diff options
| -rw-r--r-- | common/Makefile.am | 1 | ||||
| -rw-r--r-- | common/oid.h | 18 | ||||
| -rw-r--r-- | common/tests/Makefile.am | 1 | ||||
| -rw-r--r-- | common/tests/test-utf8.c (renamed from tools/tests/test-utf8.c) | 0 | ||||
| -rw-r--r-- | common/tests/test-x509.c | 81 | ||||
| -rw-r--r-- | common/utf8.c (renamed from tools/utf8.c) | 0 | ||||
| -rw-r--r-- | common/utf8.h (renamed from tools/utf8.h) | 0 | ||||
| -rw-r--r-- | common/x509.c | 136 | ||||
| -rw-r--r-- | common/x509.h | 16 | ||||
| -rw-r--r-- | tools/extract-openssl.c | 70 | ||||
| -rw-r--r-- | tools/tests/Makefile.am | 7 | ||||
| -rw-r--r-- | tools/tests/test-openssl.c | 16 | ||||
| -rw-r--r-- | trust/parser.c | 51 | ||||
| -rw-r--r-- | trust/tests/test-parser.c | 22 |
14 files changed, 318 insertions, 101 deletions
diff --git a/common/Makefile.am b/common/Makefile.am index 145627c..96000dd 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -46,6 +46,7 @@ libp11_data_la_SOURCES = \ openssl.asn openssl.asn.h \ pem.c pem.h \ pkix.asn pkix.asn.h \ + utf8.c utf8.h \ x509.c x509.h \ $(NULL) diff --git a/common/oid.h b/common/oid.h index 08b3feb..96b7a27 100644 --- a/common/oid.h +++ b/common/oid.h @@ -48,6 +48,24 @@ bool p11_oid_equal (const void *oid_one, int p11_oid_length (const unsigned char *oid); /* + * 2.5.4.3: CN or commonName + */ +static const unsigned char P11_OID_CN[] = + { 0x06, 0x03, 0x55, 0x04, 0x03, }; + +/* + * 2.5.4.10: O or organization + */ +static const unsigned char P11_OID_O[] = + { 0x06, 0x03, 0x55, 0x04, 0x0a, }; + +/* + * 2.5.4.11: OU or organizationalUnit + */ +static const unsigned char P11_OID_OU[] = + { 0x06, 0x03, 0x55, 0x04, 0x0b, }; + +/* * Our support of certificate extensions and so on is not limited to what is * listed here. This is simply the OIDs used by the parsing code that generates * backwards compatible PKCS#11 objects for NSS and the like. diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am index ceb0d47..3ef4471 100644 --- a/common/tests/Makefile.am +++ b/common/tests/Makefile.am @@ -38,6 +38,7 @@ CHECK_PROGS += \ test-checksum \ test-pem \ test-oid \ + test-utf8 \ test-x509 \ $(NULL) diff --git a/tools/tests/test-utf8.c b/common/tests/test-utf8.c index d34f597..d34f597 100644 --- a/tools/tests/test-utf8.c +++ b/common/tests/test-utf8.c diff --git a/common/tests/test-x509.c b/common/tests/test-x509.c index 0341ed9..6da26bf 100644 --- a/common/tests/test-x509.c +++ b/common/tests/test-x509.c @@ -44,6 +44,8 @@ #include <stdio.h> #include <string.h> +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + struct { p11_dict *asn1_defs; } test; @@ -335,6 +337,83 @@ test_parse_extension_not_found (CuTest *cu) teardown (cu); } +static void +test_directory_string (CuTest *tc) +{ + struct { + unsigned char input[100]; + int input_len; + char *output; + int output_len; + } fixtures[] = { + /* UTF8String */ + { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, + "\xc3\x84 UTF8 string ", 15, + }, + + /* NumericString */ + { { 0x12, 0x04, '0', '1', '2', '3', }, 6, + "0123", 4, + }, + + /* IA5String */ + { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, + " AB ", 4 + }, + + /* TeletexString */ + { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + "A nice", 7 + }, + + /* PrintableString */ + { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + "A nice", 7, + }, + + /* UniversalString */ + { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, + "Fun \xf0\x90\x8c\x99", 8 + }, + + /* BMPString */ + { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, + "V\xc3\xb6gel", 6 + }, + }; + + char *string; + bool unknown; + size_t length; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + string = p11_x509_parse_directory_string (fixtures[i].input, + fixtures[i].input_len, + &unknown, &length); + CuAssertPtrNotNull (tc, string); + CuAssertIntEquals (tc, false, unknown); + + CuAssertIntEquals (tc, fixtures[i].output_len, length); + CuAssertStrEquals (tc, fixtures[i].output, string); + } +} + +static void +test_directory_string_unknown (CuTest *tc) +{ + /* Not a valid choice in DirectoryString */ + unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }; + char *string; + bool unknown = false; + size_t length; + + string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length); + CuAssertPtrEquals (tc, NULL, string); + CuAssertIntEquals (tc, true, unknown); +} + int main (void) { @@ -349,6 +428,8 @@ main (void) SUITE_ADD_TEST (suite, test_parse_key_usage); SUITE_ADD_TEST (suite, test_parse_extension); SUITE_ADD_TEST (suite, test_parse_extension_not_found); + SUITE_ADD_TEST (suite, test_directory_string); + SUITE_ADD_TEST (suite, test_directory_string_unknown); CuSuiteRun (suite); CuSuiteSummary (suite, output); diff --git a/tools/utf8.c b/common/utf8.c index 5ce6889..5ce6889 100644 --- a/tools/utf8.c +++ b/common/utf8.c diff --git a/tools/utf8.h b/common/utf8.h index 8efa66f..8efa66f 100644 --- a/tools/utf8.h +++ b/common/utf8.h diff --git a/common/x509.c b/common/x509.c index bfb49df..46e3bd9 100644 --- a/common/x509.c +++ b/common/x509.c @@ -38,6 +38,7 @@ #define P11_DEBUG_FLAG P11_DEBUG_TRUST #include "debug.h" #include "oid.h" +#include "utf8.h" #include "x509.h" #include <stdlib.h> @@ -209,3 +210,138 @@ p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, return ekus; } + +char * +p11_x509_parse_directory_string (const unsigned char *input, + size_t input_len, + bool *unknown_string, + size_t *string_len) +{ + unsigned long tag; + unsigned char cls; + int tag_len; + int len_len; + const void *octets; + long octet_len; + int ret; + + ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len); + return_val_if_fail (octet_len >= 0, false); + return_val_if_fail (tag_len + len_len + octet_len == input_len, NULL); + + octets = input + tag_len + len_len; + + if (unknown_string) + *unknown_string = false; + + /* The following strings are the ones we normalize */ + switch (tag) { + case 12: /* UTF8String */ + case 18: /* NumericString */ + case 22: /* IA5String */ + case 20: /* TeletexString */ + case 19: /* PrintableString */ + if (!p11_utf8_validate (octets, octet_len)) + return NULL; + if (string_len) + *string_len = octet_len; + return strndup (octets, octet_len); + + case 28: /* UniversalString */ + return p11_utf8_for_ucs4be (octets, octet_len, string_len); + + case 30: /* BMPString */ + return p11_utf8_for_ucs2be (octets, octet_len, string_len); + + /* Just pass through all the non-string types */ + default: + if (unknown_string) + *unknown_string = true; + return NULL; + } + +} + +char * +p11_x509_parse_dn_name (p11_dict *asn_defs, + const unsigned char *der, + size_t der_len, + const unsigned char *oid) +{ + node_asn *asn; + char *part; + + asn = p11_asn1_decode (asn_defs, "PKIX1.Name", der, der_len, NULL); + if (asn == NULL) + return NULL; + + part = p11_x509_lookup_dn_name (asn, NULL, der, der_len, oid); + asn1_delete_structure (&asn); + return part; +} + +char * +p11_x509_lookup_dn_name (node_asn *asn, + const char *dn_field, + const unsigned char *der, + size_t der_len, + const unsigned char *oid) +{ + unsigned char *value; + char field[128]; + int value_len; + char *part; + int i, j; + int start; + int end; + int ret; + + for (i = 1; true; i++) { + for (j = 1; true; j++) { + snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.type", + dn_field, dn_field ? "." : "", i, j); + + ret = asn1_der_decoding_startEnd (asn, der, der_len, field, &start, &end); + + /* No more dns */ + if (ret == ASN1_ELEMENT_NOT_FOUND) + break; + + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + /* Make sure it's a straightforward oid with certain assumptions */ + if (!p11_oid_simple (der + start, (end - start) + 1)) + continue; + + /* The one we're lookin for? */ + if (!p11_oid_equal (der + start, oid)) + continue; + + snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.value", + dn_field, dn_field ? "." : "", i, j); + + value_len = 0; + ret = asn1_read_value (asn, field, NULL, &value_len); + return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); + + value = malloc (value_len + 1); + return_val_if_fail (value != NULL, NULL); + + ret = asn1_read_value (asn, field, value, &value_len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + part = p11_x509_parse_directory_string (value, value_len, NULL, NULL); + free (value); + + return part; + } + + if (j == 1) + break; + } + + return NULL; +} diff --git a/common/x509.h b/common/x509.h index 2ec5eb8..cbfc574 100644 --- a/common/x509.h +++ b/common/x509.h @@ -60,4 +60,20 @@ p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, const unsigned char *ext_der, size_t ext_len); +char * p11_x509_parse_dn_name (p11_dict *asn_defs, + const unsigned char *der, + size_t der_len, + const unsigned char *oid); + +char * p11_x509_lookup_dn_name (node_asn *asn, + const char *dn_field, + const unsigned char *der, + size_t der_len, + const unsigned char *oid); + +char * p11_x509_parse_directory_string (const unsigned char *input, + size_t input_len, + bool *unknown_string, + size_t *string_len); + #endif /* P11_X509_H_ */ diff --git a/tools/extract-openssl.c b/tools/extract-openssl.c index e59d313..fb87cd6 100644 --- a/tools/extract-openssl.c +++ b/tools/extract-openssl.c @@ -59,7 +59,7 @@ /* These functions are declared with a global scope for testing */ void p11_openssl_canon_string (char *str, - long *len); + size_t *len); bool p11_openssl_canon_string_der (p11_buffer *der); @@ -356,7 +356,7 @@ p11_extract_openssl_bundle (P11KitIter *iter, void p11_openssl_canon_string (char *str, - long *len) + size_t *len) { bool nsp; bool sp; @@ -394,64 +394,24 @@ p11_openssl_canon_string (char *str, bool p11_openssl_canon_string_der (p11_buffer *der) { - unsigned char *input = der->data; - int input_len = der->len; - unsigned char *output; - unsigned long tag; - unsigned char cls; - size_t conv_len; - int tag_len; - int len_len; - void *octets; - long octet_len; + char *string; + size_t length; int output_len; - void *conv = NULL; + int len_len; + bool unknown_string; + unsigned char *output; int len; - int ret; - - ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag); - return_val_if_fail (ret == ASN1_SUCCESS, false); - octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len); - return_val_if_fail (octet_len >= 0, false); - return_val_if_fail (tag_len + len_len + octet_len == input_len, false); - - octets = input + tag_len + len_len; - - /* The following strings are the ones we normalize */ - switch (tag) { - case 12: /* UTF8String */ - case 18: /* NumericString */ - case 22: /* IA5String */ - case 20: /* TeletexString */ - case 19: /* PrintableString */ - if (!p11_utf8_validate (octets, octet_len)) - return false; - break; - - case 28: /* UniversalString */ - octets = conv = p11_utf8_for_ucs4be (octets, octet_len, &conv_len); - if (conv == NULL) - return false; - octet_len = conv_len; - break; - - case 30: /* BMPString */ - octets = conv = p11_utf8_for_ucs2be (octets, octet_len, &conv_len); - if (conv == NULL) - return false; - octet_len = conv_len; - break; + string = p11_x509_parse_directory_string (der->data, der->len, &unknown_string, &length); /* Just pass through all the non-string types */ - default: - return true; - } + if (string == NULL) + return unknown_string; - p11_openssl_canon_string (octets, &octet_len); + p11_openssl_canon_string (string, &length); - asn1_length_der (octet_len, NULL, &len_len); - output_len = 1 + len_len + octet_len; + asn1_length_der (length, NULL, &len_len); + output_len = 1 + len_len + length; if (!p11_buffer_reset (der, output_len)) return_val_if_reached (false); @@ -461,10 +421,10 @@ p11_openssl_canon_string_der (p11_buffer *der) output[0] = 12; /* UTF8String */ len = output_len - 1; - asn1_octet_der (octets, octet_len, output + 1, &len); + asn1_octet_der ((unsigned char *)string, length, output + 1, &len); assert (len == output_len - 1); - free (conv); + free (string); return true; } diff --git a/tools/tests/Makefile.am b/tools/tests/Makefile.am index e50836d..4239a41 100644 --- a/tools/tests/Makefile.am +++ b/tools/tests/Makefile.am @@ -37,7 +37,6 @@ libtestcommon_la_SOURCES = \ test.c test.h CHECK_PROGS = \ - test-utf8 \ test-save \ test-extract \ test-x509 \ @@ -79,12 +78,6 @@ test_openssl_SOURCES = \ $(TOOLS)/extract-info.c \ $(TOOLS)/extract-openssl.c \ $(TOOLS)/save.c \ - $(TOOLS)/utf8.c \ - $(NULL) - -test_utf8_SOURCES = \ - test-utf8.c \ - $(TOOLS)/utf8.c \ $(NULL) endif # WITH_ASN1 diff --git a/tools/tests/test-openssl.c b/tools/tests/test-openssl.c index a48220d..d242b50 100644 --- a/tools/tests/test-openssl.c +++ b/tools/tests/test-openssl.c @@ -373,7 +373,7 @@ test_file_without (CuTest *tc) } /* From extract-openssl.c */ -void p11_openssl_canon_string (char *str, long *len); +void p11_openssl_canon_string (char *str, size_t *len); static void test_canon_string (CuTest *tc) @@ -392,21 +392,23 @@ test_canon_string (CuTest *tc) }; char *str; - long len; - long out; + size_t len; + size_t out; int i; for (i = 0; i < ELEMS (fixtures); i++) { - len = fixtures[i].input_len; - if (len < 0) + if (fixtures[i].input_len < 0) len = strlen (fixtures[i].input); + else + len = fixtures[i].input_len; str = strndup (fixtures[i].input, len); p11_openssl_canon_string (str, &len); - out = fixtures[i].output_len; - if (out < 0) + if (fixtures[i].output_len < 0) out = strlen (fixtures[i].output); + else + out = fixtures[i].output_len; CuAssertIntEquals (tc, out, len); CuAssertStrEquals (tc, fixtures[i].output, str); diff --git a/trust/parser.c b/trust/parser.c index f6da728..6229d09 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -69,7 +69,7 @@ struct _p11_parser { /* Set during a parse */ p11_parser_sink sink; void *sink_data; - const char *probable_label; + const char *basename; int flags; /* Parsing state */ @@ -152,12 +152,11 @@ static CK_ATTRIBUTE * build_object (p11_parser *parser, CK_OBJECT_CLASS vclass, CK_BYTE *vid, - const char *explicit_label) + const char *vlabel) { CK_ATTRIBUTE *attrs = NULL; CK_BBOOL vtrue = CK_TRUE; CK_BBOOL vfalse = CK_FALSE; - const char *vlabel; CK_ATTRIBUTE klass = { CKA_CLASS, &vclass, sizeof (vclass) }; CK_ATTRIBUTE token = { CKA_TOKEN, &vtrue, sizeof (vtrue) }; @@ -166,7 +165,8 @@ build_object (p11_parser *parser, CK_ATTRIBUTE id = { CKA_ID, vid, ID_LENGTH }; CK_ATTRIBUTE label = { CKA_LABEL, }; - vlabel = explicit_label ? (char *)explicit_label : parser->probable_label; + if (!vlabel) + vlabel = parser->basename; if (vlabel) { label.pValue = (void *)vlabel; label.ulValueLen = strlen (vlabel); @@ -277,6 +277,7 @@ build_x509_certificate (p11_parser *parser, CK_ATTRIBUTE *attrs; CK_CERTIFICATE_TYPE vx509 = CKC_X_509; CK_BYTE vchecksum[3]; + char *label; CK_DATE vstart; CK_DATE vend; @@ -321,8 +322,18 @@ build_x509_certificate (p11_parser *parser, if (!calc_element (cert, data, length, "tbsCertificate.serialNumber", &serial_number)) serial_number.type = CKA_INVALID; - attrs = build_object (parser, CKO_CERTIFICATE, vid, NULL); + label = p11_x509_lookup_dn_name (parser->cert_asn, "tbsCertificate.subject", + parser->cert_der, parser->cert_len, P11_OID_CN); + if (!label) + label = p11_x509_lookup_dn_name (parser->cert_asn, "tbsCertificate.subject", + parser->cert_der, parser->cert_len, P11_OID_OU); + if (!label) + label = p11_x509_lookup_dn_name (parser->cert_asn, "tbsCertificate.subject", + parser->cert_der, parser->cert_len, P11_OID_O); + + attrs = build_object (parser, CKO_CERTIFICATE, vid, label); return_val_if_fail (attrs != NULL, NULL); + free (label); attrs = p11_attrs_build (attrs, &certificate_type, &certificate_category, &check_value, &trusted, &distrusted, &start_date, &end_date, @@ -852,7 +863,7 @@ parse_openssl_trusted_certificate (p11_parser *parser, { CK_ATTRIBUTE *attrs; CK_BYTE vid[ID_LENGTH]; - const char *old_label = NULL; + CK_ATTRIBUTE *attr; char *label = NULL; node_asn *cert; node_asn *aux; @@ -883,6 +894,12 @@ parse_openssl_trusted_certificate (p11_parser *parser, begin_parsing (parser, cert, data, cert_len); + /* The CKA_ID links related objects */ + id_generate (parser, vid); + + attrs = build_x509_certificate (parser, vid, cert, data, cert_len); + return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); + /* Pull the label out of the CertAux */ len = 0; ret = asn1_read_value (aux, "alias", NULL, &len); @@ -893,16 +910,13 @@ parse_openssl_trusted_certificate (p11_parser *parser, ret = asn1_read_value (aux, "alias", label, &len); return_val_if_fail (ret == ASN1_SUCCESS, P11_PARSE_FAILURE); - old_label = parser->probable_label; - parser->probable_label = label; + attr = p11_attrs_find (attrs, CKA_LABEL); + assert (attr != NULL); + free (attr->pValue); + attr->pValue = label; + attr->ulValueLen = strlen (label); } - /* The CKA_ID links related objects */ - id_generate (parser, vid); - - attrs = build_x509_certificate (parser, vid, cert, data, cert_len); - return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); - ret = build_openssl_extensions (parser, attrs, aux, data + cert_len, length - cert_len); return_val_if_fail (ret == P11_PARSE_SUCCESS, ret); @@ -911,11 +925,6 @@ parse_openssl_trusted_certificate (p11_parser *parser, asn1_delete_structure (&cert); asn1_delete_structure (&aux); - if (label) { - parser->probable_label = old_label; - free (label); - } - return P11_PARSE_SUCCESS; } @@ -1002,7 +1011,7 @@ p11_parse_memory (p11_parser *parser, return_val_if_fail (parser->sink == NULL, P11_PARSE_FAILURE); base = basename (filename); - parser->probable_label = base; + parser->basename = base; parser->sink = sink; parser->sink_data = sink_data; parser->flags = flags; @@ -1019,7 +1028,7 @@ p11_parse_memory (p11_parser *parser, break; } - parser->probable_label = NULL; + parser->basename = NULL; parser->sink = NULL; parser->sink_data = NULL; parser->flags = 0; diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c index a504cab..52092d0 100644 --- a/trust/tests/test-parser.c +++ b/trust/tests/test-parser.c @@ -530,7 +530,7 @@ test_parse_with_key_usage (CuTest *cu) { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, "self-signed-with-ku.der", 23 }, + { CKA_LABEL, "self-signed-with-ku.example.com", 31 }, { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, { CKA_CHECK_VALUE, "d/\x9c", 3 }, @@ -545,7 +545,7 @@ test_parse_with_key_usage (CuTest *cu) }; CK_ATTRIBUTE nss_trust[] = { - { CKA_LABEL, "self-signed-with-ku.der", 23 }, + { CKA_LABEL, "self-signed-with-ku.example.com", 31 }, { CKA_CLASS, &trust_object, sizeof (trust_object), }, { CKA_CERT_SHA1_HASH, "d/\x9c=\xbc\x9a\x7f\x91\xc7wT\t`\x86\xe2\x8e\x8f\xa8J\x12", 20 }, { CKA_CERT_MD5_HASH, "\xb1N=\x16\x12?dz\x97\x81""By/\xcc\x97\x82", 16 }, @@ -613,7 +613,7 @@ test_parse_anchor (CuTest *cu) CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE; CK_ATTRIBUTE nss_trust[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_object, sizeof (trust_object), }, { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, @@ -639,7 +639,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE server_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, @@ -648,7 +648,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE client_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, @@ -657,7 +657,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE code_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, @@ -666,7 +666,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE email_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, @@ -675,7 +675,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE ipsec_system_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, @@ -684,7 +684,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE ipsec_tunnel_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, @@ -693,7 +693,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE ipsec_user_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, @@ -702,7 +702,7 @@ test_parse_anchor (CuTest *cu) }; CK_ATTRIBUTE stamping_anchor[] = { - { CKA_LABEL, "cacert3.der", 11 }, + { CKA_LABEL, "CAcert Class 3 Root", 19 }, { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, |