From 6ecf586a1e31f2874c7b185f4f2061aa9e83c08a Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 8 Mar 2013 22:50:06 +0100 Subject: trust: Use the new NSS PKCS#11 extension codes NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync. --- trust/adapter.c | 22 +++++++++++----------- trust/tests/test-module.c | 4 ++-- trust/tests/test-parser.c | 22 +++++++++++----------- trust/token.c | 6 +++--- 4 files changed, 27 insertions(+), 27 deletions(-) (limited to 'trust') diff --git a/trust/adapter.c b/trust/adapter.c index d17cb70..08e4c78 100644 --- a/trust/adapter.c +++ b/trust/adapter.c @@ -82,7 +82,7 @@ build_trust_object_ku (p11_parser *parser, defawlt = present; /* If blacklisted, don't even bother looking at extensions */ - if (present != CKT_NETSCAPE_UNTRUSTED) + if (present != CKT_NSS_NOT_TRUSTED) data = p11_parsing_get_extension (parser, parsing, P11_OID_KEY_USAGE, &length); if (data) { @@ -91,7 +91,7 @@ build_trust_object_ku (p11_parser *parser, * usages are to be set. If the extension was invalid, then * fail safe to none of the key usages. */ - defawlt = CKT_NETSCAPE_TRUST_UNKNOWN; + defawlt = CKT_NSS_TRUST_UNKNOWN; defs = p11_parser_get_asn1_defs (parser); if (!p11_x509_parse_key_usage (defs, data, length, &ku)) @@ -171,19 +171,19 @@ build_trust_object_eku (p11_parser *parser, return_val_if_reached (NULL); /* The neutral value is set if an purpose is not present */ - if (allow == CKT_NETSCAPE_UNTRUSTED) - neutral = CKT_NETSCAPE_UNTRUSTED; + if (allow == CKT_NSS_NOT_TRUSTED) + neutral = CKT_NSS_NOT_TRUSTED; /* If anything explicitly set, then neutral is unknown */ else if (purposes || rejects) - neutral = CKT_NETSCAPE_TRUST_UNKNOWN; + neutral = CKT_NSS_TRUST_UNKNOWN; /* Otherwise neutral will allow any purpose */ else neutral = allow; /* The value set if a purpose is explictly rejected */ - disallow = CKT_NETSCAPE_UNTRUSTED; + disallow = CKT_NSS_NOT_TRUSTED; for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) { attrs[i].type = eku_attribute_map[i].type; @@ -218,7 +218,7 @@ build_nss_trust_object (p11_parser *parser, CK_ATTRIBUTE *object = NULL; CK_TRUST allow; - CK_OBJECT_CLASS vclass = CKO_NETSCAPE_TRUST; + CK_OBJECT_CLASS vclass = CKO_NSS_TRUST; CK_BYTE vsha1_hash[P11_CHECKSUM_SHA1_LENGTH]; CK_BYTE vmd5_hash[P11_CHECKSUM_MD5_LENGTH]; CK_BBOOL vfalse = CK_FALSE; @@ -270,13 +270,13 @@ build_nss_trust_object (p11_parser *parser, /* Calculate the default allow trust */ if (distrust) - allow = CKT_NETSCAPE_UNTRUSTED; + allow = CKT_NSS_NOT_TRUSTED; else if (trust && authority) - allow = CKT_NETSCAPE_TRUSTED_DELEGATOR; + allow = CKT_NSS_TRUSTED_DELEGATOR; else if (trust) - allow = CKT_NETSCAPE_TRUSTED; + allow = CKT_NSS_TRUSTED; else - allow = CKT_NETSCAPE_TRUST_UNKNOWN; + allow = CKT_NSS_TRUST_UNKNOWN; object = build_trust_object_ku (parser, parsing, object, allow); return_if_fail (object != NULL); diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c index 2e085ba..2d0e488 100644 --- a/trust/tests/test-module.c +++ b/trust/tests/test-module.c @@ -192,7 +192,7 @@ static void check_has_trust_object (CuTest *cu, CK_ATTRIBUTE *cert) { - CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST; + CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) }; CK_OBJECT_HANDLE objects[2]; CK_ATTRIBUTE *match; @@ -314,7 +314,7 @@ test_find_certificates (CuTest *cu) static void test_find_builtin (CuTest *cu) { - CK_OBJECT_CLASS klass = CKO_NETSCAPE_BUILTIN_ROOT_LIST; + CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST; CK_BBOOL vtrue = CK_TRUE; CK_BBOOL vfalse = CK_FALSE; diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c index 581ff5e..0f40748 100644 --- a/trust/tests/test-parser.c +++ b/trust/tests/test-parser.c @@ -154,11 +154,11 @@ test_parse_pem_certificate (CuTest *cu) static void test_parse_openssl_trusted (CuTest *cu) { - CK_TRUST trusted = CKT_NETSCAPE_TRUSTED_DELEGATOR; - CK_TRUST distrusted = CKT_NETSCAPE_UNTRUSTED; - CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN; + CK_TRUST trusted = CKT_NSS_TRUSTED_DELEGATOR; + CK_TRUST distrusted = CKT_NSS_NOT_TRUSTED; + CK_TRUST unknown = CKT_NSS_TRUST_UNKNOWN; CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; - CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST; + CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION; CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE; CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE; @@ -294,9 +294,9 @@ test_parse_openssl_trusted (CuTest *cu) static void test_parse_openssl_distrusted (CuTest *cu) { - CK_TRUST distrusted = CKT_NETSCAPE_UNTRUSTED; + CK_TRUST distrusted = CKT_NSS_NOT_TRUSTED; CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; - CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST; + CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; CK_OBJECT_CLASS klass = CKO_CERTIFICATE; CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION; CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE; @@ -515,10 +515,10 @@ test_parse_openssl_distrusted (CuTest *cu) static void test_parse_with_key_usage (CuTest *cu) { - CK_TRUST trusted = CKT_NETSCAPE_TRUSTED; - CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN; + CK_TRUST trusted = CKT_NSS_TRUSTED; + CK_TRUST unknown = CKT_NSS_TRUST_UNKNOWN; CK_OBJECT_CLASS klass = CKO_CERTIFICATE; - CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST; + CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; CK_BBOOL vtrue = CK_TRUE; CK_BBOOL vfalse = CK_FALSE; CK_CERTIFICATE_TYPE x509 = CKC_X_509; @@ -606,9 +606,9 @@ static void test_parse_anchor (CuTest *cu) { CK_BBOOL vtrue = CK_TRUE; - CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST; + CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; CK_ATTRIBUTE trusted = { CKA_TRUSTED, &vtrue, sizeof (vtrue) }; - CK_TRUST delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR; + CK_TRUST delegator = CKT_NSS_TRUSTED_DELEGATOR; CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION; CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE; diff --git a/trust/token.c b/trust/token.c index 46eea20..3c0de4c 100644 --- a/trust/token.c +++ b/trust/token.c @@ -214,9 +214,9 @@ loader_load_paths (p11_token *token, static int load_builtin_objects (p11_token *token) { - CK_OBJECT_CLASS builtin = CKO_NETSCAPE_BUILTIN_ROOT_LIST; - CK_OBJECT_CLASS nss_trust = CKO_NETSCAPE_TRUST; - CK_TRUST nss_not_trusted = CKT_NETSCAPE_UNTRUSTED; + CK_OBJECT_CLASS builtin = CKO_NSS_BUILTIN_ROOT_LIST; + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + CK_TRUST nss_not_trusted = CKT_NSS_NOT_TRUSTED; CK_BBOOL vtrue = CK_TRUE; CK_BBOOL vfalse = CK_FALSE; -- cgit v1.1