK_RV rv; CK_ULONG klass; CK_ATTRIBUTE basics_certificate[] = { { CKA_TOKEN, &truev, sizeof (truev) }, { CKA_TRUSTED, &truev, sizeof (truev) }, { CKA_INVALID, }, }; CK_ATTRIBUTE basics_extension[] = { { CKA_TOKEN, &truev, sizeof (truev) }, { CKA_INVALID, }, }; CK_ATTRIBUTE basics_empty[] = { { CKA_INVALID, }, }; CK_ATTRIBUTE *basics = basics_empty; if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass)) { switch (klass) { case CKO_CERTIFICATE: basics = basics_certificate; break; case CKO_X_CERTIFICATE_EXTENSION: basics = basics_extension; break; } } attrs = p11_attrs_merge (attrs, p11_attrs_dup (basics), true); p11_attrs_remove (attrs, CKA_MODIFIABLE); if (p11_debugging) { string = p11_attrs_to_string (attrs, -1); p11_debug ("storing: %s", string); free (string); } rv = (module->C_CreateObject) (session, attrs, p11_attrs_count (attrs), &object); p11_attrs_free (attrs); if (rv != CKR_OK) { p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); return false; } return true; }
static bool modify_anchor (CK_FUNCTION_LIST *module, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE *attrs) { CK_BBOOL truev = CK_TRUE; CK_ATTRIBUTE *changes; CK_ATTRIBUTE *label; CK_ULONG klass; char *string; CK_RV rv; CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) }; label = p11_attrs_find_valid (attrs, CKA_LABEL); if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && klass == CKO_CERTIFICATE) changes = p11_attrs_build (NULL, &trusted, label, NULL); else changes = p11_attrs_build (NULL, label, NULL); return_val_if_fail (attrs != NULL, FALSE); /* Don't need the attributes anymore */ p11_attrs_free (attrs); if (p11_debugging) { string = p11_attrs_to_string (changes, -1); p11_debug ("setting: %s", string); free (string); } rv = (module->C_SetAttributeValue) (session, object, changes, p11_attrs_count (changes)); p11_attrs_free (changes); if (rv != CKR_OK) { p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); return false; } return true; }
/** * p11_kit_iter_next: * @iter: the iterator * * Iterate to the next matching object. * * To access the object, session and so on, use the p11_kit_iter_get_object(), * p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions. * * This call must only be called after either p11_kit_iter_begin() * or p11_kit_iter_begin_with() have been called. * * Objects which are skipped by callbacks will not be returned here * as matching objects. * * Returns: CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error */ CK_RV p11_kit_iter_next (P11KitIter *iter) { CK_ULONG batch; CK_ULONG count; CK_BBOOL matches; CK_RV rv; return_val_if_fail (iter->iterating, CKR_OPERATION_NOT_INITIALIZED); iter->object = 0; if (iter->match_nothing) return finish_iterating (iter, CKR_CANCEL); /* * If we have outstanding objects, then iterate one through those * Note that we pass each object through the filters, and only * assume it's iterated if it matches */ while (iter->saw_objects < iter->num_objects) { iter->object = iter->objects[iter->saw_objects++]; rv = call_all_filters (iter, &matches); if (rv != CKR_OK) return finish_iterating (iter, rv); if (matches) return CKR_OK; } /* If we have finished searching then move to next session */ if (iter->searched) { rv = move_next_session (iter); if (rv != CKR_OK) return finish_iterating (iter, rv); } /* Ready to start searching */ if (!iter->searching && !iter->searched) { count = p11_attrs_count (iter->match_attrs); rv = (iter->module->C_FindObjectsInit) (iter->session, iter->match_attrs, count); if (rv != CKR_OK) return finish_iterating (iter, rv); iter->searching = 1; iter->searched = 0; } /* If we have searched on this session then try to continue */ if (iter->searching) { assert (iter->module != NULL); assert (iter->session != 0); iter->num_objects = 0; iter->saw_objects = 0; for (;;) { if (iter->max_objects - iter->num_objects == 0) { iter->max_objects = iter->max_objects ? iter->max_objects * 2 : 64; iter->objects = realloc (iter->objects, iter->max_objects * sizeof (CK_ULONG)); return_val_if_fail (iter->objects != NULL, CKR_HOST_MEMORY); } batch = iter->max_objects - iter->num_objects; rv = (iter->module->C_FindObjects) (iter->session, iter->objects + iter->num_objects, batch, &count); if (rv != CKR_OK) return finish_iterating (iter, rv); iter->num_objects += count; /* * Done searching on this session, although there are still * objects outstanding, which will be returned on next * iterations. */ if (batch != count) { iter->searching = 0; iter->searched = 1; (iter->module->C_FindObjectsFinal) (iter->session); break; } if (!iter->preload_results) break; } } /* Try again */ return p11_kit_iter_next (iter); }
attrs_build (CK_ATTRIBUTE *attrs, CK_ULONG count_to_add, bool take_values, bool override, CK_ATTRIBUTE * (*generator) (void *), void *state) { CK_ATTRIBUTE *attr; CK_ATTRIBUTE *add; CK_ULONG current; CK_ULONG at; CK_ULONG j; CK_ULONG i; /* How many attributes we already have */ current = p11_attrs_count (attrs); /* Reallocate for how many we need */ attrs = realloc (attrs, (current + count_to_add + 1) * sizeof (CK_ATTRIBUTE)); return_val_if_fail (attrs != NULL, NULL); at = current; for (i = 0; i < count_to_add; i++) { add = (generator) (state); /* Skip with invalid type */ if (!add || add->type == CKA_INVALID) continue; attr = NULL;