From f4384a40657e6abde6658ac7600abb879818b493 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Sun, 29 Jan 2017 15:12:56 +0100 Subject: trust: Make extraction and correlation of certificate info optional This is so that the code can be shared by the upcoming 'trust dump' command where correlation between related objects is not desired. --- trust/enumerate.c | 28 +++++++++++++++------------- trust/enumerate.h | 1 + trust/list.c | 1 + trust/test-bundle.c | 1 + trust/test-cer.c | 1 + trust/test-enumerate.c | 16 ++++++++++------ trust/test-openssl.c | 1 + 7 files changed, 30 insertions(+), 19 deletions(-) diff --git a/trust/enumerate.c b/trust/enumerate.c index 750bba3..ad0565f 100644 --- a/trust/enumerate.c +++ b/trust/enumerate.c @@ -308,24 +308,26 @@ extract_info (p11_enumerate *ex) return false; /* If a certificate then */ - if (ex->klass != CKO_CERTIFICATE) { - p11_message ("skipping non-certificate object"); - return false; - } + if (ex->flags & P11_ENUMERATE_CORRELATE) { + if (ex->klass != CKO_CERTIFICATE) { + p11_message ("skipping non-certificate object"); + return false; + } - if (!extract_certificate (ex)) - return false; + if (!extract_certificate (ex)) + return false; + + attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); + if (attr) { + ex->attached = load_attached_extensions (ex, attr); + if (!ex->attached) + return false; + } - attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); - if (attr) { - ex->attached = load_attached_extensions (ex, attr); - if (!ex->attached) + if (!extract_purposes (ex)) return false; } - if (!extract_purposes (ex)) - return false; - return true; } diff --git a/trust/enumerate.h b/trust/enumerate.h index 411820a..41cea09 100644 --- a/trust/enumerate.h +++ b/trust/enumerate.h @@ -49,6 +49,7 @@ enum { P11_ENUMERATE_ANCHORS = 1 << 21, P11_ENUMERATE_BLACKLIST = 1 << 22, P11_ENUMERATE_COLLAPSE = 1 << 23, + P11_ENUMERATE_CORRELATE = 1 << 24, }; typedef struct { diff --git a/trust/list.c b/trust/list.c index 12120e5..9e31aba 100644 --- a/trust/list.c +++ b/trust/list.c @@ -253,6 +253,7 @@ p11_trust_list (int argc, if (!p11_enumerate_ready (&ex, "trust-policy")) exit (1); + ex.flags |= P11_ENUMERATE_CORRELATE; ret = list_iterate (&ex, details) ? 0 : 1; p11_enumerate_cleanup (&ex); diff --git a/trust/test-bundle.c b/trust/test-bundle.c index 3af7277..3f4bcad 100644 --- a/trust/test-bundle.c +++ b/trust/test-bundle.c @@ -74,6 +74,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; test.directory = p11_test_directory ("test-extract"); } diff --git a/trust/test-cer.c b/trust/test-cer.c index 422b528..a412eff 100644 --- a/trust/test-cer.c +++ b/trust/test-cer.c @@ -74,6 +74,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; test.directory = p11_test_directory ("test-extract"); } diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c index 424437e..3e188b2 100644 --- a/trust/test-enumerate.c +++ b/trust/test-enumerate.c @@ -62,6 +62,7 @@ test_file_name_for_label (void) char *name; p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; ex.attrs = p11_attrs_build (NULL, &label, NULL); @@ -79,6 +80,7 @@ test_file_name_for_class (void) char *name; p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; ex.klass = CKO_CERTIFICATE; @@ -104,7 +106,7 @@ test_comment_for_label (void) p11_enumerate_init (&ex); - ex.flags = P11_EXTRACT_COMMENT; + ex.flags = P11_EXTRACT_COMMENT | P11_ENUMERATE_CORRELATE; ex.attrs = p11_attrs_build (NULL, &label, NULL); comment = p11_enumerate_comment (&ex, true); @@ -127,6 +129,7 @@ test_comment_not_enabled (void) p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; ex.attrs = p11_attrs_build (NULL, &label, NULL); comment = p11_enumerate_comment (&ex, true); @@ -156,6 +159,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; /* Prefill the modules */ test.modules[0] = &test.module; @@ -406,7 +410,7 @@ test_duplicate_distrusted (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - test.ex.flags = P11_ENUMERATE_COLLAPSE; + test.ex.flags = P11_ENUMERATE_COLLAPSE | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -432,7 +436,7 @@ test_trusted_match (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - test.ex.flags = P11_ENUMERATE_ANCHORS; + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -450,7 +454,7 @@ test_distrust_match (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - test.ex.flags = P11_ENUMERATE_BLACKLIST; + test.ex.flags = P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -475,7 +479,7 @@ test_override_by_issuer_serial (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -498,7 +502,7 @@ test_override_by_public_key (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key); - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); diff --git a/trust/test-openssl.c b/trust/test-openssl.c index 3cba1ed..b1276df 100644 --- a/trust/test-openssl.c +++ b/trust/test-openssl.c @@ -77,6 +77,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; test.directory = p11_test_directory ("test-extract"); } -- cgit v1.1