[gnome-keyring/dbus-api] [pkcs11] Add support for creating credentials without object.
- From: Stefan Walter <stefw src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [gnome-keyring/dbus-api] [pkcs11] Add support for creating credentials without object.
- Date: Thu, 12 Nov 2009 06:38:18 +0000 (UTC)
commit 583c4bd76993c4197ddae5ff57d0f4e907b8fba0
Author: Stef Walter <stef memberwebs com>
Date: Thu Nov 12 03:59:42 2009 +0000
[pkcs11] Add support for creating credentials without object.
This is necessary for creating collections, which expect
a credential when they are created. That credential is used
to lock the items.
pkcs11/gck/gck-credential.c | 105 ++++++++++++--------
pkcs11/gck/gck-credential.h | 6 +-
pkcs11/gck/gck-session.c | 4 +-
pkcs11/gck/tests/unit-test-credential.c | 35 ++++++-
pkcs11/secret-store/gck-secret-collection.c | 57 ++++++++---
.../tests/unit-test-secret-collection.c | 56 ++++++++---
pkcs11/secret-store/tests/unit-test-secret-item.c | 6 +-
pkcs11/ssh-store/tests/unit-test-private-key.c | 2 +-
8 files changed, 189 insertions(+), 82 deletions(-)
---
diff --git a/pkcs11/gck/gck-credential.c b/pkcs11/gck/gck-credential.c
index 2002e34..596a72b 100644
--- a/pkcs11/gck/gck-credential.c
+++ b/pkcs11/gck/gck-credential.c
@@ -62,27 +62,26 @@ factory_create_credential (GckSession *session, GckTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, GckObject **result)
{
CK_OBJECT_HANDLE handle;
- GckCredential *auth;
+ GckCredential *cred;
CK_ATTRIBUTE *attr;
GckManager *manager;
- GckObject *object;
+ GckModule *module;
+ GckObject *object = NULL;
CK_RV rv;
g_return_if_fail (GCK_IS_TRANSACTION (transaction));
g_return_if_fail (attrs || !n_attrs);
g_return_if_fail (result);
- /* The handle is required */
- if (!gck_attributes_find_ulong (attrs, n_attrs, CKA_G_OBJECT, &handle)) {
- gck_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
- return;
- }
-
- /* Must be a valid object */
- rv = gck_session_lookup_readable_object (session, handle, &object);
- if (rv != CKR_OK) {
- gck_transaction_fail (transaction, rv);
- return;
+ /* The handle is optional */
+ if (gck_attributes_find_ulong (attrs, n_attrs, CKA_G_OBJECT, &handle)) {
+ rv = gck_session_lookup_readable_object (session, handle, &object);
+ if (rv != CKR_OK) {
+ gck_transaction_fail (transaction, rv);
+ return;
+ }
+ } else {
+ object = NULL;
}
/* The value is optional */
@@ -90,12 +89,13 @@ factory_create_credential (GckSession *session, GckTransaction *transaction,
gck_attributes_consume (attrs, n_attrs, CKA_VALUE, CKA_G_OBJECT, G_MAXULONG);
+ module = gck_session_get_module (session);
manager = gck_manager_for_template (attrs, n_attrs, session);
- rv = gck_credential_create (object, manager,
- attr ? attr->pValue : NULL,
- attr ? attr->ulValueLen : 0, &auth);
+ rv = gck_credential_create (module, manager, object,
+ attr ? attr->pValue : NULL,
+ attr ? attr->ulValueLen : 0, &cred);
if (rv == CKR_OK)
- *result = GCK_OBJECT (auth);
+ *result = GCK_OBJECT (cred);
else
gck_transaction_fail (transaction, rv);
}
@@ -138,6 +138,7 @@ static CK_RV
gck_credential_real_get_attribute (GckObject *base, GckSession *session, CK_ATTRIBUTE *attr)
{
GckCredential *self = GCK_CREDENTIAL (base);
+ CK_OBJECT_HANDLE handle;
switch (attr->type) {
@@ -148,8 +149,8 @@ gck_credential_real_get_attribute (GckObject *base, GckSession *session, CK_ATTR
return gck_attribute_set_bool (attr, TRUE);
case CKA_G_OBJECT:
- g_return_val_if_fail (self->pv->object, CKR_GENERAL_ERROR);
- return gck_attribute_set_ulong (attr, gck_object_get_handle (self->pv->object));
+ handle = self->pv->object ? gck_object_get_handle (self->pv->object) : 0;
+ return gck_attribute_set_ulong (attr, handle);
case CKA_G_USES_REMAINING:
if (self->pv->uses_remaining < 0)
@@ -170,8 +171,6 @@ gck_credential_constructor (GType type, guint n_props, GObjectConstructParam *pr
GckCredential *self = GCK_CREDENTIAL (G_OBJECT_CLASS (gck_credential_parent_class)->constructor(type, n_props, props));
g_return_val_if_fail (self, NULL);
- g_return_val_if_fail (self->pv->object, NULL);
-
return G_OBJECT (self);
}
@@ -221,13 +220,15 @@ gck_credential_set_property (GObject *obj, guint prop_id, const GValue *value,
GParamSpec *pspec)
{
GckCredential *self = GCK_CREDENTIAL (obj);
+ GckObject *object;
switch (prop_id) {
case PROP_OBJECT:
- g_return_if_fail (!self->pv->object);
- self->pv->object = g_value_get_object (value);
- g_return_if_fail (GCK_IS_OBJECT (self->pv->object));
- g_object_weak_ref (G_OBJECT (self->pv->object), object_went_away, self);
+ object = g_value_get_object (value);
+ if (object)
+ gck_credential_connect (self, object);
+ else
+ g_return_if_fail (!self->pv->object);
break;
case PROP_SECRET:
gck_credential_set_secret (self, g_value_get_object (value));
@@ -279,7 +280,7 @@ gck_credential_class_init (GckCredentialClass *klass)
g_object_class_install_property (gobject_class, PROP_OBJECT,
g_param_spec_object ("object", "Object", "Object authenticated",
- GCK_TYPE_OBJECT, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+ GCK_TYPE_OBJECT, G_PARAM_READWRITE));
g_object_class_install_property (gobject_class, PROP_SECRET,
g_param_spec_object ("secret", "Secret", "Optiontal secret",
@@ -313,34 +314,55 @@ gck_credential_get_factory (void)
}
CK_RV
-gck_credential_create (GckObject *object, GckManager *manager,
- CK_UTF8CHAR_PTR pin, CK_ULONG n_pin,
- GckCredential **result)
+gck_credential_create (GckModule *module, GckManager *manager, GckObject *object,
+ CK_UTF8CHAR_PTR pin, CK_ULONG n_pin, GckCredential **result)
{
- GckCredential *auth;
+ GckCredential *cred;
GckSecret *secret = NULL;
CK_RV rv;
- g_return_val_if_fail (GCK_IS_OBJECT (object), CKR_GENERAL_ERROR);
+ g_return_val_if_fail (GCK_IS_MODULE (module), CKR_GENERAL_ERROR);
+ g_return_val_if_fail (!object || GCK_IS_OBJECT (object), CKR_GENERAL_ERROR);
+ g_return_val_if_fail (!manager || GCK_IS_MANAGER (manager), CKR_GENERAL_ERROR);
g_return_val_if_fail (result, CKR_GENERAL_ERROR);
secret = gck_secret_new_from_login (pin, n_pin);
- auth = g_object_new (GCK_TYPE_CREDENTIAL,
- "module", gck_object_get_module (object),
- "manager", manager, "secret", secret,
- "object", object, NULL);
+ cred = g_object_new (GCK_TYPE_CREDENTIAL,
+ "module", module,
+ "manager", manager,
+ "secret", secret,
+ "object", object,
+ NULL);
g_object_unref (secret);
- /* Now the unlock must work */
- rv = gck_object_unlock (object, auth);
- if (rv == CKR_OK)
- *result = auth;
- else
- g_object_unref (auth);
+ /* If we have an object, the unlock must work */
+ if (object) {
+ rv = gck_object_unlock (object, cred);
+ if (rv == CKR_OK)
+ *result = cred;
+ else
+ g_object_unref (cred);
+
+ /* Created credentials without object */
+ } else {
+ *result = cred;
+ rv = CKR_OK;
+ }
return rv;
}
+void
+gck_credential_connect (GckCredential *self, GckObject *object)
+{
+ g_return_if_fail (GCK_IS_CREDENTIAL (self));
+ g_return_if_fail (GCK_IS_OBJECT (object));
+ g_return_if_fail (self->pv->object == NULL);
+ g_return_if_fail (GCK_OBJECT (self) != object);
+ self->pv->object = object;
+ g_object_weak_ref (G_OBJECT (self->pv->object), object_went_away, self);
+}
+
GckSecret*
gck_credential_get_secret (GckCredential *self)
{
@@ -382,7 +404,6 @@ GckObject*
gck_credential_get_object (GckCredential *self)
{
g_return_val_if_fail (GCK_IS_CREDENTIAL (self), NULL);
- g_return_val_if_fail (GCK_IS_OBJECT (self->pv->object), NULL);
return self->pv->object;
}
diff --git a/pkcs11/gck/gck-credential.h b/pkcs11/gck/gck-credential.h
index 4b201fd..c20e03e 100644
--- a/pkcs11/gck/gck-credential.h
+++ b/pkcs11/gck/gck-credential.h
@@ -52,12 +52,16 @@ GType gck_credential_get_type (void);
GckFactory* gck_credential_get_factory (void);
-CK_RV gck_credential_create (GckObject *object,
+CK_RV gck_credential_create (GckModule *module,
GckManager *manager,
+ GckObject *object,
CK_UTF8CHAR_PTR pin,
CK_ULONG n_pin,
GckCredential **result);
+void gck_credential_connect (GckCredential *self,
+ GckObject *object);
+
GckSecret* gck_credential_get_secret (GckCredential *self);
void gck_credential_set_secret (GckCredential *self,
diff --git a/pkcs11/gck/gck-session.c b/pkcs11/gck/gck-session.c
index 475ec75..906b6ca 100644
--- a/pkcs11/gck/gck-session.c
+++ b/pkcs11/gck/gck-session.c
@@ -690,8 +690,8 @@ gck_session_login_context_specific (GckSession *self, CK_UTF8CHAR_PTR pin, CK_UL
g_return_val_if_fail (is_private == TRUE, CKR_GENERAL_ERROR);
/* Now create the strange object */
- rv = gck_credential_create (self->pv->current_object, self->pv->manager,
- pin, n_pin, &cred);
+ rv = gck_credential_create (self->pv->module, self->pv->manager,
+ self->pv->current_object, pin, n_pin, &cred);
if (rv != CKR_OK)
return rv;
diff --git a/pkcs11/gck/tests/unit-test-credential.c b/pkcs11/gck/tests/unit-test-credential.c
index a67b47c..6601339 100644
--- a/pkcs11/gck/tests/unit-test-credential.c
+++ b/pkcs11/gck/tests/unit-test-credential.c
@@ -104,6 +104,8 @@ DEFINE_TEST(credential_create_no_object)
{
CK_OBJECT_CLASS klass = CKO_G_CREDENTIAL;
CK_BBOOL token = CK_FALSE;
+ CK_OBJECT_HANDLE objhand = (CK_ULONG)-1;
+ CK_ATTRIBUTE attr;
CK_ATTRIBUTE attrs[] = {
{ CKA_TOKEN, &token, sizeof (token) },
@@ -114,7 +116,15 @@ DEFINE_TEST(credential_create_no_object)
CK_RV rv;
rv = gck_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &handle);
- g_assert (rv == CKR_TEMPLATE_INCOMPLETE);
+ g_assert (rv == CKR_OK);
+ g_assert (handle != 0);
+
+ attr.type = CKA_G_OBJECT;
+ attr.pValue = &objhand;
+ attr.ulValueLen = sizeof (objhand);
+ rv = gck_session_C_GetAttributeValue (session, handle, &attr, 1);
+ g_assert (rv == CKR_OK);
+ g_assert (objhand == 0);
}
DEFINE_TEST(credential_create_invalid_object)
@@ -181,7 +191,7 @@ DEFINE_TEST(credential_uses_property)
gint uses;
CK_RV rv;
- rv = gck_credential_create (object, NULL, (guchar*)"mock", 4, &auth);
+ rv = gck_credential_create (module, NULL, object, (guchar*)"mock", 4, &auth);
g_assert (rv == CKR_OK);
g_assert (auth);
@@ -206,7 +216,7 @@ DEFINE_TEST(credential_object_property)
GckObject *check;
CK_RV rv;
- rv = gck_credential_create (object, NULL, (guchar*)"mock", 4, &auth);
+ rv = gck_credential_create (module, NULL, object, (guchar*)"mock", 4, &auth);
g_assert (rv == CKR_OK);
g_assert (auth);
@@ -228,7 +238,7 @@ DEFINE_TEST(credential_login_property)
gsize n_password;
CK_RV rv;
- rv = gck_credential_create (object, NULL, (guchar*)"mock", 4, &cred);
+ rv = gck_credential_create (module, NULL, object, (guchar*)"mock", 4, &cred);
g_assert (rv == CKR_OK);
g_assert (cred);
@@ -257,7 +267,7 @@ DEFINE_TEST(credential_data)
GckCredential *cred;
CK_RV rv;
- rv = gck_credential_create (object, NULL, (guchar*)"mock", 4, &cred);
+ rv = gck_credential_create (module, NULL, object, (guchar*)"mock", 4, &cred);
g_assert (rv == CKR_OK);
g_assert (cred);
@@ -275,3 +285,18 @@ DEFINE_TEST(credential_data)
g_object_unref (cred);
}
+
+DEFINE_TEST(credential_connect_object)
+{
+ GckCredential *cred;
+ CK_RV rv;
+
+ rv = gck_credential_create (module, NULL, NULL, (guchar*)"mock", 4, &cred);
+ g_assert (rv == CKR_OK);
+ g_assert (cred);
+
+ gck_credential_connect (cred, object);
+ g_assert (gck_credential_get_object (cred) == object);
+
+ g_object_unref (cred);
+}
diff --git a/pkcs11/secret-store/gck-secret-collection.c b/pkcs11/secret-store/gck-secret-collection.c
index 5cad5d2..8bb0e4c 100644
--- a/pkcs11/secret-store/gck-secret-collection.c
+++ b/pkcs11/secret-store/gck-secret-collection.c
@@ -88,6 +88,21 @@ load_collection_and_secret_data (GckSecretCollection *self, GckSecretData *sdata
}
static gboolean
+find_unlocked_credential (GckCredential *cred, GckObject *object, gpointer user_data)
+{
+ CK_OBJECT_HANDLE *result = user_data;
+
+ g_return_val_if_fail (!*result, FALSE);
+
+ if (gck_credential_get_data (cred)) {
+ *result = gck_object_get_handle (GCK_OBJECT (cred));
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+static gboolean
find_unlocked_secret_data (GckCredential *cred, GckObject *object, gpointer user_data)
{
GckSecretCollection *self = GCK_SECRET_COLLECTION (object);
@@ -207,12 +222,15 @@ factory_create_collection (GckSession *session, GckTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, GckObject **result)
{
GckSecretCollection *collection = NULL;
+ CK_OBJECT_HANDLE handle;
CK_ATTRIBUTE *attr;
GckManager *manager;
gchar *identifier = NULL;
+ GckSecretData *sdata;
gchar *label = NULL;
gboolean is_token;
GckCredential *cred;
+ GckObject *object;
CK_RV rv;
g_return_if_fail (GCK_IS_TRANSACTION (transaction));
@@ -226,6 +244,15 @@ factory_create_collection (GckSession *session, GckTransaction *transaction,
else
manager = gck_session_get_manager (session);
+ /* Must have a credential, which is not associated with an object yet */
+ if (!gck_attributes_find_ulong (attrs, n_attrs, CKA_G_CREDENTIAL, &handle))
+ return gck_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
+ if (gck_session_lookup_readable_object (session, handle, &object) != CKR_OK)
+ return gck_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID);
+ cred = GCK_CREDENTIAL (object);
+ if (gck_credential_get_object (cred) != NULL)
+ return gck_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID);
+
/* See if a collection attribute was specified, not present means all collections */
attr = gck_attributes_find (attrs, n_attrs, CKA_LABEL);
if (attr != NULL) {
@@ -252,21 +279,13 @@ factory_create_collection (GckSession *session, GckTransaction *transaction,
g_free (identifier);
g_free (label);
- /*
- * HACK: We are expected to have an unlocked collection. This is
- * currently a chicken and egg problem, as there's no way to set
- * credentials. Actually currently there's no way to set credentials.
- */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
- NULL, 0, &cred);
- if (rv != CKR_OK) {
- gck_transaction_fail (transaction, rv);
- g_object_unref (collection);
- } else {
- gck_session_add_session_object (session, transaction, GCK_OBJECT (cred));
- *result = GCK_OBJECT (collection);
- g_object_unref (cred);
- }
+ gck_credential_connect (cred, GCK_OBJECT (collection));
+ sdata = g_object_new (GCK_TYPE_SECRET_DATA, NULL);
+ gck_credential_set_data (cred, sdata, g_object_unref);
+ gck_secret_data_set_master (sdata, gck_credential_get_secret (cred));
+ track_secret_data (collection, sdata);
+
+ *result = GCK_OBJECT (collection);
}
/* -----------------------------------------------------------------------------
@@ -276,11 +295,17 @@ factory_create_collection (GckSession *session, GckTransaction *transaction,
static CK_RV
gck_secret_collection_get_attribute (GckObject *base, GckSession *session, CK_ATTRIBUTE_PTR attr)
{
+ GckSecretCollection *self = GCK_SECRET_COLLECTION (base);
+ CK_OBJECT_HANDLE handle = 0;
+
switch (attr->type) {
case CKA_CLASS:
return gck_attribute_set_ulong (attr, CKO_G_COLLECTION);
+ case CKA_G_CREDENTIAL:
+ gck_session_for_each_credential (session, GCK_OBJECT (self),
+ find_unlocked_credential, &handle);
+ return gck_attribute_set_ulong (attr, handle);
}
-
return GCK_OBJECT_CLASS (gck_secret_collection_parent_class)->get_attribute (base, session, attr);
}
diff --git a/pkcs11/secret-store/tests/unit-test-secret-collection.c b/pkcs11/secret-store/tests/unit-test-secret-collection.c
index f26975c..d6d96d5 100644
--- a/pkcs11/secret-store/tests/unit-test-secret-collection.c
+++ b/pkcs11/secret-store/tests/unit-test-secret-collection.c
@@ -44,10 +44,21 @@
static GckModule *module = NULL;
static GckSession *session = NULL;
+static CK_OBJECT_HANDLE credential = 0;
+static CK_OBJECT_HANDLE credential2 = 0;
static GckSecretCollection *collection = NULL;
DEFINE_SETUP(secret_collection)
{
+ CK_OBJECT_CLASS klass = CKO_G_CREDENTIAL;
+ GckObject *cred;
+ CK_RV rv;
+
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_VALUE, NULL, 0 }
+ };
+
module = test_secret_module_initialize_and_enter ();
session = test_secret_module_open_session (TRUE);
@@ -55,8 +66,18 @@ DEFINE_SETUP(secret_collection)
"module", module,
"identifier", "test",
NULL);
-
g_assert (GCK_IS_SECRET_COLLECTION (collection));
+
+ /* Make two credentials */
+ rv = gck_session_create_object_for_factory (session, GCK_FACTORY_CREDENTIAL,
+ attrs, G_N_ELEMENTS (attrs), &cred);
+ g_assert (rv == CKR_OK);
+ credential = gck_object_get_handle (GCK_OBJECT (cred));
+ rv = gck_session_create_object_for_factory (session, GCK_FACTORY_CREDENTIAL,
+ attrs, G_N_ELEMENTS (attrs), &cred);
+ g_assert (rv == CKR_OK);
+ credential2 = gck_object_get_handle (GCK_OBJECT (cred));
+
}
DEFINE_TEARDOWN(secret_collection)
@@ -68,7 +89,7 @@ DEFINE_TEARDOWN(secret_collection)
test_secret_module_leave_and_finalize ();
module = NULL;
session = NULL;
-
+ credential = 0;
}
DEFINE_TEST(secret_collection_is_locked)
@@ -87,7 +108,7 @@ DEFINE_TEST(secret_collection_unlocked_data)
CK_RV rv;
/* Create credential, which unlocks collection */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session), NULL, 0, &cred);
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection), NULL, 0, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
g_object_unref (cred);
@@ -150,7 +171,7 @@ DEFINE_TEST(secret_collection_load_unlock_plain)
g_assert (res == GCK_DATA_SUCCESS);
/* Unlock the keyring, which should load again */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session), NULL, 0, &cred);
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection), NULL, 0, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
g_object_unref (cred);
@@ -177,7 +198,7 @@ DEFINE_TEST(secret_collection_load_unlock_encrypted)
g_assert (res == GCK_DATA_SUCCESS);
/* Unlock the keyring, which should load again */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"my-keyring-password", 19, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
@@ -204,7 +225,7 @@ DEFINE_TEST(secret_collection_load_unlock_bad_password)
g_assert (res == GCK_DATA_SUCCESS);
/* Unlock the keyring, which should load again */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"wrong", 5, &cred);
g_assert (rv == CKR_PIN_INCORRECT);
}
@@ -221,7 +242,7 @@ DEFINE_TEST(secret_collection_unlock_without_load)
g_free (filename);
/* Unlock the keyring, which should load it */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"my-keyring-password", 19, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
@@ -244,14 +265,14 @@ DEFINE_TEST(secret_collection_twice_unlock)
g_free (filename);
/* Unlock the keyring, which should load */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"my-keyring-password", 19, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
g_object_unref (cred);
/* Unlock the keyring again, which should not reload */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"my-keyring-password", 19, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
@@ -274,14 +295,14 @@ DEFINE_TEST(secret_collection_twice_unlock_bad_password)
g_free (filename);
/* Unlock the keyring, which should load */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"my-keyring-password", 19, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
g_object_unref (cred);
/* Unlock the keyring again, wrong password */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"wrong", 5, &cred);
g_assert (rv == CKR_PIN_INCORRECT);
@@ -301,7 +322,7 @@ DEFINE_TEST(secret_collection_memory_unlock)
g_assert (res == GCK_DATA_SUCCESS);
/* Unlock the keyring, which should load again */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
NULL, 0, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
@@ -319,7 +340,7 @@ DEFINE_TEST(secret_collection_memory_unlock_bad_password)
g_assert (res == GCK_DATA_SUCCESS);
/* Unlock the keyring, which should load again */
- rv = gck_credential_create (GCK_OBJECT (collection), gck_session_get_manager (session),
+ rv = gck_credential_create (module, gck_session_get_manager (session), GCK_OBJECT (collection),
(guchar*)"wrong", 5, &cred);
g_assert (rv == CKR_PIN_INCORRECT);
}
@@ -333,6 +354,7 @@ DEFINE_TEST(secret_collection_factory)
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
{ CKA_LABEL, "blah", 4 },
+ { CKA_G_CREDENTIAL, &credential, sizeof (credential) },
};
rv = gck_session_create_object_for_factory (session, GCK_FACTORY_SECRET_COLLECTION,
@@ -352,6 +374,7 @@ DEFINE_TEST(secret_collection_factory_unnamed)
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
+ { CKA_G_CREDENTIAL, &credential, sizeof (credential) },
};
rv = gck_session_create_object_for_factory (session, GCK_FACTORY_SECRET_COLLECTION,
@@ -375,6 +398,7 @@ DEFINE_TEST(secret_collection_factory_token)
{ CKA_CLASS, &klass, sizeof (klass) },
{ CKA_TOKEN, &token, sizeof (token) },
{ CKA_LABEL, "blah", 4 },
+ { CKA_G_CREDENTIAL, &credential, sizeof (credential) },
};
rv = gck_session_create_object_for_factory (session, GCK_FACTORY_SECRET_COLLECTION,
@@ -394,6 +418,7 @@ DEFINE_TEST(secret_collection_factory_duplicate)
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
+ { CKA_G_CREDENTIAL, &credential, sizeof (credential) },
{ CKA_CLASS, &klass, sizeof (klass) },
{ CKA_LABEL, "blah", 4 },
};
@@ -406,6 +431,8 @@ DEFINE_TEST(secret_collection_factory_duplicate)
identifier1 = gck_secret_object_get_identifier (GCK_SECRET_OBJECT (object));
g_assert (strstr (identifier1, "blah"));
+ /* Use second credential for second object */
+ attrs[0].pValue = &credential2;
rv = gck_session_create_object_for_factory (session, GCK_FACTORY_SECRET_COLLECTION,
attrs, G_N_ELEMENTS (attrs), &object);
g_assert (rv == CKR_OK);
@@ -430,6 +457,7 @@ DEFINE_TEST(secret_collection_factory_item)
{ CKA_CLASS, &c_klass, sizeof (c_klass) },
{ CKA_TOKEN, &token, sizeof (token) },
{ CKA_LABEL, "three", 5 },
+ { CKA_G_CREDENTIAL, &credential, sizeof (credential) },
};
CK_ATTRIBUTE i_attrs[] = {
@@ -465,6 +493,7 @@ DEFINE_TEST(secret_collection_token_remove)
{ CKA_CLASS, &klass, sizeof (klass) },
{ CKA_TOKEN, &token, sizeof (token) },
{ CKA_LABEL, "blah", 4 },
+ { CKA_G_CREDENTIAL, &credential, sizeof (credential) },
};
rv = gck_session_create_object_for_factory (session, GCK_FACTORY_SECRET_COLLECTION,
@@ -493,6 +522,7 @@ DEFINE_TEST(secret_collection_token_item_remove)
{ CKA_CLASS, &c_klass, sizeof (c_klass) },
{ CKA_TOKEN, &token, sizeof (token) },
{ CKA_LABEL, "three", 5 },
+ { CKA_G_CREDENTIAL, &credential, sizeof (credential) },
};
CK_ATTRIBUTE i_attrs[] = {
diff --git a/pkcs11/secret-store/tests/unit-test-secret-item.c b/pkcs11/secret-store/tests/unit-test-secret-item.c
index d40f40f..2560028 100644
--- a/pkcs11/secret-store/tests/unit-test-secret-item.c
+++ b/pkcs11/secret-store/tests/unit-test-secret-item.c
@@ -73,12 +73,14 @@ static void
unlock_collection(void)
{
GckCredential *cred;
+ GckObject *object;
CK_RV rv;
/* Create credential, which unlocks collection */
- rv = gck_credential_create (GCK_OBJECT (collection),
+ object = GCK_OBJECT (collection);
+ rv = gck_credential_create (gck_object_get_module (object),
gck_session_get_manager (session),
- NULL, 0, &cred);
+ object, NULL, 0, &cred);
g_assert (rv == CKR_OK);
gck_session_add_session_object (session, NULL, GCK_OBJECT (cred));
diff --git a/pkcs11/ssh-store/tests/unit-test-private-key.c b/pkcs11/ssh-store/tests/unit-test-private-key.c
index 8467767..feae993 100644
--- a/pkcs11/ssh-store/tests/unit-test-private-key.c
+++ b/pkcs11/ssh-store/tests/unit-test-private-key.c
@@ -89,7 +89,7 @@ DEFINE_TEST(private_key_parse_and_unlock)
g_free (pub_path);
g_free (priv_path);
- rv = gck_credential_create (GCK_OBJECT (key), NULL, (guchar*)"password", 8, &cred);
+ rv = gck_credential_create (module, NULL, GCK_OBJECT (key), (guchar*)"password", 8, &cred);
g_assert (rv == CKR_OK);
g_object_unref (cred);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
