void
_gcr_subject_public_key_load_async (GckObject *key,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
GSimpleAsyncResult *res;
LoadClosure *closure;
g_return_if_fail (GCK_IS_OBJECT (key));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
res = g_simple_async_result_new (NULL, callback, user_data,
_gcr_subject_public_key_load_async);
closure = g_slice_new0 (LoadClosure);
closure->object = g_object_ref (key);
lookup_attributes (key, &closure->builder);
g_simple_async_result_set_op_res_gpointer (res, closure, load_closure_free);
if (check_attributes (&closure->builder)) {
g_simple_async_result_complete_in_idle (res);
g_object_unref (res);
return;
}
g_simple_async_result_run_in_thread (res, thread_key_attributes,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (res);
}
gboolean
_gck_module_fire_authenticate_object (GckModule *self, GckObject *object,
gchar *label, gchar **password)
{
GckTokenInfo *info;
GckSession *session;
GckSlot *slot;
gboolean ret;
g_assert (GCK_IS_MODULE (self));
g_assert (GCK_IS_OBJECT (object));
g_assert (password);
session = gck_object_get_session (object);
slot = gck_session_get_slot (session);
g_object_unref (session);
info = gck_slot_get_token_info (slot);
g_object_unref (slot);
if (info != NULL) {
if (info->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
gck_token_info_free (info);
*password = NULL;
return TRUE;
}
gck_token_info_free (info);
}
g_signal_emit (self, signals[AUTHENTICATE_OBJECT], 0, object, label, password, &ret);
return ret;
}
GNode *
_gcr_subject_public_key_load (GckObject *key,
GCancellable *cancellable,
GError **error)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckAttributes *attributes;
GNode *asn;
g_return_val_if_fail (GCK_IS_OBJECT (key), NULL);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
lookup_attributes (key, &builder);
if (!check_attributes (&builder)) {
if (!load_attributes (key, &builder, cancellable, error)) {
gck_builder_clear (&builder);
return NULL;
}
}
attributes = gck_builder_end (&builder);
asn = _gcr_subject_public_key_for_attributes (attributes);
if (asn == NULL) {
g_set_error_literal (error, GCK_ERROR, CKR_TEMPLATE_INCONSISTENT,
_("Couldn't build public key"));
}
gck_attributes_unref (attributes);
return asn;
}
static GckObject*
create_credential (GckSession *session, GckObject *object,
const gchar *secret, GError **error)
{
GckAttributes *attrs;
GckObject *cred;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
g_return_val_if_fail (!object || GCK_IS_OBJECT (object), NULL);
if (!secret)
secret = "";
attrs = gck_attributes_new ();
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_CREDENTIAL);
gck_attributes_add_string (attrs, CKA_VALUE, secret);
gck_attributes_add_boolean (attrs, CKA_MATE_TRANSIENT, TRUE);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
if (object)
gck_attributes_add_ulong (attrs, CKA_G_OBJECT,
gck_object_get_handle (object));
cred = gck_session_create_object (session, attrs, NULL, error);
gck_attributes_unref (attrs);
return cred;
}
/**
* gck_password_get_key:
* @self: the password object
*
* If the password request is to unlock a PKCS\#11 key, then this is the
* the object representing that key.
*
* Returns: (transfer full): the password is for this key, or %NULL if not
* being requested for a key; must be unreferenced after use
*/
GckObject *
gck_password_get_key (GckPassword *self)
{
g_return_val_if_fail (GCK_IS_PASSWORD (self), NULL);
if (self->pv->for_token)
return NULL;
g_return_val_if_fail (GCK_IS_OBJECT (self->pv->token_or_key), NULL);
return g_object_ref (self->pv->token_or_key);
}
static void
gck_password_constructed (GObject *obj)
{
GckPassword *self = GCK_PASSWORD (obj);
G_OBJECT_CLASS (gck_password_parent_class)->constructed (obj);
g_return_if_fail (GCK_IS_SLOT (self->pv->token_or_key) ||
GCK_IS_OBJECT (self->pv->token_or_key));
}
/**
* gcr_certificate_request_prepare:
* @format: the format for the certificate request
* @private_key: the private key the the certificate is being requested for
*
* Create a new certificate request, in the given format for the private key.
*
* Returns: (transfer full): a new #GcrCertificate request
*/
GcrCertificateRequest *
gcr_certificate_request_prepare (GcrCertificateRequestFormat format,
GckObject *private_key)
{
g_return_val_if_fail (format == GCR_CERTIFICATE_REQUEST_PKCS10, NULL);
g_return_val_if_fail (GCK_IS_OBJECT (private_key), NULL);
return g_object_new (GCR_TYPE_CERTIFICATE_REQUEST,
"format", format,
"private-key", private_key,
NULL);
}
/**
* gcr_certificate_request_capable:
* @private_key: a private key
* @cancellable: cancellation object
* @error: location to place an error
*
* Check whether #GcrCertificateRequest is capable of creating a request
* for the given @private_key.
*
* Returns: whether a request can be created
*/
gboolean
gcr_certificate_request_capable (GckObject *private_key,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (GCK_IS_OBJECT (private_key), FALSE);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE);
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
return _gcr_key_mechanisms_check (private_key, ALL_MECHANISMS,
G_N_ELEMENTS (ALL_MECHANISMS),
CKA_SIGN, cancellable, error);
}
/**
* gcr_certificate_request_capable_async:
* @private_key: a private key
* @cancellable: cancellation object
* @callback: will be called when the operation completes
* @user_data: data to be passed to callback
*
* Asynchronously check whether #GcrCertificateRequest is capable of creating
* a request for the given @private_key.
*/
void
gcr_certificate_request_capable_async (GckObject *private_key,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
g_return_if_fail (GCK_IS_OBJECT (private_key));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
_gcr_key_mechanisms_check_async (private_key, ALL_MECHANISMS,
G_N_ELEMENTS (ALL_MECHANISMS),
CKA_SIGN, cancellable,
callback, user_data);
}
static GckObject*
create_login_keyring (GckSession *session, GckObject *cred, GError **error)
{
GckObject *login;
GckAttributes *atts;
g_return_val_if_fail (GCK_IS_SESSION (session), NULL);
g_return_val_if_fail (GCK_IS_OBJECT (cred), NULL);
atts = gck_attributes_new ();
gck_attributes_add_ulong (atts, CKA_CLASS, CKO_G_COLLECTION);
gck_attributes_add_string (atts, CKA_ID, "login");
gck_attributes_add_ulong (atts, CKA_G_CREDENTIAL, gck_object_get_handle (cred));
gck_attributes_add_boolean (atts, CKA_TOKEN, TRUE);
/* TRANSLATORS: This is the display label for the login keyring */
gck_attributes_add_string (atts, CKA_LABEL, _("Login"));
login = gck_session_create_object (session, atts, NULL, error);
gck_attributes_unref (atts);
return login;
}
static void
gcr_certificate_request_set_property (GObject *obj,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
GcrCertificateRequest *self = GCR_CERTIFICATE_REQUEST (obj);
GcrCertificateRequestFormat format;
switch (prop_id) {
case PROP_PRIVATE_KEY:
g_return_if_fail (self->private_key == NULL);
self->private_key = g_value_dup_object (value);
g_return_if_fail (GCK_IS_OBJECT (self->private_key));
break;
case PROP_FORMAT:
format = g_value_get_enum (value);
g_return_if_fail (format == GCR_CERTIFICATE_REQUEST_PKCS10);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
}
}
