static GkmXdgTrust*
create_trust_for_complete (GkmModule *module, GkmManager *manager,
CK_ATTRIBUTE_PTR cert)
{
GkmXdgTrust *trust;
GNode *asn, *ref, *node;
GBytes *bytes;
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, NULL);
ref = egg_asn1x_node (asn, "reference", NULL);
node = egg_asn1x_node (ref, "certComplete", NULL);
egg_asn1x_set_choice (ref, node);
bytes = g_bytes_new (cert->pValue, cert->ulValueLen);
egg_asn1x_set_any_raw (node, bytes);
g_bytes_unref (bytes);
trust = g_object_new (GKM_XDG_TYPE_TRUST, "module", module, "manager", manager, NULL);
trust->pv->asn = asn;
/* Encode it, which validates, and so we have read access to all the data */
trust->pv->bytes = egg_asn1x_encode (asn, NULL);
if (!trust->pv->bytes) {
g_warning ("created invalid trust object: %s", egg_asn1x_message (asn));
return NULL;
}
return trust;
}
static GkmXdgTrust*
create_trust_for_reference (GkmModule *module, GkmManager *manager,
CK_ATTRIBUTE_PTR serial, CK_ATTRIBUTE_PTR issuer)
{
GkmXdgTrust *trust;
GNode *asn, *ref, *node;
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, NULL);
ref = egg_asn1x_node (asn, "reference", NULL);
node = egg_asn1x_node (ref, "certReference", NULL);
egg_asn1x_set_choice (ref, node);
egg_asn1x_set_integer_as_raw (egg_asn1x_node (node, "serialNumber", NULL),
g_memdup (serial->pValue, serial->ulValueLen),
serial->ulValueLen, g_free);
egg_asn1x_set_raw_element (egg_asn1x_node (node, "issuer", NULL),
g_memdup (issuer->pValue, issuer->ulValueLen),
issuer->ulValueLen, g_free);
trust = g_object_new (GKM_XDG_TYPE_TRUST, "module", module, "manager", manager, NULL);
trust->pv->asn = asn;
/* Encode it, so we have read access to all the data */
trust->pv->data = egg_asn1x_encode (asn, NULL, &trust->pv->n_data);
if (!trust->pv->data) {
g_warning ("created invalid trust object: %s", egg_asn1x_message (asn));
return NULL;
}
return trust;
}
/**
* gcr_certificate_request_set_cn:
* @self: the certificate request
* @cn: common name to set on the request
*
* Set the common name encoded in the certificate request.
*/
void
gcr_certificate_request_set_cn (GcrCertificateRequest *self,
const gchar *cn)
{
GNode *subject;
GNode *dn;
g_return_if_fail (GCR_IS_CERTIFICATE_REQUEST (self));
g_return_if_fail (cn != NULL);
subject = egg_asn1x_node (self->asn, "certificationRequestInfo", "subject", NULL);
dn = egg_asn1x_node (subject, "rdnSequence", NULL);
/* TODO: we shouldn't really be clearing this, but replacing CN */
egg_asn1x_set_choice (subject, dn);
egg_asn1x_clear (dn);
egg_dn_add_string_part (dn, GCR_OID_NAME_CN, cn);
}
static void
create_trust_file_for_certificate (const gchar *filename, const gchar *certificate)
{
GError *err = NULL;
GNode *asn, *cert, *choice, *ref;
GBytes *bytes, *result;
gchar *data;
gsize n_data;
if (!g_file_get_contents (certificate, &data, &n_data, &err))
barf_and_die ("couldn't read certificate file", egg_error_message (err));
/* Make sure the certificate is */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
bytes = g_bytes_new_take (data, n_data);
if (!egg_asn1x_decode (cert, bytes))
barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_if_fail (asn);
ref = egg_asn1x_node (asn, "reference", NULL);
choice = egg_asn1x_node (ref, "certComplete", NULL);
if (!egg_asn1x_set_choice (ref, choice) || !egg_asn1x_set_any_raw (choice, bytes))
g_return_if_reached ();
g_bytes_unref (bytes);
result = egg_asn1x_encode (asn, NULL);
if (result == NULL)
barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
egg_asn1x_destroy (cert);
if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL),
g_bytes_get_size (result), &err))
barf_and_die ("couldn't write trust file", egg_error_message (err));
g_bytes_unref (result);
}
static void
create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate)
{
GError *err = NULL;
GNode *asn, *cert, *choice, *ref;
GNode *issuer, *serial;
gchar *data;
GBytes *result;
GBytes *value;
GBytes *element;
gsize n_data;
GBytes *bytes;
if (!g_file_get_contents (certificate, &data, &n_data, &err))
barf_and_die ("couldn't read certificate file", egg_error_message (err));
/* Make sure the certificate is */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
bytes = g_bytes_new_take (data, n_data);
if (!egg_asn1x_decode (cert, bytes))
barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
g_bytes_unref (bytes);
/* Dig out the issuer and serial */
issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL);
serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL);
g_return_if_fail (issuer && serial);
/* Create up the trust structure */
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_if_fail (asn);
/* Setup the type of trust assertion */
ref = egg_asn1x_node (asn, "reference", NULL);
choice = egg_asn1x_node (ref, "certReference", NULL);
if (!egg_asn1x_set_choice (ref, choice))
g_return_if_reached ();
/* Copy over the serial and issuer */
element = egg_asn1x_get_element_raw (issuer);
if (!egg_asn1x_set_any_raw (egg_asn1x_node (choice, "issuer", NULL), element))
g_return_if_reached ();
g_bytes_unref (element);
value = egg_asn1x_get_integer_as_raw (serial);
egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value);
g_bytes_unref (value);
result = egg_asn1x_encode (asn, NULL);
if (result == NULL)
barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
g_free (data);
egg_asn1x_destroy (cert);
egg_asn1x_destroy (asn);
if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL),
g_bytes_get_size (result), &err))
barf_and_die ("couldn't write trust file", egg_error_message (err));
g_bytes_unref (result);
}