diff options
| author | Stef Walter <stef@thewalter.net> | 2013-06-24 13:34:30 +0200 |
|---|---|---|
| committer | Stef Walter <stef@thewalter.net> | 2013-06-25 13:27:01 +0200 |
| commit | 069c52a10cc4c4c06de8a4d83ddb3755e40be7a4 (patch) | |
| tree | 039013d0a4c0e53050204c92d4028e2419f80461 /tools | |
| parent | 5489a1456c5a6f320bd2b3aa849f36f10d538e81 (diff) | |
Reorganize various components
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
Diffstat (limited to 'tools')
33 files changed, 0 insertions, 6863 deletions
diff --git a/tools/Makefile.am b/tools/Makefile.am deleted file mode 100644 index deda642..0000000 --- a/tools/Makefile.am +++ /dev/null @@ -1,53 +0,0 @@ - -include $(top_srcdir)/build/Makefile.decl - -SUBDIRS = . tests - -COMMON = $(top_srcdir)/common - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(top_srcdir)/common \ - -I$(top_srcdir)/p11-kit \ - -DSRCDIR=\"$(srcdir)\" \ - -DPRIVATEDIR=\"$(privatedir)\" \ - -DP11_KIT_FUTURE_UNSTABLE_API \ - $(NULL) - -bin_PROGRAMS = \ - p11-kit - -p11_kit_SOURCES = \ - list.c \ - tool.c tool.h \ - $(NULL) - -p11_kit_CFLAGS = \ - $(NULL) - -p11_kit_LDADD = \ - $(top_builddir)/p11-kit/libp11-kit.la \ - $(top_builddir)/common/libp11-common.la \ - $(LTLIBINTL) \ - $(NULL) - -if WITH_ASN1 - -p11_kit_LDADD += \ - $(top_builddir)/common/libp11-data.la \ - $(LIBTASN1_LIBS) - -p11_kit_CFLAGS += \ - $(LIBTASN1_CFLAGS) - -p11_kit_SOURCES += \ - extract.c extract.h \ - extract-info.c \ - extract-jks.c \ - extract-openssl.c \ - extract-pem.c \ - extract-x509.c \ - save.c save.h \ - $(NULL) - -endif # WITH_ASN1 diff --git a/tools/extract-info.c b/tools/extract-info.c deleted file mode 100644 index 133b1cd..0000000 --- a/tools/extract-info.c +++ /dev/null @@ -1,455 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TOOL - -#include "attrs.h" -#include "debug.h" -#include "oid.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "x509.h" - -#include <stdlib.h> -#include <string.h> - -static p11_dict * -load_stapled_extensions (CK_FUNCTION_LIST_PTR module, - CK_SLOT_ID slot_id, - CK_ATTRIBUTE *id) -{ - CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION; - CK_ATTRIBUTE *attrs; - P11KitIter *iter; - CK_RV rv = CKR_OK; - p11_dict *stapled; - - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &extension, sizeof (extension) }, - { CKA_ID, id->pValue, id->ulValueLen }, - }; - - CK_ATTRIBUTE template[] = { - { CKA_OBJECT_ID, }, - { CKA_X_CRITICAL, }, - { CKA_VALUE, }, - }; - - stapled = p11_dict_new (p11_attr_hash, - (p11_dict_equals)p11_attr_equal, - NULL, p11_attrs_free); - - /* No ID to use, just short circuit */ - if (!id->pValue || !id->ulValueLen) - return stapled; - - iter = p11_kit_iter_new (NULL); - p11_kit_iter_add_filter (iter, match, 2); - p11_kit_iter_begin_with (iter, module, slot_id, 0); - - while (rv == CKR_OK) { - rv = p11_kit_iter_next (iter); - if (rv == CKR_OK) { - attrs = p11_attrs_buildn (NULL, template, 3); - rv = p11_kit_iter_load_attributes (iter, attrs, 3); - if (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID) { - /* CKA_OBJECT_ID is the first attribute, use it as the key */ - if (!p11_dict_set (stapled, attrs, attrs)) - return_val_if_reached (NULL); - rv = CKR_OK; - } else { - p11_attrs_free (attrs); - } - } - } - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("couldn't load stapled extensions for certificate: %s", p11_kit_strerror (rv)); - p11_dict_free (stapled); - stapled = NULL; - } - - p11_kit_iter_free (iter); - return stapled; -} - -static bool -extract_purposes (p11_extract_info *ex) -{ - CK_ATTRIBUTE oid = { CKA_OBJECT_ID, - (void *)P11_OID_EXTENDED_KEY_USAGE, - sizeof (P11_OID_EXTENDED_KEY_USAGE) }; - const unsigned char *ext = NULL; - unsigned char *alloc = NULL; - CK_ATTRIBUTE *attrs; - size_t ext_len; - - if (ex->stapled) { - attrs = p11_dict_get (ex->stapled, &oid); - if (attrs != NULL) - ext = p11_attrs_find_value (attrs, CKA_VALUE, &ext_len); - } - - if (ext == NULL && ex->cert_asn) { - alloc = p11_x509_find_extension (ex->cert_asn, P11_OID_EXTENDED_KEY_USAGE, - ex->cert_der, ex->cert_len, &ext_len); - ext = alloc; - } - - /* No such extension, match anything */ - if (ext == NULL) - return true; - - ex->purposes = p11_x509_parse_extended_key_usage (ex->asn1_defs, ext, ext_len); - - free (alloc); - return ex->purposes != NULL; -} - -static bool -should_collapse_certificate (p11_extract_info *ex, - CK_ATTRIBUTE *value) -{ - CK_ATTRIBUTE *attrs; - - if (!(ex->flags & P11_EXTRACT_COLLAPSE)) - return false; - - if (!ex->already_seen) { - ex->already_seen = p11_dict_new (p11_attr_hash, p11_attr_equal, - NULL, p11_attrs_free); - return_val_if_fail (ex->already_seen != NULL, true); - } - - if (p11_dict_get (ex->already_seen, value)) - return true; - - attrs = p11_attrs_build (NULL, value, NULL); - return_val_if_fail (attrs != NULL, true); - - if (!p11_dict_set (ex->already_seen, attrs, attrs)) - return_val_if_reached (true); - - return false; -} - -static bool -check_trust_flags_match (p11_extract_info *ex) -{ - CK_BBOOL boolv; - int flags = 0; - - /* If no extract trust flags, then just continue */ - if (!(ex->flags & (P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST))) - return true; - - if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &boolv) && boolv) - flags |= P11_EXTRACT_ANCHORS; - if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &boolv) && boolv) - flags |= P11_EXTRACT_BLACKLIST; - - /* Any of the flags can match */ - if (flags & ex->flags) - return true; - - return false; -} - -static bool -extract_certificate (P11KitIter *iter, - p11_extract_info *ex) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - CK_ATTRIBUTE *attr; - - CK_ULONG type; - - /* Don't even bother with not X.509 certificates */ - if (!p11_attrs_find_ulong (ex->attrs, CKA_CERTIFICATE_TYPE, &type)) - type = (CK_ULONG)-1; - if (type != CKC_X_509) { - p11_debug ("skipping non X.509 certificate"); - return false; - } - - attr = p11_attrs_find_valid (ex->attrs, CKA_VALUE); - if (!attr || !attr->pValue) { - p11_debug ("skipping certificate without a value"); - return false; - } - - /* - * If collapsing and have already seen this certificate, and shouldn't - * process it even again during this extract procedure. - */ - if (should_collapse_certificate (ex, attr)) { - p11_debug ("skipping certificate that has already been seen"); - return false; - } - - /* - * We do these checks after collapsing, so that blacklisted certificates - * mask out anchors even if we're not exporting blacklisted stuff. - */ - if (!check_trust_flags_match (ex)) { - p11_debug ("skipping certificate that doesn't match trust flags"); - return false; - } - - ex->cert_der = attr->pValue; - ex->cert_len = attr->ulValueLen; - ex->cert_asn = p11_asn1_decode (ex->asn1_defs, "PKIX1.Certificate", - ex->cert_der, ex->cert_len, message); - - if (!ex->cert_asn) { - p11_message ("couldn't parse certificate: %s", message); - return false; - } - - return true; -} - -static bool -extract_info (P11KitIter *iter, - p11_extract_info *ex) -{ - CK_ATTRIBUTE *attr; - CK_RV rv; - - static CK_ATTRIBUTE attr_types[] = { - { CKA_ID, }, - { CKA_CLASS, }, - { CKA_CERTIFICATE_TYPE, }, - { CKA_LABEL, }, - { CKA_VALUE, }, - { CKA_SUBJECT, }, - { CKA_ISSUER, }, - { CKA_TRUSTED, }, - { CKA_CERTIFICATE_CATEGORY }, - { CKA_X_DISTRUSTED }, - { CKA_INVALID, }, - }; - - ex->attrs = p11_attrs_dup (attr_types); - rv = p11_kit_iter_load_attributes (iter, ex->attrs, p11_attrs_count (ex->attrs)); - - /* The attributes couldn't be loaded */ - if (rv != CKR_OK && rv != CKR_ATTRIBUTE_TYPE_INVALID && rv != CKR_ATTRIBUTE_SENSITIVE) { - p11_message ("couldn't load attributes: %s", p11_kit_strerror (rv)); - return false; - } - - /* No class attribute, very strange, just skip */ - if (!p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &ex->klass)) - return false; - - /* If a certificate then */ - if (ex->klass != CKO_CERTIFICATE) { - p11_message ("skipping non-certificate object"); - return false; - } - - if (!extract_certificate (iter, ex)) - return false; - - attr = p11_attrs_find_valid (ex->attrs, CKA_ID); - if (attr) { - ex->stapled = load_stapled_extensions (p11_kit_iter_get_module (iter), - p11_kit_iter_get_slot (iter), - attr); - if (!ex->stapled) - return false; - } - - if (!extract_purposes (ex)) - return false; - - return true; -} - -static void -extract_clear (p11_extract_info *ex) -{ - ex->klass = (CK_ULONG)-1; - - p11_attrs_free (ex->attrs); - ex->attrs = NULL; - - asn1_delete_structure (&ex->cert_asn); - ex->cert_der = NULL; - ex->cert_len = 0; - - p11_dict_free (ex->stapled); - ex->stapled = NULL; - - p11_array_free (ex->purposes); - ex->purposes = NULL; -} - -CK_RV -p11_extract_info_load_filter (P11KitIter *iter, - CK_BBOOL *matches, - void *data) -{ - p11_extract_info *ex = data; - int i; - - extract_clear (ex); - - /* Try to load the certificate and extensions */ - if (!extract_info (iter, ex)) { - *matches = CK_FALSE; - return CKR_OK; - } - - /* - * Limit to certain purposes. Note that the lack of purposes noted - * on the certificate means they match any purpose. This is the - * behavior of the ExtendedKeyUsage extension. - */ - if (ex->limit_to_purposes && ex->purposes) { - *matches = CK_FALSE; - for (i = 0; i < ex->purposes->num; i++) { - if (p11_dict_get (ex->limit_to_purposes, ex->purposes->elem[i])) { - *matches = CK_TRUE; - break; - } - } - } - - return CKR_OK; -} - -void -p11_extract_info_init (p11_extract_info *ex) -{ - memset (ex, 0, sizeof (p11_extract_info)); - ex->asn1_defs = p11_asn1_defs_load (); - return_if_fail (ex->asn1_defs != NULL); -} - -void -p11_extract_info_cleanup (p11_extract_info *ex) -{ - extract_clear (ex); - - p11_dict_free (ex->limit_to_purposes); - ex->limit_to_purposes = NULL; - - p11_dict_free (ex->already_seen); - ex->already_seen = NULL; - - p11_dict_free (ex->asn1_defs); - ex->asn1_defs = NULL; -} - -void -p11_extract_info_limit_purpose (p11_extract_info *ex, - const char *purpose) -{ - char *value; - - if (!ex->limit_to_purposes) { - ex->limit_to_purposes = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - return_if_fail (ex->limit_to_purposes != NULL); - } - - value = strdup (purpose); - return_if_fail (value != NULL); - - if (!p11_dict_set (ex->limit_to_purposes, value, value)) - return_if_reached (); -} - -static char * -extract_label (p11_extract_info *extract) -{ - CK_ATTRIBUTE *attr; - - /* Look for a label and just use that */ - attr = p11_attrs_find_valid (extract->attrs, CKA_LABEL); - if (attr && attr->pValue && attr->ulValueLen) - return strndup (attr->pValue, attr->ulValueLen); - - /* For extracting certificates */ - if (extract->klass == CKO_CERTIFICATE) - return strdup ("certificate"); - - return strdup ("unknown"); -} - -#define FILENAME_CHARS \ - "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_" - -char * -p11_extract_info_filename (p11_extract_info *extract) -{ - char *label; - int i; - - label = extract_label (extract); - return_val_if_fail (label != NULL, NULL); - - for (i = 0; label[i] != '\0'; i++) { - if (strchr (FILENAME_CHARS, label[i]) == NULL) - label[i] = '_'; - } - - return label; -} - -char * -p11_extract_info_comment (p11_extract_info *ex, - bool first) -{ - char *comment; - char *label; - - if (!(ex->flags & P11_EXTRACT_COMMENT)) - return NULL; - - label = extract_label (ex); - if (!asprintf (&comment, "%s# %s\n", - first ? "" : "\n", - label ? label : "")) - return_val_if_reached (NULL); - - free (label); - return comment; -} diff --git a/tools/extract-jks.c b/tools/extract-jks.c deleted file mode 100644 index 2c78a51..0000000 --- a/tools/extract-jks.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "hash.h" -#include "message.h" -#include "save.h" - -#include <assert.h> -#include <ctype.h> -#include <stdlib.h> -#include <stdint.h> -#include <string.h> - -static void -encode_msb_short (unsigned char *data, - int16_t value) -{ - uint16_t v; - - /* At this point we only support positive numbers */ - assert (value >= 0); - assert (value < INT16_MAX); - - v = (uint16_t)value; - data[0] = (v >> 8) & 0xff; - data[1] = (v >> 0) & 0xff; -} - -static void -encode_msb_int (unsigned char *data, - int32_t value) -{ - uint32_t v; - - /* At this point we only support positive numbers */ - assert (value >= 0); - assert (value < INT32_MAX); - - v = (uint32_t)value; - data[0] = (v >> 24) & 0xff; - data[1] = (v >> 16) & 0xff; - data[2] = (v >> 8) & 0xff; - data[3] = (v >> 0) & 0xff; -} - -static void -encode_msb_long (unsigned char *data, - int64_t value) -{ - uint64_t v; - - /* At this point we only support positive numbers */ - assert (value >= 0); - assert (value < INT64_MAX); - - v = (uint64_t)value; - data[0] = (v >> 56) & 0xff; - data[1] = (v >> 48) & 0xff; - data[2] = (v >> 40) & 0xff; - data[3] = (v >> 32) & 0xff; - data[4] = (v >> 24) & 0xff; - data[5] = (v >> 16) & 0xff; - data[6] = (v >> 8) & 0xff; - data[7] = (v >> 0) & 0xff; -} - -static void -add_msb_int (p11_buffer *buffer, - int32_t value) -{ - unsigned char *data = p11_buffer_append (buffer, 4); - return_if_fail (data != NULL); - encode_msb_int (data, value); -} - -static void -add_msb_long (p11_buffer *buffer, - int64_t value) -{ - unsigned char *data = p11_buffer_append (buffer, 8); - return_if_fail (data != NULL); - encode_msb_long (data, value); -} - -static void -add_string (p11_buffer *buffer, - const char *string, - size_t length) -{ - unsigned char *data; - - if (length > INT16_MAX) { - p11_message ("truncating long string"); - length = INT16_MAX; - } - - data = p11_buffer_append (buffer, 2); - return_if_fail (data != NULL); - encode_msb_short (data, length); - p11_buffer_add (buffer, string, length); -} - -static void -convert_alias (const char *input, - size_t length, - p11_buffer *buf) -{ - char ch; - size_t i; - - /* - * Java requires that the aliases are 'converted'. For the basic java - * cacerts key store this is lower case. We just do this for ASCII, since - * we don't want to have to bring in unicode case rules. Since we're - * screwing around, we also take out spaces, to make these look like - * java aliases. - */ - - for (i = 0; i < length; i++) { - ch = input[i]; - if (!isspace (ch) && (ch & 0x80) == 0) { - ch = tolower (ch); - p11_buffer_add (buf, &ch, 1); - } - } -} - -static bool -add_alias (p11_buffer *buffer, - p11_dict *aliases, - CK_ATTRIBUTE *label) -{ - const char *input; - size_t input_len; - size_t length; - p11_buffer buf; - char num[32]; - char *alias; - int i; - - p11_buffer_init_null (&buf, 64); - - if (label && label->pValue) { - input = label->pValue; - input_len = label->ulValueLen; - } else { - input = "unlabeled"; - input_len = strlen (input); - } - - convert_alias (input, input_len, &buf); - - for (i = 0; i < INT32_MAX; i++) { - if (i > 0) { - snprintf (num, sizeof (num), "-%d", i); - p11_buffer_add (&buf, num, -1); - } - - return_val_if_fail (p11_buffer_ok (&buf), false); - if (!p11_dict_get (aliases, buf.data)) { - alias = p11_buffer_steal (&buf, &length); - if (!p11_dict_set (aliases, alias, alias)) - return_val_if_reached (false); - add_string (buffer, alias, length); - return true; - } - - p11_buffer_reset (&buf, 0); - } - - return false; -} - -static bool -prepare_jks_buffer (P11KitIter *iter, - p11_extract_info *ex, - p11_buffer *buffer) -{ - const unsigned char magic[] = { 0xfe, 0xed, 0xfe, 0xed }; - const int version = 2; - size_t count_at; - unsigned char *digest; - CK_ATTRIBUTE *label; - p11_dict *aliases; - size_t length; - int64_t now; - int count; - CK_RV rv; - - enum { - private_key = 1, - trusted_cert = 2, - }; - - /* - * Documented in the java sources in the file: - * src/share/classes/sun/security/provider/JavaKeyStore.java - */ - - p11_buffer_add (buffer, magic, sizeof (magic)); - add_msb_int (buffer, version); - count_at = buffer->len; - p11_buffer_append (buffer, 4); - count = 0; - - /* - * We use the current time for each entry. Java expects the time - * when this was this certificate was added to the keystore, however - * we don't have that information. Java uses time in milliseconds - */ - now = time (NULL); - return_val_if_fail (now > 0, false); - now *= 1000; /* seconds to milliseconds */ - - /* - * The aliases in the output file need to be unique. We use a hash - * table to guarantee this. - */ - aliases = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - return_val_if_fail (aliases != NULL, false); - - /* For every certificate */ - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - count++; - - /* The type of entry */ - add_msb_int (buffer, trusted_cert); - - /* The alias */ - label = p11_attrs_find_valid (ex->attrs, CKA_LABEL); - if (!add_alias (buffer, aliases, label)) { - p11_message ("could not generate a certificate alias name"); - p11_dict_free (aliases); - return false; - } - - /* The creation date: current time */ - add_msb_long (buffer, now); - - /* The type of the certificate */ - add_string (buffer, "X.509", 5); - - /* The DER encoding of the certificate */ - add_msb_int (buffer, ex->cert_len); - p11_buffer_add (buffer, ex->cert_der, ex->cert_len); - } - - p11_dict_free (aliases); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - return false; - } - - /* Place the count in the right place */ - encode_msb_int ((unsigned char *)buffer->data + count_at, count); - - /* - * Java keystore reinvents HMAC and uses it to try and "secure" the - * cacerts. We fill this in and use the default "changeit" string - * as the password for this keyed digest. - */ - length = buffer->len; - digest = p11_buffer_append (buffer, P11_HASH_SHA1_LEN); - return_val_if_fail (digest != NULL, false); - p11_hash_sha1 (digest, - "\000c\000h\000a\000n\000g\000e\000i\000t", 16, /* default password */ - "Mighty Aphrodite", 16, /* go figure */ - buffer->data, length, - NULL); - - return_val_if_fail (p11_buffer_ok (buffer), false); - return true; -} - -bool -p11_extract_jks_cacerts (P11KitIter *iter, - p11_extract_info *ex) -{ - p11_buffer buffer; - p11_save_file *file; - bool ret; - - p11_buffer_init (&buffer, 1024 * 10); - ret = prepare_jks_buffer (iter, ex, &buffer); - if (ret) { - file = p11_save_open_file (ex->destination, ex->flags); - ret = p11_save_write_and_finish (file, buffer.data, buffer.len); - } - - p11_buffer_uninit (&buffer); - return ret; -} diff --git a/tools/extract-openssl.c b/tools/extract-openssl.c deleted file mode 100644 index 91a9965..0000000 --- a/tools/extract-openssl.c +++ /dev/null @@ -1,674 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "asn1.h" -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "hash.h" -#include "message.h" -#include "oid.h" -#include "pem.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "save.h" -#include "utf8.h" -#include "x509.h" - -#include <assert.h> -#include <ctype.h> -#include <stdlib.h> -#include <string.h> - -/* These functions are declared with a global scope for testing */ - -void p11_openssl_canon_string (char *str, - size_t *len); - -bool p11_openssl_canon_string_der (p11_buffer *der); - -bool p11_openssl_canon_name_der (p11_dict *asn1_defs, - p11_buffer *der); - -static p11_array * -empty_usages (void) -{ - return p11_array_new (free); -} - -static bool -known_usages (p11_array *oids) -{ - char *string; - int i; - - const char *strings[] = { - P11_OID_SERVER_AUTH_STR, - P11_OID_CLIENT_AUTH_STR, - P11_OID_CODE_SIGNING_STR, - P11_OID_EMAIL_PROTECTION_STR, - P11_OID_IPSEC_END_SYSTEM_STR, - P11_OID_IPSEC_TUNNEL_STR, - P11_OID_IPSEC_USER_STR, - P11_OID_TIME_STAMPING_STR, - NULL, - }; - - for (i = 0; strings[i] != NULL; i++) { - string = strdup (strings[i]); - return_val_if_fail (string != NULL, false); - if (!p11_array_push (oids, string)) - return_val_if_reached (false); - } - - return true; -} - -static bool -load_usage_ext (p11_extract_info *ex, - const unsigned char *ext_oid, - p11_array **oids) -{ - CK_ATTRIBUTE attr = { CKA_OBJECT_ID, (void *)ext_oid, - p11_oid_length (ext_oid) }; - void *value; - size_t length; - - value = p11_attrs_find_value (p11_dict_get (ex->stapled, &attr), CKA_VALUE, &length); - if (value == NULL) { - *oids = NULL; - return true; - } - - *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length); - return_val_if_fail (*oids != NULL, false); - - return true; -} - -static bool -write_usages (node_asn *asn, - const char *field, - p11_array *oids) -{ - char *last; - int ret; - int i; - - /* - * No oids? Then doing this will make the entire optional - * field go away - */ - if (oids == NULL) { - ret = asn1_write_value (asn, field, NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - } else { - if (asprintf (&last, "%s.?LAST", field) < 0) - return_val_if_reached (false); - for (i = 0; i < oids->num; i++) { - ret = asn1_write_value (asn, field, "NEW", 1); - return_val_if_fail (ret == ASN1_SUCCESS, false); - ret = asn1_write_value (asn, last, oids->elem[i], -1); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } - - free (last); - } - - return true; -} - -static bool -write_trust_and_rejects (p11_extract_info *ex, - node_asn *asn) -{ - p11_array *trusts = NULL; - p11_array *rejects = NULL; - CK_BBOOL trust; - CK_BBOOL distrust; - - if (!p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trust)) - trust = CK_FALSE; - if (!p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrust)) - distrust = CK_FALSE; - - if (!load_usage_ext (ex, P11_OID_OPENSSL_REJECT, &rejects)) - return_val_if_reached (false); - - if (distrust) { - - /* - * If this is on the blacklist then, make sure we have - * an empty trusts field and add as many things to rejects - * as possible. - */ - trusts = NULL; - - if (!rejects) - rejects = empty_usages (); - if (!known_usages (rejects)) - return_val_if_reached (false); - return_val_if_fail (rejects != NULL, false); - - } else if (trust) { - - /* - * If this is an anchor, then try and guarantee that there - * are some trust anchors. - */ - - if (!load_usage_ext (ex, P11_OID_EXTENDED_KEY_USAGE, &trusts)) - return_val_if_reached (false); - - } else { - - /* - * This is not an anchor, always put an empty trusts - * section, with possible rejects, loaded above - */ - - trusts = empty_usages (); - } - - if (!write_usages (asn, "trust", trusts) || - !write_usages (asn, "reject", rejects)) - return_val_if_reached (false); - - p11_array_free (trusts); - p11_array_free (rejects); - return true; -} - -static bool -write_keyid (p11_extract_info *ex, - node_asn *asn) -{ - CK_ATTRIBUTE attr = { CKA_OBJECT_ID, - (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, - sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }; - CK_ATTRIBUTE *value; - int ret; - - value = p11_attrs_find_valid (p11_dict_get (ex->stapled, &attr), CKA_VALUE); - if (value == NULL) { - ret = asn1_write_value (asn, "keyid", NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } else { - ret = asn1_write_value (asn, "keyid", value->pValue, value->ulValueLen); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } - - return true; -} - -static bool -write_alias (p11_extract_info *ex, - node_asn *asn) -{ - CK_ATTRIBUTE *label; - int ret; - - label = p11_attrs_find_valid (ex->attrs, CKA_LABEL); - if (label == NULL) { - ret = asn1_write_value (asn, "alias", NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } else { - ret = asn1_write_value (asn, "alias", label->pValue, label->ulValueLen); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } - - return true; -} - -static bool -write_other (p11_extract_info *ex, - node_asn *asn) -{ - int ret; - - ret = asn1_write_value (asn, "other", NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - return true; -} - -static bool -prepare_pem_contents (p11_extract_info *ex, - p11_buffer *buffer) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - unsigned char *der; - node_asn *asn; - size_t offset; - int ret; - int len; - - p11_buffer_add (buffer, ex->cert_der, ex->cert_len); - - asn = p11_asn1_create (ex->asn1_defs, "OPENSSL.CertAux"); - return_val_if_fail (asn != NULL, false); - - if (!write_trust_and_rejects (ex, asn) || - !write_alias (ex, asn) || - !write_keyid (ex, asn) || - !write_other (ex, asn)) - return_val_if_reached (false); - - len = 0; - offset = buffer->len; - - ret = asn1_der_coding (asn, "", NULL, &len, message); - return_val_if_fail (ret == ASN1_MEM_ERROR, false); - - der = p11_buffer_append (buffer, len); - return_val_if_fail (der != NULL, false); - - ret = asn1_der_coding (asn, "", der, &len, message); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - buffer->len = offset + len; - asn1_delete_structure (&asn); - return true; -} - -bool -p11_extract_openssl_bundle (P11KitIter *iter, - p11_extract_info *ex) -{ - p11_save_file *file; - p11_buffer output; - p11_buffer buf; - char *comment; - bool ret = true; - bool first; - CK_RV rv; - - file = p11_save_open_file (ex->destination, ex->flags); - if (!file) - return false; - - first = true; - p11_buffer_init (&output, 0); - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - p11_buffer_init (&buf, 1024); - if (!p11_buffer_reset (&output, 2048)) - return_val_if_reached (false); - - if (prepare_pem_contents (ex, &buf)) { - if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) - return_val_if_reached (false); - - comment = p11_extract_info_comment (ex, first); - first = false; - - ret = p11_save_write (file, comment, -1) && - p11_save_write (file, output.data, output.len); - - free (comment); - } - - p11_buffer_uninit (&buf); - - if (!ret) - break; - } - - p11_buffer_uninit (&output); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - /* - * This will produce an empty file (which is a valid PEM bundle) if no - * certificates were found. - */ - - p11_save_finish_file (file, ret); - return ret; -} - -void -p11_openssl_canon_string (char *str, - size_t *len) -{ - bool nsp; - bool sp; - char *in; - char *out; - char *end; - - /* - * Now that the string is UTF-8 here we convert the string to the - * OpenSSL canonical form. This is a bit odd and openssl specific. - * Basically they ignore any char over 127, do ascii tolower() stuff - * and collapse spaces based on isspace(). - */ - - for (in = out = str, end = out + *len, sp = false, nsp = false; in < end; in++) { - if (*in & 0x80 || !isspace (*in)) { - /* If there has been a space, then add one */ - if (sp) - *out++ = ' '; - *out++ = (*in & 0x80) ? *in : tolower (*in); - sp = false; - nsp = true; - /* If there has been a non-space, then note we should get one */ - } else if (nsp) { - nsp = false; - sp = true; - } - } - - if (out < end) - out[0] = 0; - *len = out - str; -} - -bool -p11_openssl_canon_string_der (p11_buffer *der) -{ - char *string; - size_t length; - int output_len; - int len_len; - bool unknown_string; - unsigned char *output; - int len; - - string = p11_x509_parse_directory_string (der->data, der->len, &unknown_string, &length); - - /* Just pass through all the non-string types */ - if (string == NULL) - return unknown_string; - - p11_openssl_canon_string (string, &length); - - asn1_length_der (length, NULL, &len_len); - output_len = 1 + len_len + length; - - if (!p11_buffer_reset (der, output_len)) - return_val_if_reached (false); - - output = der->data; - der->len = output_len; - - output[0] = 12; /* UTF8String */ - len = output_len - 1; - asn1_octet_der ((unsigned char *)string, length, output + 1, &len); - assert (len == output_len - 1); - - free (string); - return true; -} - -bool -p11_openssl_canon_name_der (p11_dict *asn1_defs, - p11_buffer *der) -{ - p11_buffer value; - char outer[64]; - char field[64]; - node_asn *name; - void *at; - int value_len; - bool failed; - size_t offset; - int ret; - int num; - int len; - int i, j; - - name = p11_asn1_decode (asn1_defs, "PKIX1.Name", der->data, der->len, NULL); - return_val_if_fail (name != NULL, false); - - ret = asn1_number_of_elements (name, "rdnSequence", &num); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - p11_buffer_init (&value, 0); - p11_buffer_reset (der, 0); - - for (i = 1, failed = false; !failed && i < num + 1; i++) { - snprintf (outer, sizeof (outer), "rdnSequence.?%d", i); - for (j = 1; !failed; j++) { - snprintf (field, sizeof (field), "%s.?%d.value", outer, j); - - value_len = 0; - ret = asn1_read_value (name, field, NULL, &value_len); - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_MEM_ERROR, false); - - if (!p11_buffer_reset (&value, value_len)) - return_val_if_reached (false); - - ret = asn1_read_value (name, field, value.data, &value_len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - value.len = value_len; - - if (p11_openssl_canon_string_der (&value)) { - ret = asn1_write_value (name, field, value.data, value.len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } else { - failed = true; - } - } - - /* - * Yes the OpenSSL canon strangeness, is a concatenation - * of all the RelativeDistinguishedName DER encodings, without - * an outside wrapper. - */ - if (!failed) { - len = -1; - ret = asn1_der_coding (name, outer, NULL, &len, NULL); - return_val_if_fail (ret == ASN1_MEM_ERROR, false); - - offset = der->len; - at = p11_buffer_append (der, len); - return_val_if_fail (at != NULL, false); - - ret = asn1_der_coding (name, outer, at, &len, NULL); - return_val_if_fail (ret == ASN1_SUCCESS, false); - der->len = offset + len; - } - } - - asn1_delete_structure (&name); - p11_buffer_uninit (&value); - return !failed; -} - -#ifdef OS_UNIX - -static char * -symlink_for_subject_hash (p11_extract_info *ex) -{ - unsigned char md[P11_HASH_SHA1_LEN]; - p11_buffer der; - CK_ATTRIBUTE *subject; - unsigned long hash; - char *linkname = NULL; - - subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT); - if (!subject || !subject->pValue || !subject->ulValueLen) - return NULL; - - p11_buffer_init_full (&der, memdup (subject->pValue, subject->ulValueLen), - subject->ulValueLen, 0, realloc, free); - return_val_if_fail (der.data != NULL, NULL); - - if (p11_openssl_canon_name_der (ex->asn1_defs, &der)) { - p11_hash_sha1 (md, der.data, der.len, NULL); - - hash = ( - ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - - if (asprintf (&linkname, "%08lx", hash) < 0) - return_val_if_reached (NULL); - } - - p11_buffer_uninit (&der); - return linkname; -} - -static char * -symlink_for_subject_old_hash (p11_extract_info *ex) -{ - unsigned char md[P11_HASH_MD5_LEN]; - CK_ATTRIBUTE *subject; - unsigned long hash; - char *linkname; - - subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT); - if (!subject) - return NULL; - - p11_hash_md5 (md, subject->pValue, subject->ulValueLen, NULL); - - hash = ( - ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - - if (asprintf (&linkname, "%08lx", hash) < 0) - return_val_if_reached (NULL); - - return linkname; -} - -#endif /* OS_UNIX */ - -bool -p11_extract_openssl_directory (P11KitIter *iter, - p11_extract_info *ex) -{ - const char *filename; - p11_save_file *file; - p11_save_dir *dir; - p11_buffer output; - p11_buffer buf; - bool ret = true; - char *name; - CK_RV rv; - -#ifdef OS_UNIX - char *linkname; -#endif - - dir = p11_save_open_directory (ex->destination, ex->flags); - if (dir == NULL) - return false; - - p11_buffer_init (&buf, 0); - p11_buffer_init (&output, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - if (!p11_buffer_reset (&buf, 1024)) - return_val_if_reached (false); - if (!p11_buffer_reset (&output, 2048)) - return_val_if_reached (false); - - if (prepare_pem_contents (ex, &buf)) { - if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) - return_val_if_reached (false); - - name = p11_extract_info_filename (ex); - return_val_if_fail (name != NULL, false); - - file = p11_save_open_file_in (dir, name, ".pem", &filename); - - /* - * The OpenSSL style c_rehash stuff - * - * Different versions of openssl build these hashes differently - * so output both of them. Shouldn't cause confusion, because - * multiple certificates can hash to the same link anyway, - * and this is the reason for the trailing number after the dot. - * - * The trailing number is incremented p11_save_symlink_in() if it - * conflicts with something we've already written out. - * - * On Windows no symlinks. - */ - - ret = true; - -#ifdef OS_UNIX - linkname = symlink_for_subject_hash (ex); - if (file && linkname) { - ret = p11_save_symlink_in (dir, linkname, ".0", filename); - free (linkname); - } - - linkname = symlink_for_subject_old_hash (ex); - if (ret && file && linkname) { - ret = p11_save_symlink_in (dir, linkname, ".0", filename); - free (linkname); - } -#endif /* OS_UNIX */ - - if (ret) - ret = p11_save_write_and_finish (file, output.data, output.len); - else - p11_save_finish_file (file, false); - - free (name); - } - - if (!ret) - break; - } - - p11_buffer_uninit (&buf); - p11_buffer_uninit (&output); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - p11_save_finish_directory (dir, ret); - return ret; -} diff --git a/tools/extract-pem.c b/tools/extract-pem.c deleted file mode 100644 index 0bae3cb..0000000 --- a/tools/extract-pem.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TOOL - -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "message.h" -#include "pem.h" -#include "save.h" - -#include <stdlib.h> - -bool -p11_extract_pem_bundle (P11KitIter *iter, - p11_extract_info *ex) -{ - char *comment; - p11_buffer buf; - p11_save_file *file; - bool ret = true; - bool first = true; - CK_RV rv; - - file = p11_save_open_file (ex->destination, ex->flags); - if (!file) - return false; - - p11_buffer_init (&buf, 0); - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - if (!p11_buffer_reset (&buf, 2048)) - return_val_if_reached (false); - - if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf)) - return_val_if_reached (false); - - comment = p11_extract_info_comment (ex, first); - first = false; - - ret = p11_save_write (file, comment, -1) && - p11_save_write (file, buf.data, buf.len); - - free (comment); - - if (!ret) - break; - } - - p11_buffer_uninit (&buf); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - /* - * This will produce an empty file (which is a valid PEM bundle) if no - * certificates were found. - */ - - p11_save_finish_file (file, ret); - return ret; -} - -bool -p11_extract_pem_directory (P11KitIter *iter, - p11_extract_info *ex) -{ - p11_save_file *file; - p11_save_dir *dir; - p11_buffer buf; - bool ret = true; - char *filename; - CK_RV rv; - - dir = p11_save_open_directory (ex->destination, ex->flags); - if (dir == NULL) - return false; - - p11_buffer_init (&buf, 0); - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - if (!p11_buffer_reset (&buf, 2048)) - return_val_if_reached (false); - - if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf)) - return_val_if_reached (false); - - filename = p11_extract_info_filename (ex); - return_val_if_fail (filename != NULL, false); - - file = p11_save_open_file_in (dir, filename, ".pem", NULL); - free (filename); - - ret = p11_save_write_and_finish (file, buf.data, buf.len); - - if (!ret) - break; - } - - p11_buffer_uninit (&buf); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - p11_save_finish_directory (dir, ret); - return ret; -} diff --git a/tools/extract-x509.c b/tools/extract-x509.c deleted file mode 100644 index 4a0d9c0..0000000 --- a/tools/extract-x509.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "message.h" -#include "save.h" - -#include <stdlib.h> - -bool -p11_extract_x509_file (P11KitIter *iter, - p11_extract_info *ex) -{ - bool found = false; - p11_save_file *file; - CK_RV rv; - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - if (found) { - p11_message ("multiple certificates found but could only write one to file"); - break; - } - - file = p11_save_open_file (ex->destination, ex->flags); - if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) - return false; - - /* Wrote something */ - found = true; - } - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - return false; - - /* Remember that an empty DER file is not a valid file, so complain if nothing */ - } else if (!found) { - p11_message ("no certificate found"); - return false; - } - - return true; -} - -bool -p11_extract_x509_directory (P11KitIter *iter, - p11_extract_info *ex) -{ - p11_save_file *file; - p11_save_dir *dir; - char *filename; - CK_RV rv; - bool ret; - - dir = p11_save_open_directory (ex->destination, ex->flags); - if (dir == NULL) - return false; - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - filename = p11_extract_info_filename (ex); - return_val_if_fail (filename != NULL, -1); - - file = p11_save_open_file_in (dir, filename, ".cer", NULL); - free (filename); - - if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) { - p11_save_finish_directory (dir, false); - return false; - } - } - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } else { - ret = true; - } - - p11_save_finish_directory (dir, ret); - return ret; -} diff --git a/tools/extract.c b/tools/extract.c deleted file mode 100644 index 3d1fee7..0000000 --- a/tools/extract.c +++ /dev/null @@ -1,460 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "iter.h" -#include "message.h" -#include "oid.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "save.h" -#include "tool.h" - -#include <assert.h> -#include <ctype.h> -#include <getopt.h> -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -static bool -filter_argument (const char *optarg, - P11KitUri **uri, - CK_ATTRIBUTE **match, - int *flags) -{ - CK_ATTRIBUTE *attrs; - int ret; - - CK_OBJECT_CLASS vcertificate = CKO_CERTIFICATE; - CK_ULONG vauthority = 2; - CK_CERTIFICATE_TYPE vx509 = CKC_X_509; - - CK_ATTRIBUTE certificate = { CKA_CLASS, &vcertificate, sizeof (vcertificate) }; - CK_ATTRIBUTE authority = { CKA_CERTIFICATE_CATEGORY, &vauthority, sizeof (vauthority) }; - CK_ATTRIBUTE x509 = { CKA_CERTIFICATE_TYPE, &vx509, sizeof (vx509) }; - - if (strncmp (optarg, "pkcs11:", 7) == 0) { - if (*uri != NULL) { - p11_message ("only one pkcs11 uri filter may be specified"); - return false; - } - *uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse (optarg, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE, *uri); - if (ret != P11_KIT_URI_OK) { - p11_message ("couldn't parse pkcs11 uri filter: %s", optarg); - return false; - } - return true; - } - - if (strcmp (optarg, "ca-anchors") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &authority, &x509, NULL); - *flags |= P11_EXTRACT_ANCHORS | P11_EXTRACT_COLLAPSE; - - } else if (strcmp (optarg, "trust-policy") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); - *flags |= P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST | P11_EXTRACT_COLLAPSE; - - } else if (strcmp (optarg, "blacklist") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); - *flags |= P11_EXTRACT_BLACKLIST | P11_EXTRACT_COLLAPSE; - - } else if (strcmp (optarg, "certificates") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); - *flags |= P11_EXTRACT_COLLAPSE; - - } else { - p11_message ("unsupported or unrecognized filter: %s", optarg); - return false; - } - - if (*match != NULL) { - p11_message ("a conflicting filter has already been specified"); - p11_attrs_free (attrs); - return false; - } - - *match = attrs; - return true; -} - -static int -is_valid_oid_rough (const char *string) -{ - size_t len; - - len = strlen (string); - - /* Rough check if a valid OID */ - return (strspn (string, "0123456789.") == len && - !strstr (string, "..") && string[0] != '\0' && string[0] != '.' && - string[len - 1] != '.'); -} - -static bool -purpose_argument (const char *optarg, - p11_extract_info *ex) -{ - const char *oid; - - if (strcmp (optarg, "server-auth") == 0) { - oid = P11_OID_SERVER_AUTH_STR; - } else if (strcmp (optarg, "client-auth") == 0) { - oid = P11_OID_CLIENT_AUTH_STR; - } else if (strcmp (optarg, "email-protection") == 0 || strcmp (optarg, "email") == 0) { - oid = P11_OID_EMAIL_PROTECTION_STR; - } else if (strcmp (optarg, "code-signing") == 0) { - oid = P11_OID_CODE_SIGNING_STR; - } else if (strcmp (optarg, "ipsec-end-system") == 0) { - oid = P11_OID_IPSEC_END_SYSTEM_STR; - } else if (strcmp (optarg, "ipsec-tunnel") == 0) { - oid = P11_OID_IPSEC_TUNNEL_STR; - } else if (strcmp (optarg, "ipsec-user") == 0) { - oid = P11_OID_IPSEC_USER_STR; - } else if (strcmp (optarg, "time-stamping") == 0) { - oid = P11_OID_TIME_STAMPING_STR; - } else if (is_valid_oid_rough (optarg)) { - oid = optarg; - } else { - p11_message ("unsupported or unregonized purpose: %s", optarg); - return false; - } - - p11_extract_info_limit_purpose (ex, oid); - return true; -} - -static bool -format_argument (const char *optarg, - p11_extract_func *func) -{ - int i; - - /* - * Certain formats do not support expressive trust information. - * So the caller should limit the supported purposes when asking - * for trust information. - */ - - static const struct { - const char *format; - p11_extract_func func; - } formats[] = { - { "x509-file", p11_extract_x509_file, }, - { "x509-directory", p11_extract_x509_directory, }, - { "pem-bundle", p11_extract_pem_bundle, }, - { "pem-directory", p11_extract_pem_directory }, - { "java-cacerts", p11_extract_jks_cacerts }, - { "openssl-bundle", p11_extract_openssl_bundle }, - { "openssl-directory", p11_extract_openssl_directory }, - { NULL }, - }; - - if (*func != NULL) { - p11_message ("a format was already specified"); - return false; - } - - for (i = 0; formats[i].format != NULL; i++) { - if (strcmp (optarg, formats[i].format) == 0) { - *func = formats[i].func; - break; - } - } - - if (*func == NULL) { - p11_message ("unsupported or unrecognized format: %s", optarg); - return false; - } - - return true; -} - -static void -limit_modules_if_necessary (CK_FUNCTION_LIST_PTR *modules, - int flags) -{ - char *string; - int i, out; - - /* - * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes - * we get from modules explicitly marked as containing trust-policy. - */ - - if ((flags & (P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST)) == 0) - return; - - /* Count the number of modules */ - for (out = 0; modules[out] != NULL; out++); - - if (out == 0) - return; - - /* TODO: This logic will move once we merge our p11-kit managed code */ - for (i = 0, out = 0; modules[i] != NULL; i++) { - string = p11_kit_config_option (modules[i], "trust-policy"); - if (string && strcmp (string, "yes") == 0) - modules[out++] = modules[i]; - else if (string && strcmp (string, "no") != 0) - p11_message ("skipping module with invalid 'trust-policy' setting: %s", string); - free (string); - } - - if (out == 0) - p11_message ("no modules containing trust policy are registered"); -} - -static bool -validate_filter_and_format (p11_extract_info *ex, - p11_extract_func func, - CK_ATTRIBUTE *match) -{ - int i; - - /* - * These are the extract functions that contain purpose information. - * If we're being asked to export anchors, and the extract function does - * not support, and the caller has not specified a purpose, then add a - * default purpose to limit to. - */ - - static p11_extract_func supports_trust_policy[] = { - p11_extract_openssl_bundle, - p11_extract_openssl_directory, - NULL - }; - - for (i = 0; supports_trust_policy[i] != NULL; i++) { - if (func == supports_trust_policy[i]) - return true; - } - - if ((ex->flags & P11_EXTRACT_ANCHORS) && - (ex->flags & P11_EXTRACT_BLACKLIST)) { - /* - * If we're extracting *both* anchors and blacklist, then we must have - * a format that can represent the different types of information. - */ - - p11_message ("format does not support trust policy"); - return false; - - } else if (ex->flags & P11_EXTRACT_ANCHORS) { - - /* - * If we're extracting anchors, then we must have either limited the - * purposes, or have a format that can represent multiple purposes. - */ - - if (!ex->limit_to_purposes) { - p11_message ("format does not support multiple purposes, defaulting to 'server-auth'"); - p11_extract_info_limit_purpose (ex, P11_OID_SERVER_AUTH_STR); - } - } - - return true; -} - -int -p11_tool_extract (int argc, - char **argv) -{ - p11_extract_func format = NULL; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - p11_extract_info ex; - CK_ATTRIBUTE *match; - P11KitUri *uri; - int opt = 0; - int ret; - - enum { - opt_overwrite = 'f', - opt_verbose = 'v', - opt_quiet = 'q', - opt_help = 'h', - opt_filter = 1000, - opt_purpose, - opt_format, - opt_comment, - }; - - struct option options[] = { - { "filter", required_argument, NULL, opt_filter }, - { "format", required_argument, NULL, opt_format }, - { "purpose", required_argument, NULL, opt_purpose }, - { "overwrite", no_argument, NULL, opt_overwrite }, - { "comment", no_argument, NULL, opt_comment }, - { "verbose", no_argument, NULL, opt_verbose }, - { "quiet", no_argument, NULL, opt_quiet }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: p11-kit extract --format=<output> <destination>" }, - { opt_filter, - "filter of what to export\n" - " ca-anchors certificate anchors (default)\n" - " blacklist blacklisted certificates\n" - " trust-policy anchors and blacklist\n" - " certificates all certificates\n" - " pkcs11:object=xx a PKCS#11 URI", - "what", - }, - { opt_format, - "format to extract to\n" - " x509-file DER X.509 certificate file\n" - " x509-directory directory of X.509 certificates\n" - " pem-bundle file containing multiple PEM blocks\n" - " pem-directory directory of PEM files\n" - " openssl-bundle OpenSSL specific PEM bundle\n" - " openssl-directory directory of OpenSSL specific files\n" - " java-cacerts java keystore cacerts file", - "type" - }, - { opt_purpose, - "limit to certificates usable for the purpose\n" - " server-auth for authenticating servers\n" - " client-auth for authenticating clients\n" - " email for email protection\n" - " code-signing for authenticating signed code\n" - " 1.2.3.4.5... an arbitrary object id", - "usage" - }, - { opt_overwrite, "overwrite output file or directory" }, - { opt_comment, "add comments to bundles if possible" }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "supress command output", }, - { 0 }, - }; - - match = NULL; - uri = NULL; - - p11_extract_info_init (&ex); - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_verbose: - case opt_quiet: - break; - - case opt_overwrite: - ex.flags |= P11_SAVE_OVERWRITE; - break; - case opt_comment: - ex.flags |= P11_EXTRACT_COMMENT; - break; - case opt_filter: - if (!filter_argument (optarg, &uri, &match, &ex.flags)) - return 2; - break; - case opt_purpose: - if (!purpose_argument (optarg, &ex)) - return 2; - break; - case opt_format: - if (!format_argument (optarg, &format)) - return 2; - break; - case 'h': - p11_tool_usage (usages, options); - return 0; - case '?': - return 2; - default: - assert_not_reached (); - break; - } - } while (opt != -1); - - argc -= optind; - argv += optind; - - if (argc != 1) { - p11_message ("specify one destination file or directory"); - return 2; - } - ex.destination = argv[0]; - - if (!format) { - p11_message ("no output format specified"); - return 2; - } - - /* If nothing that was useful to enumerate was specified, then bail */ - if (uri == NULL && match == NULL) { - p11_message ("no filter specified, defaulting to 'ca-anchors'"); - filter_argument ("ca-anchors", &uri, &match, &ex.flags); - } - - if (!validate_filter_and_format (&ex, format, match)) - return 1; - - if (uri && p11_kit_uri_any_unrecognized (uri)) - p11_message ("uri contained unrecognized components, nothing will be extracted"); - - modules = p11_kit_modules_load_and_initialize (0); - if (!modules) - return 1; - - limit_modules_if_necessary (modules, ex.flags); - - iter = p11_kit_iter_new (uri); - - p11_kit_iter_add_callback (iter, p11_extract_info_load_filter, &ex, NULL); - p11_kit_iter_add_filter (iter, match, p11_attrs_count (match)); - - p11_kit_iter_begin (iter, modules); - - ret = (format) (iter, &ex) ? 0 : 1; - - p11_extract_info_cleanup (&ex); - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - - p11_kit_modules_finalize (modules); - p11_kit_modules_release (modules); - - return ret; -} diff --git a/tools/extract.h b/tools/extract.h deleted file mode 100644 index 85405e5..0000000 --- a/tools/extract.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#ifndef P11_EXTRACT_H_ -#define P11_EXTRACT_H_ - -#include "array.h" -#include "asn1.h" -#include "dict.h" -#include "iter.h" -#include "pkcs11.h" - -enum { - /* These overlap with the flags in save.h, so start higher */ - P11_EXTRACT_COMMENT = 1 << 10, - P11_EXTRACT_ANCHORS = 1 << 11, - P11_EXTRACT_BLACKLIST = 1 << 12, - P11_EXTRACT_COLLAPSE = 1 << 13, -}; - -typedef struct { - p11_dict *asn1_defs; - p11_dict *limit_to_purposes; - p11_dict *already_seen; - char *destination; - int flags; - - /* - * Stuff below is parsed info for the current iteration. - * Currently this information is generally all relevant - * just for certificates. - */ - - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE *attrs; - - /* Pre-parsed data for certificates */ - node_asn *cert_asn; - const unsigned char *cert_der; - size_t cert_len; - - /* DER OID -> CK_ATTRIBUTE list */ - p11_dict *stapled; - - /* Set of OID purposes as strings */ - p11_array *purposes; -} p11_extract_info; - -void p11_extract_info_init (p11_extract_info *ex); - -CK_RV p11_extract_info_load_filter (P11KitIter *iter, - CK_BBOOL *matches, - void *data); - -void p11_extract_info_limit_purpose (p11_extract_info *ex, - const char *purpose); - -void p11_extract_info_cleanup (p11_extract_info *ex); - -char * p11_extract_info_filename (p11_extract_info *ex); - -char * p11_extract_info_comment (p11_extract_info *ex, - bool first); - -typedef bool (* p11_extract_func) (P11KitIter *iter, - p11_extract_info *ex); - -bool p11_extract_x509_file (P11KitIter *iter, - p11_extract_info *ex); - -bool p11_extract_x509_directory (P11KitIter *iter, - p11_extract_info *ex); - -bool p11_extract_pem_bundle (P11KitIter *iter, - p11_extract_info *ex); - -bool p11_extract_pem_directory (P11KitIter *iter, - p11_extract_info *ex); - -bool p11_extract_jks_cacerts (P11KitIter *iter, - p11_extract_info *ex); - -bool p11_extract_openssl_bundle (P11KitIter *iter, - p11_extract_info *ex); - -bool p11_extract_openssl_directory (P11KitIter *iter, - p11_extract_info *ex); - -#endif /* P11_EXTRACT_H_ */ diff --git a/tools/list.c b/tools/list.c deleted file mode 100644 index fe028ae..0000000 --- a/tools/list.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" - -#include <assert.h> -#include <ctype.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "message.h" -#include "p11-kit.h" -#include "tool.h" -#include "uri.h" - -typedef int (*operation) (int argc, char *argv[]); -bool verbose = false; - -static const char HEXC_LOWER[] = "0123456789abcdef"; - -static char * -hex_encode (const unsigned char *data, - size_t n_data) -{ - char *result; - size_t i; - size_t o; - - result = malloc (n_data * 3 + 1); - if (result == NULL) - return NULL; - - for (i = 0, o = 0; i < n_data; i++) { - if (i > 0) - result[o++] = ':'; - result[o++] = HEXC_LOWER[data[i] >> 4 & 0xf]; - result[o++] = HEXC_LOWER[data[i] & 0xf]; - } - - result[o] = 0; - return result; -} - -static bool -is_ascii_string (const unsigned char *data, - size_t n_data) -{ - size_t i; - - for (i = 0; i < n_data; i++) { - if (!isascii (data[i]) && - (data[i] < 0x20 && !isspace (data[i]))) - return false; - } - - return true; -} - -static void -print_token_info (CK_FUNCTION_LIST_PTR module, CK_SLOT_ID slot_id) -{ - CK_TOKEN_INFO info; - char *value; - CK_RV rv; - - rv = (module->C_GetTokenInfo) (slot_id, &info); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - value = p11_kit_space_strdup (info.label, sizeof (info.label)); - printf (" token: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - printf (" manufacturer: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.model, sizeof (info.model)); - printf (" model: %s\n", value); - free (value); - - if (is_ascii_string (info.serialNumber, sizeof (info.serialNumber))) - value = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); - else - value = hex_encode (info.serialNumber, sizeof (info.serialNumber)); - printf (" serial-number: %s\n", value); - free (value); - - if (info.hardwareVersion.major || info.hardwareVersion.minor) - printf (" hardware-version: %d.%d\n", - info.hardwareVersion.major, - info.hardwareVersion.minor); - - if (info.firmwareVersion.major || info.firmwareVersion.minor) - printf (" firmware-version: %d.%d\n", - info.firmwareVersion.major, - info.firmwareVersion.minor); - - printf (" flags:\n"); - #define X(x, y) if (info.flags & (x)) printf (" %s\n", (y)) - X(CKF_RNG, "rng"); - X(CKF_WRITE_PROTECTED, "write-protected"); - X(CKF_LOGIN_REQUIRED, "login-required"); - X(CKF_USER_PIN_INITIALIZED, "user-pin-initialized"); - X(CKF_RESTORE_KEY_NOT_NEEDED, "restore-key-not-needed"); - X(CKF_CLOCK_ON_TOKEN, "clock-on-token"); - X(CKF_PROTECTED_AUTHENTICATION_PATH, "protected-authentication-path"); - X(CKF_DUAL_CRYPTO_OPERATIONS, "dual-crypto-operations"); - X(CKF_TOKEN_INITIALIZED, "token-initialized"); - X(CKF_SECONDARY_AUTHENTICATION, "secondary-authentication"); - X(CKF_USER_PIN_COUNT_LOW, "user-pin-count-low"); - X(CKF_USER_PIN_FINAL_TRY, "user-pin-final-try"); - X(CKF_USER_PIN_LOCKED, "user-pin-locked"); - X(CKF_USER_PIN_TO_BE_CHANGED, "user-pin-to-be-changed"); - X(CKF_SO_PIN_COUNT_LOW, "so-pin-count-low"); - X(CKF_SO_PIN_FINAL_TRY, "so-pin-final-try"); - X(CKF_SO_PIN_LOCKED, "so-pin-locked"); - X(CKF_SO_PIN_TO_BE_CHANGED, "so-pin-to-be-changed"); - #undef X -} - -static void -print_module_info (CK_FUNCTION_LIST_PTR module) -{ - CK_SLOT_ID slot_list[256]; - CK_ULONG i, count; - CK_INFO info; - char *value; - CK_RV rv; - - rv = (module->C_GetInfo) (&info); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - value = p11_kit_space_strdup (info.libraryDescription, - sizeof (info.libraryDescription)); - printf (" library-description: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.manufacturerID, - sizeof (info.manufacturerID)); - printf (" library-manufacturer: %s\n", value); - free (value); - - printf (" library-version: %d.%d\n", - info.libraryVersion.major, - info.libraryVersion.minor); - - count = sizeof (slot_list) / sizeof (slot_list[0]); - rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - for (i = 0; i < count; i++) - print_token_info (module, slot_list[i]); -} - -static int -print_modules (void) -{ - CK_FUNCTION_LIST_PTR *module_list; - char *name; - char *path; - int i; - - module_list = p11_kit_modules_load_and_initialize (0); - if (!module_list) - return 1; - - for (i = 0; module_list[i]; i++) { - name = p11_kit_module_get_name (module_list[i]); - path = p11_kit_config_option (module_list[i], "module"); - - printf ("%s: %s\n", - name ? name : "(null)", - path ? path : "(null)"); - print_module_info (module_list[i]); - - free (name); - free (path); - } - - p11_kit_modules_finalize_and_release (module_list); - return 0; -} - -int -p11_tool_list_modules (int argc, - char *argv[]) -{ - int opt; - - enum { - opt_verbose = 'v', - opt_quiet = 'q', - opt_list = 'l', - opt_help = 'h', - }; - - struct option options[] = { - { "verbose", no_argument, NULL, opt_verbose }, - { "quiet", no_argument, NULL, opt_quiet }, - { "list", no_argument, NULL, opt_list }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: p11-kit list" }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "supress command output", }, - { 0 }, - }; - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - - /* Ignore these options, already handled */ - case opt_verbose: - case opt_quiet: - case opt_list: - break; - - case opt_help: - p11_tool_usage (usages, options); - return 0; - case '?': - return 2; - default: - assert_not_reached (); - break; - } - } - - argc -= optind; - argv += optind; - - if (argc != 0) { - p11_message ("extra arguments specified"); - return 2; - } - - return print_modules (); -} diff --git a/tools/save.c b/tools/save.c deleted file mode 100644 index f1605a3..0000000 --- a/tools/save.c +++ /dev/null @@ -1,537 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "buffer.h" -#include "debug.h" -#include "dict.h" -#include "message.h" -#include "save.h" - -#include <sys/stat.h> - -#include <assert.h> -#include <dirent.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -struct _p11_save_file { - char *path; - char *temp; - int fd; - int flags; -}; - -struct _p11_save_dir { - p11_dict *cache; - char *path; - int flags; -}; - -bool -p11_save_write_and_finish (p11_save_file *file, - const void *data, - ssize_t length) -{ - bool ret; - - if (!file) - return false; - - ret = p11_save_write (file, data, length); - if (!p11_save_finish_file (file, ret)) - ret = false; - - return ret; -} - -p11_save_file * -p11_save_open_file (const char *path, - int flags) -{ - struct stat st; - p11_save_file *file; - char *temp; - int fd; - - return_val_if_fail (path != NULL, NULL); - - /* - * This is just an early convenience check. We check again - * later when committing, in a non-racy fashion. - */ - - if (!(flags & P11_SAVE_OVERWRITE)) { - if (stat (path, &st) >= 0) { - p11_message ("file already exists: %s", path); - return NULL; - } - } - - if (asprintf (&temp, "%s.XXXXXX", path) < 0) - return_val_if_reached (NULL); - - fd = mkstemp (temp); - if (fd < 0) { - p11_message ("couldn't create file: %s: %s", - path, strerror (errno)); - free (temp); - return NULL; - } - - file = calloc (1, sizeof (p11_save_file)); - return_val_if_fail (file != NULL, NULL); - file->temp = temp; - file->path = strdup (path); - return_val_if_fail (file->path != NULL, NULL); - file->flags = flags; - file->fd = fd; - - return file; -} - -bool -p11_save_write (p11_save_file *file, - const void *data, - ssize_t length) -{ - const unsigned char *buf = data; - ssize_t written = 0; - ssize_t res; - - if (!file) - return false; - - /* Automatically calculate length */ - if (length < 0) { - if (!data) - return true; - length = strlen (data); - } - - while (written < length) { - res = write (file->fd, buf + written, length - written); - if (res <= 0) { - if (errno == EAGAIN && errno == EINTR) - continue; - p11_message ("couldn't write to file: %s: %s", - file->temp, strerror (errno)); - return false; - } else { - written += res; - } - } - - return true; -} - -static void -filo_free (p11_save_file *file) -{ - free (file->temp); - free (file->path); - free (file); -} - -bool -p11_save_finish_file (p11_save_file *file, - bool commit) -{ - bool ret = true; - - if (!file) - return false; - - if (!commit) { - close (file->fd); - unlink (file->temp); - filo_free (file); - return true; - } - - if (close (file->fd) < 0) { - p11_message ("couldn't write file: %s: %s", - file->temp, strerror (errno)); - ret = false; - -#ifdef OS_UNIX - /* Set the mode of the file, readable by everyone, but not writable */ - } else if (chmod (file->temp, S_IRUSR | S_IRGRP | S_IROTH) < 0) { - p11_message ("couldn't set file permissions: %s: %s", - file->temp, strerror (errno)); - close (file->fd); - ret = false; - - /* Atomically rename the tempfile over the filename */ - } else if (file->flags & P11_SAVE_OVERWRITE) { - if (rename (file->temp, file->path) < 0) { - p11_message ("couldn't complete writing file: %s: %s", - file->path, strerror (errno)); - ret = false; - } else { - unlink (file->temp); - } - - /* When not overwriting, link will fail if filename exists. */ - } else { - if (link (file->temp, file->path) < 0) { - p11_message ("couldn't complete writing of file: %s: %s", - file->path, strerror (errno)); - ret = false; - } - unlink (file->temp); - -#else /* OS_WIN32 */ - - /* Windows does not do atomic renames, so delete original file first */ - } else { - if (file->flags & P11_SAVE_OVERWRITE) { - if (unlink (file->path) < 0 && errno != ENOENT) { - p11_message ("couldn't remove original file: %s: %s", - file->path, strerror (errno)); - ret = false; - } - } - - if (ret == true) { - if (rename (file->temp, file->path) < 0) { - p11_message ("couldn't complete writing file: %s: %s", - file->path, strerror (errno)); - ret = false; - } - } - - unlink (file->temp); - -#endif /* OS_WIN32 */ - } - - filo_free (file); - return ret; -} - -p11_save_dir * -p11_save_open_directory (const char *path, - int flags) -{ -#ifdef OS_UNIX - struct stat sb; -#endif - p11_save_dir *dir; - - return_val_if_fail (path != NULL, NULL); - -#ifdef OS_UNIX - /* We update the permissions when we finish writing */ - if (mkdir (path, S_IRWXU) < 0) { -#else /* OS_WIN32 */ - if (mkdir (path) < 0) { -#endif - /* Some random error, report it */ - if (errno != EEXIST) { - p11_message ("couldn't create directory: %s: %s", path, strerror (errno)); - - /* The directory exists and we're not overwriting */ - } else if (!(flags & P11_SAVE_OVERWRITE)) { - p11_message ("directory already exists: %s", path); - return NULL; - } -#ifdef OS_UNIX - /* - * If the directory exists on unix, we may have restricted - * the directory permissions to read-only. We have to change - * them back to writable in order for things to work. - */ - if (stat (path, &sb) >= 0) { - if ((sb.st_mode & S_IRWXU) != S_IRWXU && - chmod (path, S_IRWXU | sb.st_mode) < 0) { - p11_message ("couldn't make directory writable: %s: %s", - path, strerror (errno)); - return NULL; - } - } -#endif /* OS_UNIX */ - } - - dir = calloc (1, sizeof (p11_save_dir)); - return_val_if_fail (dir != NULL, NULL); - - dir->path = strdup (path); - return_val_if_fail (dir->path != NULL, NULL); - - dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - return_val_if_fail (dir->cache != NULL, NULL); - - dir->flags = flags; - return dir; -} - -static char * -make_unique_name (p11_save_dir *dir, - const char *filename, - const char *extension) -{ - char unique[16]; - p11_buffer buf; - int i; - - p11_buffer_init_null (&buf, 0); - - for (i = 0; true; i++) { - - p11_buffer_reset (&buf, 64); - - switch (i) { - - /* - * For the first iteration, just build the filename as - * provided by the caller. - */ - case 0: - p11_buffer_add (&buf, filename, -1); - break; - - /* - * On later iterations we try to add a numeric .N suffix - * before the extension, so the resulting file might look - * like filename.1.ext. - * - * As a special case if the extension is already '.0' then - * just just keep incerementing that. - */ - case 1: - if (extension && strcmp (extension, ".0") == 0) - extension = NULL; - /* fall through */ - - default: - p11_buffer_add (&buf, filename, -1); - snprintf (unique, sizeof (unique), ".%d", i); - p11_buffer_add (&buf, unique, -1); - break; - } - - if (extension) - p11_buffer_add (&buf, extension, -1); - - return_val_if_fail (p11_buffer_ok (&buf), NULL); - - if (!p11_dict_get (dir->cache, buf.data)) - return p11_buffer_steal (&buf, NULL); - } - - assert_not_reached (); -} - -p11_save_file * -p11_save_open_file_in (p11_save_dir *dir, - const char *basename, - const char *extension, - const char **ret_name) -{ - p11_save_file *file = NULL; - char *name; - char *path; - - return_val_if_fail (dir != NULL, NULL); - return_val_if_fail (basename != NULL, NULL); - - name = make_unique_name (dir, basename, extension); - return_val_if_fail (name != NULL, NULL); - - if (asprintf (&path, "%s/%s", dir->path, name) < 0) - return_val_if_reached (NULL); - - file = p11_save_open_file (path, dir->flags); - - if (file) { - if (!p11_dict_set (dir->cache, name, name)) - return_val_if_reached (NULL); - if (ret_name) - *ret_name = name; - name = NULL; - } - - free (name); - free (path); - - return file; -} - -#ifdef OS_UNIX - -bool -p11_save_symlink_in (p11_save_dir *dir, - const char *linkname, - const char *extension, - const char *destination) -{ - char *name; - char *path; - bool ret; - - return_val_if_fail (dir != NULL, false); - return_val_if_fail (linkname != NULL, false); - return_val_if_fail (destination != NULL, false); - - name = make_unique_name (dir, linkname, extension); - return_val_if_fail (name != NULL, false); - - if (asprintf (&path, "%s/%s", dir->path, name) < 0) - return_val_if_reached (false); - - unlink (path); - - if (symlink (destination, path) < 0) { - p11_message ("couldn't create symlink: %s: %s", - path, strerror (errno)); - ret = false; - } else { - if (!p11_dict_set (dir->cache, name, name)) - return_val_if_reached (false); - name = NULL; - ret = true; - } - - free (path); - free (name); - - return ret; -} - -#endif /* OS_UNIX */ - -static bool -cleanup_directory (const char *directory, - p11_dict *cache) -{ - struct dirent *dp; - p11_dict *remove; - p11_dictiter iter; - char *path; - DIR *dir; - int skip; - bool ret; - - /* First we load all the modules */ - dir = opendir (directory); - if (!dir) { - p11_message ("couldn't list directory: %s: %s", - directory, strerror (errno)); - return false; - } - - remove = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - - /* We're within a global mutex, so readdir is safe */ - while ((dp = readdir (dir)) != NULL) { - if (p11_dict_get (cache, dp->d_name)) - continue; - - if (asprintf (&path, "%s/%s", directory, dp->d_name) < 0) - return_val_if_reached (false); - -#ifdef HAVE_STRUCT_DIRENT_D_TYPE - if(dp->d_type != DT_UNKNOWN) { - skip = (dp->d_type == DT_DIR); - } else -#endif - { - struct stat st; - - skip = (stat (path, &st) < 0) || S_ISDIR (st.st_mode); - } - - if (!skip) { - if (!p11_dict_set (remove, path, path)) - return_val_if_reached (false); - } else { - free (path); - } - } - - closedir (dir); - - ret = true; - - /* Remove all the files still in the cache */ - p11_dict_iterate (remove, &iter); - while (p11_dict_next (&iter, (void **)&path, NULL)) { - if (unlink (path) < 0 && errno != ENOENT) { - p11_message ("couldn't remove file: %s: %s", - path, strerror (errno)); - ret = false; - break; - } - } - - p11_dict_free (remove); - - return ret; -} - -bool -p11_save_finish_directory (p11_save_dir *dir, - bool commit) -{ - bool ret = true; - - if (!dir) - return false; - - if (commit) { - if (dir->flags & P11_SAVE_OVERWRITE) - ret = cleanup_directory (dir->path, dir->cache); - -#ifdef OS_UNIX - /* Try to set the mode of the directory to readable */ - if (ret && chmod (dir->path, S_IRUSR | S_IXUSR | S_IRGRP | - S_IXGRP | S_IROTH | S_IXOTH) < 0) { - p11_message ("couldn't set directory permissions: %s: %s", - dir->path, strerror (errno)); - ret = false; - } -#endif /* OS_UNIX */ - } - - p11_dict_free (dir->cache); - free (dir->path); - free (dir); - - return ret; -} diff --git a/tools/save.h b/tools/save.h deleted file mode 100644 index f68d054..0000000 --- a/tools/save.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef P11_SAVE_H_ -#define P11_SAVE_H_ - -#include "compat.h" - -enum { - P11_SAVE_OVERWRITE = 1 << 0, -}; - -typedef struct _p11_save_file p11_save_file; -typedef struct _p11_save_dir p11_save_dir; - -p11_save_file * p11_save_open_file (const char *path, - int flags); - -bool p11_save_write (p11_save_file *file, - const void *data, - ssize_t length); - -bool p11_save_write_and_finish (p11_save_file *file, - const void *data, - ssize_t length); - -bool p11_save_finish_file (p11_save_file *file, - bool commit); - -const char * p11_save_file_name (p11_save_file *file); - -p11_save_dir * p11_save_open_directory (const char *path, - int flags); - -p11_save_file * p11_save_open_file_in (p11_save_dir *directory, - const char *basename, - const char *extension, - const char **filename); - -#ifdef OS_UNIX - -bool p11_save_symlink_in (p11_save_dir *dir, - const char *linkname, - const char *extension, - const char *destination); - -#endif /* OS_UNIX */ - -bool p11_save_finish_directory (p11_save_dir *dir, - bool commit); - -#endif /* P11_SAVE_H_ */ diff --git a/tools/tests/Makefile.am b/tools/tests/Makefile.am deleted file mode 100644 index 9a5ab73..0000000 --- a/tools/tests/Makefile.am +++ /dev/null @@ -1,84 +0,0 @@ - -include $(top_srcdir)/build/Makefile.tests - -EXTRA_DIST = files - -if WITH_ASN1 - -COMMON = $(top_srcdir)/common -TOOLS = $(top_srcdir)/tools - -TEST_RUNNER = libtool --mode=execute - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(top_srcdir)/p11-kit \ - -I$(srcdir)/.. \ - -I$(COMMON) \ - -DP11_KIT_FUTURE_UNSTABLE_API \ - $(LIBTASN1_CFLAGS) \ - $(TEST_CFLAGS) \ - $(NULL) - -LDADD = \ - $(top_builddir)/p11-kit/libp11-kit.la \ - $(top_builddir)/common/libp11-data.la \ - $(top_builddir)/common/libp11-test.la \ - $(top_builddir)/common/libp11-common.la \ - $(builddir)/libtestcommon.la \ - $(LIBTASN1_LIBS) \ - $(LTLIBINTL) \ - $(CUTEST_LIBS) \ - $(NULL) - -noinst_LTLIBRARIES = \ - libtestcommon.la - -libtestcommon_la_SOURCES = \ - test-tools.c test-tools.h - -CHECK_PROGS = \ - test-save \ - test-extract \ - test-x509 \ - test-pem \ - test-openssl \ - $(NULL) - -noinst_PROGRAMS = \ - $(CHECK_PROGS) - -TESTS = $(CHECK_PROGS) - -test_save_SOURCES = \ - test-save.c \ - $(TOOLS)/save.c \ - $(NULL) - -test_extract_SOURCES = \ - test-extract.c \ - $(TOOLS)/extract-info.c \ - $(NULL) - -test_x509_SOURCES = \ - test-x509.c \ - $(TOOLS)/extract-info.c \ - $(TOOLS)/extract-x509.c \ - $(TOOLS)/save.c \ - $(NULL) - -test_pem_SOURCES = \ - test-pem.c \ - $(TOOLS)/extract-info.c \ - $(TOOLS)/extract-pem.c \ - $(TOOLS)/save.c \ - $(NULL) - -test_openssl_SOURCES = \ - test-openssl.c \ - $(TOOLS)/extract-info.c \ - $(TOOLS)/extract-openssl.c \ - $(TOOLS)/save.c \ - $(NULL) - -endif # WITH_ASN1 diff --git a/tools/tests/files/cacert3-distrust-all.pem b/tools/tests/files/cacert3-distrust-all.pem deleted file mode 100644 index ce5d887..0000000 --- a/tools/tests/files/cacert3-distrust-all.pem +++ /dev/null @@ -1,44 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijBSoFAGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG -CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD -CA== ------END TRUSTED CERTIFICATE----- diff --git a/tools/tests/files/cacert3-distrusted-all.pem b/tools/tests/files/cacert3-distrusted-all.pem deleted file mode 100644 index 4a04a39..0000000 --- a/tools/tests/files/cacert3-distrusted-all.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijBIoEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG -CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMI ------END TRUSTED CERTIFICATE----- diff --git a/tools/tests/files/cacert3-not-trusted.pem b/tools/tests/files/cacert3-not-trusted.pem deleted file mode 100644 index eaa2e54..0000000 --- a/tools/tests/files/cacert3-not-trusted.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijACMAA= ------END TRUSTED CERTIFICATE----- diff --git a/tools/tests/files/cacert3-trusted-alias.pem b/tools/tests/files/cacert3-trusted-alias.pem deleted file mode 100644 index 44601ea..0000000 --- a/tools/tests/files/cacert3-trusted-alias.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/tools/tests/files/cacert3-trusted-keyid.pem b/tools/tests/files/cacert3-trusted-keyid.pem deleted file mode 100644 index e652733..0000000 --- a/tools/tests/files/cacert3-trusted-keyid.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAJBAcAAQIDBAUG ------END TRUSTED CERTIFICATE----- diff --git a/tools/tests/files/cacert3-trusted-multiple.pem b/tools/tests/files/cacert3-trusted-multiple.pem deleted file mode 100644 index e56a58f..0000000 --- a/tools/tests/files/cacert3-trusted-multiple.pem +++ /dev/null @@ -1,85 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/tools/tests/files/cacert3-trusted-server-alias.pem b/tools/tests/files/cacert3-trusted-server-alias.pem deleted file mode 100644 index 55593ec..0000000 --- a/tools/tests/files/cacert3-trusted-server-alias.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/tools/tests/files/cacert3-twice.pem b/tools/tests/files/cacert3-twice.pem deleted file mode 100644 index c73202d..0000000 --- a/tools/tests/files/cacert3-twice.pem +++ /dev/null @@ -1,84 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- diff --git a/tools/tests/files/cacert3.der b/tools/tests/files/cacert3.der Binary files differdeleted file mode 100644 index 56f8c88..0000000 --- a/tools/tests/files/cacert3.der +++ /dev/null diff --git a/tools/tests/files/cacert3.pem b/tools/tests/files/cacert3.pem deleted file mode 100644 index 087ca0e..0000000 --- a/tools/tests/files/cacert3.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- diff --git a/tools/tests/files/empty-file b/tools/tests/files/empty-file deleted file mode 100644 index e69de29..0000000 --- a/tools/tests/files/empty-file +++ /dev/null diff --git a/tools/tests/files/simple-string b/tools/tests/files/simple-string deleted file mode 100644 index be13474..0000000 --- a/tools/tests/files/simple-string +++ /dev/null @@ -1 +0,0 @@ -The simple string is hairy
\ No newline at end of file diff --git a/tools/tests/test-extract.c b/tools/tests/test-extract.c deleted file mode 100644 index 9712e81..0000000 --- a/tools/tests/test-extract.c +++ /dev/null @@ -1,503 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" -#include "test.h" -#include "test-tools.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" - -#include <stdlib.h> -#include <string.h> - -static void -test_file_name_for_label (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_extract_info ex; - char *name; - - p11_extract_info_init (&ex); - - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - name = p11_extract_info_filename (&ex); - assert_str_eq ("The_Label_", name); - free (name); - - p11_extract_info_cleanup (&ex); -} - -static void -test_file_name_for_class (void) -{ - p11_extract_info ex; - char *name; - - p11_extract_info_init (&ex); - - ex.klass = CKO_CERTIFICATE; - - name = p11_extract_info_filename (&ex); - assert_str_eq ("certificate", name); - free (name); - - ex.klass = CKO_DATA; - - name = p11_extract_info_filename (&ex); - assert_str_eq ("unknown", name); - free (name); - - p11_extract_info_cleanup (&ex); -} - -static void -test_comment_for_label (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_extract_info ex; - char *comment; - - p11_extract_info_init (&ex); - - ex.flags = P11_EXTRACT_COMMENT; - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - comment = p11_extract_info_comment (&ex, true); - assert_str_eq ("# The Label!\n", comment); - free (comment); - - comment = p11_extract_info_comment (&ex, false); - assert_str_eq ("\n# The Label!\n", comment); - free (comment); - - p11_extract_info_cleanup (&ex); -} - -static void -test_comment_not_enabled (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_extract_info ex; - char *comment; - - p11_extract_info_init (&ex); - - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - comment = p11_extract_info_comment (&ex, true); - assert_ptr_eq (NULL, comment); - - comment = p11_extract_info_comment (&ex, false); - assert_ptr_eq (NULL, comment); - - p11_extract_info_cleanup (&ex); -} - -struct { - CK_FUNCTION_LIST module; - P11KitIter *iter; - p11_extract_info ex; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - test.iter = p11_kit_iter_new (NULL); - - p11_extract_info_init (&test.ex); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - p11_extract_info_cleanup (&test.ex); - - p11_kit_iter_free (test.iter); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; -static CK_BBOOL truev = CK_TRUE; - -static CK_ATTRIBUTE cacert3_trusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 11 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_distrusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Another CaCert", 11 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_server_client[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_ID, "ID1", 3 }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_VALUE, (void *)test_eku_server_and_client, sizeof (test_eku_server_and_client) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_invalid[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_ID, "ID1", 3 }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_VALUE, "invalid", 7 }, - { CKA_INVALID }, -}; - -static void -test_info_simple_certificate (void) -{ - void *value; - size_t length; - CK_RV rv; - - assert_ptr_not_null (test.ex.asn1_defs); - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (CKO_CERTIFICATE, test.ex.klass); - assert_ptr_not_null (test.ex.attrs); - value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length); - assert_ptr_not_null (value); - assert (memcmp (value, test_cacert3_ca_der, length) == 0); - assert_ptr_not_null (test.ex.cert_der); - assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0); - assert_ptr_not_null (test.ex.cert_asn); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_info_limit_purposes (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - /* This should not match the above, with the stapled certificat ext */ - assert_ptr_eq (NULL, test.ex.limit_to_purposes); - p11_extract_info_limit_purpose (&test.ex, "1.1.1"); - assert_ptr_not_null (test.ex.limit_to_purposes); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_info_invalid_purposes (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - p11_kit_be_quiet (); - - /* No results due to invalid purpose on certificate */ - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_kit_be_loud (); -} - -static void -test_info_skip_non_certificate (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (CKO_CERTIFICATE, test.ex.klass); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_message_loud (); -} - -static void -test_limit_to_purpose_match (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_extract_info_limit_purpose (&test.ex, P11_OID_SERVER_AUTH_STR); - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - p11_message_loud (); -} - -static void -test_limit_to_purpose_no_match (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_extract_info_limit_purpose (&test.ex, "3.3.3.3"); - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_message_loud (); -} - -static void -test_duplicate_extract (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, &certificate, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_duplicate_collapse (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_EXTRACT_COLLAPSE; - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, &certificate, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_trusted_match (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_BBOOL boolv; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_EXTRACT_ANCHORS; - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, &certificate, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - if (!p11_attrs_find_bool (test.ex.attrs, CKA_TRUSTED, &boolv)) - boolv = CK_FALSE; - assert_num_eq (CK_TRUE, boolv); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_distrust_match (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_BBOOL boolv; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_EXTRACT_BLACKLIST; - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, &certificate, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv)) - boolv = CK_FALSE; - assert_num_eq (CK_TRUE, boolv); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_anytrust_match (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST; - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, &certificate, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_test (test_file_name_for_label, "/extract/test_file_name_for_label"); - p11_test (test_file_name_for_class, "/extract/test_file_name_for_class"); - p11_test (test_comment_for_label, "/extract/test_comment_for_label"); - p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled"); - - p11_fixture (setup, teardown); - p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate"); - p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes"); - p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes"); - p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate"); - p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match"); - p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match"); - p11_test (test_duplicate_extract, "/extract/test_duplicate_extract"); - p11_test (test_duplicate_collapse, "/extract/test_duplicate_collapse"); - p11_test (test_trusted_match, "/extract/test_trusted_match"); - p11_test (test_distrust_match, "/extract/test_distrust_match"); - p11_test (test_anytrust_match, "/extract/test_anytrust_match"); - - return p11_test_run (argc, argv); -} diff --git a/tools/tests/test-openssl.c b/tools/tests/test-openssl.c deleted file mode 100644 index d393072..0000000 --- a/tools/tests/test-openssl.c +++ /dev/null @@ -1,654 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" -#include "test.h" -#include "test-tools.h" - -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" - -#include <assert.h> -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -struct { - CK_FUNCTION_LIST module; - P11KitIter *iter; - p11_extract_info ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - test.iter = p11_kit_iter_new (NULL); - - p11_extract_info_init (&test.ex); - - test.directory = p11_path_expand ("$TEMP/test-extract.XXXXXX"); - if (!mkdtemp (test.directory)) - assert_not_reached (); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_not_reached (); - free (test.directory); - - p11_extract_info_cleanup (&test.ex); - p11_kit_iter_free (test.iter); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; -static CK_BBOOL vtrue = CK_TRUE; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_server[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_VALUE, (void *)test_eku_server, sizeof (test_eku_server) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_reject_email[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_VALUE, (void *)test_eku_email, sizeof (test_eku_email) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -setup_objects (const CK_ATTRIBUTE *attrs, - ...) GNUC_NULL_TERMINATED; - -static void -setup_objects (const CK_ATTRIBUTE *attrs, - ...) -{ - static CK_ULONG id_value = 8888; - - CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) }; - CK_ATTRIBUTE *copy; - va_list va; - - va_start (va, attrs); - while (attrs != NULL) { - copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL); - assert (copy != NULL); - mock_module_take_object (MOCK_SLOT_ONE_ID, copy); - attrs = va_arg (va, const CK_ATTRIBUTE *); - } - va_end (va); - - id_value++; -} - -static void -test_file (void) -{ - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-trusted-server-alias.pem"); - - free (test.ex.destination); -} - -static void -test_plain (void) -{ - bool ret; - - setup_objects (cacert3_authority_attrs, NULL); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-trusted-alias.pem"); - - free (test.ex.destination); -} - -static void -test_keyid (void) -{ - bool ret; - - static CK_ATTRIBUTE cacert3_plain[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - static unsigned char identifier[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; - - static CK_ATTRIBUTE extension_subject_key_identifier[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }, - { CKA_VALUE, identifier, sizeof (identifier) }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_plain, extension_subject_key_identifier, NULL); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-trusted-keyid.pem"); - - free (test.ex.destination); -} - -static void -test_not_authority (void) -{ - bool ret; - - static CK_ATTRIBUTE cacert3_not_trusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_not_trusted, NULL); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-not-trusted.pem"); - - free (test.ex.destination); -} - -static void -test_distrust_all (void) -{ - bool ret; - - static CK_ATTRIBUTE cacert3_blacklist[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_DISTRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_blacklist, NULL); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-distrust-all.pem"); - - free (test.ex.destination); -} - -static void -test_file_multiple (void) -{ - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - setup_objects (cacert3_authority_attrs, - NULL); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-trusted-multiple.pem"); - - free (test.ex.destination); -} - -static void -test_file_without (void) -{ - bool ret; - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_data (test.directory, "extract.pem", "", 0); - - free (test.ex.destination); -} - -/* From extract-openssl.c */ -void p11_openssl_canon_string (char *str, size_t *len); - -static void -test_canon_string (void) -{ - struct { - char *input; - int input_len; - char *output; - int output_len; - } fixtures[] = { - { "A test", -1, "a test", -1 }, - { " Strip spaces ", -1, "strip spaces", -1 }, - { " Collapse \n\t spaces", -1, "collapse spaces", -1 }, - { "Ignore non-ASCII \303\204", -1, "ignore non-ascii \303\204", -1 }, - { "no-space", -1, "no-space", -1 }, - }; - - char *str; - size_t len; - size_t out; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - if (fixtures[i].input_len < 0) - len = strlen (fixtures[i].input); - else - len = fixtures[i].input_len; - str = strndup (fixtures[i].input, len); - - p11_openssl_canon_string (str, &len); - - if (fixtures[i].output_len < 0) - out = strlen (fixtures[i].output); - else - out = fixtures[i].output_len; - assert_num_eq (out, len); - assert_str_eq (fixtures[i].output, str); - - free (str); - } -} - -bool p11_openssl_canon_string_der (p11_buffer *der); - -static void -test_canon_string_der (void) -{ - struct { - unsigned char input[100]; - int input_len; - unsigned char output[100]; - int output_len; - } fixtures[] = { - /* UTF8String */ - { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, - { 0x0c, 0x0e, 0xc3, 0x84, ' ', 'u', 't', 'f', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', }, 16, - }, - - /* NumericString */ - { { 0x12, 0x04, '0', '1', '2', '3', }, 6, - { 0x0c, 0x04, '0', '1', '2', '3' }, 6, - }, - - /* IA5String */ - { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, - { 0x0c, 0x02, 'a', 'b', }, 4, - }, - - /* TeletexString */ - { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, - }, - - /* PrintableString */ - { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, - }, - - /* No change, not a known string type */ - { { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9 - }, - - /* UniversalString */ - { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, - { 0x0c, 0x08, 'f', 'u', 'n', ' ', 0xf0, 0x90, 0x8c, 0x99 }, 10, - }, - - /* BMPString */ - { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, - { 0x0c, 0x06, 'v', 0xc3, 0xb6, 'g', 'e', 'l' }, 8, - }, - }; - - p11_buffer buf; - bool ret; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_string_der (&buf); - assert_num_eq (true, ret); - - assert_num_eq (fixtures[i].output_len, buf.len); - assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); - - p11_buffer_uninit (&buf); - } -} - -bool p11_openssl_canon_name_der (p11_dict *asn1_defs, - p11_buffer *der); - -static void -test_canon_name_der (void) -{ - struct { - unsigned char input[100]; - int input_len; - unsigned char output[100]; - int output_len; - } fixtures[] = { - { { '0', 'T', '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, - 0x13, 0x0b, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'I', 'n', - 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, - 0x0b, 0x13, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', - 'w', 'w', '.', 'C', 'A', 'c', 'e', 'r', 't', '.', 'o', 'r', - 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x13, - 0x13, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'C', 'l', 'a', 's', - 's', 0x20, '3', 0x20, 'R', 'o', 'o', 't', }, 86, - { '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, - 0x0c, 0x0b, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'i', 'n', - 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, - 0x0b, 0x0c, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', - 'w', 'w', '.', 'c', 'a', 'c', 'e', 'r', 't', '.', 'o', 'r', - 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x0c, - 0x13, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'c', 'l', 'a', 's', - 's', 0x20, '3', 0x20, 'r', 'o', 'o', 't', }, 84, - }, - { { '0', 0x00, }, 2, - { }, 0, - }, - }; - - p11_buffer buf; - p11_dict *asn1_defs; - bool ret; - int i; - - asn1_defs = p11_asn1_defs_load (); - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_name_der (asn1_defs, &buf); - assert_num_eq (true, ret); - - assert_num_eq (fixtures[i].output_len, buf.len); - assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); - - p11_buffer_uninit (&buf); - } - - p11_dict_free (asn1_defs); -} - -static void -test_canon_string_der_fail (void) -{ - struct { - unsigned char input[100]; - int input_len; - } fixtures[] = { - { { 0x0c, 0x02, 0xc3, 0xc4 /* Invalid UTF-8 */ }, 4 }, - { { 0x1e, 0x01, 0x00 /* Invalid UCS2 */ }, 3 }, - { { 0x1c, 0x02, 0x00, 0x01 /* Invalid UCS4 */ }, 4 }, - }; - - p11_buffer buf; - bool ret; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_string_der (&buf); - assert_num_eq (false, ret); - - p11_buffer_uninit (&buf); - } -} - -static void -test_directory (void) -{ - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - setup_objects (cacert3_authority_attrs, - NULL); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - test.ex.destination = test.directory; - - ret = p11_extract_openssl_directory (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem", -#ifdef OS_UNIX - "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0", -#endif - NULL)); - test_check_file (test.directory, "Custom_Label.pem", - SRCDIR "/files/cacert3-trusted-server-alias.pem"); - test_check_file (test.directory, "Custom_Label.1.pem", - SRCDIR "/files/cacert3-trusted-alias.pem"); -#ifdef OS_UNIX - test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem"); - test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem"); - test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem"); - test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem"); -#endif -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - test.ex.destination = test.directory; - - ret = p11_extract_openssl_directory (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/openssl/test_file"); - p11_test (test_plain, "/openssl/test_plain"); - p11_test (test_keyid, "/openssl/test_keyid"); - p11_test (test_not_authority, "/openssl/test_not_authority"); - p11_test (test_distrust_all, "/openssl/test_distrust_all"); - p11_test (test_file_multiple, "/openssl/test_file_multiple"); - p11_test (test_file_without, "/openssl/test_file_without"); - - p11_fixture (NULL, NULL); - p11_test (test_canon_string, "/openssl/test_canon_string"); - p11_test (test_canon_string_der, "/openssl/test_canon_string_der"); - p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail"); - p11_test (test_canon_name_der, "/openssl/test_canon_name_der"); - - p11_fixture (setup, teardown); - p11_test (test_directory, "/openssl/test_directory"); - p11_test (test_directory_empty, "/openssl/test_directory_empty"); - - return p11_test_run (argc, argv); -} diff --git a/tools/tests/test-pem.c b/tools/tests/test-pem.c deleted file mode 100644 index c74d0df..0000000 --- a/tools/tests/test-pem.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" -#include "test.h" -#include "test-tools.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -struct { - CK_FUNCTION_LIST module; - P11KitIter *iter; - p11_extract_info ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - test.iter = p11_kit_iter_new (NULL); - - p11_extract_info_init (&test.ex); - - test.directory = p11_path_expand ("$TEMP/test-extract.XXXXXX"); - if (!mkdtemp (test.directory)) - assert_not_reached (); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_not_reached (); - free (test.directory); - - p11_extract_info_cleanup (&test.ex); - p11_kit_iter_free (test.iter); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -test_file (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3.pem"); - - free (test.ex.destination); -} - -static void -test_file_multiple (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3-twice.pem"); - - free (test.ex.destination); -} - -static void -test_file_without (void) -{ - bool ret; - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_data (test.directory, "extract.pem", "", 0); - - free (test.ex.destination); -} - -static void -test_directory (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - test.ex.destination = test.directory; - - ret = p11_extract_pem_directory (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL)); - test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/files/cacert3.pem"); - test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/files/cacert3.pem"); -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - test.ex.destination = test.directory; - - ret = p11_extract_pem_directory (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/pem/test_file"); - p11_test (test_file_multiple, "/pem/test_file_multiple"); - p11_test (test_file_without, "/pem/test_file_without"); - p11_test (test_directory, "/pem/test_directory"); - p11_test (test_directory_empty, "/pem/test_directory_empty"); - return p11_test_run (argc, argv); -} diff --git a/tools/tests/test-save.c b/tools/tests/test-save.c deleted file mode 100644 index 93af4f9..0000000 --- a/tools/tests/test-save.c +++ /dev/null @@ -1,512 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" -#include "test-tools.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "message.h" -#include "path.h" -#include "save.h" - -#include <sys/stat.h> -#include <sys/types.h> - -#include <assert.h> -#include <dirent.h> -#include <errno.h> -#include <fcntl.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> - -struct { - char *directory; -} test; - -static void -setup (void *unused) -{ - test.directory = p11_path_expand ("$TEMP/test-extract.XXXXXX"); - if (!mkdtemp (test.directory)) - assert_fail ("mkdtemp() failed", strerror (errno)); -} - -static void -teardown (void *unused) -{ - if (rmdir (test.directory) < 0) - assert_fail ("rmdir() failed", strerror (errno)); - free (test.directory); -} - -static void -write_zero_file (const char *directory, - const char *name) -{ - char *filename; - int res; - int fd; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); - assert (fd != -1); - res = close (fd); - assert (res >= 0); - - free (filename); -} - -static void -test_file_write (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der"); -} - -static void -test_file_exists (void) -{ - p11_save_file *file; - char *filename; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - p11_message_quiet (); - - file = p11_save_open_file (filename, 0); - assert (file == NULL); - - p11_message_loud (); - - unlink (filename); - free (filename); -} - -static void -test_file_bad_directory (void) -{ - p11_save_file *file; - char *filename; - - if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - p11_message_quiet (); - - file = p11_save_open_file (filename, 0); - assert (file == NULL); - - p11_message_loud (); - - free (filename); -} - -static void -test_file_overwrite (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - file = p11_save_open_file (filename, P11_SAVE_OVERWRITE); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der"); -} - -static void -test_file_auto_empty (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, NULL, -1); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/empty-file"); -} - -static void -test_file_auto_length (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, "The simple string is hairy", -1); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/simple-string"); -} - -static void -test_write_with_null (void) -{ - bool ret; - - ret = p11_save_write (NULL, "test", 4); - assert_num_eq (false, ret); -} - -static void -test_write_and_finish_with_null (void) -{ - bool ret; - - ret = p11_save_write_and_finish (NULL, "test", 4); - assert_num_eq (false, ret); -} - -static void -test_file_abort (void) -{ - struct stat st; - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, 0); - assert_ptr_not_null (file); - - ret = p11_save_finish_file (file, false); - assert_num_eq (true, ret); - - if (stat (filename, &st) >= 0 || errno != ENOENT) - assert_fail ("file should not exist", filename); - - free (filename); -} - - -static void -test_directory_empty (void) -{ - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, (NULL, NULL)); - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_files (void) -{ - const char *filename; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "blah", ".cer", &filename), - test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - assert_str_eq ("blah.cer", filename); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename), - test_text, strlen (test_text)); - assert_num_eq (true, ret); - assert_str_eq ("file.txt", filename); - -#ifdef OS_UNIX - ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination"); - assert_num_eq (true, ret); -#endif - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("blah.cer", "file.txt", -#ifdef OS_UNIX - "link.ext", -#endif - NULL)); - test_check_file (subdir, "blah.cer", SRCDIR "/files/cacert3.der"); - test_check_data (subdir, "file.txt", test_text, strlen (test_text)); -#ifdef OS_UNIX - test_check_symlink (subdir, "link.ext", "/the/destination"); -#endif - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_dups (void) -{ - const char *filename; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename), - test_text, 5); - assert_num_eq (true, ret); - assert_str_eq ("file.txt", filename); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename), - test_text, 10); - assert_num_eq (true, ret); - assert_str_eq ("file.1.txt", filename); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", NULL), - test_text, 15); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL, NULL), - test_text, 8); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL, NULL), - test_text, 16); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0", NULL), - test_text, 14); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0", NULL), - test_text, 15); - assert_num_eq (true, ret); - -#ifdef OS_UNIX - ret = p11_save_symlink_in (dir, "link", ".0", "/destination1"); - assert_num_eq (true, ret); - - ret = p11_save_symlink_in (dir, "link", ".0", "/destination2"); - assert_num_eq (true, ret); -#endif - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt", - "no-ext", "no-ext.1", - "with-num.0", "with-num.1", -#ifdef OS_UNIX - "link.0", "link.1", -#endif - NULL)); - test_check_data (subdir, "file.txt", test_text, 5); - test_check_data (subdir, "file.1.txt", test_text, 10); - test_check_data (subdir, "file.2.txt", test_text, 15); - test_check_data (subdir, "no-ext", test_text, 8); - test_check_data (subdir, "no-ext.1", test_text, 16); - test_check_data (subdir, "with-num.0", test_text, 14); - test_check_data (subdir, "with-num.1", test_text, 15); -#ifdef OS_UNIX - test_check_symlink (subdir, "link.0", "/destination1"); - test_check_symlink (subdir, "link.1", "/destination2"); -#endif - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_exists (void) -{ - p11_save_dir *dir; - char *subdir; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - -#ifdef OS_UNIX - if (mkdir (subdir, S_IRWXU) < 0) -#else - if (mkdir (subdir) < 0) -#endif - assert_fail ("mkdir() failed", subdir); - - p11_message_quiet (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_eq (NULL, dir); - - p11_message_loud (); - - rmdir (subdir); - free (subdir); -} - -static void -test_directory_overwrite (void) -{ - const char *filename; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - /* Some initial files into this directory, which get overwritten */ - dir = p11_save_open_directory (subdir, 0); - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", NULL), "", 0) && - p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL, NULL), "", 0) && - p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL, NULL), "", 0) && - p11_save_finish_directory (dir, true); - assert (ret && dir); - - /* Now the actual test, using the same directory */ - dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE); - assert_ptr_not_null (dir); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "blah", ".cer", &filename), - test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - assert_str_eq ("blah.cer", filename); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename), - test_text, strlen (test_text)); - assert_num_eq (true, ret); - assert_str_eq ("file.txt", filename); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename), - test_text, 10); - assert_num_eq (true, ret); - assert_str_eq ("file.1.txt", filename); - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL)); - test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - test_check_data (subdir, "file.txt", test_text, strlen (test_text)); - test_check_data (subdir, "file.1.txt", test_text, 10); - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_file_write, "/save/test_file_write"); - p11_test (test_file_exists, "/save/test_file_exists"); - p11_test (test_file_bad_directory, "/save/test_file_bad_directory"); - p11_test (test_file_overwrite, "/save/test_file_overwrite"); - p11_test (test_file_auto_empty, "/save/test_file_auto_empty"); - p11_test (test_file_auto_length, "/save/test_file_auto_length"); - - p11_fixture (NULL, NULL); - p11_test (test_write_with_null, "/save/test_write_with_null"); - p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null"); - - p11_fixture (setup, teardown); - p11_test (test_file_abort, "/save/test_file_abort"); - - p11_test (test_directory_empty, "/save/test_directory_empty"); - p11_test (test_directory_files, "/save/test_directory_files"); - p11_test (test_directory_dups, "/save/test_directory_dups"); - p11_test (test_directory_exists, "/save/test_directory_exists"); - p11_test (test_directory_overwrite, "/save/test_directory_overwrite"); - return p11_test_run (argc, argv); -} diff --git a/tools/tests/test-tools.c b/tools/tests/test-tools.c deleted file mode 100644 index 0c8b624..0000000 --- a/tools/tests/test-tools.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "test-tools.h" - -#include <sys/stat.h> - -#include <assert.h> -#include <dirent.h> -#include <errno.h> -#include <fcntl.h> -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -static char * -read_file (const char *file, - int line, - const char *function, - const char *filename, - long *len) -{ - struct stat sb; - FILE *f = NULL; - char *data; - - f = fopen (filename, "rb"); - if (f == NULL) - p11_test_fail (file, line, function, "Couldn't open file: %s", filename); - - /* Figure out size */ - if (stat (filename, &sb) < 0) - p11_test_fail (file, line, function, "Couldn't stat file: %s", filename); - - *len = sb.st_size; - data = malloc (*len ? *len : 1); - assert (data != NULL); - - /* And read in one block */ - if (fread (data, 1, *len, f) != *len) - p11_test_fail (file, line, function, "Couldn't read file: %s", filename); - - fclose (f); - - return data; -} - -void -test_check_file_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *reference) -{ - char *refdata; - long reflen; - - refdata = read_file (file, line, function, reference, &reflen); - test_check_data_msg (file, line, function, directory, name, refdata, reflen); - free (refdata); -} - -void -test_check_data_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const void *refdata, - long reflen) -{ - char *filedata; - char *filename; - long filelen; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - filedata = read_file (file, line, function, filename, &filelen); - - if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0) - p11_test_fail (file, line, function, "File contents not as expected: %s", filename); - - if (unlink (filename) < 0) - p11_test_fail (file, line, function, "Couldn't remove file: %s", filename); - free (filename); - free (filedata); -} - -#ifdef OS_UNIX - -void -test_check_symlink_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *destination) -{ - char buf[1024] = { 0, }; - char *filename; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - if (readlink (filename, buf, sizeof (buf)) < 0) - p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename); - - if (strcmp (destination, buf) != 0) - p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf); - - if (unlink (filename) < 0) - p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename); - free (filename); -} - -#endif /* OS_UNIX */ - -p11_dict * -test_check_directory_files (const char *file, - ...) -{ - p11_dict *files; - va_list va; - - files = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - - va_start (va, file); - - while (file != NULL) { - if (!p11_dict_set (files, (void *)file, (void *)file)) - return_val_if_reached (NULL); - file = va_arg (va, const char *); - } - - va_end (va); - - return files; -} - -void -test_check_directory_msg (const char *file, - int line, - const char *function, - const char *directory, - p11_dict *files) -{ - p11_dictiter iter; - struct dirent *dp; - const char *name; - DIR *dir; - - dir = opendir (directory); - if (dir == NULL) - p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory); - - while ((dp = readdir (dir)) != NULL) { - if (strcmp (dp->d_name, ".") == 0 || - strcmp (dp->d_name, "..") == 0) - continue; - - if (!p11_dict_remove (files, dp->d_name)) - p11_test_fail (file, line, function, "Unexpected file in directory: %s", dp->d_name); - } - - closedir (dir); - -#ifdef OS_UNIX - if (chmod (directory, S_IRWXU) < 0) - p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno)); -#endif - - p11_dict_iterate (files, &iter); - while (p11_dict_next (&iter, (void **)&name, NULL)) - p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name); - - p11_dict_free (files); -} diff --git a/tools/tests/test-tools.h b/tools/tests/test-tools.h deleted file mode 100644 index 8e66c54..0000000 --- a/tools/tests/test-tools.h +++ /dev/null @@ -1,260 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#ifndef TEST_COMMON_H_ -#define TEST_COMMON_H_ - -#include "test.h" - -#include "dict.h" - -#include <stdlib.h> - -static const char test_text[] = "This is the file text"; - -static const unsigned char test_cacert3_ca_der[] = { - 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, - 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, - 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, - 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, - 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, - 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, - 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, - 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, - 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, - 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, - 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, - 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, - 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, - 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, - 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, - 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, - 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, - 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, - 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, - 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, - 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, - 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, - 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, - 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, - 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, - 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, - 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, - 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, - 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, - 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, - 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, - 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, - 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, - 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, - 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, - 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, - 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, - 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, - 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, - 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, - 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, - 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, - 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, - 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, - 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, - 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, - 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, - 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, - 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, - 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, - 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, - 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, - 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, - 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, - 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, - 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, - 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, - 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, - 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, - 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, - 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, - 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, - 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, - 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, - 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, - 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, - 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, - 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, - 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, - 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, - 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, - 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, - 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, - 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, - 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, - 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, - 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, - 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, - 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, - 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, - 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, - 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, - 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, - 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, -}; - -static const char test_cacert3_ca_subject[] = { - 0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, - 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74, -}; - -static const char test_cacert3_ca_issuer[] = { - 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, - 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, - 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, -}; - -static const char test_cacert3_ca_serial[] = { - 0x02, 0x01, 0x00, -}; - -static const char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static const char test_eku_server[] = { - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, -}; - -static const char test_eku_email[] = { - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 -}; - -static const char test_eku_none[] = { - 0x30, 0x00, -}; - -void test_check_file_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *filename, - const char *reference); - -void test_check_data_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *filename, - const void *refdata, - long reflen); - -#ifdef OS_UNIX - -void test_check_symlink_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *destination); - -#endif /* OS_UNIX */ - -p11_dict * test_check_directory_files (const char *file, - ...) GNUC_NULL_TERMINATED; - -void test_check_directory_msg (const char *file, - int line, - const char *function, - const char *directory, - p11_dict *files); - -#define test_check_file(directory, name, reference) \ - (test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference)) - -#define test_check_data(directory, name, data, length) \ - (test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length)) - -#ifdef OS_UNIX - -#define test_check_symlink(directory, name, destination) \ - (test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination)) - -#endif /* OS_UNIX */ - -#define test_check_directory(directory, files) \ - (test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \ - test_check_directory_files files)) - -#endif /* TEST_COMMON_H_ */ diff --git a/tools/tests/test-x509.c b/tools/tests/test-x509.c deleted file mode 100644 index 693aaa0..0000000 --- a/tools/tests/test-x509.c +++ /dev/null @@ -1,252 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" -#include "test.h" -#include "test-tools.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -struct { - CK_FUNCTION_LIST module; - P11KitIter *iter; - p11_extract_info ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - test.iter = p11_kit_iter_new (NULL); - - p11_extract_info_init (&test.ex); - - test.directory = p11_path_expand ("$TEMP/test-extract.XXXXXX"); - if (!mkdtemp (test.directory)) - assert_fail ("mkdtemp() failed", test.directory); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_fail ("rmdir() failed", test.directory); - free (test.directory); - - p11_extract_info_cleanup (&test.ex); - p11_kit_iter_free (test.iter); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -test_file (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - ret = p11_extract_x509_file (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der"); - - free (test.ex.destination); -} - -static void -test_file_multiple (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - p11_message_quiet (); - - ret = p11_extract_x509_file (test.iter, &test.ex); - assert_num_eq (true, ret); - - assert (strstr (p11_message_last (), "multiple certificates") != NULL); - - p11_message_loud (); - - test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der"); - - free (test.ex.destination); -} - -static void -test_file_without (void) -{ - bool ret; - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - p11_message_quiet (); - - ret = p11_extract_x509_file (test.iter, &test.ex); - assert_num_eq (false, ret); - - assert (strstr (p11_message_last (), "no certificate") != NULL); - - p11_message_loud (); - - free (test.ex.destination); -} - -static void -test_directory (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - test.ex.destination = test.directory; - - ret = p11_extract_x509_directory (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL)); - test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/files/cacert3.der"); - test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/files/cacert3.der"); -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL); - p11_kit_iter_add_filter (test.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - test.ex.destination = test.directory; - - ret = p11_extract_x509_directory (test.iter, &test.ex); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/x509/test_file"); - p11_test (test_file_multiple, "/x509/test_file_multiple"); - p11_test (test_file_without, "/x509/test_file_without"); - p11_test (test_directory, "/x509/test_directory"); - p11_test (test_directory_empty, "/x509/test_directory_empty"); - return p11_test_run (argc, argv); -} diff --git a/tools/tool.c b/tools/tool.c deleted file mode 100644 index 313484a..0000000 --- a/tools/tool.c +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "path.h" -#include "p11-kit.h" - -#include <assert.h> -#include <ctype.h> -#include <getopt.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "tool.h" - -struct { - const char *name; - int (*function) (int, char*[]); - const char *text; -} commands[] = { -#ifdef WITH_ASN1 - { "extract", p11_tool_extract, "Extract certificates" }, -#endif - { "list-modules", p11_tool_list_modules, "List modules and tokens"}, - { 0, } -}; - -static char -short_option (int opt) -{ - if (isalpha (opt) || isdigit (opt)) - return (char)opt; - return 0; -} - -static const struct option * -find_option (const struct option *longopts, - int opt) -{ - int i; - - for (i = 0; longopts[i].name != NULL; i++) { - if (longopts[i].val == opt) - return longopts + i; - } - - return NULL; -} - -void -p11_tool_usage (const p11_tool_desc *usages, - const struct option *longopts) -{ - const struct option *longopt; - const int indent = 22; - const char *long_name; - const char *description; - const char *next; - char short_name; - int spaces; - int len; - int i; - - for (i = 0; usages[i].text != NULL; i++) { - - /* If no option, then this is a heading */ - if (!usages[i].option) { - printf ("%s\n\n", usages[i].text); - continue; - } - - longopt = find_option (longopts, usages[i].option); - long_name = longopt ? longopt->name : NULL; - short_name = short_option (usages[i].option); - description = usages[i].text; - - if (short_name && long_name) - len = printf (" -%c, --%s", (int)short_name, long_name); - else if (long_name) - len = printf (" --%s", long_name); - else - len = printf (" -%c", (int)short_name); - if (longopt && longopt->has_arg) - len += printf ("%s<%s>", - long_name ? "=" : " ", - usages[i].arg ? usages[i].arg : "..."); - if (len < indent) { - spaces = indent - len; - } else { - printf ("\n"); - spaces = indent; - } - while (description) { - while (spaces-- > 0) - fputc (' ', stdout); - next = strchr (description, '\n'); - if (next) { - next += 1; - printf ("%.*s", (int)(next - description), description); - description = next; - spaces = indent; - } else { - printf ("%s\n", description); - break; - } - } - - } -} - -int -p11_tool_getopt (int argc, - char *argv[], - const struct option *longopts) -{ - p11_buffer buf; - int ret; - char opt; - int i; - - if (!p11_buffer_init_null (&buf, 64)) - return_val_if_reached (-1); - - for (i = 0; longopts[i].name != NULL; i++) { - opt = short_option (longopts[i].val); - if (opt != 0) { - p11_buffer_add (&buf, &opt, 1); - assert (longopts[i].has_arg != optional_argument); - if (longopts[i].has_arg == required_argument) - p11_buffer_add (&buf, ":", 1); - } - } - - ret = getopt_long (argc, argv, buf.data, longopts, NULL); - - p11_buffer_uninit (&buf); - - return ret; -} - -static void -command_usage (void) -{ - int i; - - printf ("usage: p11-kit command <args>...\n"); - printf ("\nCommon p11-kit commands are:\n"); - for (i = 0; commands[i].name != NULL; i++) - printf (" %-15s %s\n", commands[i].name, commands[i].text); - printf ("\nSee 'p11-kit <command> --help' for more information\n"); -} - -static void -exec_external (const char *command, - int argc, - char *argv[]) -{ - char *filename; - char *path; - - if (!asprintf (&filename, "p11-kit-%s", command) < 0) - return_if_reached (); - - /* Add our libexec directory to the path */ - path = p11_path_build (PRIVATEDIR, filename, NULL); - return_if_fail (path != NULL); - - argv[0] = filename; - argv[argc] = NULL; - - execvp (path, argv); -} - -static void -verbose_arg (void) -{ - putenv ("P11_KIT_DEBUG=all"); - p11_kit_be_loud (); - p11_message_loud (); -} - -static void -quiet_arg (void) -{ - putenv ("P11_KIT_DEBUG="); - p11_kit_be_quiet (); - p11_message_quiet (); -} - -int -main (int argc, char *argv[]) -{ - char *command = NULL; - bool want_help = false; - bool skip; - int in, out; - int i; - - /* - * Parse the global options. We rearrange the options as - * necessary, in order to pass relevant options through - * to the commands, but also have them take effect globally. - */ - - for (in = 1, out = 1; in < argc; in++, out++) { - - /* The non-option is the command, take it out of the arguments */ - if (argv[in][0] != '-') { - if (!command) { - skip = true; - command = argv[in]; - } else { - skip = false; - } - - /* The global long options */ - } else if (argv[in][1] == '-') { - skip = false; - - if (strcmp (argv[in], "--") == 0) { - if (!command) { - p11_message ("no command specified"); - return 2; - } else { - break; - } - - } else if (strcmp (argv[in], "--verbose") == 0) { - verbose_arg (); - - } else if (strcmp (argv[in], "--quiet") == 0) { - quiet_arg (); - - } else if (strcmp (argv[in], "--help") == 0) { - want_help = true; - - } else if (!command) { - p11_message ("unknown global option: %s", argv[in]); - return 2; - } - - /* The global short options */ - } else { - skip = false; - - for (i = 1; argv[in][i] != '\0'; i++) { - switch (argv[in][i]) { - case 'h': - want_help = true; - break; - - /* Compatibility option */ - case 'l': - command = "list-modules"; - break; - - case 'v': - verbose_arg (); - break; - - case 'q': - quiet_arg (); - break; - - default: - if (!command) { - p11_message ("unknown global option: -%c", (int)argv[in][i]); - return 2; - } - break; - } - } - } - - /* Skipping this argument? */ - if (skip) - out--; - else - argv[out] = argv[in]; - } - - /* Initialize tool's debugging after setting env vars above */ - p11_debug_init (); - - if (command == NULL) { - /* As a special favor if someone just typed 'p11-kit', help them out */ - if (argc == 1) { - command_usage (); - return 2; - } else if (want_help) { - command_usage (); - return 0; - } else { - p11_message ("no command specified"); - return 2; - } - } - - argc = out; - - /* Look for the command */ - for (i = 0; commands[i].name != NULL; i++) { - if (strcmp (commands[i].name, command) == 0) { - argv[0] = command; - return (commands[i].function) (argc, argv); - } - } - - /* Got here because no command matched */ - exec_external (command, argc, argv); - - /* At this point we have no command */ - p11_message ("'%s' is not a valid p11-kit command. See 'p11-kit --help'", command); - return 2; -} diff --git a/tools/tool.h b/tools/tool.h deleted file mode 100644 index e0bcf90..0000000 --- a/tools/tool.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#ifndef P11_TOOL_H_ -#define P11_TOOL_H_ - -#include <getopt.h> - -typedef struct { - int option; - const char *text; - const char *arg; -} p11_tool_desc; - -int p11_tool_getopt (int argc, - char *argv[], - const struct option *longopts); - -void p11_tool_usage (const p11_tool_desc *usages, - const struct option *longopts); - -int p11_tool_list_modules (int argc, - char *argv[]); - -int p11_tool_extract (int argc, - char **argv); - -#endif /* P11_TOOL_H_ */ |