[gnome-keyring/trust-store] [xdg-store] Add support for storing certificates.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/trust-store] [xdg-store] Add support for storing certificates.
- Date: Thu, 25 Nov 2010 03:24:45 +0000 (UTC)
commit 4e014c7a5852d2d33935e29a4ec539d1584b09e5
Author: Stef Walter <stefw collabora co uk>
Date: Wed Nov 24 21:14:31 2010 +0000
[xdg-store] Add support for storing certificates.
* Fix module problems related to object creation.
* Make GkmCertificate handle loading empty data properly.
* Testing.
pkcs11/gkm/gkm-certificate.c | 6 ++-
pkcs11/gkm/gkm-session.c | 9 +++-
pkcs11/xdg-store/gkm-xdg-module.c | 15 ++---
...st-certificate-1.der => test-certificate-1.cer} | Bin 813 -> 813 bytes
...st-certificate-1.der => test-certificate-2.cer} | Bin 813 -> 813 bytes
pkcs11/xdg-store/tests/test-xdg-module.c | 63 ++++++++++++++------
6 files changed, 65 insertions(+), 28 deletions(-)
---
diff --git a/pkcs11/gkm/gkm-certificate.c b/pkcs11/gkm/gkm-certificate.c
index 4c45340..7346454 100644
--- a/pkcs11/gkm/gkm-certificate.c
+++ b/pkcs11/gkm/gkm-certificate.c
@@ -369,7 +369,11 @@ gkm_certificate_real_load (GkmSerializable *base, GkmSecret *login, gconstpointe
GkmSexp *wrapper;
g_return_val_if_fail (GKM_IS_CERTIFICATE (self), FALSE);
- g_return_val_if_fail (data, FALSE);
+
+ if (!data || !n_data) {
+ g_message ("cannot load empty certificate file");
+ return FALSE;
+ }
copy = g_memdup (data, n_data);
diff --git a/pkcs11/gkm/gkm-session.c b/pkcs11/gkm/gkm-session.c
index 854ca98..51ffed3 100644
--- a/pkcs11/gkm/gkm-session.c
+++ b/pkcs11/gkm/gkm-session.c
@@ -956,6 +956,7 @@ gkm_session_C_CreateObject (GkmSession* self, CK_ATTRIBUTE_PTR template,
CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object)
{
GkmObject *object = NULL;
+ CK_OBJECT_HANDLE handle;
GkmTransaction *transaction;
CK_RV rv;
@@ -973,7 +974,13 @@ gkm_session_C_CreateObject (GkmSession* self, CK_ATTRIBUTE_PTR template,
if (rv == CKR_OK) {
g_assert (object);
- *new_object = gkm_object_get_handle (object);
+ handle = gkm_object_get_handle (object);
+ if (handle == 0) {
+ g_warning ("an object was not properly exposed its owner");
+ rv = CKR_GENERAL_ERROR;
+ } else {
+ *new_object = handle;
+ }
g_object_unref (object);
}
diff --git a/pkcs11/xdg-store/gkm-xdg-module.c b/pkcs11/xdg-store/gkm-xdg-module.c
index e173a5a..f6d20f4 100644
--- a/pkcs11/xdg-store/gkm-xdg-module.c
+++ b/pkcs11/xdg-store/gkm-xdg-module.c
@@ -33,6 +33,7 @@
#include "egg/egg-hex.h"
#include "gkm/gkm-assertion.h"
+#include "gkm/gkm-certificate.h"
#include "gkm/gkm-file-tracker.h"
#include "gkm/gkm-serializable.h"
#include "gkm/gkm-transaction.h"
@@ -109,15 +110,8 @@ type_from_path (const gchar *path)
if (g_str_equal (ext, ".trust"))
return GKM_XDG_TYPE_TRUST;
-
-#if 0
- else if (strcmp (extension, ".pkcs8") == 0)
- return GKM_TYPE_GNOME2_PRIVATE_KEY;
- else if (strcmp (extension, ".pub") == 0)
- return GKM_TYPE_GNOME2_PUBLIC_KEY;
- else if (strcmp (extension, ".cer") == 0)
+ else if (strcmp (ext, ".cer") == 0)
return GKM_TYPE_CERTIFICATE;
-#endif
return 0;
}
@@ -137,11 +131,15 @@ add_object_to_module (GkmXdgModule *self, GkmObject *object, const gchar *filena
g_assert (!lookup_filename_for_object (object));
g_object_set_data_full (G_OBJECT (object), "xdg-module-filename",
g_strdup (filename), g_free);
+
+ gkm_object_expose (object, TRUE);
}
static void
remove_object_from_module (GkmXdgModule *self, GkmObject *object, const gchar *filename)
{
+ gkm_object_expose (object, FALSE);
+
g_assert (g_hash_table_lookup (self->objects_by_path, filename) == object);
g_hash_table_remove (self->objects_by_path, filename);
}
@@ -446,6 +444,7 @@ gkm_xdg_module_init (GkmXdgModule *self)
/* For creating stored objects */
gkm_module_register_factory (GKM_MODULE (self), GKM_XDG_FACTORY_ASSERTION);
+ gkm_module_register_factory (GKM_MODULE (self), GKM_FACTORY_CERTIFICATE);
}
static void
diff --git a/pkcs11/xdg-store/tests/test-data/test-certificate-1.der b/pkcs11/xdg-store/tests/test-data/test-certificate-1.cer
similarity index 100%
copy from pkcs11/xdg-store/tests/test-data/test-certificate-1.der
copy to pkcs11/xdg-store/tests/test-data/test-certificate-1.cer
diff --git a/pkcs11/xdg-store/tests/test-data/test-certificate-1.der b/pkcs11/xdg-store/tests/test-data/test-certificate-2.cer
similarity index 100%
rename from pkcs11/xdg-store/tests/test-data/test-certificate-1.der
rename to pkcs11/xdg-store/tests/test-data/test-certificate-2.cer
diff --git a/pkcs11/xdg-store/tests/test-xdg-module.c b/pkcs11/xdg-store/tests/test-xdg-module.c
index 8419759..1fc0943 100644
--- a/pkcs11/xdg-store/tests/test-xdg-module.c
+++ b/pkcs11/xdg-store/tests/test-xdg-module.c
@@ -128,6 +128,7 @@ test_xdg_module_initialize_and_enter (void)
/* Copy files from test-data to scratch */
copy_scratch_file ("test-refer-1.trust");
+ copy_scratch_file ("test-certificate-1.cer");
empty_scratch_file ("invalid-without-ext");
empty_scratch_file ("test-file.unknown");
empty_scratch_file ("test-invalid.trust");
@@ -237,11 +238,11 @@ TESTING_TEST (xdg_module_find_twice_is_same)
CK_RV rv;
rv = gkm_session_C_FindObjectsInit (session, NULL, 0);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjects (session, objects, G_N_ELEMENTS (objects), &n_objects);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjectsFinal (session);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
gkm_assert_cmpulong (n_objects, >, 0);
@@ -249,11 +250,11 @@ TESTING_TEST (xdg_module_find_twice_is_same)
touch_scratch_file ("test-refer-1.trust", 1);
rv = gkm_session_C_FindObjectsInit (session, NULL, 0);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjects (session, objects, G_N_ELEMENTS (objects), &n_check);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjectsFinal (session);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
/* Should have same objects after reload */
gkm_assert_cmpulong (n_check, ==, n_objects);
@@ -267,11 +268,11 @@ TESTING_TEST (xdg_module_file_becomes_invalid)
CK_RV rv;
rv = gkm_session_C_FindObjectsInit (session, NULL, 0);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjects (session, objects, G_N_ELEMENTS (objects), &n_objects);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjectsFinal (session);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
gkm_assert_cmpulong (n_objects, >, 0);
@@ -280,11 +281,11 @@ TESTING_TEST (xdg_module_file_becomes_invalid)
touch_scratch_file ("test-refer-1.trust", 2);
rv = gkm_session_C_FindObjectsInit (session, NULL, 0);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjects (session, objects, G_N_ELEMENTS (objects), &n_check);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjectsFinal (session);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
/* Should have less objects */
gkm_assert_cmpulong (n_check, <, n_objects);
@@ -298,11 +299,11 @@ TESTING_TEST (xdg_module_file_remove)
CK_RV rv;
rv = gkm_session_C_FindObjectsInit (session, NULL, 0);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjects (session, objects, G_N_ELEMENTS (objects), &n_objects);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjectsFinal (session);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
gkm_assert_cmpulong (n_objects, >, 0);
@@ -310,12 +311,38 @@ TESTING_TEST (xdg_module_file_remove)
remove_scratch_file ("test-refer-1.trust");
rv = gkm_session_C_FindObjectsInit (session, NULL, 0);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjects (session, objects, G_N_ELEMENTS (objects), &n_check);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
rv = gkm_session_C_FindObjectsFinal (session);
- g_assert (rv == CKR_OK);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
/* Should have less objects */
gkm_assert_cmpulong (n_check, <, n_objects);
}
+
+TESTING_TEST (xdg_create_and_add_object)
+{
+ CK_OBJECT_HANDLE object = 0;
+ CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
+ CK_CERTIFICATE_TYPE ctype = CKC_X_509;
+ CK_BBOOL tval = CK_TRUE;
+ gpointer data;
+ gsize n_data;
+ CK_RV rv;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_VALUE, NULL, 0 },
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_TOKEN, &tval, sizeof (tval) },
+ { CKA_CERTIFICATE_TYPE, &ctype, sizeof (ctype) }
+ };
+
+ data = testing_data_read ("test-certificate-2.cer", &n_data);
+ attrs[0].pValue = data;
+ attrs[0].ulValueLen = n_data;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
+ gkm_assert_cmprv (rv, ==, CKR_OK);
+ gkm_assert_cmpulong (object, !=, 0);
+}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
