summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--common/Makefile.am1
-rw-r--r--common/oid.h18
-rw-r--r--common/tests/Makefile.am1
-rw-r--r--common/tests/test-utf8.c (renamed from tools/tests/test-utf8.c)0
-rw-r--r--common/tests/test-x509.c81
-rw-r--r--common/utf8.c (renamed from tools/utf8.c)0
-rw-r--r--common/utf8.h (renamed from tools/utf8.h)0
-rw-r--r--common/x509.c136
-rw-r--r--common/x509.h16
-rw-r--r--tools/extract-openssl.c70
-rw-r--r--tools/tests/Makefile.am7
-rw-r--r--tools/tests/test-openssl.c16
-rw-r--r--trust/parser.c51
-rw-r--r--trust/tests/test-parser.c22
14 files changed, 318 insertions, 101 deletions
diff --git a/common/Makefile.am b/common/Makefile.am
index 145627c..96000dd 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -46,6 +46,7 @@ libp11_data_la_SOURCES = \
openssl.asn openssl.asn.h \
pem.c pem.h \
pkix.asn pkix.asn.h \
+ utf8.c utf8.h \
x509.c x509.h \
$(NULL)
diff --git a/common/oid.h b/common/oid.h
index 08b3feb..96b7a27 100644
--- a/common/oid.h
+++ b/common/oid.h
@@ -48,6 +48,24 @@ bool p11_oid_equal (const void *oid_one,
int p11_oid_length (const unsigned char *oid);
/*
+ * 2.5.4.3: CN or commonName
+ */
+static const unsigned char P11_OID_CN[] =
+ { 0x06, 0x03, 0x55, 0x04, 0x03, };
+
+/*
+ * 2.5.4.10: O or organization
+ */
+static const unsigned char P11_OID_O[] =
+ { 0x06, 0x03, 0x55, 0x04, 0x0a, };
+
+/*
+ * 2.5.4.11: OU or organizationalUnit
+ */
+static const unsigned char P11_OID_OU[] =
+ { 0x06, 0x03, 0x55, 0x04, 0x0b, };
+
+/*
* Our support of certificate extensions and so on is not limited to what is
* listed here. This is simply the OIDs used by the parsing code that generates
* backwards compatible PKCS#11 objects for NSS and the like.
diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
index ceb0d47..3ef4471 100644
--- a/common/tests/Makefile.am
+++ b/common/tests/Makefile.am
@@ -38,6 +38,7 @@ CHECK_PROGS += \
test-checksum \
test-pem \
test-oid \
+ test-utf8 \
test-x509 \
$(NULL)
diff --git a/tools/tests/test-utf8.c b/common/tests/test-utf8.c
index d34f597..d34f597 100644
--- a/tools/tests/test-utf8.c
+++ b/common/tests/test-utf8.c
diff --git a/common/tests/test-x509.c b/common/tests/test-x509.c
index 0341ed9..6da26bf 100644
--- a/common/tests/test-x509.c
+++ b/common/tests/test-x509.c
@@ -44,6 +44,8 @@
#include <stdio.h>
#include <string.h>
+#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
+
struct {
p11_dict *asn1_defs;
} test;
@@ -335,6 +337,83 @@ test_parse_extension_not_found (CuTest *cu)
teardown (cu);
}
+static void
+test_directory_string (CuTest *tc)
+{
+ struct {
+ unsigned char input[100];
+ int input_len;
+ char *output;
+ int output_len;
+ } fixtures[] = {
+ /* UTF8String */
+ { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17,
+ "\xc3\x84 UTF8 string ", 15,
+ },
+
+ /* NumericString */
+ { { 0x12, 0x04, '0', '1', '2', '3', }, 6,
+ "0123", 4,
+ },
+
+ /* IA5String */
+ { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6,
+ " AB ", 4
+ },
+
+ /* TeletexString */
+ { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
+ "A nice", 7
+ },
+
+ /* PrintableString */
+ { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
+ "A nice", 7,
+ },
+
+ /* UniversalString */
+ { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u',
+ 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22,
+ "Fun \xf0\x90\x8c\x99", 8
+ },
+
+ /* BMPString */
+ { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12,
+ "V\xc3\xb6gel", 6
+ },
+ };
+
+ char *string;
+ bool unknown;
+ size_t length;
+ int i;
+
+ for (i = 0; i < ELEMS (fixtures); i++) {
+ string = p11_x509_parse_directory_string (fixtures[i].input,
+ fixtures[i].input_len,
+ &unknown, &length);
+ CuAssertPtrNotNull (tc, string);
+ CuAssertIntEquals (tc, false, unknown);
+
+ CuAssertIntEquals (tc, fixtures[i].output_len, length);
+ CuAssertStrEquals (tc, fixtures[i].output, string);
+ }
+}
+
+static void
+test_directory_string_unknown (CuTest *tc)
+{
+ /* Not a valid choice in DirectoryString */
+ unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' };
+ char *string;
+ bool unknown = false;
+ size_t length;
+
+ string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length);
+ CuAssertPtrEquals (tc, NULL, string);
+ CuAssertIntEquals (tc, true, unknown);
+}
+
int
main (void)
{
@@ -349,6 +428,8 @@ main (void)
SUITE_ADD_TEST (suite, test_parse_key_usage);
SUITE_ADD_TEST (suite, test_parse_extension);
SUITE_ADD_TEST (suite, test_parse_extension_not_found);
+ SUITE_ADD_TEST (suite, test_directory_string);
+ SUITE_ADD_TEST (suite, test_directory_string_unknown);
CuSuiteRun (suite);
CuSuiteSummary (suite, output);
diff --git a/tools/utf8.c b/common/utf8.c
index 5ce6889..5ce6889 100644
--- a/tools/utf8.c
+++ b/common/utf8.c
diff --git a/tools/utf8.h b/common/utf8.h
index 8efa66f..8efa66f 100644
--- a/tools/utf8.h
+++ b/common/utf8.h
diff --git a/common/x509.c b/common/x509.c
index bfb49df..46e3bd9 100644
--- a/common/x509.c
+++ b/common/x509.c
@@ -38,6 +38,7 @@
#define P11_DEBUG_FLAG P11_DEBUG_TRUST
#include "debug.h"
#include "oid.h"
+#include "utf8.h"
#include "x509.h"
#include <stdlib.h>
@@ -209,3 +210,138 @@ p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
return ekus;
}
+
+char *
+p11_x509_parse_directory_string (const unsigned char *input,
+ size_t input_len,
+ bool *unknown_string,
+ size_t *string_len)
+{
+ unsigned long tag;
+ unsigned char cls;
+ int tag_len;
+ int len_len;
+ const void *octets;
+ long octet_len;
+ int ret;
+
+ ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag);
+ return_val_if_fail (ret == ASN1_SUCCESS, NULL);
+
+ octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len);
+ return_val_if_fail (octet_len >= 0, false);
+ return_val_if_fail (tag_len + len_len + octet_len == input_len, NULL);
+
+ octets = input + tag_len + len_len;
+
+ if (unknown_string)
+ *unknown_string = false;
+
+ /* The following strings are the ones we normalize */
+ switch (tag) {
+ case 12: /* UTF8String */
+ case 18: /* NumericString */
+ case 22: /* IA5String */
+ case 20: /* TeletexString */
+ case 19: /* PrintableString */
+ if (!p11_utf8_validate (octets, octet_len))
+ return NULL;
+ if (string_len)
+ *string_len = octet_len;
+ return strndup (octets, octet_len);
+
+ case 28: /* UniversalString */
+ return p11_utf8_for_ucs4be (octets, octet_len, string_len);
+
+ case 30: /* BMPString */
+ return p11_utf8_for_ucs2be (octets, octet_len, string_len);
+
+ /* Just pass through all the non-string types */
+ default:
+ if (unknown_string)
+ *unknown_string = true;
+ return NULL;
+ }
+
+}
+
+char *
+p11_x509_parse_dn_name (p11_dict *asn_defs,
+ const unsigned char *der,
+ size_t der_len,
+ const unsigned char *oid)
+{
+ node_asn *asn;
+ char *part;
+
+ asn = p11_asn1_decode (asn_defs, "PKIX1.Name", der, der_len, NULL);
+ if (asn == NULL)
+ return NULL;
+
+ part = p11_x509_lookup_dn_name (asn, NULL, der, der_len, oid);
+ asn1_delete_structure (&asn);
+ return part;
+}
+
+char *
+p11_x509_lookup_dn_name (node_asn *asn,
+ const char *dn_field,
+ const unsigned char *der,
+ size_t der_len,
+ const unsigned char *oid)
+{
+ unsigned char *value;
+ char field[128];
+ int value_len;
+ char *part;
+ int i, j;
+ int start;
+ int end;
+ int ret;
+
+ for (i = 1; true; i++) {
+ for (j = 1; true; j++) {
+ snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.type",
+ dn_field, dn_field ? "." : "", i, j);
+
+ ret = asn1_der_decoding_startEnd (asn, der, der_len, field, &start, &end);
+
+ /* No more dns */
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ break;
+
+ return_val_if_fail (ret == ASN1_SUCCESS, NULL);
+
+ /* Make sure it's a straightforward oid with certain assumptions */
+ if (!p11_oid_simple (der + start, (end - start) + 1))
+ continue;
+
+ /* The one we're lookin for? */
+ if (!p11_oid_equal (der + start, oid))
+ continue;
+
+ snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.value",
+ dn_field, dn_field ? "." : "", i, j);
+
+ value_len = 0;
+ ret = asn1_read_value (asn, field, NULL, &value_len);
+ return_val_if_fail (ret == ASN1_MEM_ERROR, NULL);
+
+ value = malloc (value_len + 1);
+ return_val_if_fail (value != NULL, NULL);
+
+ ret = asn1_read_value (asn, field, value, &value_len);
+ return_val_if_fail (ret == ASN1_SUCCESS, false);
+
+ part = p11_x509_parse_directory_string (value, value_len, NULL, NULL);
+ free (value);
+
+ return part;
+ }
+
+ if (j == 1)
+ break;
+ }
+
+ return NULL;
+}
diff --git a/common/x509.h b/common/x509.h
index 2ec5eb8..cbfc574 100644
--- a/common/x509.h
+++ b/common/x509.h
@@ -60,4 +60,20 @@ p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
const unsigned char *ext_der,
size_t ext_len);
+char * p11_x509_parse_dn_name (p11_dict *asn_defs,
+ const unsigned char *der,
+ size_t der_len,
+ const unsigned char *oid);
+
+char * p11_x509_lookup_dn_name (node_asn *asn,
+ const char *dn_field,
+ const unsigned char *der,
+ size_t der_len,
+ const unsigned char *oid);
+
+char * p11_x509_parse_directory_string (const unsigned char *input,
+ size_t input_len,
+ bool *unknown_string,
+ size_t *string_len);
+
#endif /* P11_X509_H_ */
diff --git a/tools/extract-openssl.c b/tools/extract-openssl.c
index e59d313..fb87cd6 100644
--- a/tools/extract-openssl.c
+++ b/tools/extract-openssl.c
@@ -59,7 +59,7 @@
/* These functions are declared with a global scope for testing */
void p11_openssl_canon_string (char *str,
- long *len);
+ size_t *len);
bool p11_openssl_canon_string_der (p11_buffer *der);
@@ -356,7 +356,7 @@ p11_extract_openssl_bundle (P11KitIter *iter,
void
p11_openssl_canon_string (char *str,
- long *len)
+ size_t *len)
{
bool nsp;
bool sp;
@@ -394,64 +394,24 @@ p11_openssl_canon_string (char *str,
bool
p11_openssl_canon_string_der (p11_buffer *der)
{
- unsigned char *input = der->data;
- int input_len = der->len;
- unsigned char *output;
- unsigned long tag;
- unsigned char cls;
- size_t conv_len;
- int tag_len;
- int len_len;
- void *octets;
- long octet_len;
+ char *string;
+ size_t length;
int output_len;
- void *conv = NULL;
+ int len_len;
+ bool unknown_string;
+ unsigned char *output;
int len;
- int ret;
-
- ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len);
- return_val_if_fail (octet_len >= 0, false);
- return_val_if_fail (tag_len + len_len + octet_len == input_len, false);
-
- octets = input + tag_len + len_len;
-
- /* The following strings are the ones we normalize */
- switch (tag) {
- case 12: /* UTF8String */
- case 18: /* NumericString */
- case 22: /* IA5String */
- case 20: /* TeletexString */
- case 19: /* PrintableString */
- if (!p11_utf8_validate (octets, octet_len))
- return false;
- break;
-
- case 28: /* UniversalString */
- octets = conv = p11_utf8_for_ucs4be (octets, octet_len, &conv_len);
- if (conv == NULL)
- return false;
- octet_len = conv_len;
- break;
-
- case 30: /* BMPString */
- octets = conv = p11_utf8_for_ucs2be (octets, octet_len, &conv_len);
- if (conv == NULL)
- return false;
- octet_len = conv_len;
- break;
+ string = p11_x509_parse_directory_string (der->data, der->len, &unknown_string, &length);
/* Just pass through all the non-string types */
- default:
- return true;
- }
+ if (string == NULL)
+ return unknown_string;
- p11_openssl_canon_string (octets, &octet_len);
+ p11_openssl_canon_string (string, &length);
- asn1_length_der (octet_len, NULL, &len_len);
- output_len = 1 + len_len + octet_len;
+ asn1_length_der (length, NULL, &len_len);
+ output_len = 1 + len_len + length;
if (!p11_buffer_reset (der, output_len))
return_val_if_reached (false);
@@ -461,10 +421,10 @@ p11_openssl_canon_string_der (p11_buffer *der)
output[0] = 12; /* UTF8String */
len = output_len - 1;
- asn1_octet_der (octets, octet_len, output + 1, &len);
+ asn1_octet_der ((unsigned char *)string, length, output + 1, &len);
assert (len == output_len - 1);
- free (conv);
+ free (string);
return true;
}
diff --git a/tools/tests/Makefile.am b/tools/tests/Makefile.am
index e50836d..4239a41 100644
--- a/tools/tests/Makefile.am
+++ b/tools/tests/Makefile.am
@@ -37,7 +37,6 @@ libtestcommon_la_SOURCES = \
test.c test.h
CHECK_PROGS = \
- test-utf8 \
test-save \
test-extract \
test-x509 \
@@ -79,12 +78,6 @@ test_openssl_SOURCES = \
$(TOOLS)/extract-info.c \
$(TOOLS)/extract-openssl.c \
$(TOOLS)/save.c \
- $(TOOLS)/utf8.c \
- $(NULL)
-
-test_utf8_SOURCES = \
- test-utf8.c \
- $(TOOLS)/utf8.c \
$(NULL)
endif # WITH_ASN1
diff --git a/tools/tests/test-openssl.c b/tools/tests/test-openssl.c
index a48220d..d242b50 100644
--- a/tools/tests/test-openssl.c
+++ b/tools/tests/test-openssl.c
@@ -373,7 +373,7 @@ test_file_without (CuTest *tc)
}
/* From extract-openssl.c */
-void p11_openssl_canon_string (char *str, long *len);
+void p11_openssl_canon_string (char *str, size_t *len);
static void
test_canon_string (CuTest *tc)
@@ -392,21 +392,23 @@ test_canon_string (CuTest *tc)
};
char *str;
- long len;
- long out;
+ size_t len;
+ size_t out;
int i;
for (i = 0; i < ELEMS (fixtures); i++) {
- len = fixtures[i].input_len;
- if (len < 0)
+ if (fixtures[i].input_len < 0)
len = strlen (fixtures[i].input);
+ else
+ len = fixtures[i].input_len;
str = strndup (fixtures[i].input, len);
p11_openssl_canon_string (str, &len);
- out = fixtures[i].output_len;
- if (out < 0)
+ if (fixtures[i].output_len < 0)
out = strlen (fixtures[i].output);
+ else
+ out = fixtures[i].output_len;
CuAssertIntEquals (tc, out, len);
CuAssertStrEquals (tc, fixtures[i].output, str);
diff --git a/trust/parser.c b/trust/parser.c
index f6da728..6229d09 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -69,7 +69,7 @@ struct _p11_parser {
/* Set during a parse */
p11_parser_sink sink;
void *sink_data;
- const char *probable_label;
+ const char *basename;
int flags;
/* Parsing state */
@@ -152,12 +152,11 @@ static CK_ATTRIBUTE *
build_object (p11_parser *parser,
CK_OBJECT_CLASS vclass,
CK_BYTE *vid,
- const char *explicit_label)
+ const char *vlabel)
{
CK_ATTRIBUTE *attrs = NULL;
CK_BBOOL vtrue = CK_TRUE;
CK_BBOOL vfalse = CK_FALSE;
- const char *vlabel;
CK_ATTRIBUTE klass = { CKA_CLASS, &vclass, sizeof (vclass) };
CK_ATTRIBUTE token = { CKA_TOKEN, &vtrue, sizeof (vtrue) };
@@ -166,7 +165,8 @@ build_object (p11_parser *parser,
CK_ATTRIBUTE id = { CKA_ID, vid, ID_LENGTH };
CK_ATTRIBUTE label = { CKA_LABEL, };
- vlabel = explicit_label ? (char *)explicit_label : parser->probable_label;
+ if (!vlabel)
+ vlabel = parser->basename;
if (vlabel) {
label.pValue = (void *)vlabel;
label.ulValueLen = strlen (vlabel);
@@ -277,6 +277,7 @@ build_x509_certificate (p11_parser *parser,
CK_ATTRIBUTE *attrs;
CK_CERTIFICATE_TYPE vx509 = CKC_X_509;
CK_BYTE vchecksum[3];
+ char *label;
CK_DATE vstart;
CK_DATE vend;
@@ -321,8 +322,18 @@ build_x509_certificate (p11_parser *parser,
if (!calc_element (cert, data, length, "tbsCertificate.serialNumber", &serial_number))
serial_number.type = CKA_INVALID;
- attrs = build_object (parser, CKO_CERTIFICATE, vid, NULL);
+ label = p11_x509_lookup_dn_name (parser->cert_asn, "tbsCertificate.subject",
+ parser->cert_der, parser->cert_len, P11_OID_CN);
+ if (!label)
+ label = p11_x509_lookup_dn_name (parser->cert_asn, "tbsCertificate.subject",
+ parser->cert_der, parser->cert_len, P11_OID_OU);
+ if (!label)
+ label = p11_x509_lookup_dn_name (parser->cert_asn, "tbsCertificate.subject",
+ parser->cert_der, parser->cert_len, P11_OID_O);
+
+ attrs = build_object (parser, CKO_CERTIFICATE, vid, label);
return_val_if_fail (attrs != NULL, NULL);
+ free (label);
attrs = p11_attrs_build (attrs, &certificate_type, &certificate_category,
&check_value, &trusted, &distrusted, &start_date, &end_date,
@@ -852,7 +863,7 @@ parse_openssl_trusted_certificate (p11_parser *parser,
{
CK_ATTRIBUTE *attrs;
CK_BYTE vid[ID_LENGTH];
- const char *old_label = NULL;
+ CK_ATTRIBUTE *attr;
char *label = NULL;
node_asn *cert;
node_asn *aux;
@@ -883,6 +894,12 @@ parse_openssl_trusted_certificate (p11_parser *parser,
begin_parsing (parser, cert, data, cert_len);
+ /* The CKA_ID links related objects */
+ id_generate (parser, vid);
+
+ attrs = build_x509_certificate (parser, vid, cert, data, cert_len);
+ return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
+
/* Pull the label out of the CertAux */
len = 0;
ret = asn1_read_value (aux, "alias", NULL, &len);
@@ -893,16 +910,13 @@ parse_openssl_trusted_certificate (p11_parser *parser,
ret = asn1_read_value (aux, "alias", label, &len);
return_val_if_fail (ret == ASN1_SUCCESS, P11_PARSE_FAILURE);
- old_label = parser->probable_label;
- parser->probable_label = label;
+ attr = p11_attrs_find (attrs, CKA_LABEL);
+ assert (attr != NULL);
+ free (attr->pValue);
+ attr->pValue = label;
+ attr->ulValueLen = strlen (label);
}
- /* The CKA_ID links related objects */
- id_generate (parser, vid);
-
- attrs = build_x509_certificate (parser, vid, cert, data, cert_len);
- return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
-
ret = build_openssl_extensions (parser, attrs, aux, data + cert_len, length - cert_len);
return_val_if_fail (ret == P11_PARSE_SUCCESS, ret);
@@ -911,11 +925,6 @@ parse_openssl_trusted_certificate (p11_parser *parser,
asn1_delete_structure (&cert);
asn1_delete_structure (&aux);
- if (label) {
- parser->probable_label = old_label;
- free (label);
- }
-
return P11_PARSE_SUCCESS;
}
@@ -1002,7 +1011,7 @@ p11_parse_memory (p11_parser *parser,
return_val_if_fail (parser->sink == NULL, P11_PARSE_FAILURE);
base = basename (filename);
- parser->probable_label = base;
+ parser->basename = base;
parser->sink = sink;
parser->sink_data = sink_data;
parser->flags = flags;
@@ -1019,7 +1028,7 @@ p11_parse_memory (p11_parser *parser,
break;
}
- parser->probable_label = NULL;
+ parser->basename = NULL;
parser->sink = NULL;
parser->sink_data = NULL;
parser->flags = 0;
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index a504cab..52092d0 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -530,7 +530,7 @@ test_parse_with_key_usage (CuTest *cu)
{ CKA_PRIVATE, &vfalse, sizeof (vfalse) },
{ CKA_MODIFIABLE, &vfalse, sizeof (vfalse) },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_LABEL, "self-signed-with-ku.der", 23 },
+ { CKA_LABEL, "self-signed-with-ku.example.com", 31 },
{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
{ CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
{ CKA_CHECK_VALUE, "d/\x9c", 3 },
@@ -545,7 +545,7 @@ test_parse_with_key_usage (CuTest *cu)
};
CK_ATTRIBUTE nss_trust[] = {
- { CKA_LABEL, "self-signed-with-ku.der", 23 },
+ { CKA_LABEL, "self-signed-with-ku.example.com", 31 },
{ CKA_CLASS, &trust_object, sizeof (trust_object), },
{ CKA_CERT_SHA1_HASH, "d/\x9c=\xbc\x9a\x7f\x91\xc7wT\t`\x86\xe2\x8e\x8f\xa8J\x12", 20 },
{ CKA_CERT_MD5_HASH, "\xb1N=\x16\x12?dz\x97\x81""By/\xcc\x97\x82", 16 },
@@ -613,7 +613,7 @@ test_parse_anchor (CuTest *cu)
CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE;
CK_ATTRIBUTE nss_trust[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_object, sizeof (trust_object), },
{ CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
{ CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 },
@@ -639,7 +639,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE server_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
@@ -648,7 +648,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE client_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
@@ -657,7 +657,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE code_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
@@ -666,7 +666,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE email_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
@@ -675,7 +675,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE ipsec_system_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
@@ -684,7 +684,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE ipsec_tunnel_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
@@ -693,7 +693,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE ipsec_user_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
@@ -702,7 +702,7 @@ test_parse_anchor (CuTest *cu)
};
CK_ATTRIBUTE stamping_anchor[] = {
- { CKA_LABEL, "cacert3.der", 11 },
+ { CKA_LABEL, "CAcert Class 3 Root", 19 },
{ CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
{ CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },