summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stefw@gnome.org>2013-01-30 15:39:28 +0100
committerStef Walter <stefw@gnome.org>2013-02-05 15:00:25 +0100
commitdbcf3c049f4aadc1d25eb952b4feabdec14cf35d (patch)
tree3e34d01ee31e4c816ee4eef35e6d09337d68378c
parent5df24bf0fb8532e0ebdf5f2366834848fdf6097d (diff)
Add support for extracting to pem-bundle and pem-directory formats
-rw-r--r--build/certs/Makefile.am2
-rw-r--r--doc/p11-kit.xml8
-rw-r--r--tools/Makefile.am1
-rw-r--r--tools/extract-pem.c125
-rw-r--r--tools/extract.c2
-rw-r--r--tools/tests/Makefile.am8
-rw-r--r--tools/tests/files/cacert3-twice.pem84
-rw-r--r--tools/tests/files/cacert3.pem42
-rw-r--r--tools/tests/test-pem.c269
9 files changed, 541 insertions, 0 deletions
diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am
index a272c04..1c30521 100644
--- a/build/certs/Makefile.am
+++ b/build/certs/Makefile.am
@@ -11,6 +11,8 @@ prepare-certs:
cp -v cacert3.der $(TRUST)/files
cp -v cacert3.der $(TOOLS)/files
openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem
+ openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3.pem
+ cat $(TOOLS)/files/cacert3.pem $(TOOLS)/files/cacert3.pem > $(TOOLS)/files/cacert3-twice.pem
openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted.pem \
-addtrust clientAuth -addtrust serverAuth -addreject emailProtection \
-setalias "Custom Label"
diff --git a/doc/p11-kit.xml b/doc/p11-kit.xml
index f2af9a6..a980a82 100644
--- a/doc/p11-kit.xml
+++ b/doc/p11-kit.xml
@@ -128,6 +128,14 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire
<term><option>x509-directory</option></term>
<listitem><para>directory of X.509 certificates</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>pem-bundle</option></term>
+ <listitem><para>File containing one or more certificate PEM blocks</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>pem-directory</option></term>
+ <listitem><para>Directory PEM files each containing one certifiacte</para></listitem>
+ </varlistentry>
</variablelist>
</para></listitem>
</varlistentry>
diff --git a/tools/Makefile.am b/tools/Makefile.am
index d07eda0..9a68686 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -41,6 +41,7 @@ p11_kit_LDADD += \
p11_kit_SOURCES += \
extract.c extract.h \
extract-info.c \
+ extract-pem.c \
extract-x509.c \
save.c save.h \
$(NULL)
diff --git a/tools/extract-pem.c b/tools/extract-pem.c
new file mode 100644
index 0000000..8777133
--- /dev/null
+++ b/tools/extract-pem.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2013, Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#include "compat.h"
+#include "debug.h"
+#include "extract.h"
+#include "library.h"
+#include "pem.h"
+#include "save.h"
+
+#include <stdlib.h>
+
+bool
+p11_extract_pem_bundle (P11KitIter *iter,
+ p11_extract_info *ex)
+{
+ p11_save_file *file;
+ bool ret = true;
+ size_t length;
+ CK_RV rv;
+ char *pem;
+
+ file = p11_save_open_file (ex->destination, ex->flags);
+ if (!file)
+ return false;
+
+ while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ pem = p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &length);
+ return_val_if_fail (pem != NULL, false);
+
+ ret = p11_save_write (file, pem, length);
+ free (pem);
+
+ if (!ret)
+ break;
+ }
+
+ if (rv != CKR_OK && rv != CKR_CANCEL) {
+ p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
+ ret = false;
+ }
+
+ /*
+ * This will produce an empty file (which is a valid PEM bundle) if no
+ * certificates were found.
+ */
+
+ p11_save_finish_file (file, ret);
+ return ret;
+}
+
+bool
+p11_extract_pem_directory (P11KitIter *iter,
+ p11_extract_info *ex)
+{
+ p11_save_file *file;
+ p11_save_dir *dir;
+ bool ret = true;
+ char *filename;
+ size_t length;
+ char *pem;
+ CK_RV rv;
+
+ dir = p11_save_open_directory (ex->destination, ex->flags);
+ if (dir == NULL)
+ return false;
+
+ while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ pem = p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &length);
+ return_val_if_fail (pem != NULL, false);
+
+ filename = p11_extract_info_filename (ex);
+ return_val_if_fail (filename != NULL, false);
+
+ file = p11_save_open_file_in (dir, filename, ".pem", NULL);
+ free (filename);
+
+ ret = p11_save_write_and_finish (file, pem, length);
+ free (pem);
+
+ if (!ret)
+ break;
+ }
+
+ if (rv != CKR_OK && rv != CKR_CANCEL) {
+ p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
+ ret = false;
+ }
+
+ p11_save_finish_directory (dir, ret);
+ return ret;
+}
diff --git a/tools/extract.c b/tools/extract.c
index 74d4682..738b1c6 100644
--- a/tools/extract.c
+++ b/tools/extract.c
@@ -175,6 +175,8 @@ format_argument (const char *optarg,
} formats[] = {
{ "x509-file", p11_extract_x509_file, },
{ "x509-directory", p11_extract_x509_directory, },
+ { "pem-bundle", p11_extract_pem_bundle, },
+ { "pem-directory", p11_extract_pem_directory },
{ NULL },
};
diff --git a/tools/tests/Makefile.am b/tools/tests/Makefile.am
index 6996675..bf1d32d 100644
--- a/tools/tests/Makefile.am
+++ b/tools/tests/Makefile.am
@@ -40,6 +40,7 @@ CHECK_PROGS = \
test-save \
test-extract \
test-x509 \
+ test-pem \
$(NULL)
noinst_PROGRAMS = \
@@ -64,4 +65,11 @@ test_x509_SOURCES = \
$(TOOLS)/save.c \
$(NULL)
+test_pem_SOURCES = \
+ test-pem.c \
+ $(TOOLS)/extract-info.c \
+ $(TOOLS)/extract-pem.c \
+ $(TOOLS)/save.c \
+ $(NULL)
+
endif # WITH_ASN1
diff --git a/tools/tests/files/cacert3-twice.pem b/tools/tests/files/cacert3-twice.pem
new file mode 100644
index 0000000..c73202d
--- /dev/null
+++ b/tools/tests/files/cacert3-twice.pem
@@ -0,0 +1,84 @@
+-----BEGIN CERTIFICATE-----
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+4GGSt/M3mMS+lqO3ig==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+4GGSt/M3mMS+lqO3ig==
+-----END CERTIFICATE-----
diff --git a/tools/tests/files/cacert3.pem b/tools/tests/files/cacert3.pem
new file mode 100644
index 0000000..087ca0e
--- /dev/null
+++ b/tools/tests/files/cacert3.pem
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+4GGSt/M3mMS+lqO3ig==
+-----END CERTIFICATE-----
diff --git a/tools/tests/test-pem.c b/tools/tests/test-pem.c
new file mode 100644
index 0000000..ccc58be
--- /dev/null
+++ b/tools/tests/test-pem.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2011, Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#include "config.h"
+#include "CuTest.h"
+
+#include "attrs.h"
+#include "compat.h"
+#include "debug.h"
+#include "dict.h"
+#include "extract.h"
+#include "library.h"
+#include "mock.h"
+#include "pkcs11.h"
+#include "pkcs11x.h"
+#include "oid.h"
+#include "test.h"
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+struct {
+ CK_FUNCTION_LIST module;
+ P11KitIter *iter;
+ p11_extract_info ex;
+ char *directory;
+} test;
+
+static void
+setup (CuTest *tc)
+{
+ CK_RV rv;
+
+ memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
+ rv = p11_kit_initialize_module (&test.module);
+ CuAssertIntEquals (tc, CKR_OK, rv);
+
+ mock_module_reset_objects (MOCK_SLOT_ONE_ID);
+
+ test.iter = p11_kit_iter_new (NULL);
+
+ p11_extract_info_init (&test.ex);
+
+ test.directory = strdup ("/tmp/test-extract.XXXXXX");
+ if (!mkdtemp (test.directory))
+ assert_not_reached ();
+}
+
+static void
+teardown (CuTest *tc)
+{
+ CK_RV rv;
+
+ if (rmdir (test.directory) < 0)
+ assert_not_reached ();
+ free (test.directory);
+
+ p11_extract_info_cleanup (&test.ex);
+ p11_kit_iter_free (test.iter);
+
+ rv = p11_kit_finalize_module (&test.module);
+ CuAssertIntEquals (tc, CKR_OK, rv);
+}
+
+static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
+static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
+
+static CK_ATTRIBUTE cacert3_authority_attrs[] = {
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
+ { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
+ { CKA_LABEL, "Cacert3 Here", 12 },
+ { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
+ { CKA_ID, "ID1", 3 },
+ { CKA_INVALID },
+};
+
+static CK_ATTRIBUTE certificate_filter[] = {
+ { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
+ { CKA_INVALID },
+};
+
+static void
+test_file (CuTest *tc)
+{
+ bool ret;
+
+ setup (tc);
+
+ mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
+
+ p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
+ p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+
+ if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ assert_not_reached ();
+
+ ret = p11_extract_pem_bundle (test.iter, &test.ex);
+ CuAssertIntEquals (tc, true, ret);
+
+ test_check_file (tc, test.directory, "extract.pem", SRCDIR "/files/cacert3.pem");
+
+ teardown (tc);
+}
+
+static void
+test_file_multiple (CuTest *tc)
+{
+ bool ret;
+
+ setup (tc);
+
+ mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
+ mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
+
+ p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
+ p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+
+ if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ assert_not_reached ();
+
+ ret = p11_extract_pem_bundle (test.iter, &test.ex);
+ CuAssertIntEquals (tc, true, ret);
+
+ test_check_file (tc, test.directory, "extract.pem", SRCDIR "/files/cacert3-twice.pem");
+
+ teardown (tc);
+}
+
+static void
+test_file_without (CuTest *tc)
+{
+ bool ret;
+
+ setup (tc);
+
+ p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
+ p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+
+ if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0)
+ assert_not_reached ();
+
+ if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ assert_not_reached ();
+
+ ret = p11_extract_pem_bundle (test.iter, &test.ex);
+ CuAssertIntEquals (tc, true, ret);
+
+ test_check_data (tc, test.directory, "extract.pem", "", 0);
+
+ teardown (tc);
+}
+
+static void
+test_directory (CuTest *tc)
+{
+ bool ret;
+
+ setup (tc);
+
+ mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
+ mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
+
+ p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
+ p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+
+ /* Yes, this is a race, and why you shouldn't build software as root */
+ if (rmdir (test.directory) < 0)
+ assert_not_reached ();
+ test.ex.destination = test.directory;
+
+ ret = p11_extract_pem_directory (test.iter, &test.ex);
+ CuAssertIntEquals (tc, true, ret);
+
+ test_check_directory (tc, test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL));
+ test_check_file (tc, test.directory, "Cacert3_Here.pem", SRCDIR "/files/cacert3.pem");
+ test_check_file (tc, test.directory, "Cacert3_Here.1.pem", SRCDIR "/files/cacert3.pem");
+
+ teardown (tc);
+}
+
+static void
+test_directory_empty (CuTest *tc)
+{
+ bool ret;
+
+ setup (tc);
+
+ p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
+ p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+
+ /* Yes, this is a race, and why you shouldn't build software as root */
+ if (rmdir (test.directory) < 0)
+ assert_not_reached ();
+ test.ex.destination = test.directory;
+
+ ret = p11_extract_pem_directory (test.iter, &test.ex);
+ CuAssertIntEquals (tc, true, ret);
+
+ test_check_directory (tc, test.directory, (NULL, NULL));
+
+ teardown (tc);
+}
+
+int
+main (void)
+{
+ CuString *output = CuStringNew ();
+ CuSuite* suite = CuSuiteNew ();
+ int ret;
+
+ putenv ("P11_KIT_STRICT=1");
+ p11_debug_init ();
+
+ SUITE_ADD_TEST (suite, test_file);
+ SUITE_ADD_TEST (suite, test_file_multiple);
+ SUITE_ADD_TEST (suite, test_file_without);
+ SUITE_ADD_TEST (suite, test_directory);
+ SUITE_ADD_TEST (suite, test_directory_empty);
+
+ CuSuiteRun (suite);
+ CuSuiteSummary (suite, output);
+ CuSuiteDetails (suite, output);
+ printf ("%s\n", output->buffer);
+ ret = suite->failCount;
+ CuSuiteDelete (suite);
+ CuStringDelete (output);
+
+ return ret;
+}