summaryrefslogtreecommitdiff
path: root/trust
diff options
context:
space:
mode:
authorStef Walter <stefw@redhat.com>2017-01-29 15:10:37 +0100
committerDaiki Ueno <ueno@gnu.org>2017-01-31 17:38:15 +0100
commitcfa9fefb2b4c4d8c1d38284817c61dcf5d3f4716 (patch)
treee5839794821273ace6543d1b699a70f75d4efca0 /trust
parent2a46d81d84682181e0108ff2e5f973f7a319d25f (diff)
trust: Implement a 'trust dump' command
This dumps all the PKCS#11 objects in the internal .p11-kit persistence format. This is part of the trust command and tooling, even though at some point it could go in the p11-kit command. The reason for this is that the code related to the internal .p11-kit objects is in the trust code, and consumed solely by the trust related modules.
Diffstat (limited to 'trust')
-rw-r--r--trust/Makefile.am1
-rw-r--r--trust/dump.c191
-rw-r--r--trust/dump.h43
-rw-r--r--trust/trust.c2
4 files changed, 237 insertions, 0 deletions
diff --git a/trust/Makefile.am b/trust/Makefile.am
index cc91bce..6df75a1 100644
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -94,6 +94,7 @@ trust_trust_SOURCES = \
trust/parser.c trust/parser.h \
trust/persist.c trust/persist.h \
trust/digest.c trust/digest.h \
+ trust/dump.c trust/dump.h \
trust/enumerate.c trust/enumerate.h \
trust/extract.c trust/extract.h \
trust/extract-jks.c \
diff --git a/trust/dump.c b/trust/dump.c
new file mode 100644
index 0000000..ddc4581
--- /dev/null
+++ b/trust/dump.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 2013, Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#define P11_DEBUG_FLAG P11_DEBUG_TOOL
+
+#include "attrs.h"
+#include "debug.h"
+#include "dump.h"
+#include "enumerate.h"
+#include "message.h"
+#include "persist.h"
+#include "tool.h"
+#include "url.h"
+
+#include "p11-kit/iter.h"
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+static char *
+format_uri (p11_enumerate *ex,
+ int flags)
+{
+ CK_ATTRIBUTE *attr;
+ p11_kit_uri *uri;
+ char *string;
+
+ uri = p11_kit_uri_new ();
+
+ memcpy (p11_kit_uri_get_token_info (uri),
+ p11_kit_iter_get_token (ex->iter),
+ sizeof (CK_TOKEN_INFO));
+
+ attr = p11_attrs_find (ex->attrs, CKA_CLASS);
+ if (attr != NULL)
+ p11_kit_uri_set_attribute (uri, attr);
+ attr = p11_attrs_find (ex->attrs, CKA_ID);
+ if (attr != NULL)
+ p11_kit_uri_set_attribute (uri, attr);
+
+ if (p11_kit_uri_format (uri, flags, &string) != P11_KIT_URI_OK)
+ string = NULL;
+
+ p11_kit_uri_free (uri);
+ return string;
+}
+
+static bool
+dump_iterate (p11_enumerate *ex)
+{
+ p11_persist *persist;
+ char *string;
+ p11_buffer buf;
+ CK_RV rv;
+
+ persist = p11_persist_new ();
+
+ if (!p11_buffer_init (&buf, 0))
+ return_val_if_reached (false);
+
+ while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
+ if (!p11_buffer_reset (&buf, 8192))
+ return_val_if_reached (false);
+
+ string = format_uri (ex, P11_KIT_URI_FOR_OBJECT);
+ if (string) {
+ printf ("# %s\n", string);
+ free (string);
+ }
+
+ if (!p11_persist_write (persist, ex->attrs, &buf)) {
+ p11_message ("could not dump object");
+ continue;
+ }
+
+ fwrite (buf.data, 1, buf.len, stdout);
+ printf ("\n");
+ }
+
+ p11_persist_free (persist);
+ p11_buffer_uninit (&buf);
+
+ return (rv == CKR_CANCEL);
+}
+
+int
+p11_trust_dump (int argc,
+ char **argv)
+{
+ p11_enumerate ex;
+ int opt = 0;
+ int ret;
+
+ enum {
+ opt_verbose = 'v',
+ opt_quiet = 'q',
+ opt_help = 'h',
+ opt_filter = 1000,
+ };
+
+ struct option options[] = {
+ { "filter", required_argument, NULL, opt_filter },
+ { "verbose", no_argument, NULL, opt_verbose },
+ { "quiet", no_argument, NULL, opt_quiet },
+ { "help", no_argument, NULL, opt_help },
+ { 0 },
+ };
+
+ p11_tool_desc usages[] = {
+ { 0, "usage: trust list --filter=<what>" },
+ { opt_filter,
+ "filter of what to export\n"
+ " pkcs11:object=xx a PKCS#11 URI\n"
+ " all all objects",
+ "what",
+ },
+ { opt_verbose, "show verbose debug output", },
+ { opt_quiet, "suppress command output", },
+ { 0 },
+ };
+
+ p11_enumerate_init (&ex);
+
+ while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
+ switch (opt) {
+ case opt_verbose:
+ case opt_quiet:
+ break;
+
+ case opt_filter:
+ if (!p11_enumerate_opt_filter (&ex, optarg))
+ exit (2);
+ break;
+ case 'h':
+ p11_tool_usage (usages, options);
+ exit (0);
+ case '?':
+ exit (2);
+ default:
+ assert_not_reached ();
+ break;
+ }
+ }
+
+ if (argc - optind != 0) {
+ p11_message ("extra arguments passed to command");
+ exit (2);
+ }
+
+ if (!p11_enumerate_ready (&ex, "all"))
+ exit (1);
+
+ ret = dump_iterate (&ex) ? 0 : 1;
+
+ p11_enumerate_cleanup (&ex);
+ return ret;
+}
diff --git a/trust/dump.h b/trust/dump.h
new file mode 100644
index 0000000..7b9b225
--- /dev/null
+++ b/trust/dump.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2013, Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#ifndef P11_DUMP_H_
+#define P11_DUMP_H_
+
+int p11_trust_dump (int argc,
+ char **argv);
+
+#endif /* P11_DUMP_H_ */
diff --git a/trust/trust.c b/trust/trust.c
index b006ec8..64eddae 100644
--- a/trust/trust.c
+++ b/trust/trust.c
@@ -35,6 +35,7 @@
#include "config.h"
#include "anchor.h"
+#include "dump.h"
#include "extract.h"
#include "list.h"
@@ -58,6 +59,7 @@ static const p11_tool_command commands[] = {
{ "extract", p11_trust_extract, "Extract certificates and trust" },
{ "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" },
{ "anchor", p11_trust_anchor, "Add, remove, change trust anchors" },
+ { "dump", p11_trust_dump, "Dump trust objects in internal format" },
{ 0, }
};