6 files changed, 98 insertions, 56 deletions
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index ef8cea6..43ace18 100644
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -1126,6 +1126,21 @@ p11_kit_module_get_name (CK_FUNCTION_LIST *module)
 	return name;
 }
 
+static const char *
+module_get_option_inlock (Module *mod,
+                          const char *option)
+{
+	p11_dict *config;
+
+	if (mod == NULL)
+		config = gl.config;
+	else
+		config = mod->config;
+	if (config == NULL)
+		return NULL;
+	return p11_dict_get (config, option);
+}
+
 /**
  * p11_kit_module_get_flags:
  * @module: the module
@@ -1145,6 +1160,7 @@ p11_kit_module_get_name (CK_FUNCTION_LIST *module)
 int
 p11_kit_module_get_flags (CK_FUNCTION_LIST *module)
 {
+	const char *trusted;
 	Module *mod;
 	int flags = 0;
 
@@ -1165,6 +1181,11 @@ p11_kit_module_get_flags (CK_FUNCTION_LIST *module)
 			}
 			if (!mod || mod->critical)
 				flags |= P11_KIT_MODULE_CRITICAL;
+			if (mod) {
+				trusted = module_get_option_inlock (mod, "trust-policy");
+				if (_p11_conf_parse_boolean (trusted, false))
+					flags |= P11_KIT_MODULE_TRUSTED;
+			}
 		}
 
 	p11_unlock ();
@@ -1265,21 +1286,6 @@ p11_kit_module_for_name (CK_FUNCTION_LIST **modules,
 	return ret;
 }
 
-static const char *
-module_get_option_inlock (Module *mod,
-                          const char *option)
-{
-	p11_dict *config;
-
-	if (mod == NULL)
-		config = gl.config;
-	else
-		config = mod->config;
-	if (config == NULL)
-		return NULL;
-	return p11_dict_get (config, option);
-}
-
 /**
  * p11_kit_registered_option:
  * @module: a pointer to a registered module
@@ -1735,12 +1741,19 @@ prepare_module_inlock_reentrant (Module *mod,
                                  CK_FUNCTION_LIST **module)
 {
 	p11_destroyer destroyer;
+	const char *trusted;
 	p11_virtual *virt;
 	bool is_managed;
 	bool with_log;
 
 	assert (module != NULL);
 
+	if (flags & P11_KIT_MODULE_TRUSTED) {
+		trusted = module_get_option_inlock (mod, "trust-policy");
+		if (!_p11_conf_parse_boolean (trusted, false))
+			return CKR_FUNCTION_NOT_SUPPORTED;
+	}
+
 	if (flags & P11_KIT_MODULE_UNMANAGED) {
 		is_managed = false;
 		with_log = false;
@@ -1821,7 +1834,9 @@ p11_modules_load_inlock_reentrant (int flags,
 		rv = prepare_module_inlock_reentrant (mod, flags, modules + at);
 		if (rv == CKR_OK)
 			at++;
-		else if (rv != CKR_FUNCTION_NOT_SUPPORTED)
+		else if (rv == CKR_FUNCTION_NOT_SUPPORTED)
+			rv = CKR_OK;
+		else
 			break;
 	}
 
@@ -2301,7 +2316,6 @@ p11_kit_module_load (const char *module_path,
 
 			rv = load_module_from_file_inlock (NULL, module_path, &mod);
 			if (rv == CKR_OK) {
-
 				/* WARNING: Reentrancy can occur here */
 				rv = prepare_module_inlock_reentrant (mod, flags, &module);
 				if (rv != CKR_OK)
diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
index a07bf40..d5f0bd9 100644
--- a/p11-kit/p11-kit.h
+++ b/p11-kit/p11-kit.h
@@ -56,6 +56,7 @@ extern "C" {
 enum {
 	P11_KIT_MODULE_UNMANAGED = 1 << 0,
 	P11_KIT_MODULE_CRITICAL = 1 << 1,
+	P11_KIT_MODULE_TRUSTED = 1 << 2,
 };
 
 typedef void        (* p11_kit_destroyer)                   (void *data);
diff --git a/p11-kit/tests/files/package-modules/four.module b/p11-kit/tests/files/package-modules/four.module
index 545c285..933af2b 100644
--- a/p11-kit/tests/files/package-modules/four.module
+++ b/p11-kit/tests/files/package-modules/four.module
@@ -1,4 +1,5 @@
 
 module: mock-four.so
 disable-in: test-disable, test-other
-priority: 4
-\ No newline at end of file
+priority: 4
+trust-policy: no
+\ No newline at end of file
diff --git a/p11-kit/tests/files/system-modules/one.module b/p11-kit/tests/files/system-modules/one.module
index 3620869..15cb7f2 100644
--- a/p11-kit/tests/files/system-modules/one.module
+++ b/p11-kit/tests/files/system-modules/one.module
@@ -1,3 +1,4 @@
 
 module: mock-one.so
-setting: system1
-\ No newline at end of file
+setting: system1
+trust-policy: yes
+\ No newline at end of file
diff --git a/p11-kit/tests/test-modules.c b/p11-kit/tests/test-modules.c
index d50b2d5..f274502 100644
--- a/p11-kit/tests/test-modules.c
+++ b/p11-kit/tests/test-modules.c
@@ -307,6 +307,54 @@ test_module_flags (void)
 }
 
 static void
+test_module_trusted_only (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+	char *name;
+
+	modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
+	assert_ptr_not_null (modules);
+	assert_ptr_not_null (modules[0]);
+	assert (modules[1] == NULL);
+
+	name = p11_kit_module_get_name (modules[0]);
+	assert_str_eq (name, "one");
+	free (name);
+
+	assert_num_eq (p11_kit_module_get_flags (modules[0]), P11_KIT_MODULE_TRUSTED);
+
+	finalize_and_free_modules (modules);
+}
+
+static void
+test_module_trust_flags (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+	char *name;
+	int flags;
+	int i;
+
+	modules = initialize_and_get_modules ();
+	assert_ptr_not_null (modules);
+
+	for (i = 0; modules[i] != NULL; i++) {
+		name = p11_kit_module_get_name (modules[i]);
+		assert_ptr_not_null (name);
+
+		flags = p11_kit_module_get_flags (modules[i]);
+		if (strcmp (name, "one") == 0) {
+			assert_num_eq (flags, P11_KIT_MODULE_TRUSTED);
+		} else {
+			assert_num_eq (flags, 0);
+		}
+
+		free (name);
+	}
+
+	finalize_and_free_modules (modules);
+}
+
+static void
 test_config_option (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
@@ -358,6 +406,8 @@ main (int argc,
 	p11_test (test_module_name, "/modules/test_module_name");
 	p11_test (test_module_flags, "/modules/test_module_flags");
 	p11_test (test_config_option, "/modules/test_config_option");
+	p11_test (test_module_trusted_only, "/modules/trusted-only");
+	p11_test (test_module_trust_flags, "/modules/trust-flags");
 
 	p11_kit_be_quiet ();
 
diff --git a/trust/extract.c b/trust/extract.c
index d5ceb13..39d30e0 100644
--- a/trust/extract.c
+++ b/trust/extract.c
@@ -208,41 +208,6 @@ format_argument (const char *optarg,
 	return true;
 }
 
-static void
-limit_modules_if_necessary (CK_FUNCTION_LIST_PTR *modules,
-                            int flags)
-{
-	char *string;
-	int i, out;
-
-	/*
-	 * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
-	 * we get from modules explicitly marked as containing trust-policy.
-	 */
-
-	if ((flags & (P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST)) == 0)
-		return;
-
-	/* Count the number of modules */
-	for (out = 0; modules[out] != NULL; out++);
-
-	if (out == 0)
-		return;
-
-	/* TODO: This logic will move once we merge our p11-kit managed code */
-	for (i = 0, out = 0; modules[i] != NULL; i++) {
-		string = p11_kit_config_option (modules[i], "trust-policy");
-		if (string && strcmp (string, "yes") == 0)
-			modules[out++] = modules[i];
-		else if (string && strcmp (string, "no") != 0)
-			p11_message ("skipping module with invalid 'trust-policy' setting: %s", string);
-		free (string);
-	}
-
-	if (out == 0)
-		p11_message ("no modules containing trust policy are registered");
-}
-
 static bool
 validate_filter_and_format (p11_extract_info *ex,
                             p11_extract_func func,
@@ -304,6 +269,7 @@ p11_trust_extract (int argc,
 	p11_extract_info ex;
 	CK_ATTRIBUTE *match;
 	P11KitUri *uri;
+	int flags;
 	int opt = 0;
 	int ret;
 
@@ -434,11 +400,20 @@ p11_trust_extract (int argc,
 	if (uri && p11_kit_uri_any_unrecognized (uri))
 		p11_message ("uri contained unrecognized components, nothing will be extracted");
 
-	modules = p11_kit_modules_load_and_initialize (0);
+	/*
+	 * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
+	 * we get from modules explicitly marked as containing trust-policy.
+	 */
+	flags = 0;
+	if (ex.flags & (P11_EXTRACT_ANCHORS | P11_EXTRACT_BLACKLIST))
+		flags |= P11_KIT_MODULE_TRUSTED;
+
+	modules = p11_kit_modules_load_and_initialize (flags);
 	if (!modules)
 		return 1;
 
-	limit_modules_if_necessary (modules, ex.flags);
+	if (modules[0] == NULL)
+		p11_message ("no modules containing trust policy are registered");
 
 	iter = p11_kit_iter_new (uri, 0);