From a286df75050db8b306685cb22e491d11be842584 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 17 Dec 2012 11:04:42 +0100 Subject: Add support for parsing PEM files --- trust/Makefile.am | 3 ++- trust/parser.c | 38 ++++++++++++++++++++++++++++++++++++++ trust/tests/files/cacert3.pem | 42 ++++++++++++++++++++++++++++++++++++++++++ trust/tests/test-parser.c | 26 ++++++++++++++++++++++++++ 4 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 trust/tests/files/cacert3.pem (limited to 'trust') diff --git a/trust/Makefile.am b/trust/Makefile.am index 413bb51..75684cc 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -30,7 +30,8 @@ p11_kit_trust_la_LIBADD = \ $(top_builddir)/common/libp11-data.la \ $(top_builddir)/common/libp11-library.la \ $(top_builddir)/common/libp11-compat.la \ - $(LIBTASN1_LIBS) + $(LIBTASN1_LIBS) \ + $(NULL) p11_kit_trust_la_LDFLAGS = \ -no-undefined -module -avoid-version \ diff --git a/trust/parser.c b/trust/parser.c index ef72474..65d7855 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -42,6 +42,7 @@ #include "library.h" #include "module.h" #include "parser.h" +#include "pem.h" #include "pkcs11x.h" #include @@ -992,7 +993,44 @@ parse_der_x509_certificate (p11_parser *parser, return P11_PARSE_SUCCESS; } +static void +on_pem_block (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + p11_parser *parser = user_data; + int ret; + + if (strcmp (type, "CERTIFICATE") == 0) { + ret = parse_der_x509_certificate (parser, contents, length); + + } else { + p11_debug ("Saw unsupported or unrecognized PEM block of type %s", type); + ret = P11_PARSE_SUCCESS; + } + + if (ret != P11_PARSE_SUCCESS) + p11_message ("Couldn't parse PEM block of type %s", type); +} + +static int +parse_pem_certificates (p11_parser *parser, + const unsigned char *data, + size_t length) +{ + int num; + + num = p11_pem_parse ((const char *)data, length, on_pem_block, parser); + + if (num == 0) + return P11_PARSE_UNRECOGNIZED; + + return P11_PARSE_SUCCESS; +} + static parser_func all_parsers[] = { + parse_pem_certificates, parse_der_x509_certificate, NULL, }; diff --git a/trust/tests/files/cacert3.pem b/trust/tests/files/cacert3.pem new file mode 100644 index 0000000..087ca0e --- /dev/null +++ b/trust/tests/files/cacert3.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c index c224669..0a0a9d1 100644 --- a/trust/tests/test-parser.c +++ b/trust/tests/test-parser.c @@ -107,6 +107,31 @@ test_parse_der_certificate (CuTest *cu) } static void +test_parse_pem_certificate (CuTest *cu) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *attr; + int ret; + + setup (cu); + + ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.pem", + 0, on_parse_object, cu); + CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate and a trust object */ + CuAssertIntEquals (cu, 2, test.objects->num); + + attrs = test.objects->elem[0]; + test_check_cacert3_ca (cu, attrs, NULL); + + attr = p11_attrs_find (attrs, CKA_TRUSTED); + CuAssertPtrEquals (cu, NULL, attr); + + teardown (cu); +} + +static void test_parse_anchor (CuTest *cu) { CK_ATTRIBUTE *attrs; @@ -294,6 +319,7 @@ main (void) p11_message_quiet (); SUITE_ADD_TEST (suite, test_parse_der_certificate); + SUITE_ADD_TEST (suite, test_parse_pem_certificate); SUITE_ADD_TEST (suite, test_parse_anchor); SUITE_ADD_TEST (suite, test_parse_no_sink); SUITE_ADD_TEST (suite, test_parse_invalid_file); -- cgit v1.1