summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stefw@redhat.com>2017-01-29 15:12:56 +0100
committerDaiki Ueno <ueno@gnu.org>2017-01-31 17:38:15 +0100
commitf4384a40657e6abde6658ac7600abb879818b493 (patch)
tree7934ae95213a8302ffeed1c15c59d4d4f89d5de0
parentd5a2d993c8e983290aea33fac2a086240af39c6b (diff)
trust: Make extraction and correlation of certificate info optional
This is so that the code can be shared by the upcoming 'trust dump' command where correlation between related objects is not desired.
-rw-r--r--trust/enumerate.c28
-rw-r--r--trust/enumerate.h1
-rw-r--r--trust/list.c1
-rw-r--r--trust/test-bundle.c1
-rw-r--r--trust/test-cer.c1
-rw-r--r--trust/test-enumerate.c16
-rw-r--r--trust/test-openssl.c1
7 files changed, 30 insertions, 19 deletions
diff --git a/trust/enumerate.c b/trust/enumerate.c
index 750bba3..ad0565f 100644
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -308,24 +308,26 @@ extract_info (p11_enumerate *ex)
return false;
/* If a certificate then */
- if (ex->klass != CKO_CERTIFICATE) {
- p11_message ("skipping non-certificate object");
- return false;
- }
+ if (ex->flags & P11_ENUMERATE_CORRELATE) {
+ if (ex->klass != CKO_CERTIFICATE) {
+ p11_message ("skipping non-certificate object");
+ return false;
+ }
- if (!extract_certificate (ex))
- return false;
+ if (!extract_certificate (ex))
+ return false;
+
+ attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
+ if (attr) {
+ ex->attached = load_attached_extensions (ex, attr);
+ if (!ex->attached)
+ return false;
+ }
- attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
- if (attr) {
- ex->attached = load_attached_extensions (ex, attr);
- if (!ex->attached)
+ if (!extract_purposes (ex))
return false;
}
- if (!extract_purposes (ex))
- return false;
-
return true;
}
diff --git a/trust/enumerate.h b/trust/enumerate.h
index 411820a..41cea09 100644
--- a/trust/enumerate.h
+++ b/trust/enumerate.h
@@ -49,6 +49,7 @@ enum {
P11_ENUMERATE_ANCHORS = 1 << 21,
P11_ENUMERATE_BLACKLIST = 1 << 22,
P11_ENUMERATE_COLLAPSE = 1 << 23,
+ P11_ENUMERATE_CORRELATE = 1 << 24,
};
typedef struct {
diff --git a/trust/list.c b/trust/list.c
index 12120e5..9e31aba 100644
--- a/trust/list.c
+++ b/trust/list.c
@@ -253,6 +253,7 @@ p11_trust_list (int argc,
if (!p11_enumerate_ready (&ex, "trust-policy"))
exit (1);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ret = list_iterate (&ex, details) ? 0 : 1;
p11_enumerate_cleanup (&ex);
diff --git a/trust/test-bundle.c b/trust/test-bundle.c
index 3af7277..3f4bcad 100644
--- a/trust/test-bundle.c
+++ b/trust/test-bundle.c
@@ -74,6 +74,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
test.directory = p11_test_directory ("test-extract");
}
diff --git a/trust/test-cer.c b/trust/test-cer.c
index 422b528..a412eff 100644
--- a/trust/test-cer.c
+++ b/trust/test-cer.c
@@ -74,6 +74,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
test.directory = p11_test_directory ("test-extract");
}
diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c
index 424437e..3e188b2 100644
--- a/trust/test-enumerate.c
+++ b/trust/test-enumerate.c
@@ -62,6 +62,7 @@ test_file_name_for_label (void)
char *name;
p11_enumerate_init (&ex);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ex.attrs = p11_attrs_build (NULL, &label, NULL);
@@ -79,6 +80,7 @@ test_file_name_for_class (void)
char *name;
p11_enumerate_init (&ex);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ex.klass = CKO_CERTIFICATE;
@@ -104,7 +106,7 @@ test_comment_for_label (void)
p11_enumerate_init (&ex);
- ex.flags = P11_EXTRACT_COMMENT;
+ ex.flags = P11_EXTRACT_COMMENT | P11_ENUMERATE_CORRELATE;
ex.attrs = p11_attrs_build (NULL, &label, NULL);
comment = p11_enumerate_comment (&ex, true);
@@ -127,6 +129,7 @@ test_comment_not_enabled (void)
p11_enumerate_init (&ex);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ex.attrs = p11_attrs_build (NULL, &label, NULL);
comment = p11_enumerate_comment (&ex, true);
@@ -156,6 +159,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
/* Prefill the modules */
test.modules[0] = &test.module;
@@ -406,7 +410,7 @@ test_duplicate_distrusted (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- test.ex.flags = P11_ENUMERATE_COLLAPSE;
+ test.ex.flags = P11_ENUMERATE_COLLAPSE | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -432,7 +436,7 @@ test_trusted_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_ENUMERATE_ANCHORS;
+ test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -450,7 +454,7 @@ test_distrust_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_ENUMERATE_BLACKLIST;
+ test.ex.flags = P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -475,7 +479,7 @@ test_override_by_issuer_serial (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
+ test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -498,7 +502,7 @@ test_override_by_public_key (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key);
- test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
+ test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
diff --git a/trust/test-openssl.c b/trust/test-openssl.c
index 3cba1ed..b1276df 100644
--- a/trust/test-openssl.c
+++ b/trust/test-openssl.c
@@ -77,6 +77,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
test.directory = p11_test_directory ("test-extract");
}