[gnome-keyring/trust-store] [xdg-store] Tests for xdg-store and fixes.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/trust-store] [xdg-store] Tests for xdg-store and fixes.
- Date: Tue, 21 Sep 2010 04:00:52 +0000 (UTC)
commit c29d40617d3ed7974019268e1aae5ad67e312b27
Author: Stef Walter <stef memberwebs com>
Date: Tue Sep 21 03:59:03 2010 +0000
[xdg-store] Tests for xdg-store and fixes.
A whole bunch of fixes for the xdg-store and trust loading
and saving.
pkcs11/xdg-store/Makefile.am | 1 -
pkcs11/xdg-store/asn1-def-xdg.c | 6 +-
pkcs11/xdg-store/gkm-xdg-module.c | 10 +-
pkcs11/xdg-store/gkm-xdg-trust.c | 60 ++--
pkcs11/xdg-store/tests/Makefile.am | 16 +-
pkcs11/xdg-store/tests/test-data/test-trust-1.der | Bin 0 -> 667 bytes
pkcs11/xdg-store/tests/test-xdg-module.c | 152 +++++++++
pkcs11/xdg-store/tests/test-xdg-module.h | 45 +++
pkcs11/xdg-store/tests/test-xdg-trust.c | 362 +++++++++++++++++++++
pkcs11/xdg-store/xdg.asn | 6 +-
10 files changed, 623 insertions(+), 35 deletions(-)
---
diff --git a/pkcs11/xdg-store/Makefile.am b/pkcs11/xdg-store/Makefile.am
index dfa5f3c..a0bc901 100644
--- a/pkcs11/xdg-store/Makefile.am
+++ b/pkcs11/xdg-store/Makefile.am
@@ -7,7 +7,6 @@ INCLUDES = \
$(LIBGCRYPT_CFLAGS) \
$(GLIB_CFLAGS)
-
# ------------------------------------------------------------------------------
# The xdg-store component code
diff --git a/pkcs11/xdg-store/asn1-def-xdg.c b/pkcs11/xdg-store/asn1-def-xdg.c
index 1d608be..0d1edd9 100644
--- a/pkcs11/xdg-store/asn1-def-xdg.c
+++ b/pkcs11/xdg-store/asn1-def-xdg.c
@@ -14,9 +14,9 @@ const ASN1_ARRAY_TYPE xdg_asn1_tab[] = {
{ NULL, 2, "TrustDigest"},
{ "TrustLevel", 1610874901, NULL },
{ "trustUnknown", 1073741825, "0"},
- { "untrustedUsage", 1073741825, "1"},
+ { "untrusted", 1073741825, "1"},
{ "mustVerify", 1073741825, "2"},
- { "trustedUsage", 1073741825, "3"},
+ { "trusted", 1073741825, "3"},
{ "trustedDelegator", 1, "4"},
{ "TrustPair", 1610612741, NULL },
{ "purpose", 1073741836, NULL },
@@ -27,7 +27,7 @@ const ASN1_ARRAY_TYPE xdg_asn1_tab[] = {
{ "serialNumber", 1073741827, NULL },
{ "issuer", 1073741837, NULL },
{ "subject", 1073758221, NULL },
- { "digests", 2, "TrustDigests"},
+ { "digests", 16386, "TrustDigests"},
{ "TrustReference", 1610612754, NULL },
{ "certReference", 2, "CertReference"},
{ "trust-1", 536870917, NULL },
diff --git a/pkcs11/xdg-store/gkm-xdg-module.c b/pkcs11/xdg-store/gkm-xdg-module.c
index 2147d90..64bdcf7 100644
--- a/pkcs11/xdg-store/gkm-xdg-module.c
+++ b/pkcs11/xdg-store/gkm-xdg-module.c
@@ -81,6 +81,8 @@ static const CK_TOKEN_INFO user_module_token_info = {
G_DEFINE_TYPE (GkmXdgModule, gkm_xdg_module, GKM_TYPE_MODULE);
+GkmModule* _gkm_xdg_store_get_module_for_testing (void);
+
/* -----------------------------------------------------------------------------
* ACTUAL PKCS#11 Module Implementation
*/
@@ -157,7 +159,7 @@ file_load (GkmFileTracker *tracker, const gchar *path, GkmXdgModule *self)
/* Figure out what type of object we're dealing with */
type = type_from_path (path);
if (type == 0) {
- g_warning ("don't know how to load file in key store: %s", path);
+ g_message ("don't know how to load file in key store: %s", path);
return;
}
@@ -470,3 +472,9 @@ gkm_xdg_store_get_functions (void)
gkm_crypto_initialize ();
return gkm_xdg_module_function_list;
}
+
+GkmModule*
+_gkm_xdg_store_get_module_for_testing (void)
+{
+ return pkcs11_module;
+}
diff --git a/pkcs11/xdg-store/gkm-xdg-trust.c b/pkcs11/xdg-store/gkm-xdg-trust.c
index 99d3d3d..d32cb59 100644
--- a/pkcs11/xdg-store/gkm-xdg-trust.c
+++ b/pkcs11/xdg-store/gkm-xdg-trust.c
@@ -54,14 +54,6 @@ static void gkm_xdg_trust_serializable (GkmSerializableIface *iface);
G_DEFINE_TYPE_EXTENDED (GkmXdgTrust, gkm_xdg_trust, GKM_TYPE_OBJECT, 0,
G_IMPLEMENT_INTERFACE (GKM_TYPE_SERIALIZABLE, gkm_xdg_trust_serializable));
-enum {
- TRUST_UNKNOWN = 0,
- TRUST_UNTRUSTED = 1,
- TRUST_MUST_VERIFY = 2,
- TRUST_TRUSTED = 3,
- TRUST_TRUSTED_DELEGATOR = 4
-};
-
/* -----------------------------------------------------------------------------
* QUARKS
*/
@@ -89,6 +81,12 @@ static GQuark OID_PURPOSE_IPSEC_TUNNEL;
static GQuark OID_PURPOSE_IPSEC_USER;
static GQuark OID_PURPOSE_IKE_INTERMEDIATE;
+static GQuark TRUST_UNKNOWN;
+static GQuark TRUST_UNTRUSTED;
+static GQuark TRUST_MUST_VERIFY;
+static GQuark TRUST_TRUSTED;
+static GQuark TRUST_TRUSTED_DELEGATOR;
+
static void
init_quarks (void)
{
@@ -122,6 +120,12 @@ init_quarks (void)
QUARK (OID_PURPOSE_IPSEC_USER, "1.3.6.1.5.5.7.3.7");
QUARK (OID_PURPOSE_IKE_INTERMEDIATE, "1.3.6.1.5.5.8.2.2");
+ QUARK (TRUST_UNKNOWN, "trustUnknown");
+ QUARK (TRUST_UNTRUSTED, "untrusted");
+ QUARK (TRUST_MUST_VERIFY, "mustVerify");
+ QUARK (TRUST_TRUSTED, "trusted");
+ QUARK (TRUST_TRUSTED_DELEGATOR, "trustedDelegator");
+
#undef QUARK
g_once_init_leave (&quarks_inited, 1);
@@ -168,6 +172,9 @@ trust_get_der (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
return CKR_ATTRIBUTE_TYPE_INVALID;
element = egg_asn1x_get_raw_element (node, &n_element);
+ if (element == NULL)
+ return CKR_ATTRIBUTE_TYPE_INVALID;
+
return gkm_attribute_set_data (attr, element, n_element);
}
@@ -184,7 +191,7 @@ trust_get_integer (GkmXdgTrust *self, const gchar *part, CK_ATTRIBUTE_PTR attr)
node = egg_asn1x_node (self->pv->asn, "reference", "certReference", NULL);
g_return_val_if_fail (node, CKR_GENERAL_ERROR);
- node = egg_asn1x_node (self->pv->asn, part, NULL);
+ node = egg_asn1x_node (node, part, NULL);
if (node == NULL)
return CKR_ATTRIBUTE_TYPE_INVALID;
@@ -269,7 +276,7 @@ append_reference_hash (GNode *asn, GQuark oid, CK_ATTRIBUTE_PTR attr)
attr->ulValueLen, g_free);
}
-static gint
+static GQuark
trust_ulong_to_level_enum (CK_ULONG trust)
{
switch (trust) {
@@ -289,22 +296,20 @@ trust_ulong_to_level_enum (CK_ULONG trust)
}
static CK_ULONG
-level_enum_to_trust_ulong (guint level)
+level_enum_to_trust_ulong (GQuark level)
{
- switch (level) {
- case TRUST_UNKNOWN:
+ if (level == TRUST_UNKNOWN)
return CKT_NETSCAPE_TRUST_UNKNOWN;
- case TRUST_UNTRUSTED:
+ else if (level == TRUST_UNTRUSTED)
return CKT_NETSCAPE_UNTRUSTED;
- case TRUST_TRUSTED_DELEGATOR:
+ else if (level == TRUST_TRUSTED_DELEGATOR)
return CKT_NETSCAPE_TRUSTED_DELEGATOR;
- case TRUST_TRUSTED:
+ else if (level == TRUST_TRUSTED)
return CKT_NETSCAPE_TRUSTED;
- case TRUST_MUST_VERIFY:
+ else if (level == TRUST_MUST_VERIFY)
return CKT_NETSCAPE_MUST_VERIFY;
- default:
+ else
return (CK_ULONG)-1;
- };
}
static GkmObject*
@@ -386,9 +391,9 @@ load_trust_pairs (GHashTable *pairs, GNode *asn)
{
GNode *pair;
guint count, i;
- gulong level;
gulong trust;
GQuark oid;
+ GQuark level;
g_assert (pairs);
g_assert (asn);
@@ -402,7 +407,8 @@ load_trust_pairs (GHashTable *pairs, GNode *asn)
g_return_val_if_fail (pair, FALSE);
/* Get the usage */
- if (!egg_asn1x_get_integer_as_ulong (egg_asn1x_node (pair, "level", NULL), &level))
+ level = egg_asn1x_get_enumerated (egg_asn1x_node (pair, "level", NULL));
+ if (level == 0)
g_return_val_if_reached (FALSE);
trust = level_enum_to_trust_ulong (level);
@@ -428,7 +434,7 @@ save_trust_pairs (GHashTable *pairs, GNode *asn)
GHashTableIter iter;
GNode *pair, *node;
gpointer key, value;
- gulong level;
+ GQuark level;
GQuark oid;
g_assert (pairs);
@@ -446,7 +452,7 @@ save_trust_pairs (GHashTable *pairs, GNode *asn)
g_return_val_if_fail (pair, FALSE);
egg_asn1x_set_oid_as_quark (egg_asn1x_node (pair, "purpose", NULL), oid);
- egg_asn1x_set_integer_as_ulong (egg_asn1x_node (pair, "level", NULL), level);
+ egg_asn1x_set_enumerated (egg_asn1x_node (pair, "level", NULL), level);
}
return TRUE;
@@ -509,9 +515,9 @@ gkm_xdg_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
case CKA_SUBJECT:
return trust_get_der (self, "subject", attr);
case CKA_SERIAL_NUMBER:
- return trust_get_der (self, "serialNumber", attr);
+ return trust_get_integer (self, "serialNumber", attr);
case CKA_ISSUER:
- return trust_get_integer (self, "issuer", attr);
+ return trust_get_der (self, "issuer", attr);
/* Certificate hash values */
case CKA_CERT_MD5_HASH:
@@ -653,7 +659,9 @@ gkm_xdg_trust_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer
g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE);
g_return_val_if_fail (data, FALSE);
- g_return_val_if_fail (n_data, FALSE);
+
+ if (n_data == 0)
+ return FALSE;
copy = g_memdup (data, n_data);
diff --git a/pkcs11/xdg-store/tests/Makefile.am b/pkcs11/xdg-store/tests/Makefile.am
index 7bf4e78..c6bbf81 100644
--- a/pkcs11/xdg-store/tests/Makefile.am
+++ b/pkcs11/xdg-store/tests/Makefile.am
@@ -1,2 +1,16 @@
+
+# Test files should be listed in order they need to run
+TESTING_FILES = \
+ test-xdg-module.c test-xdg-module.h \
+ test-xdg-trust.c
+
+TESTING_LIBS = \
+ $(top_builddir)/pkcs11/xdg-store/libgkm-xdg-store.la \
+ $(top_builddir)/pkcs11/gkm/libgkm.la \
+ $(top_builddir)/egg/libegg.la
+
EXTRA_DIST = \
- p11-tests.conf
+ p11-tests.conf \
+ test-data
+
+include $(top_srcdir)/testing/testing.make
\ No newline at end of file
diff --git a/pkcs11/xdg-store/tests/test-data/test-trust-1.der b/pkcs11/xdg-store/tests/test-data/test-trust-1.der
new file mode 100644
index 0000000..e98f4ce
Binary files /dev/null and b/pkcs11/xdg-store/tests/test-data/test-trust-1.der differ
diff --git a/pkcs11/xdg-store/tests/test-xdg-module.c b/pkcs11/xdg-store/tests/test-xdg-module.c
new file mode 100644
index 0000000..7b9d78e
--- /dev/null
+++ b/pkcs11/xdg-store/tests/test-xdg-module.c
@@ -0,0 +1,152 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* test-xdg-module.c: A test PKCS#11 module implementation
+
+ Copyright (C) 2010 Stefan Walter
+
+ The Gnome Keyring Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+
+ The Gnome Keyring Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with the Gnome Library; see the file COPYING.LIB. If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+
+ Author: Stef Walter <stef memberwebs com>
+*/
+
+#include "config.h"
+
+#include "test-xdg-module.h"
+#include "gkm-xdg-store.h"
+
+#include "gkm/gkm-module.h"
+
+#include <string.h>
+
+static GMutex *mutex = NULL;
+
+GkmModule* _gkm_xdg_store_get_module_for_testing (void);
+GMutex* _gkm_module_get_scary_mutex_that_you_should_not_touch (GkmModule *module);
+
+#if 0
+static void
+copy_scratch_file (const gchar *basename)
+{
+ gchar *filename;
+ gchar *data;
+ gsize n_data;
+
+ filename = testing_data_filename (basename);
+ if (!g_file_get_contents (filename, &data, &n_data, NULL)) {
+ g_warning ("couldn't read: %s", filename);
+ g_return_if_reached ();
+ }
+ g_free (filename);
+
+ filename = testing_scratch_filename (basename);
+ if (!g_file_set_contents (filename, data, n_data, NULL))
+ g_return_if_reached ();
+ g_free (filename);
+ g_free (data);
+}
+#endif
+
+GkmModule*
+test_xdg_module_initialize_and_enter (void)
+{
+ CK_FUNCTION_LIST_PTR funcs;
+ CK_C_INITIALIZE_ARGS args;
+ GkmModule *module;
+ gchar *string;
+ CK_RV rv;
+
+ /* Setup test directory to work in */
+ memset (&args, 0, sizeof (args));
+ string = g_strdup_printf ("directory='%s'", testing_scratch_directory ());
+ args.pReserved = string;
+ args.flags = CKF_OS_LOCKING_OK;
+
+#if 0
+ /* Copy files from test-data to scratch */
+ copy_scratch_file ("encrypted.keyring");
+ copy_scratch_file ("plain.keyring");
+#endif
+
+ funcs = gkm_xdg_store_get_functions ();
+ rv = (funcs->C_Initialize) (&args);
+ g_return_val_if_fail (rv == CKR_OK, NULL);
+
+ module = _gkm_xdg_store_get_module_for_testing ();
+ g_return_val_if_fail (module, NULL);
+
+ mutex = _gkm_module_get_scary_mutex_that_you_should_not_touch (module);
+ test_xdg_module_enter ();
+
+ g_free (string);
+
+ return module;
+}
+
+void
+test_xdg_module_leave_and_finalize (void)
+{
+ CK_FUNCTION_LIST_PTR funcs;
+ CK_RV rv;
+
+ test_xdg_module_leave ();
+
+ funcs = gkm_xdg_store_get_functions ();
+ rv = (funcs->C_Finalize) (NULL);
+ g_return_if_fail (rv == CKR_OK);
+}
+
+void
+test_xdg_module_leave (void)
+{
+ g_assert (mutex);
+ g_mutex_unlock (mutex);
+}
+
+void
+test_xdg_module_enter (void)
+{
+ g_assert (mutex);
+ g_mutex_lock (mutex);
+}
+
+GkmSession*
+test_xdg_module_open_session (gboolean writable)
+{
+ CK_ULONG flags = CKF_SERIAL_SESSION;
+ CK_SESSION_HANDLE handle;
+ GkmModule *module;
+ GkmSession *session;
+ CK_RV rv;
+
+ module = _gkm_xdg_store_get_module_for_testing ();
+ g_return_val_if_fail (module, NULL);
+
+ if (writable)
+ flags |= CKF_RW_SESSION;
+
+ rv = gkm_module_C_OpenSession (module, 1, flags, NULL, NULL, &handle);
+ g_assert (rv == CKR_OK);
+
+ session = gkm_module_lookup_session (module, handle);
+ g_assert (session);
+
+ return session;
+}
+
+DEFINE_EXTERNAL(xdg_module)
+{
+ CK_FUNCTION_LIST_PTR funcs = gkm_xdg_store_get_functions ();
+ testing_test_p11_module (funcs, "p11-tests.conf");
+}
diff --git a/pkcs11/xdg-store/tests/test-xdg-module.h b/pkcs11/xdg-store/tests/test-xdg-module.h
new file mode 100644
index 0000000..8a6b78b
--- /dev/null
+++ b/pkcs11/xdg-store/tests/test-xdg-module.h
@@ -0,0 +1,45 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* test-xdg-module.h: A test PKCS#11 module implementation
+
+ Copyright (C) 2010 Stefan Walter
+
+ The Gnome Keyring Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+
+ The Gnome Keyring Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with the Gnome Library; see the file COPYING.LIB. If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+
+ Author: Stef Walter <stef memberwebs com>
+*/
+
+#ifndef TEST_XDG_MODULE_H_
+#define TEST_XDG_MODULE_H_
+
+#include <glib.h>
+
+#include "gkm/gkm-test.h"
+#include "gkm/gkm-types.h"
+
+#include "pkcs11.h"
+#include "test-suite.h"
+
+void test_xdg_module_leave (void);
+
+void test_xdg_module_enter (void);
+
+GkmModule* test_xdg_module_initialize_and_enter (void);
+
+void test_xdg_module_leave_and_finalize (void);
+
+GkmSession* test_xdg_module_open_session (gboolean writable);
+
+#endif /* TEST_XDG_MODULE_H_ */
diff --git a/pkcs11/xdg-store/tests/test-xdg-trust.c b/pkcs11/xdg-store/tests/test-xdg-trust.c
new file mode 100644
index 0000000..56e7b09
--- /dev/null
+++ b/pkcs11/xdg-store/tests/test-xdg-trust.c
@@ -0,0 +1,362 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* test-trust.c: Test XDG trust objects.
+
+ Copyright (C) 2010 Stefan Walter
+
+ The Gnome Keyring Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+
+ The Gnome Keyring Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with the Gnome Library; see the file COPYING.LIB. If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+
+ Author: Stef Walter <stef memberwebs com>
+*/
+
+#include "config.h"
+
+#include "test-xdg-module.h"
+
+#include "gkm/gkm-module.h"
+#include "gkm/gkm-session.h"
+
+#include "pkcs11/pkcs11n.h"
+
+static GkmModule *module = NULL;
+static GkmSession *session = NULL;
+
+/*
+ * C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division,
+ * CN=Thawte Personal Premium CA/emailAddress=personal-premium thawte com
+ */
+
+static const char DER_ISSUER[] =
+ "\x30\x81\xCF\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41"
+ "\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65"
+ "\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07"
+ "\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1A\x30\x18\x06"
+ "\x03\x55\x04\x0A\x13\x11\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E"
+ "\x73\x75\x6C\x74\x69\x6E\x67\x31\x28\x30\x26\x06\x03\x55\x04\x0B"
+ "\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20"
+ "\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F"
+ "\x6E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x54\x68\x61\x77"
+ "\x74\x65\x20\x50\x65\x72\x73\x6F\x6E\x61\x6C\x20\x50\x72\x65\x6D"
+ "\x69\x75\x6D\x20\x43\x41\x31\x2A\x30\x28\x06\x09\x2A\x86\x48\x86"
+ "\xF7\x0D\x01\x09\x01\x16\x1B\x70\x65\x72\x73\x6F\x6E\x61\x6C\x2D"
+ "\x70\x72\x65\x6D\x69\x75\x6D\x40\x74\x68\x61\x77\x74\x65\x2E\x63"
+ "\x6F\x6D";
+
+static const char SHA1_CHECKSUM[] =
+ "\x36\x86\x35\x63\xfd\x51\x28\xc7\xbe\xa6\xf0\x05\xcf\xe9\xb4\x36"
+ "\x68\x08\x6c\xce";
+
+static const char MD5_CHECKSUM[] =
+ "\x3a\xb2\xde\x22\x9a\x20\x93\x49\xf9\xed\xc8\xd2\x8a\xe7\x68\x0d";
+
+static const char SERIAL_NUMBER[] =
+ "\x01\x02\x03";
+
+#define XL(x) G_N_ELEMENTS (x) - 1
+
+#if 0
+
+#include "egg/egg-asn1x.h"
+#include "egg/egg-asn1-defs.h"
+#include "egg/egg-hex.h"
+
+static void
+debug_print_certificate_info (const gchar *path)
+{
+ gchar *contents;
+ gchar *results;
+ gconstpointer data;
+ gsize length;
+ GNode *asn;
+
+ if (!g_file_get_contents (path, &contents, &length, NULL))
+ g_assert_not_reached ();
+
+ results = g_compute_checksum_for_data (G_CHECKSUM_SHA1, (gpointer)contents, length);
+ g_assert (results);
+ g_printerr ("SHA1: %s\n", results);
+ g_free (results);
+
+ results = g_compute_checksum_for_data (G_CHECKSUM_MD5, (gpointer)contents, length);
+ g_assert (results);
+ g_printerr ("MD5: %s\n", results);
+ g_free (results);
+
+ asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", contents, length);
+ g_assert (asn);
+
+ data = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "tbsCertificate", "issuer", NULL), &length);
+ g_assert (data);
+
+ results = egg_hex_encode_full (data, length, TRUE, '\\', 1);
+ g_printerr ("ISSUER: %s\n", results);
+ g_free (results);
+
+ egg_asn1x_destroy (asn);
+ g_free (contents);
+}
+
+#endif
+
+DEFINE_SETUP (trust_setup)
+{
+ CK_RV rv;
+
+ testing_data_to_scratch ("test-trust-1.der", "test-trust.trust");
+
+ module = test_xdg_module_initialize_and_enter ();
+ session = test_xdg_module_open_session (TRUE);
+
+ rv = gkm_module_C_Login (module, gkm_session_get_handle (session), CKU_USER, NULL, 0);
+ g_assert (rv == CKR_OK);
+}
+
+DEFINE_TEARDOWN (trust_teardown)
+{
+ test_xdg_module_leave_and_finalize ();
+ module = NULL;
+ session = NULL;
+}
+
+DEFINE_TEST (trust_load_object)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+ CK_TRUST trusted = CKT_NETSCAPE_TRUSTED;
+ CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
+
+ /* This info matches what's in test-trust-1.der */
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, "\x01\x02", 2 },
+ { CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) },
+ { CKA_TRUST_CODE_SIGNING, &unknown, sizeof (unknown) },
+ { CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) },
+ };
+
+ CK_ULONG n_objects;
+ CK_OBJECT_HANDLE objects[16];
+ CK_RV rv;
+
+ rv = gkm_session_C_FindObjectsInit (session, attrs, G_N_ELEMENTS (attrs));
+ g_assert (rv == CKR_OK);
+
+ rv = gkm_session_C_FindObjects (session, objects, G_N_ELEMENTS (objects), &n_objects);
+ g_assert (rv == CKR_OK);
+
+ rv = gkm_session_C_FindObjectsFinal (session);
+ g_assert (rv == CKR_OK);
+
+ gkm_assert_cmpulong (n_objects, ==, 1);
+}
+
+DEFINE_TEST (trust_create)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_OK);
+
+ rv = gkm_session_C_DestroyObject (session, handle);
+ g_assert (rv == CKR_OK);
+}
+
+
+DEFINE_TEST (trust_create_invalid_attrs)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_TEMPLATE_INCOMPLETE);
+}
+
+DEFINE_TEST (trust_create_invalid_der)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, "test", 4 },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_ATTRIBUTE_VALUE_INVALID);
+}
+
+DEFINE_TEST (trust_create_invalid_serial)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, "", 0 }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_ATTRIBUTE_VALUE_INVALID);
+}
+
+DEFINE_TEST (trust_create_with_sha1)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
+ { CKA_CERT_SHA1_HASH, (void*)SHA1_CHECKSUM, XL (SHA1_CHECKSUM) }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_OK);
+}
+
+DEFINE_TEST (trust_create_with_md5)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
+ { CKA_CERT_MD5_HASH, (void*)MD5_CHECKSUM, XL (MD5_CHECKSUM) }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_OK);
+}
+
+DEFINE_TEST (trust_create_with_subject)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SUBJECT, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_OK);
+}
+
+DEFINE_TEST (trust_create_invalid_checksum)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
+ { CKA_CERT_SHA1_HASH, "test", 4 }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_ATTRIBUTE_VALUE_INVALID);
+}
+
+DEFINE_TEST (trust_create_with_trusted)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+ CK_TRUST trust = CKT_NETSCAPE_TRUSTED;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
+ { CKA_TRUST_EMAIL_PROTECTION, &trust, sizeof (trust) }
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_OK);
+}
+
+DEFINE_TEST (trust_create_with_trusted_and_save)
+{
+ CK_OBJECT_CLASS klass = CKO_NETSCAPE_TRUST;
+ CK_TRUST trusted = CKT_NETSCAPE_TRUSTED;
+ CK_TRUST untrusted = CKT_NETSCAPE_UNTRUSTED;
+ CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
+ CK_BBOOL true = CK_TRUE;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SUBJECT, (void*)DER_ISSUER, XL (DER_ISSUER) },
+ { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
+ { CKA_TOKEN, &true, sizeof (true) },
+ { CKA_TRUST_DIGITAL_SIGNATURE, &trusted, sizeof (trusted) },
+ { CKA_TRUST_NON_REPUDIATION, &trusted, sizeof (trusted) },
+ { CKA_TRUST_KEY_ENCIPHERMENT, &trusted, sizeof (trusted) },
+ { CKA_TRUST_DATA_ENCIPHERMENT, &trusted, sizeof (trusted) },
+ { CKA_TRUST_KEY_AGREEMENT, &trusted, sizeof (trusted) },
+ { CKA_TRUST_KEY_CERT_SIGN, &trusted, sizeof (trusted) },
+ { CKA_TRUST_CRL_SIGN, &trusted, sizeof (trusted) },
+ { CKA_TRUST_SERVER_AUTH, &untrusted, sizeof (untrusted) },
+ { CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) },
+ { CKA_TRUST_CODE_SIGNING, &unknown, sizeof (unknown) },
+ { CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) },
+ { CKA_TRUST_TIME_STAMPING, &untrusted, sizeof (untrusted) },
+ { CKA_TRUST_IPSEC_END_SYSTEM, &untrusted, sizeof (untrusted) },
+ { CKA_TRUST_IPSEC_TUNNEL, &untrusted, sizeof (untrusted) },
+ { CKA_TRUST_IPSEC_USER, &untrusted, sizeof (untrusted) },
+ };
+
+ CK_OBJECT_HANDLE handle;
+ CK_RV rv;
+
+ rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
+ g_assert (rv == CKR_OK);
+}
diff --git a/pkcs11/xdg-store/xdg.asn b/pkcs11/xdg-store/xdg.asn
index 941a8e9..8358a25 100644
--- a/pkcs11/xdg-store/xdg.asn
+++ b/pkcs11/xdg-store/xdg.asn
@@ -15,9 +15,9 @@ TrustDigests ::= SEQUENCE OF TrustDigest
TrustLevel ::= ENUMERATED {
trustUnknown (0),
- untrustedUsage (1),
+ untrusted (1),
mustVerify (2),
- trustedUsage (3),
+ trusted (3),
trustedDelegator (4)
}
@@ -32,7 +32,7 @@ CertReference ::= SEQUENCE {
serialNumber INTEGER,
issuer ANY,
subject ANY OPTIONAL,
- digests TrustDigests
+ digests TrustDigests OPTIONAL
}
TrustReference ::= CHOICE {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
