diff options
Diffstat (limited to 'trust/tests/frob-nss-trust.c')
| -rw-r--r-- | trust/tests/frob-nss-trust.c | 221 |
1 files changed, 0 insertions, 221 deletions
diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c deleted file mode 100644 index fd69573..0000000 --- a/trust/tests/frob-nss-trust.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "compat.h" -#include "attrs.h" -#include "debug.h" -#include "pkcs11x.h" - -#include "p11-kit/iter.h" -#include "p11-kit/p11-kit.h" - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -static void -dump_object (P11KitIter *iter, - CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_ATTRIBUTE *attr; - char *string; - char *name; - CK_RV rv; - - attr = p11_attrs_find_valid (attrs, CKA_LABEL); - if (!attr) { - rv = p11_kit_iter_load_attributes (iter, &label, 1); - if (rv == CKR_OK) - attr = &label; - } - - if (attr) - name = strndup (attr->pValue, attr->ulValueLen); - else - name = strdup ("unknown"); - - string = p11_attrs_to_string (attrs, -1); - printf ("\"%s\" = %s\n", name, string); - free (string); - - free (label.pValue); - free (name); -} - -static int -dump_trust_module (const char *path) -{ - CK_FUNCTION_LIST *module; - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - CK_ATTRIBUTE match = - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS,}, - { CKA_LABEL, }, - { CKA_CERT_MD5_HASH, }, - { CKA_CERT_SHA1_HASH }, - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_TRUST_SERVER_AUTH, }, - { CKA_TRUST_EMAIL_PROTECTION, }, - { CKA_TRUST_CODE_SIGNING, }, - { CKA_TRUST_STEP_UP_APPROVED, }, - { CKA_INVALID, } - }; - - CK_ULONG count = p11_attrs_count (template); - - module = p11_kit_module_load (path, 0); - return_val_if_fail (module != NULL, 1); - - rv = p11_kit_module_initialize (module); - return_val_if_fail (rv == CKR_OK, 1); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, &match, 1); - p11_kit_iter_begin_with (iter, module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_dup (template); - rv = p11_kit_iter_load_attributes (iter, attrs, count); - return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1); - p11_attrs_purge (attrs); - dump_object (iter, attrs); - p11_attrs_free (attrs); - } - - return_val_if_fail (rv == CKR_CANCEL, 1); - - p11_kit_module_finalize (module); - p11_kit_module_release (module); - - return 0; -} - -static int -compare_trust_modules (const char *path1, - const char *path2) -{ - CK_FUNCTION_LIST *module1; - CK_FUNCTION_LIST *module2; - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - CK_ATTRIBUTE match = - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; - P11KitIter *iter; - P11KitIter *iter2; - CK_ATTRIBUTE *check; - CK_RV rv; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS, }, - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_CERT_MD5_HASH, }, - { CKA_CERT_SHA1_HASH }, - { CKA_TRUST_SERVER_AUTH, }, - { CKA_TRUST_EMAIL_PROTECTION, }, - { CKA_TRUST_CODE_SIGNING, }, - { CKA_TRUST_STEP_UP_APPROVED, }, - { CKA_INVALID, } - }; - - module1 = p11_kit_module_load (path1, 0); - return_val_if_fail (module1 != NULL, 1); - - rv = p11_kit_module_initialize (module1); - return_val_if_fail (rv == CKR_OK, 1); - - module2 = p11_kit_module_load (path2, 0); - return_val_if_fail (module2 != NULL, 1); - - rv = p11_kit_module_initialize (module2); - return_val_if_fail (rv == CKR_OK, 1); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, &match, 1); - p11_kit_iter_begin_with (iter, module1, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - check = p11_attrs_dup (template); - - rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check)); - return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1); - - /* Go through and remove anything not found */ - p11_attrs_purge (check); - - /* Check that this object exists */ - iter2 = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check)); - p11_kit_iter_begin_with (iter2, module2, 0, 0); - rv = p11_kit_iter_next (iter2); - p11_kit_iter_free (iter2); - - if (rv != CKR_OK) - dump_object (iter, check); - - p11_attrs_free (check); - } - - return_val_if_fail (rv == CKR_CANCEL, 1); - p11_kit_module_finalize (module1); - p11_kit_module_release (module1); - - p11_kit_module_finalize (module2); - p11_kit_module_release (module2); - - return 0; -} - -int -main (int argc, - char *argv[]) -{ - if (argc == 2) { - return dump_trust_module (argv[1]); - } else if (argc == 3) { - return compare_trust_modules (argv[1], argv[2]); - } else { - fprintf (stderr, "usage: frob-nss-trust module\n"); - fprintf (stderr, " frob-nss-trust module1 module2\n"); - return 2; - } -} |