summaryrefslogtreecommitdiff
path: root/trust/tests/test-parser.c
Commit message (Collapse)AuthorAgeFilesLines
* trust: Support a p11-kit specific serialization formatStef Walter2013-03-151-0/+32
| | | | | | | This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by defaultStef Walter2013-03-151-0/+31
| | | | | | | This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* trust: Add a builder which builds objects out of parsed dataStef Walter2013-03-151-546/+120
| | | | | | | | | | | The builder completes the objects from the parsed data and takes over the responsibilities that the parser and adapter previously shared. This is necessary to prepare for arbitrary data coming from the p11-kit specific input files. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* trust: Use the new NSS PKCS#11 extension codesStef Walter2013-03-081-11/+11
| | | | | NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync.
* Initialize modules correctly in testsStef Walter2013-03-031-0/+1
| | | | This fixes hangs when running tests on windows
* Use putenv() instead of setenv()Stef Walter2013-03-031-1/+1
| | | | Since older operating systems don't support setenv()
* Use the CN, OU or O of certificates to generate a labelStef Walter2013-02-051-11/+11
| | | | | * This is in cases where the certificate information does not already have a friendly name or alias.
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-051-35/+317
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Refactor how parsing of ASN.1 data and certificate extensions workStef Walter2013-02-051-103/+0
|
* Fill in certificate authority and trust data correctlyStef Walter2013-02-051-55/+191
| | | | | | | | | | | | * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
* Implement stapled certificate extensions internallyStef Walter2013-02-051-25/+134
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Better debugging and checks for attribute valuesStef Walter2013-02-051-5/+6
|
* Test a TRUSTED CERTIFICATE without any trust OIDsStef Walter2013-02-051-0/+15
|
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-051-0/+52
|
* Add support for parsing PEM filesStef Walter2013-02-051-0/+26
|
* Add basic trust moduleStef Walter2013-02-051-0/+315
This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
generated by cgit v1.1 at 2024-12-27 12:29:14 +0000