static CK_RV
trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
GNode *node;
GBytes *integer;
CK_RV rv;
g_assert (GKM_XDG_IS_TRUST (self));
node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
/* If the assertion doesn't contain this info ... */
if (!egg_asn1x_have (node)) {
gkm_debug ("CKR_ATTRIBUTE_TYPE_INVALID: %s wants %s which is not part of assertion",
gkm_log_attr_type (attr->type), part);
return CKR_ATTRIBUTE_TYPE_INVALID;
}
integer = egg_asn1x_get_integer_as_raw (node);
g_return_val_if_fail (integer, CKR_GENERAL_ERROR);
rv = gkm_attribute_set_bytes (attr, integer);
g_bytes_unref (integer);
return rv;
}
static CK_RV
trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
{
GNode *node;
gpointer integer;
gsize n_integer;
CK_RV rv;
g_assert (GKM_XDG_IS_TRUST (self));
node = egg_asn1x_node (self->pv->asn, "reference", "certReference", part, NULL);
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
/* If the assertion doesn't contain this info ... */
if (!egg_asn1x_have (node))
return CKR_ATTRIBUTE_TYPE_INVALID;
integer = egg_asn1x_get_integer_as_raw (node, NULL, &n_integer);
g_return_val_if_fail (integer, CKR_GENERAL_ERROR);
rv = gkm_attribute_set_data (attr, integer, n_integer);
g_free (integer);
return rv;
}
/**
* gcr_certificate_get_serial_number:
* @self: a #GcrCertificate
* @n_length: the length of the returned data.
*
* Get the raw binary serial number of the certificate.
*
* The caller should free the returned data using g_free() when
* it is no longer required.
*
* Returns: the raw binary serial number.
*/
guchar*
gcr_certificate_get_serial_number (GcrCertificate *self, gsize *n_length)
{
GcrCertificateInfo *info;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_length, NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
return egg_asn1x_get_integer_as_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "serialNumber", NULL), NULL, n_length);
}
static void
dump_certificate_complete (GNode *asn)
{
GNode *cert;
gchar *issuer, *serial, *subject;
gconstpointer element;
gpointer data;
gsize n_data, n_element;
/* Parse the certificate out */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
element = egg_asn1x_get_raw_element (asn, &n_element);
g_return_if_fail (element);
if (!egg_asn1x_decode (cert, element, n_element))
barf_and_die ("couldn't parse certificate", egg_asn1x_message (cert));
issuer = egg_dn_read (egg_asn1x_node (asn, "issuer", NULL));
g_return_if_fail (issuer);
subject = egg_dn_read (egg_asn1x_node (asn, "subject", NULL));
g_return_if_fail (subject);
data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data);
g_return_if_fail (data && n_data);
serial = egg_hex_encode (data, n_data);
g_free (data);
g_print ("Complete\n");
g_print (" issuer: %s\n", issuer);
g_print (" subject: %s\n", subject);
g_print (" serial: 0x%s\n", serial);
egg_asn1x_destroy (cert);
g_free (data);
g_free (serial);
g_free (issuer);
g_free (subject);
}
/**
* gcr_certificate_get_serial_number:
* @self: a #GcrCertificate
* @n_length: the length of the returned data.
*
* Get the raw binary serial number of the certificate.
*
* The caller should free the returned data using g_free() when
* it is no longer required.
*
* Returns: (array length=n_length): the raw binary serial number.
*/
guchar *
gcr_certificate_get_serial_number (GcrCertificate *self, gsize *n_length)
{
GcrCertificateInfo *info;
EggBytes *bytes;
guchar *result;
g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
g_return_val_if_fail (n_length != NULL, NULL);
info = certificate_info_load (self);
g_return_val_if_fail (info, NULL);
bytes = egg_asn1x_get_integer_as_raw (egg_asn1x_node (info->asn1, "tbsCertificate", "serialNumber", NULL));
g_return_val_if_fail (bytes != NULL, NULL);
*n_length = egg_bytes_get_size (bytes);
result = g_memdup (egg_bytes_get_data (bytes), *n_length);
egg_bytes_unref (bytes);
return result;
}
static void
dump_certificate_reference (GNode *asn)
{
gchar *issuer, *serial;
gpointer data;
gsize n_data;
GNode *name;
gconstpointer element;
gsize n_element;
/* Parse the name out */
name = egg_asn1x_create (pkix_asn1_tab, "Name");
g_return_if_fail (name);
element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "issuer", NULL), &n_element);
g_return_if_fail (element);
if (!egg_asn1x_decode (name, element, n_element))
barf_and_die ("couldn't parse certificate", egg_asn1x_message (name));
issuer = egg_dn_read (name);
g_return_if_fail (issuer);
data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data);
g_return_if_fail (data && n_data);
serial = egg_hex_encode (data, n_data);
g_free (data);
g_print ("Reference\n");
g_print (" issuer: %s\n", issuer);
g_print (" serial: 0x%s\n", serial);
egg_asn1x_destroy (name);
g_free (data);
g_free (serial);
g_free (issuer);
}
static void
create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate)
{
GError *err = NULL;
GNode *asn, *cert, *choice, *ref;
GNode *issuer, *serial;
gchar *data;
GBytes *result;
GBytes *value;
GBytes *element;
gsize n_data;
GBytes *bytes;
if (!g_file_get_contents (certificate, &data, &n_data, &err))
barf_and_die ("couldn't read certificate file", egg_error_message (err));
/* Make sure the certificate is */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
bytes = g_bytes_new_take (data, n_data);
if (!egg_asn1x_decode (cert, bytes))
barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
g_bytes_unref (bytes);
/* Dig out the issuer and serial */
issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL);
serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL);
g_return_if_fail (issuer && serial);
/* Create up the trust structure */
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_if_fail (asn);
/* Setup the type of trust assertion */
ref = egg_asn1x_node (asn, "reference", NULL);
choice = egg_asn1x_node (ref, "certReference", NULL);
if (!egg_asn1x_set_choice (ref, choice))
g_return_if_reached ();
/* Copy over the serial and issuer */
element = egg_asn1x_get_element_raw (issuer);
if (!egg_asn1x_set_any_raw (egg_asn1x_node (choice, "issuer", NULL), element))
g_return_if_reached ();
g_bytes_unref (element);
value = egg_asn1x_get_integer_as_raw (serial);
egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value);
g_bytes_unref (value);
result = egg_asn1x_encode (asn, NULL);
if (result == NULL)
barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
g_free (data);
egg_asn1x_destroy (cert);
egg_asn1x_destroy (asn);
if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL),
g_bytes_get_size (result), &err))
barf_and_die ("couldn't write trust file", egg_error_message (err));
g_bytes_unref (result);
}
