summaryrefslogtreecommitdiff
path: root/trust
diff options
context:
space:
mode:
authorStef Walter <stefw@gnome.org>2013-03-08 22:50:06 +0100
committerStef Walter <stefw@gnome.org>2013-03-08 22:50:06 +0100
commit6ecf586a1e31f2874c7b185f4f2061aa9e83c08a (patch)
tree560ac07862231310b165f51de84880de12cd1480 /trust
parent66fbcf7b6aac7fb808d3146335625cc15d4d2959 (diff)
trust: Use the new NSS PKCS#11 extension codes
NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync.
Diffstat (limited to 'trust')
-rw-r--r--trust/adapter.c22
-rw-r--r--trust/tests/test-module.c4
-rw-r--r--trust/tests/test-parser.c22
-rw-r--r--trust/token.c6
4 files changed, 27 insertions, 27 deletions
diff --git a/trust/adapter.c b/trust/adapter.c
index d17cb70..08e4c78 100644
--- a/trust/adapter.c
+++ b/trust/adapter.c
@@ -82,7 +82,7 @@ build_trust_object_ku (p11_parser *parser,
defawlt = present;
/* If blacklisted, don't even bother looking at extensions */
- if (present != CKT_NETSCAPE_UNTRUSTED)
+ if (present != CKT_NSS_NOT_TRUSTED)
data = p11_parsing_get_extension (parser, parsing, P11_OID_KEY_USAGE, &length);
if (data) {
@@ -91,7 +91,7 @@ build_trust_object_ku (p11_parser *parser,
* usages are to be set. If the extension was invalid, then
* fail safe to none of the key usages.
*/
- defawlt = CKT_NETSCAPE_TRUST_UNKNOWN;
+ defawlt = CKT_NSS_TRUST_UNKNOWN;
defs = p11_parser_get_asn1_defs (parser);
if (!p11_x509_parse_key_usage (defs, data, length, &ku))
@@ -171,19 +171,19 @@ build_trust_object_eku (p11_parser *parser,
return_val_if_reached (NULL);
/* The neutral value is set if an purpose is not present */
- if (allow == CKT_NETSCAPE_UNTRUSTED)
- neutral = CKT_NETSCAPE_UNTRUSTED;
+ if (allow == CKT_NSS_NOT_TRUSTED)
+ neutral = CKT_NSS_NOT_TRUSTED;
/* If anything explicitly set, then neutral is unknown */
else if (purposes || rejects)
- neutral = CKT_NETSCAPE_TRUST_UNKNOWN;
+ neutral = CKT_NSS_TRUST_UNKNOWN;
/* Otherwise neutral will allow any purpose */
else
neutral = allow;
/* The value set if a purpose is explictly rejected */
- disallow = CKT_NETSCAPE_UNTRUSTED;
+ disallow = CKT_NSS_NOT_TRUSTED;
for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) {
attrs[i].type = eku_attribute_map[i].type;
@@ -218,7 +218,7 @@ build_nss_trust_object (p11_parser *parser,
CK_ATTRIBUTE *object = NULL;
CK_TRUST allow;
- CK_OBJECT_CLASS vclass = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS vclass = CKO_NSS_TRUST;
CK_BYTE vsha1_hash[P11_CHECKSUM_SHA1_LENGTH];
CK_BYTE vmd5_hash[P11_CHECKSUM_MD5_LENGTH];
CK_BBOOL vfalse = CK_FALSE;
@@ -270,13 +270,13 @@ build_nss_trust_object (p11_parser *parser,
/* Calculate the default allow trust */
if (distrust)
- allow = CKT_NETSCAPE_UNTRUSTED;
+ allow = CKT_NSS_NOT_TRUSTED;
else if (trust && authority)
- allow = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+ allow = CKT_NSS_TRUSTED_DELEGATOR;
else if (trust)
- allow = CKT_NETSCAPE_TRUSTED;
+ allow = CKT_NSS_TRUSTED;
else
- allow = CKT_NETSCAPE_TRUST_UNKNOWN;
+ allow = CKT_NSS_TRUST_UNKNOWN;
object = build_trust_object_ku (parser, parsing, object, allow);
return_if_fail (object != NULL);
diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c
index 2e085ba..2d0e488 100644
--- a/trust/tests/test-module.c
+++ b/trust/tests/test-module.c
@@ -192,7 +192,7 @@ static void
check_has_trust_object (CuTest *cu,
CK_ATTRIBUTE *cert)
{
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) };
CK_OBJECT_HANDLE objects[2];
CK_ATTRIBUTE *match;
@@ -314,7 +314,7 @@ test_find_certificates (CuTest *cu)
static void
test_find_builtin (CuTest *cu)
{
- CK_OBJECT_CLASS klass = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+ CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST;
CK_BBOOL vtrue = CK_TRUE;
CK_BBOOL vfalse = CK_FALSE;
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index 581ff5e..0f40748 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -154,11 +154,11 @@ test_parse_pem_certificate (CuTest *cu)
static void
test_parse_openssl_trusted (CuTest *cu)
{
- CK_TRUST trusted = CKT_NETSCAPE_TRUSTED_DELEGATOR;
- CK_TRUST distrusted = CKT_NETSCAPE_UNTRUSTED;
- CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
+ CK_TRUST trusted = CKT_NSS_TRUSTED_DELEGATOR;
+ CK_TRUST distrusted = CKT_NSS_NOT_TRUSTED;
+ CK_TRUST unknown = CKT_NSS_TRUST_UNKNOWN;
CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE;
CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE;
@@ -294,9 +294,9 @@ test_parse_openssl_trusted (CuTest *cu)
static void
test_parse_openssl_distrusted (CuTest *cu)
{
- CK_TRUST distrusted = CKT_NETSCAPE_UNTRUSTED;
+ CK_TRUST distrusted = CKT_NSS_NOT_TRUSTED;
CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE;
@@ -515,10 +515,10 @@ test_parse_openssl_distrusted (CuTest *cu)
static void
test_parse_with_key_usage (CuTest *cu)
{
- CK_TRUST trusted = CKT_NETSCAPE_TRUSTED;
- CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
+ CK_TRUST trusted = CKT_NSS_TRUSTED;
+ CK_TRUST unknown = CKT_NSS_TRUST_UNKNOWN;
CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_BBOOL vtrue = CK_TRUE;
CK_BBOOL vfalse = CK_FALSE;
CK_CERTIFICATE_TYPE x509 = CKC_X_509;
@@ -606,9 +606,9 @@ static void
test_parse_anchor (CuTest *cu)
{
CK_BBOOL vtrue = CK_TRUE;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_ATTRIBUTE trusted = { CKA_TRUSTED, &vtrue, sizeof (vtrue) };
- CK_TRUST delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+ CK_TRUST delegator = CKT_NSS_TRUSTED_DELEGATOR;
CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE;
diff --git a/trust/token.c b/trust/token.c
index 46eea20..3c0de4c 100644
--- a/trust/token.c
+++ b/trust/token.c
@@ -214,9 +214,9 @@ loader_load_paths (p11_token *token,
static int
load_builtin_objects (p11_token *token)
{
- CK_OBJECT_CLASS builtin = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
- CK_OBJECT_CLASS nss_trust = CKO_NETSCAPE_TRUST;
- CK_TRUST nss_not_trusted = CKT_NETSCAPE_UNTRUSTED;
+ CK_OBJECT_CLASS builtin = CKO_NSS_BUILTIN_ROOT_LIST;
+ CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
+ CK_TRUST nss_not_trusted = CKT_NSS_NOT_TRUSTED;
CK_BBOOL vtrue = CK_TRUE;
CK_BBOOL vfalse = CK_FALSE;