summaryrefslogtreecommitdiff
path: root/trust
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2013-08-28 10:37:44 +0200
committerStef Walter <stef@thewalter.net>2013-08-29 10:31:38 +0200
commitb693517966b1cbe5b81e39aeefad7b52b6f10492 (patch)
tree4a31899267b6c37ee7ff778b92510f3be1f68add /trust
parent714e4a22a82295c41360fbfa6019a31b1e2a0f30 (diff)
trust: Refactor enumeration of certificates to extract
Because we want to use this same logic for listing trust
Diffstat (limited to 'trust')
-rw-r--r--trust/Makefile.am2
-rw-r--r--trust/enumerate.c (renamed from trust/extract-info.c)228
-rw-r--r--trust/enumerate.h103
-rw-r--r--trust/extract-cer.c18
-rw-r--r--trust/extract-jks.c13
-rw-r--r--trust/extract-openssl.c36
-rw-r--r--trust/extract-pem.c20
-rw-r--r--trust/extract.c180
-rw-r--r--trust/extract.h84
-rw-r--r--trust/tests/Makefile.am14
-rw-r--r--trust/tests/test-bundle.c62
-rw-r--r--trust/tests/test-cer.c62
-rw-r--r--trust/tests/test-enumerate.c (renamed from trust/tests/test-extract.c)151
-rw-r--r--trust/tests/test-openssl.c111
14 files changed, 541 insertions, 543 deletions
diff --git a/trust/Makefile.am b/trust/Makefile.am
index ca7e2d7..87e9899 100644
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -97,8 +97,8 @@ trust_SOURCES = \
parser.c parser.h \
persist.c persist.h \
digest.c digest.h \
+ enumerate.c enumerate.h \
extract.c extract.h \
- extract-info.c \
extract-jks.c \
extract-openssl.c \
extract-pem.c \
diff --git a/trust/extract-info.c b/trust/enumerate.c
index 8468abb..8743ed6 100644
--- a/trust/extract-info.c
+++ b/trust/enumerate.c
@@ -90,9 +90,7 @@ load_stapled_extension (p11_dict *stapled,
}
static p11_dict *
-load_stapled_extensions (p11_extract_info *ex,
- CK_FUNCTION_LIST_PTR module,
- CK_SESSION_HANDLE session,
+load_stapled_extensions (p11_enumerate *ex,
CK_ATTRIBUTE *spki)
{
CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION;
@@ -119,7 +117,8 @@ load_stapled_extensions (p11_extract_info *ex,
iter = p11_kit_iter_new (NULL, 0);
p11_kit_iter_add_filter (iter, match, 2);
- p11_kit_iter_begin_with (iter, module, 0, session);
+ p11_kit_iter_begin_with (iter, p11_kit_iter_get_module (ex->iter),
+ 0, p11_kit_iter_get_session (ex->iter));
while (rv == CKR_OK) {
rv = p11_kit_iter_next (iter);
@@ -148,7 +147,7 @@ load_stapled_extensions (p11_extract_info *ex,
}
static bool
-extract_purposes (p11_extract_info *ex)
+extract_purposes (p11_enumerate *ex)
{
node_asn *ext = NULL;
unsigned char *value = NULL;
@@ -217,8 +216,7 @@ check_blacklisted (P11KitIter *iter,
}
static bool
-check_trust_flags (P11KitIter *iter,
- p11_extract_info *ex,
+check_trust_flags (p11_enumerate *ex,
CK_ATTRIBUTE *cert)
{
CK_BBOOL trusted;
@@ -226,17 +224,17 @@ check_trust_flags (P11KitIter *iter,
int flags = 0;
/* If no extract trust flags, then just continue */
- if (!(ex->flags & (P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST)))
+ if (!(ex->flags & (P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST)))
return true;
if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trusted) &&
- trusted && !check_blacklisted (iter, cert)) {
- flags |= P11_EXTRACT_ANCHORS;
+ trusted && !check_blacklisted (ex->iter, cert)) {
+ flags |= P11_ENUMERATE_ANCHORS;
}
if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrusted) &&
distrusted) {
- flags |= P11_EXTRACT_BLACKLIST;
+ flags |= P11_ENUMERATE_BLACKLIST;
}
/* Any of the flags can match */
@@ -247,8 +245,7 @@ check_trust_flags (P11KitIter *iter,
}
static bool
-extract_certificate (P11KitIter *iter,
- p11_extract_info *ex)
+extract_certificate (p11_enumerate *ex)
{
char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
CK_ATTRIBUTE *attr;
@@ -273,7 +270,7 @@ extract_certificate (P11KitIter *iter,
* If collapsing and have already seen this certificate, and shouldn't
* process it even again during this extract procedure.
*/
- if (ex->flags & P11_EXTRACT_COLLAPSE) {
+ if (ex->flags & P11_ENUMERATE_COLLAPSE) {
if (!ex->already_seen) {
ex->already_seen = p11_dict_new (p11_attr_hash, p11_attr_equal,
p11_attrs_free, NULL);
@@ -284,7 +281,7 @@ extract_certificate (P11KitIter *iter,
return false;
}
- if (!check_trust_flags (iter, ex, attr)) {
+ if (!check_trust_flags (ex, attr)) {
p11_debug ("skipping certificate that doesn't match trust flags");
return false;
}
@@ -309,8 +306,7 @@ extract_certificate (P11KitIter *iter,
}
static bool
-extract_info (P11KitIter *iter,
- p11_extract_info *ex)
+extract_info (p11_enumerate *ex)
{
CK_ATTRIBUTE *attr;
CK_RV rv;
@@ -331,7 +327,7 @@ extract_info (P11KitIter *iter,
};
ex->attrs = p11_attrs_dup (attr_types);
- rv = p11_kit_iter_load_attributes (iter, ex->attrs, p11_attrs_count (ex->attrs));
+ rv = p11_kit_iter_load_attributes (ex->iter, ex->attrs, p11_attrs_count (ex->attrs));
/* The attributes couldn't be loaded */
if (rv != CKR_OK && rv != CKR_ATTRIBUTE_TYPE_INVALID && rv != CKR_ATTRIBUTE_SENSITIVE) {
@@ -349,13 +345,12 @@ extract_info (P11KitIter *iter,
return false;
}
- if (!extract_certificate (iter, ex))
+ if (!extract_certificate (ex))
return false;
attr = p11_attrs_find_valid (ex->attrs, CKA_X_PUBLIC_KEY_INFO);
if (attr) {
- ex->stapled = load_stapled_extensions (ex, p11_kit_iter_get_module (iter),
- p11_kit_iter_get_session (iter), attr);
+ ex->stapled = load_stapled_extensions (ex, attr);
if (!ex->stapled)
return false;
}
@@ -367,7 +362,7 @@ extract_info (P11KitIter *iter,
}
static void
-extract_clear (p11_extract_info *ex)
+extract_clear (p11_enumerate *ex)
{
ex->klass = (CK_ULONG)-1;
@@ -385,18 +380,18 @@ extract_clear (p11_extract_info *ex)
ex->purposes = NULL;
}
-CK_RV
-p11_extract_info_load_filter (P11KitIter *iter,
- CK_BBOOL *matches,
- void *data)
+static CK_RV
+on_iterate_load_filter (p11_kit_iter *iter,
+ CK_BBOOL *matches,
+ void *data)
{
- p11_extract_info *ex = data;
+ p11_enumerate *ex = data;
int i;
extract_clear (ex);
/* Try to load the certificate and extensions */
- if (!extract_info (iter, ex)) {
+ if (!extract_info (ex)) {
*matches = CK_FALSE;
return CKR_OK;
}
@@ -420,15 +415,20 @@ p11_extract_info_load_filter (P11KitIter *iter,
}
void
-p11_extract_info_init (p11_extract_info *ex)
+p11_enumerate_init (p11_enumerate *ex)
{
- memset (ex, 0, sizeof (p11_extract_info));
+ memset (ex, 0, sizeof (p11_enumerate));
ex->asn1_defs = p11_asn1_defs_load ();
return_if_fail (ex->asn1_defs != NULL);
+
+ ex->iter = p11_kit_iter_new (NULL, 0);
+ return_if_fail (ex->iter != NULL);
+
+ p11_kit_iter_add_callback (ex->iter, on_iterate_load_filter, ex, NULL);
}
void
-p11_extract_info_cleanup (p11_extract_info *ex)
+p11_enumerate_cleanup (p11_enumerate *ex)
{
extract_clear (ex);
@@ -440,49 +440,185 @@ p11_extract_info_cleanup (p11_extract_info *ex)
p11_dict_free (ex->asn1_defs);
ex->asn1_defs = NULL;
+
+ p11_kit_iter_free (ex->iter);
+ ex->iter = NULL;
+
+ if (ex->modules) {
+ p11_kit_modules_finalize_and_release (ex->modules);
+ ex->modules = NULL;
+ }
+
+ if (ex->uri) {
+ p11_kit_uri_free (ex->uri);
+ ex->uri = NULL;
+ }
}
-void
-p11_extract_info_limit_purpose (p11_extract_info *ex,
- const char *purpose)
+bool
+p11_enumerate_opt_filter (p11_enumerate *ex,
+ const char *option)
{
+ CK_ATTRIBUTE *attrs;
+ int ret;
+
+ CK_OBJECT_CLASS vcertificate = CKO_CERTIFICATE;
+ CK_ULONG vauthority = 2;
+ CK_CERTIFICATE_TYPE vx509 = CKC_X_509;
+
+ CK_ATTRIBUTE certificate = { CKA_CLASS, &vcertificate, sizeof (vcertificate) };
+ CK_ATTRIBUTE authority = { CKA_CERTIFICATE_CATEGORY, &vauthority, sizeof (vauthority) };
+ CK_ATTRIBUTE x509= { CKA_CERTIFICATE_TYPE, &vx509, sizeof (vx509) };
+
+ if (strncmp (option, "pkcs11:", 7) == 0) {
+ if (ex->uri != NULL) {
+ p11_message ("a PKCS#11 URI has already been specified");
+ return false;
+ }
+
+ ex->uri = p11_kit_uri_new ();
+ ret = p11_kit_uri_parse (option, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE, ex->uri);
+ if (ret != P11_KIT_URI_OK) {
+ p11_message ("couldn't parse pkcs11 uri filter: %s", option);
+ return false;
+ }
+
+ if (p11_kit_uri_any_unrecognized (ex->uri))
+ p11_message ("uri contained unrecognized components, nothing will be extracted");
+
+ p11_kit_iter_set_uri (ex->iter, ex->uri);
+ ex->num_filters++;
+ return true;
+ }
+
+ if (strcmp (option, "ca-anchors") == 0) {
+ attrs = p11_attrs_build (NULL, &certificate, &authority, &x509, NULL);
+ ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_COLLAPSE;
+
+ } else if (strcmp (option, "trust-policy") == 0) {
+ attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
+ ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE;
+
+ } else if (strcmp (option, "blacklist") == 0) {
+ attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
+ ex->flags |= P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE;
+
+ } else if (strcmp (option, "certificates") == 0) {
+ attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
+ ex->flags |= P11_ENUMERATE_COLLAPSE;
+
+ } else {
+ p11_message ("unsupported or unrecognized filter: %s", option);
+ return false;
+ }
+
+ p11_kit_iter_add_filter (ex->iter, attrs, p11_attrs_count (attrs));
+ ex->num_filters++;
+ return true;
+}
+
+static int
+is_valid_oid_rough (const char *string)
+{
+ size_t len;
+
+ len = strlen (string);
+
+ /* Rough check if a valid OID */
+ return (strspn (string, "0123456789.") == len &&
+ !strstr (string, "..") && string[0] != '\0' && string[0] != '.' &&
+ string[len - 1] != '.');
+}
+
+bool
+p11_enumerate_opt_purpose (p11_enumerate *ex,
+ const char *option)
+{
+ const char *oid;
char *value;
+ if (strcmp (option, "server-auth") == 0) {
+ oid = P11_OID_SERVER_AUTH_STR;
+ } else if (strcmp (option, "client-auth") == 0) {
+ oid = P11_OID_CLIENT_AUTH_STR;
+ } else if (strcmp (option, "email-protection") == 0 || strcmp (option, "email") == 0) {
+ oid = P11_OID_EMAIL_PROTECTION_STR;
+ } else if (strcmp (option, "code-signing") == 0) {
+ oid = P11_OID_CODE_SIGNING_STR;
+ } else if (strcmp (option, "ipsec-end-system") == 0) {
+ oid = P11_OID_IPSEC_END_SYSTEM_STR;
+ } else if (strcmp (option, "ipsec-tunnel") == 0) {
+ oid = P11_OID_IPSEC_TUNNEL_STR;
+ } else if (strcmp (option, "ipsec-user") == 0) {
+ oid = P11_OID_IPSEC_USER_STR;
+ } else if (strcmp (option, "time-stamping") == 0) {
+ oid = P11_OID_TIME_STAMPING_STR;
+ } else if (is_valid_oid_rough (option)) {
+ oid = option;
+ } else {
+ p11_message ("unsupported or unregonized purpose: %s", option);
+ return false;
+ }
+
if (!ex->limit_to_purposes) {
ex->limit_to_purposes = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
- return_if_fail (ex->limit_to_purposes != NULL);
+ return_val_if_fail (ex->limit_to_purposes != NULL, false);
}
- value = strdup (purpose);
- return_if_fail (value != NULL);
-
+ value = strdup (oid);
+ return_val_if_fail (value != NULL, false);
if (!p11_dict_set (ex->limit_to_purposes, value, value))
- return_if_reached ();
+ return_val_if_reached (false);
+
+ return true;
+}
+
+bool
+p11_enumerate_ready (p11_enumerate *ex,
+ const char *def_filter)
+{
+ if (ex->num_filters == 0) {
+ if (!p11_enumerate_opt_filter (ex, def_filter))
+ return_val_if_reached (false);
+ }
+
+ /*
+ * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
+ * we get from modules explicitly marked as containing trust-policy.
+ */
+ ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
+ if (!ex->modules)
+ return false;
+ if (ex->modules[0] == NULL)
+ p11_message ("no modules containing trust policy are registered");
+
+ p11_kit_iter_begin (ex->iter, ex->modules);
+ return true;
}
static char *
-extract_label (p11_extract_info *extract)
+extract_label (p11_enumerate *ex)
{
CK_ATTRIBUTE *attr;
/* Look for a label and just use that */
- attr = p11_attrs_find_valid (extract->attrs, CKA_LABEL);
+ attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
if (attr && attr->pValue && attr->ulValueLen)
return strndup (attr->pValue, attr->ulValueLen);
/* For extracting certificates */
- if (extract->klass == CKO_CERTIFICATE)
+ if (ex->klass == CKO_CERTIFICATE)
return strdup ("certificate");
return strdup ("unknown");
}
char *
-p11_extract_info_filename (p11_extract_info *extract)
+p11_enumerate_filename (p11_enumerate *ex)
{
char *label;
- label = extract_label (extract);
+ label = extract_label (ex);
return_val_if_fail (label != NULL, NULL);
p11_path_canon (label);
@@ -490,8 +626,8 @@ p11_extract_info_filename (p11_extract_info *extract)
}
char *
-p11_extract_info_comment (p11_extract_info *ex,
- bool first)
+p11_enumerate_comment (p11_enumerate *ex,
+ bool first)
{
char *comment;
char *label;
diff --git a/trust/enumerate.h b/trust/enumerate.h
new file mode 100644
index 0000000..8b1e7e4
--- /dev/null
+++ b/trust/enumerate.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2013, Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#ifndef P11_ENUMERATE_H_
+#define P11_ENUMERATE_H_
+
+#include "array.h"
+#include "asn1.h"
+#include "dict.h"
+#include "iter.h"
+#include "pkcs11.h"
+
+enum {
+ /* These overlap with the flags in save.h, so start higher */
+ P11_ENUMERATE_ANCHORS = 1 << 21,
+ P11_ENUMERATE_BLACKLIST = 1 << 22,
+ P11_ENUMERATE_COLLAPSE = 1 << 23,
+};
+
+typedef struct {
+ CK_FUNCTION_LIST **modules;
+ p11_kit_iter *iter;
+ p11_kit_uri *uri;
+
+ p11_dict *asn1_defs;
+ p11_dict *limit_to_purposes;
+ p11_dict *already_seen;
+ int num_filters;
+ int flags;
+
+ /*
+ * Stuff below is parsed info for the current iteration.
+ * Currently this information is generally all relevant
+ * just for certificates.
+ */
+
+ CK_OBJECT_CLASS klass;
+ CK_ATTRIBUTE *attrs;
+
+ /* Pre-parsed data for certificates */
+ node_asn *cert_asn;
+ const unsigned char *cert_der;
+ size_t cert_len;
+
+ /* DER OID -> CK_ATTRIBUTE list */
+ p11_dict *stapled;
+
+ /* Set of OID purposes as strings */
+ p11_array *purposes;
+} p11_enumerate;
+
+char * p11_enumerate_filename (p11_enumerate *ex);
+
+char * p11_enumerate_comment (p11_enumerate *ex,
+ bool first);
+
+void p11_enumerate_init (p11_enumerate *ex);
+
+bool p11_enumerate_opt_filter (p11_enumerate *ex,
+ const char *option);
+
+bool p11_enumerate_opt_purpose (p11_enumerate *ex,
+ const char *option);
+
+bool p11_enumerate_ready (p11_enumerate *ex,
+ const char *def_filter);
+
+void p11_enumerate_cleanup (p11_enumerate *ex);
+
+#endif /* P11_ENUMERATE_H_ */
diff --git a/trust/extract-cer.c b/trust/extract-cer.c
index 81a5bf6..b59be80 100644
--- a/trust/extract-cer.c
+++ b/trust/extract-cer.c
@@ -43,20 +43,20 @@
#include <stdlib.h>
bool
-p11_extract_x509_file (P11KitIter *iter,
- p11_extract_info *ex)
+p11_extract_x509_file (p11_enumerate *ex,
+ const char *destination)
{
bool found = false;
p11_save_file *file;
CK_RV rv;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
if (found) {
p11_message ("multiple certificates found but could only write one to file");
break;
}
- file = p11_save_open_file (ex->destination, NULL, ex->flags);
+ file = p11_save_open_file (destination, NULL, ex->flags);
if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len))
return false;
@@ -78,8 +78,8 @@ p11_extract_x509_file (P11KitIter *iter,
}
bool
-p11_extract_x509_directory (P11KitIter *iter,
- p11_extract_info *ex)
+p11_extract_x509_directory (p11_enumerate *ex,
+ const char *destination)
{
p11_save_file *file;
p11_save_dir *dir;
@@ -87,12 +87,12 @@ p11_extract_x509_directory (P11KitIter *iter,
CK_RV rv;
bool ret;
- dir = p11_save_open_directory (ex->destination, ex->flags);
+ dir = p11_save_open_directory (destination, ex->flags);
if (dir == NULL)
return false;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- filename = p11_extract_info_filename (ex);
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
+ filename = p11_enumerate_filename (ex);
return_val_if_fail (filename != NULL, -1);
file = p11_save_open_file_in (dir, filename, ".cer");
diff --git a/trust/extract-jks.c b/trust/extract-jks.c
index e12b2de..b409046 100644
--- a/trust/extract-jks.c
+++ b/trust/extract-jks.c
@@ -210,8 +210,7 @@ add_alias (p11_buffer *buffer,
}
static bool
-prepare_jks_buffer (P11KitIter *iter,
- p11_extract_info *ex,
+prepare_jks_buffer (p11_enumerate *ex,
p11_buffer *buffer)
{
const unsigned char magic[] = { 0xfe, 0xed, 0xfe, 0xed };
@@ -258,7 +257,7 @@ prepare_jks_buffer (P11KitIter *iter,
return_val_if_fail (aliases != NULL, false);
/* For every certificate */
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
count++;
/* The type of entry */
@@ -312,17 +311,17 @@ prepare_jks_buffer (P11KitIter *iter,
}
bool
-p11_extract_jks_cacerts (P11KitIter *iter,
- p11_extract_info *ex)
+p11_extract_jks_cacerts (p11_enumerate *ex,
+ const char *destination)
{
p11_buffer buffer;
p11_save_file *file;
bool ret;
p11_buffer_init (&buffer, 1024 * 10);
- ret = prepare_jks_buffer (iter, ex, &buffer);
+ ret = prepare_jks_buffer (ex, &buffer);
if (ret) {
- file = p11_save_open_file (ex->destination, NULL, ex->flags);
+ file = p11_save_open_file (destination, NULL, ex->flags);
ret = p11_save_write_and_finish (file, buffer.data, buffer.len);
}
diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c
index 1f12f11..912c90d 100644
--- a/trust/extract-openssl.c
+++ b/trust/extract-openssl.c
@@ -102,7 +102,7 @@ known_usages (p11_array *oids)
}
static bool
-load_usage_ext (p11_extract_info *ex,
+load_usage_ext (p11_enumerate *ex,
const unsigned char *ext_oid,
p11_array **oids)
{
@@ -161,7 +161,7 @@ write_usages (node_asn *asn,
}
static bool
-write_trust_and_rejects (p11_extract_info *ex,
+write_trust_and_rejects (p11_enumerate *ex,
node_asn *asn)
{
p11_array *trusts = NULL;
@@ -222,7 +222,7 @@ write_trust_and_rejects (p11_extract_info *ex,
}
static bool
-write_keyid (p11_extract_info *ex,
+write_keyid (p11_enumerate *ex,
node_asn *asn)
{
unsigned char *value = NULL;
@@ -245,7 +245,7 @@ write_keyid (p11_extract_info *ex,
}
static bool
-write_alias (p11_extract_info *ex,
+write_alias (p11_enumerate *ex,
node_asn *asn)
{
CK_ATTRIBUTE *label;
@@ -264,7 +264,7 @@ write_alias (p11_extract_info *ex,
}
static bool
-write_other (p11_extract_info *ex,
+write_other (p11_enumerate *ex,
node_asn *asn)
{
int ret;
@@ -276,7 +276,7 @@ write_other (p11_extract_info *ex,
}
static bool
-prepare_pem_contents (p11_extract_info *ex,
+prepare_pem_contents (p11_enumerate *ex,
p11_buffer *buffer)
{
char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
@@ -315,8 +315,8 @@ prepare_pem_contents (p11_extract_info *ex,
}
bool
-p11_extract_openssl_bundle (P11KitIter *iter,
- p11_extract_info *ex)
+p11_extract_openssl_bundle (p11_enumerate *ex,
+ const char *destination)
{
p11_save_file *file;
p11_buffer output;
@@ -326,13 +326,13 @@ p11_extract_openssl_bundle (P11KitIter *iter,
bool first;
CK_RV rv;
- file = p11_save_open_file (ex->destination, NULL, ex->flags);
+ file = p11_save_open_file (destination, NULL, ex->flags);
if (!file)
return false;
first = true;
p11_buffer_init (&output, 0);
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
p11_buffer_init (&buf, 1024);
if (!p11_buffer_reset (&output, 2048))
return_val_if_reached (false);
@@ -341,7 +341,7 @@ p11_extract_openssl_bundle (P11KitIter *iter,
if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output))
return_val_if_reached (false);
- comment = p11_extract_info_comment (ex, first);
+ comment = p11_enumerate_comment (ex, first);
first = false;
ret = p11_save_write (file, comment, -1) &&
@@ -528,7 +528,7 @@ p11_openssl_canon_name_der (p11_dict *asn1_defs,
#ifdef OS_UNIX
static char *
-symlink_for_subject_hash (p11_extract_info *ex)
+symlink_for_subject_hash (p11_enumerate *ex)
{
unsigned char md[P11_DIGEST_SHA1_LEN];
p11_buffer der;
@@ -561,7 +561,7 @@ symlink_for_subject_hash (p11_extract_info *ex)
}
static char *
-symlink_for_subject_old_hash (p11_extract_info *ex)
+symlink_for_subject_old_hash (p11_enumerate *ex)
{
unsigned char md[P11_DIGEST_MD5_LEN];
CK_ATTRIBUTE *subject;
@@ -588,8 +588,8 @@ symlink_for_subject_old_hash (p11_extract_info *ex)
#endif /* OS_UNIX */
bool
-p11_extract_openssl_directory (P11KitIter *iter,
- p11_extract_info *ex)
+p11_extract_openssl_directory (p11_enumerate *ex,
+ const char *destination)
{
char *filename;
p11_save_file *file;
@@ -605,14 +605,14 @@ p11_extract_openssl_directory (P11KitIter *iter,
char *linkname;
#endif
- dir = p11_save_open_directory (ex->destination, ex->flags);
+ dir = p11_save_open_directory (destination, ex->flags);
if (dir == NULL)
return false;
p11_buffer_init (&buf, 0);
p11_buffer_init (&output, 0);
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
if (!p11_buffer_reset (&buf, 1024))
return_val_if_reached (false);
if (!p11_buffer_reset (&output, 2048))
@@ -622,7 +622,7 @@ p11_extract_openssl_directory (P11KitIter *iter,
if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output))
return_val_if_reached (false);
- name = p11_extract_info_filename (ex);
+ name = p11_enumerate_filename (ex);
return_val_if_fail (name != NULL, false);
filename = NULL;
diff --git a/trust/extract-pem.c b/trust/extract-pem.c
index 718cd99..1e1c857 100644
--- a/trust/extract-pem.c
+++ b/trust/extract-pem.c
@@ -46,8 +46,8 @@
#include <stdlib.h>
bool
-p11_extract_pem_bundle (P11KitIter *iter,
- p11_extract_info *ex)
+p11_extract_pem_bundle (p11_enumerate *ex,
+ const char *destination)
{
char *comment;
p11_buffer buf;
@@ -56,19 +56,19 @@ p11_extract_pem_bundle (P11KitIter *iter,
bool first = true;
CK_RV rv;
- file = p11_save_open_file (ex->destination, NULL, ex->flags);
+ file = p11_save_open_file (destination, NULL, ex->flags);
if (!file)
return false;
p11_buffer_init (&buf, 0);
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
if (!p11_buffer_reset (&buf, 2048))
return_val_if_reached (false);
if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
return_val_if_reached (false);
- comment = p11_extract_info_comment (ex, first);
+ comment = p11_enumerate_comment (ex, first);
first = false;
ret = p11_save_write (file, comment, -1) &&
@@ -99,8 +99,8 @@ p11_extract_pem_bundle (P11KitIter *iter,
}
bool
-p11_extract_pem_directory (P11KitIter *iter,
- p11_extract_info *ex)
+p11_extract_pem_directory (p11_enumerate *ex,
+ const char *destination)
{
p11_save_file *file;
p11_save_dir *dir;
@@ -109,19 +109,19 @@ p11_extract_pem_directory (P11KitIter *iter,
char *filename;
CK_RV rv;
- dir = p11_save_open_directory (ex->destination, ex->flags);
+ dir = p11_save_open_directory (destination, ex->flags);
if (dir == NULL)
return false;
p11_buffer_init (&buf, 0);
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
if (!p11_buffer_reset (&buf, 2048))
return_val_if_reached (false);
if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
return_val_if_reached (false);
- filename = p11_extract_info_filename (ex);
+ filename = p11_enumerate_filename (ex);
return_val_if_fail (filename != NULL, false);
file = p11_save_open_file_in (dir, filename, ".pem");
diff --git a/trust/extract.c b/trust/extract.c
index 1aec3e6..0389d29 100644
--- a/trust/extract.c
+++ b/trust/extract.c
@@ -55,114 +55,6 @@
#include <string.h>
static bool
-filter_argument (const char *optarg,
- P11KitUri **uri,
- CK_ATTRIBUTE **match,
- int *flags)
-{
- CK_ATTRIBUTE *attrs;
- int ret;
-
- CK_OBJECT_CLASS vcertificate = CKO_CERTIFICATE;
- CK_ULONG vauthority = 2;
- CK_CERTIFICATE_TYPE vx509 = CKC_X_509;
-
- CK_ATTRIBUTE certificate = { CKA_CLASS, &vcertificate, sizeof (vcertificate) };
- CK_ATTRIBUTE authority = { CKA_CERTIFICATE_CATEGORY, &vauthority, sizeof (vauthority) };
- CK_ATTRIBUTE x509 = { CKA_CERTIFICATE_TYPE, &vx509, sizeof (vx509) };
-
- if (strncmp (optarg, "pkcs11:", 7) == 0) {
- if (*uri != NULL) {
- p11_message ("only one pkcs11 uri filter may be specified");
- return false;
- }
- *uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse (optarg, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE, *uri);
- if (ret != P11_KIT_URI_OK) {
- p11_message ("couldn't parse pkcs11 uri filter: %s", optarg);
- return false;
- }
- return true;
- }
-
- if (strcmp (optarg, "ca-anchors") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &authority, &x509, NULL);
- *flags |= P11_EXTRACT_ANCHORS | P11_EXTRACT_COLLAPSE;
-
- } else if (strcmp (optarg, "trust-policy") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
- *flags |= P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST | P11_EXTRACT_COLLAPSE;
-
- } else if (strcmp (optarg, "blacklist") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
- *flags |= P11_EXTRACT_BLACKLIST | P11_EXTRACT_COLLAPSE;
-
- } else if (strcmp (optarg, "certificates") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
- *flags |= P11_EXTRACT_COLLAPSE;
-
- } else {
- p11_message ("unsupported or unrecognized filter: %s", optarg);
- return false;
- }
-
- if (*match != NULL) {
- p11_message ("a conflicting filter has already been specified");
- p11_attrs_free (attrs);
- return false;
- }
-
- *match = attrs;
- return true;
-}
-
-static int
-is_valid_oid_rough (const char *string)
-{
- size_t len;
-
- len = strlen (string);
-
- /* Rough check if a valid OID */
- return (strspn (string, "0123456789.") == len &&
- !strstr (string, "..") && string[0] != '\0' && string[0] != '.' &&
- string[len - 1] != '.');
-}
-
-static bool
-purpose_argument (const char *optarg,
- p11_extract_info *ex)
-{
- const char *oid;
-
- if (strcmp (optarg, "server-auth") == 0) {
- oid = P11_OID_SERVER_AUTH_STR;
- } else if (strcmp (optarg, "client-auth") == 0) {
- oid = P11_OID_CLIENT_AUTH_STR;
- } else if (strcmp (optarg, "email-protection") == 0 || strcmp (optarg, "email") == 0) {
- oid = P11_OID_EMAIL_PROTECTION_STR;
- } else if (strcmp (optarg, "code-signing") == 0) {
- oid = P11_OID_CODE_SIGNING_STR;
- } else if (strcmp (optarg, "ipsec-end-system") == 0) {
- oid = P11_OID_IPSEC_END_SYSTEM_STR;
- } else if (strcmp (optarg, "ipsec-tunnel") == 0) {
- oid = P11_OID_IPSEC_TUNNEL_STR;
- } else if (strcmp (optarg, "ipsec-user") == 0) {
- oid = P11_OID_IPSEC_USER_STR;
- } else if (strcmp (optarg, "time-stamping") == 0) {
- oid = P11_OID_TIME_STAMPING_STR;
- } else if (is_valid_oid_rough (optarg)) {
- oid = optarg;
- } else {
- p11_message ("unsupported or unregonized purpose: %s", optarg);
- return false;
- }
-
- p11_extract_info_limit_purpose (ex, oid);
- return true;
-}
-
-static bool
format_argument (const char *optarg,
p11_extract_func *func)
{
@@ -209,9 +101,8 @@ format_argument (const char *optarg,
}
static bool
-validate_filter_and_format (p11_extract_info *ex,
- p11_extract_func func,
- CK_ATTRIBUTE *match)
+validate_filter_and_format (p11_enumerate *ex,
+ p11_extract_func func)
{
int i;
@@ -233,8 +124,8 @@ validate_filter_and_format (p11_extract_info *ex,
return true;
}
- if ((ex->flags & P11_EXTRACT_ANCHORS) &&
- (ex->flags & P11_EXTRACT_BLACKLIST)) {
+ if ((ex->flags & P11_ENUMERATE_ANCHORS) &&
+ (ex->flags & P11_ENUMERATE_BLACKLIST)) {
/*
* If we're extracting *both* anchors and blacklist, then we must have
* a format that can represent the different types of information.
@@ -243,7 +134,7 @@ validate_filter_and_format (p11_extract_info *ex,
p11_message ("format does not support trust policy");
return false;
- } else if (ex->flags & P11_EXTRACT_ANCHORS) {
+ } else if (ex->flags & P11_ENUMERATE_ANCHORS) {
/*
* If we're extracting anchors, then we must have either limited the
@@ -252,7 +143,7 @@ validate_filter_and_format (p11_extract_info *ex,
if (!ex->limit_to_purposes) {
p11_message ("format does not support multiple purposes, defaulting to 'server-auth'");
- p11_extract_info_limit_purpose (ex, P11_OID_SERVER_AUTH_STR);
+ p11_enumerate_opt_purpose (ex, "server-auth");
}
}
@@ -264,12 +155,7 @@ p11_trust_extract (int argc,
char **argv)
{
p11_extract_func format = NULL;
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- p11_extract_info ex;
- CK_ATTRIBUTE *match;
- P11KitUri *uri;
- int flags;
+ p11_enumerate ex;
int opt = 0;
int ret;
@@ -334,10 +220,7 @@ p11_trust_extract (int argc,
{ 0 },
};
- match = NULL;
- uri = NULL;
-
- p11_extract_info_init (&ex);
+ p11_enumerate_init (&ex);
while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
switch (opt) {
@@ -352,11 +235,11 @@ p11_trust_extract (int argc,
ex.flags |= P11_EXTRACT_COMMENT;
break;
case opt_filter:
- if (!filter_argument (optarg, &uri, &match, &ex.flags))
+ if (!p11_enumerate_opt_filter (&ex, optarg))
exit (2);
break;
case opt_purpose:
- if (!purpose_argument (optarg, &ex))
+ if (!p11_enumerate_opt_purpose (&ex, optarg))
exit (2);
break;
case opt_format:
@@ -381,55 +264,20 @@ p11_trust_extract (int argc,
p11_message ("specify one destination file or directory");
exit (2);
}
- ex.destination = argv[0];
if (!format) {
p11_message ("no output format specified");
exit (2);
}
- /* If nothing that was useful to enumerate was specified, then bail */
- if (uri == NULL && match == NULL) {
- p11_message ("no filter specified, defaulting to 'ca-anchors'");
- filter_argument ("ca-anchors", &uri, &match, &ex.flags);
- }
-
- if (!validate_filter_and_format (&ex, format, match))
+ if (!validate_filter_and_format (&ex, format))
exit (1);
- if (uri && p11_kit_uri_any_unrecognized (uri))
- p11_message ("uri contained unrecognized components, nothing will be extracted");
-
- /*
- * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
- * we get from modules explicitly marked as containing trust-policy.
- */
- flags = 0;
- if (ex.flags & (P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST))
- flags |= P11_KIT_MODULE_TRUSTED;
-
- modules = p11_kit_modules_load_and_initialize (flags);
- if (!modules)
+ if (!p11_enumerate_ready (&ex, "ca-anchors"))
exit (1);
- if (modules[0] == NULL)
- p11_message ("no modules containing trust policy are registered");
-
- iter = p11_kit_iter_new (uri, 0);
-
- p11_kit_iter_add_callback (iter, p11_extract_info_load_filter, &ex, NULL);
- p11_kit_iter_add_filter (iter, match, p11_attrs_count (match));
-
- p11_kit_iter_begin (iter, modules);
-
- ret = (format) (iter, &ex) ? 0 : 1;
-
- p11_extract_info_cleanup (&ex);
- p11_kit_iter_free (iter);
- p11_kit_uri_free (uri);
-
- p11_kit_modules_finalize (modules);
- p11_kit_modules_release (modules);
+ ret = (format) (&ex, argv[0]) ? 0 : 1;
+ p11_enumerate_cleanup (&ex);
return ret;
}
diff --git a/trust/extract.h b/trust/extract.h
index 7db61c1..1bd8e4a 100644
--- a/trust/extract.h
+++ b/trust/extract.h
@@ -37,87 +37,37 @@
#ifndef P11_EXTRACT_H_
#define P11_EXTRACT_H_
-#include "array.h"
-#include "asn1.h"
-#include "dict.h"
-#include "iter.h"
+#include "enumerate.h"
#include "pkcs11.h"
enum {
/* These overlap with the flags in save.h, so start higher */
P11_EXTRACT_COMMENT = 1 << 10,
- P11_EXTRACT_ANCHORS = 1 << 11,
- P11_EXTRACT_BLACKLIST = 1 << 12,
- P11_EXTRACT_COLLAPSE = 1 << 13,
};
-typedef struct {
- p11_dict *asn1_defs;
- p11_dict *limit_to_purposes;
- p11_dict *already_seen;
- char *destination;
- int flags;
+typedef bool (* p11_extract_func) (p11_enumerate *ex,
+ const char *destination);
- /*
- * Stuff below is parsed info for the current iteration.
- * Currently this information is generally all relevant
- * just for certificates.
- */
+bool p11_extract_x509_file (p11_enumerate *ex,
+ const char *destination);
- CK_OBJECT_CLASS klass;
- CK_ATTRIBUTE *attrs;
+bool p11_extract_x509_directory (p11_enumerate *ex,
+ const char *destination);
- /* Pre-parsed data for certificates */
- node_asn *cert_asn;
- const unsigned char *cert_der;
- size_t cert_len;
+bool p11_extract_pem_bundle (p11_enumerate *ex,
+ const char *destination);
- /* DER OID -> CK_ATTRIBUTE list */
- p11_dict *stapled;
+bool p11_extract_pem_directory (p11_enumerate *ex,
+ const char *destination);
- /* Set of OID purposes as strings */
- p11_array *purposes;
-} p11_extract_info;
+bool p11_extract_jks_cacerts (p11_enumerate *ex,
+ const char *destination);
-void p11_extract_info_init (p11_extract_info *ex);
+bool p11_extract_openssl_bundle (p11_enumerate *ex,
+ const char *destination);
-CK_RV p11_extract_info_load_filter (P11KitIter *iter,
- CK_BBOOL *matches,
- void *data);
-
-void p11_extract_info_limit_purpose (p11_extract_info *ex,
- const char *purpose);
-
-void p11_extract_info_cleanup (p11_extract_info *ex);
-
-char * p11_extract_info_filename (p11_extract_info *ex);
-
-char * p11_extract_info_comment (p11_extract_info *ex,
- bool first);
-
-typedef bool (* p11_extract_func) (P11KitIter *iter,
- p11_extract_info *ex);
-
-bool p11_extract_x509_file (P11KitIter *iter,
- p11_extract_info *ex);
-
-bool p11_extract_x509_directory (P11KitIter *iter,
- p11_extract_info *ex);
-
-bool p11_extract_pem_bundle (P11KitIter *iter,
- p11_extract_info *ex);
-
-bool p11_extract_pem_directory (P11KitIter *iter,
- p11_extract_info *ex);
-
-bool p11_extract_jks_cacerts (P11KitIter *iter,
- p11_extract_info *ex);
-
-bool p11_extract_openssl_bundle (P11KitIter *iter,
- p11_extract_info *ex);
-
-bool p11_extract_openssl_directory (P11KitIter *iter,
- p11_extract_info *ex);
+bool p11_extract_openssl_directory (p11_enumerate *ex,
+ const char *destination);
int p11_trust_extract (int argc,
char **argv);
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
index c1e8127..e53a6ae 100644
--- a/trust/tests/Makefile.am
+++ b/trust/tests/Makefile.am
@@ -50,7 +50,7 @@ CHECK_PROGS = \
test-token \
test-module \
test-save \
- test-extract \
+ test-enumerate \
test-cer \
test-bundle \
test-openssl \
@@ -89,28 +89,28 @@ test_save_SOURCES = \
$(TRUST)/save.c \
$(NULL)
-test_extract_SOURCES = \
- test-extract.c \
- $(TRUST)/extract-info.c \
+test_enumerate_SOURCES = \
+ test-enumerate.c \
+ $(TRUST)/enumerate.c \
$(NULL)
test_cer_SOURCES = \
test-cer.c \
- $(TRUST)/extract-info.c \
+ $(TRUST)/enumerate.c \
$(TRUST)/extract-cer.c \
$(TRUST)/save.c \
$(NULL)
test_bundle_SOURCES = \
test-bundle.c \
- $(TRUST)/extract-info.c \
+ $(TRUST)/enumerate.c \
$(TRUST)/extract-pem.c \
$(TRUST)/save.c \
$(NULL)
test_openssl_SOURCES = \
test-openssl.c \
- $(TRUST)/extract-info.c \
+ $(TRUST)/enumerate.c \
$(TRUST)/extract-openssl.c \
$(TRUST)/save.c \
$(NULL)
diff --git a/trust/tests/test-bundle.c b/trust/tests/test-bundle.c
index 397787f..85c0b5f 100644
--- a/trust/tests/test-bundle.c
+++ b/trust/tests/test-bundle.c
@@ -59,8 +59,7 @@
struct {
CK_FUNCTION_LIST module;
- P11KitIter *iter;
- p11_extract_info ex;
+ p11_enumerate ex;
char *directory;
} test;
@@ -74,9 +73,7 @@ setup (void *unused)
rv = test.module.C_Initialize (NULL);
assert_num_eq (CKR_OK, rv);
- test.iter = p11_kit_iter_new (NULL, 0);
-
- p11_extract_info_init (&test.ex);
+ p11_enumerate_init (&test.ex);
test.directory = p11_test_directory ("test-extract");
}
@@ -90,8 +87,7 @@ teardown (void *unused)
assert_not_reached ();
free (test.directory);
- p11_extract_info_cleanup (&test.ex);
- p11_kit_iter_free (test.iter);
+ p11_enumerate_cleanup (&test.ex);
rv = test.module.C_Finalize (NULL);
assert_num_eq (CKR_OK, rv);
@@ -118,66 +114,66 @@ static CK_ATTRIBUTE certificate_filter[] = {
static void
test_file (void)
{
+ char *destination;
bool ret;
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_pem_bundle (test.iter, &test.ex);
+ ret = p11_extract_pem_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_file_multiple (void)
{
+ char *destination;
bool ret;
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_pem_bundle (test.iter, &test.ex);
+ ret = p11_extract_pem_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3-twice.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_file_without (void)
{
+ char *destination;
bool ret;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_pem_bundle (test.iter, &test.ex);
+ ret = p11_extract_pem_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_data (test.directory, "extract.pem", "", 0);
- free (test.ex.destination);
+ free (destination);
}
static void
@@ -188,16 +184,14 @@ test_directory (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
/* Yes, this is a race, and why you shouldn't build software as root */
if (rmdir (test.directory) < 0)
assert_not_reached ();
- test.ex.destination = test.directory;
- ret = p11_extract_pem_directory (test.iter, &test.ex);
+ ret = p11_extract_pem_directory (&test.ex, test.directory);
assert_num_eq (true, ret);
test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL));
@@ -210,16 +204,14 @@ test_directory_empty (void)
{
bool ret;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
/* Yes, this is a race, and why you shouldn't build software as root */
if (rmdir (test.directory) < 0)
assert_not_reached ();
- test.ex.destination = test.directory;
- ret = p11_extract_pem_directory (test.iter, &test.ex);
+ ret = p11_extract_pem_directory (&test.ex, test.directory);
assert_num_eq (true, ret);
test_check_directory (test.directory, (NULL, NULL));
diff --git a/trust/tests/test-cer.c b/trust/tests/test-cer.c
index 846cabf..ba0b9ca 100644
--- a/trust/tests/test-cer.c
+++ b/trust/tests/test-cer.c
@@ -59,8 +59,7 @@
struct {
CK_FUNCTION_LIST module;
- P11KitIter *iter;
- p11_extract_info ex;
+ p11_enumerate ex;
char *directory;
} test;
@@ -74,9 +73,7 @@ setup (void *unused)
rv = test.module.C_Initialize (NULL);
assert_num_eq (CKR_OK, rv);
- test.iter = p11_kit_iter_new (NULL, 0);
-
- p11_extract_info_init (&test.ex);
+ p11_enumerate_init (&test.ex);
test.directory = p11_test_directory ("test-extract");
}
@@ -90,8 +87,7 @@ teardown (void *unused)
assert_fail ("rmdir() failed", test.directory);
free (test.directory);
- p11_extract_info_cleanup (&test.ex);
- p11_kit_iter_free (test.iter);
+ p11_enumerate_cleanup (&test.ex);
rv = test.module.C_Finalize (NULL);
assert_num_eq (CKR_OK, rv);
@@ -118,43 +114,43 @@ static CK_ATTRIBUTE certificate_filter[] = {
static void
test_file (void)
{
+ char *destination;
bool ret;
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
assert_not_reached ();
- ret = p11_extract_x509_file (test.iter, &test.ex);
+ ret = p11_extract_x509_file (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
- free (test.ex.destination);
+ free (destination);
}
static void
test_file_multiple (void)
{
+ char *destination;
bool ret;
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
assert_not_reached ();
p11_message_quiet ();
- ret = p11_extract_x509_file (test.iter, &test.ex);
+ ret = p11_extract_x509_file (&test.ex, destination);
assert_num_eq (true, ret);
assert (strstr (p11_message_last (), "multiple certificates") != NULL);
@@ -163,31 +159,31 @@ test_file_multiple (void)
test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
- free (test.ex.destination);
+ free (destination);
}
static void
test_file_without (void)
{
+ char *destination;
bool ret;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.cer") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
assert_not_reached ();
p11_message_quiet ();
- ret = p11_extract_x509_file (test.iter, &test.ex);
+ ret = p11_extract_x509_file (&test.ex, destination);
assert_num_eq (false, ret);
assert (strstr (p11_message_last (), "no certificate") != NULL);
p11_message_loud ();
- free (test.ex.destination);
+ free (destination);
}
static void
@@ -198,16 +194,14 @@ test_directory (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
/* Yes, this is a race, and why you shouldn't build software as root */
if (rmdir (test.directory) < 0)
assert_not_reached ();
- test.ex.destination = test.directory;
- ret = p11_extract_x509_directory (test.iter, &test.ex);
+ ret = p11_extract_x509_directory (&test.ex, test.directory);
assert_num_eq (true, ret);
test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL));
@@ -220,16 +214,14 @@ test_directory_empty (void)
{
bool ret;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
/* Yes, this is a race, and why you shouldn't build software as root */
if (rmdir (test.directory) < 0)
assert_not_reached ();
- test.ex.destination = test.directory;
- ret = p11_extract_x509_directory (test.iter, &test.ex);
+ ret = p11_extract_x509_directory (&test.ex, test.directory);
assert_num_eq (true, ret);
test_check_directory (test.directory, (NULL, NULL));
diff --git a/trust/tests/test-extract.c b/trust/tests/test-enumerate.c
index 4fce711..027abbe 100644
--- a/trust/tests/test-extract.c
+++ b/trust/tests/test-enumerate.c
@@ -53,94 +53,94 @@
#include <stdlib.h>
#include <string.h>
+
static void
test_file_name_for_label (void)
{
CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
- p11_extract_info ex;
+ p11_enumerate ex;
char *name;
- p11_extract_info_init (&ex);
+ p11_enumerate_init (&ex);
ex.attrs = p11_attrs_build (NULL, &label, NULL);
- name = p11_extract_info_filename (&ex);
+ name = p11_enumerate_filename (&ex);
assert_str_eq ("The_Label_", name);
free (name);
- p11_extract_info_cleanup (&ex);
+ p11_enumerate_cleanup (&ex);
}
static void
test_file_name_for_class (void)
{
- p11_extract_info ex;
+ p11_enumerate ex;
char *name;
- p11_extract_info_init (&ex);
+ p11_enumerate_init (&ex);
ex.klass = CKO_CERTIFICATE;
- name = p11_extract_info_filename (&ex);
+ name = p11_enumerate_filename (&ex);
assert_str_eq ("certificate", name);
free (name);
ex.klass = CKO_DATA;
- name = p11_extract_info_filename (&ex);
+ name = p11_enumerate_filename (&ex);
assert_str_eq ("unknown", name);
free (name);
- p11_extract_info_cleanup (&ex);
+ p11_enumerate_cleanup (&ex);
}
static void
test_comment_for_label (void)
{
CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
- p11_extract_info ex;
+ p11_enumerate ex;
char *comment;
- p11_extract_info_init (&ex);
+ p11_enumerate_init (&ex);
ex.flags = P11_EXTRACT_COMMENT;
ex.attrs = p11_attrs_build (NULL, &label, NULL);
- comment = p11_extract_info_comment (&ex, true);
+ comment = p11_enumerate_comment (&ex, true);
assert_str_eq ("# The Label!\n", comment);
free (comment);
- comment = p11_extract_info_comment (&ex, false);
+ comment = p11_enumerate_comment (&ex, false);
assert_str_eq ("\n# The Label!\n", comment);
free (comment);
- p11_extract_info_cleanup (&ex);
+ p11_enumerate_cleanup (&ex);
}
static void
test_comment_not_enabled (void)
{
CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
- p11_extract_info ex;
+ p11_enumerate ex;
char *comment;
- p11_extract_info_init (&ex);
+ p11_enumerate_init (&ex);
ex.attrs = p11_attrs_build (NULL, &label, NULL);
- comment = p11_extract_info_comment (&ex, true);
+ comment = p11_enumerate_comment (&ex, true);
assert_ptr_eq (NULL, comment);
- comment = p11_extract_info_comment (&ex, false);
+ comment = p11_enumerate_comment (&ex, false);
assert_ptr_eq (NULL, comment);
- p11_extract_info_cleanup (&ex);
+ p11_enumerate_cleanup (&ex);
}
struct {
CK_FUNCTION_LIST module;
- P11KitIter *iter;
- p11_extract_info ex;
+ p11_enumerate ex;
} test;
static void
@@ -154,9 +154,7 @@ setup (void *unused)
rv = test.module.C_Initialize (NULL);
assert_num_eq (CKR_OK, rv);
- test.iter = p11_kit_iter_new (NULL, 0);
-
- p11_extract_info_init (&test.ex);
+ p11_enumerate_init (&test.ex);
}
static void
@@ -164,9 +162,7 @@ teardown (void *unused)
{
CK_RV rv;
- p11_extract_info_cleanup (&test.ex);
-
- p11_kit_iter_free (test.iter);
+ p11_enumerate_cleanup (&test.ex);
rv = test.module.C_Finalize (NULL);
assert_num_eq (CKR_OK, rv);
@@ -234,11 +230,10 @@ test_info_simple_certificate (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
@@ -250,7 +245,7 @@ test_info_simple_certificate (void)
assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0);
assert_ptr_not_null (test.ex.cert_asn);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -264,14 +259,13 @@ test_info_limit_purposes (void)
/* This should not match the above, with the stapled certificat ext */
assert_ptr_eq (NULL, test.ex.limit_to_purposes);
- p11_extract_info_limit_purpose (&test.ex, "1.1.1");
+ p11_enumerate_opt_purpose (&test.ex, "1.1.1");
assert_ptr_not_null (test.ex.limit_to_purposes);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -283,14 +277,13 @@ test_info_invalid_purposes (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
p11_kit_be_quiet ();
/* No results due to invalid purpose on certificate */
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
p11_kit_be_loud ();
@@ -303,17 +296,16 @@ test_info_skip_non_certificate (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
p11_message_quiet ();
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
p11_message_loud ();
@@ -327,13 +319,12 @@ test_limit_to_purpose_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
- p11_extract_info_limit_purpose (&test.ex, P11_OID_SERVER_AUTH_STR);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
p11_message_quiet ();
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
p11_message_loud ();
@@ -347,13 +338,12 @@ test_limit_to_purpose_no_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
- p11_extract_info_limit_purpose (&test.ex, "3.3.3.3");
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_enumerate_opt_purpose (&test.ex, "3.3.3.3");
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
p11_message_quiet ();
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
p11_message_loud ();
@@ -368,17 +358,16 @@ test_duplicate_extract (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, &certificate, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -396,21 +385,20 @@ test_duplicate_distrusted (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- test.ex.flags = P11_EXTRACT_COLLAPSE;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, &certificate, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ test.ex.flags = P11_ENUMERATE_COLLAPSE;
+ p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
- rv = p11_kit_iter_load_attributes (test.iter, attrs, 1);
+ rv = p11_kit_iter_load_attributes (test.ex.iter, attrs, 1);
assert_num_eq (CKR_OK, rv);
assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val));
assert_num_eq (val, CK_TRUE);
free (attrs[0].pValue);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -423,12 +411,11 @@ test_trusted_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_EXTRACT_ANCHORS;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, &certificate, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ test.ex.flags = P11_ENUMERATE_ANCHORS;
+ p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -442,19 +429,18 @@ test_distrust_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_EXTRACT_BLACKLIST;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, &certificate, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ test.ex.flags = P11_ENUMERATE_BLACKLIST;
+ p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv))
boolv = CK_FALSE;
assert_num_eq (CK_TRUE, boolv);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -467,15 +453,14 @@ test_anytrust_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, &certificate, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
+ p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_OK, rv);
- rv = p11_kit_iter_next (test.iter);
+ rv = p11_kit_iter_next (test.ex.iter);
assert_num_eq (CKR_CANCEL, rv);
}
diff --git a/trust/tests/test-openssl.c b/trust/tests/test-openssl.c
index f31a41a..583ce24 100644
--- a/trust/tests/test-openssl.c
+++ b/trust/tests/test-openssl.c
@@ -62,8 +62,7 @@
struct {
CK_FUNCTION_LIST module;
- P11KitIter *iter;
- p11_extract_info ex;
+ p11_enumerate ex;
char *directory;
} test;
@@ -77,9 +76,7 @@ setup (void *unused)
rv = test.module.C_Initialize (NULL);
assert_num_eq (CKR_OK, rv);
- test.iter = p11_kit_iter_new (NULL, 0);
-
- p11_extract_info_init (&test.ex);
+ p11_enumerate_init (&test.ex);
test.directory = p11_test_directory ("test-extract");
}
@@ -93,8 +90,8 @@ teardown (void *unused)
assert_not_reached ();
free (test.directory);
- p11_extract_info_cleanup (&test.ex);
- p11_kit_iter_free (test.iter);
+ p11_enumerate_cleanup (&test.ex);
+ p11_kit_iter_free (test.ex.iter);
rv = test.module.C_Finalize (NULL);
assert_num_eq (CKR_OK, rv);
@@ -177,6 +174,7 @@ setup_objects (const CK_ATTRIBUTE *attrs,
static void
test_file (void)
{
+ char *destination;
bool ret;
setup_objects (cacert3_authority_attrs,
@@ -184,48 +182,48 @@ test_file (void)
extension_reject_email,
NULL);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_openssl_bundle (test.iter, &test.ex);
+ ret = p11_extract_openssl_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem",
SRCDIR "/files/cacert3-trusted-server-alias.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_plain (void)
{
+ char *destination;
bool ret;
setup_objects (cacert3_authority_attrs, NULL);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_openssl_bundle (test.iter, &test.ex);
+ ret = p11_extract_openssl_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem",
SRCDIR "/files/cacert3-trusted-alias.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_keyid (void)
{
+ char *destination;
bool ret;
static CK_ATTRIBUTE cacert3_plain[] = {
@@ -248,25 +246,25 @@ test_keyid (void)
setup_objects (cacert3_plain, extension_subject_key_identifier, NULL);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_openssl_bundle (test.iter, &test.ex);
+ ret = p11_extract_openssl_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem",
SRCDIR "/files/cacert3-trusted-keyid.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_not_authority (void)
{
+ char *destination;
bool ret;
static CK_ATTRIBUTE cacert3_not_trusted[] = {
@@ -279,25 +277,25 @@ test_not_authority (void)
setup_objects (cacert3_not_trusted, NULL);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_openssl_bundle (test.iter, &test.ex);
+ ret = p11_extract_openssl_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem",
SRCDIR "/files/cacert3-not-trusted.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_distrust_all (void)
{
+ char *destination;
bool ret;
static CK_ATTRIBUTE cacert3_blacklist[] = {
@@ -311,25 +309,25 @@ test_distrust_all (void)
setup_objects (cacert3_blacklist, NULL);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_openssl_bundle (test.iter, &test.ex);
+ ret = p11_extract_openssl_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem",
SRCDIR "/files/cacert3-distrust-all.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_file_multiple (void)
{
+ char *destination;
bool ret;
setup_objects (cacert3_authority_attrs,
@@ -340,38 +338,37 @@ test_file_multiple (void)
setup_objects (verisign_v1_attrs,
NULL);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_openssl_bundle (test.iter, &test.ex);
+ ret = p11_extract_openssl_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_file (test.directory, "extract.pem", SRCDIR "/files/multiple.pem");
- free (test.ex.destination);
+ free (destination);
}
static void
test_file_without (void)
{
+ char *destination;
bool ret;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
- if (asprintf (&test.ex.destination, "%s/%s", test.directory, "extract.pem") < 0)
+ if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
assert_not_reached ();
- ret = p11_extract_openssl_bundle (test.iter, &test.ex);
+ ret = p11_extract_openssl_bundle (&test.ex, destination);
assert_num_eq (true, ret);
test_check_data (test.directory, "extract.pem", "", 0);
- free (test.ex.destination);
+ free (destination);
}
/* From extract-openssl.c */
@@ -587,16 +584,14 @@ test_directory (void)
setup_objects (cacert3_authority_attrs,
NULL);
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
/* Yes, this is a race, and why you shouldn't build software as root */
if (rmdir (test.directory) < 0)
assert_not_reached ();
- test.ex.destination = test.directory;
- ret = p11_extract_openssl_directory (test.iter, &test.ex);
+ ret = p11_extract_openssl_directory (&test.ex, test.directory);
assert_num_eq (true, ret);
test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem",
@@ -621,16 +616,14 @@ test_directory_empty (void)
{
bool ret;
- p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
- p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
+ p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
+ p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
/* Yes, this is a race, and why you shouldn't build software as root */
if (rmdir (test.directory) < 0)
assert_not_reached ();
- test.ex.destination = test.directory;
- ret = p11_extract_openssl_directory (test.iter, &test.ex);
+ ret = p11_extract_openssl_directory (&test.ex, test.directory);
assert_num_eq (true, ret);
test_check_directory (test.directory, (NULL, NULL));