[gnome-keyring/trust-store] [gcr] Expose functions for setting which pkcs11 modules to use.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/trust-store] [gcr] Expose functions for setting which pkcs11 modules to use.
- Date: Fri, 10 Dec 2010 04:35:38 +0000 (UTC)
commit bf3329de95dfa39f854036390278af6ccefdd25d
Author: Stef Walter <stefw collabora co uk>
Date: Fri Dec 10 01:09:04 2010 +0000
[gcr] Expose functions for setting which pkcs11 modules to use.
Add gcr_pkcs11_get_modules(), gcr_pkcs11_set_modules(), gcr_pkcs11_add_module(),
gcr_pkcs11_get_trust_lookup_modules(), gcr_pkcs11_get_trust_store_slot(),
gcr_pkcs11_get_trust_store_uri(), gcr_pkcs11_set_trust_store_uri()
docs/reference/gcr/gcr-docs.sgml | 4 +
docs/reference/gcr/gcr-sections.txt | 11 +++
gcr/Makefile.am | 3 +-
gcr/gcr-import-dialog.c | 7 +-
gcr/gcr-internal.h | 41 +++++----
gcr/gcr-library.c | 163 +++++++++++++++++++++++++++++++----
gcr/gcr-library.h | 49 +++++++++++
gcr/gcr-parser.c | 1 +
gcr/gcr-pkcs11-certificate.c | 4 +-
gcr/gcr-trust.c | 74 ++++++++++++++--
gcr/gcr.h | 1 +
gcr/tests/test-pkcs11-certificate.c | 10 +--
gcr/tests/test-trust.c | 13 +--
13 files changed, 318 insertions(+), 63 deletions(-)
---
diff --git a/docs/reference/gcr/gcr-docs.sgml b/docs/reference/gcr/gcr-docs.sgml
index 208be0a..767fc97 100644
--- a/docs/reference/gcr/gcr-docs.sgml
+++ b/docs/reference/gcr/gcr-docs.sgml
@@ -26,4 +26,8 @@
<xi:include href="xml/gcr-parser.xml"/>
</part>
+ <part id="misc">
+ <title>Miscellaneous</title>
+ <xi:include href="xml/gcr-library.xml"/>
+ </part>
</book>
diff --git a/docs/reference/gcr/gcr-sections.txt b/docs/reference/gcr/gcr-sections.txt
index 1359b0e..66a93a4 100644
--- a/docs/reference/gcr/gcr-sections.txt
+++ b/docs/reference/gcr/gcr-sections.txt
@@ -166,4 +166,15 @@ gcr_trust_add_certificate_exception_finish
gcr_trust_remove_certificate_exception
gcr_trust_remove_certificate_exception_async
gcr_trust_remove_certificate_exception_finish
+</SECTION>
+
+<SECTION>
+<FILE>gcr-library</FILE>
+gcr_pkcs11_get_modules
+gcr_pkcs11_set_modules
+gcr_pkcs11_add_module
+gcr_pkcs11_get_trust_lookup_modules
+gcr_pkcs11_get_trust_store_slot
+gcr_pkcs11_get_trust_store_uri
+gcr_pkcs11_set_trust_store_uri
</SECTION>
\ No newline at end of file
diff --git a/gcr/Makefile.am b/gcr/Makefile.am
index 5a5288e..015d5e8 100644
--- a/gcr/Makefile.am
+++ b/gcr/Makefile.am
@@ -21,6 +21,7 @@ inc_HEADERS = \
gcr-key-renderer.h \
gcr-key-widget.h \
gcr-importer.h \
+ gcr-library.h \
gcr-parser.h \
gcr-pkcs11-certificate.h \
gcr-renderer.h \
@@ -59,7 +60,7 @@ libgcr GCR_VERSION_SUFFIX@_la_SOURCES = \
gcr-internal.h \
gcr-key-renderer.c gcr-key-renderer.h \
gcr-key-widget.c gcr-key-widget.h \
- gcr-library.c \
+ gcr-library.c gcr-library.h \
gcr-parser.c gcr-parser.h \
gcr-pkcs11-certificate.c gcr-pkcs11-certificate.h \
gcr-renderer.c gcr-renderer.h \
diff --git a/gcr/gcr-import-dialog.c b/gcr/gcr-import-dialog.c
index dc6fdb4..2858c7b 100644
--- a/gcr/gcr-import-dialog.c
+++ b/gcr/gcr-import-dialog.c
@@ -23,6 +23,7 @@
#include "gcr-import-dialog.h"
#include "gcr-internal.h"
+#include "gcr-library.h"
#include "egg/egg-entry-buffer.h"
@@ -72,9 +73,9 @@ populate_slots (GcrImportDialog *self)
self->pv->slots = gtk_list_store_new (N_COLUMNS, GCK_TYPE_SLOT, G_TYPE_STRING, G_TYPE_STRING);
gtk_combo_box_set_model (self->pv->combo, GTK_TREE_MODEL (self->pv->slots));
- modules = _gcr_get_pkcs11_modules ();
+ modules = gcr_pkcs11_get_modules ();
g_return_if_fail (modules);
-
+
gtk_list_store_clear (self->pv->slots);
added = FALSE;
@@ -100,6 +101,8 @@ populate_slots (GcrImportDialog *self)
if (added)
gtk_combo_box_set_active (self->pv->combo, 0);
+
+ gck_list_unref_free (modules);
}
/* -----------------------------------------------------------------------------
diff --git a/gcr/gcr-internal.h b/gcr/gcr-internal.h
index ff036ec..421282a 100644
--- a/gcr/gcr-internal.h
+++ b/gcr/gcr-internal.h
@@ -1,24 +1,29 @@
+/*
+ * gnome-keyring
+ *
+ * Copyright (C) 2010 Collabora Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
#ifndef GCR_INTERNAL_H_
#define GCR_INTERNAL_H_
-#include "gcr.h"
-
-#include <glib.h>
-
-#include <gck/gck.h>
-
void _gcr_initialize (void);
-GList* _gcr_get_pkcs11_modules (void);
-
-GckSlot* _gcr_slot_for_storing_trust (GError **error);
-
-#ifdef WITH_TESTS
-
-void _gcr_set_test_pkcs11_modules (GList *modules);
-
-void _gcr_set_test_trust_slot (const gchar *uri);
-
-#endif
-
#endif /* GCR_INTERNAL_H_ */
diff --git a/gcr/gcr-library.c b/gcr/gcr-library.c
index dc957d9..64a20b6 100644
--- a/gcr/gcr-library.c
+++ b/gcr/gcr-library.c
@@ -21,9 +21,9 @@
#include "config.h"
-#include "gcr.h"
#include "gcr-types.h"
#include "gcr-internal.h"
+#include "gcr-library.h"
#include "egg/egg-error.h"
#include "egg/egg-libgcrypt.h"
@@ -35,8 +35,29 @@
#include <glib/gi18n-lib.h>
+/**
+ * SECTION:gcr-library
+ * @title: Library Settings
+ * @short_description: functions for manipulating GCR library global settings.
+ *
+ * Manage or lookup various global aspesct and settings of the library.
+ *
+ * The GCR library maintains a global list of PKCS\#11 modules to use for
+ * its various lookups and storage operations. Each module is represented by
+ * a GckModule object. You can examine this list by using
+ * gcr_pkcs11_get_modules().
+ *
+ * The list is configured automatically by looking for system installed
+ * PKCS\#11 modules. It's not not normally necessary to modify this list. But
+ * if you have special needs, you can use the gcr_pkcs11_set_modules() and
+ * gcr_pkcs11_add_module() to do so.
+ *
+ * Trust assertions are stored and looked up in specific PKCS\#11 modules.
+ * You can examine this list with gcr_pkcs11_get_trust_lookup_modules()
+ */
static GList *all_modules = NULL;
-static const gchar *trust_slot_uri = "pkcs11:manufacturer=Gnome%20Keyring;serial=1:XDG:DEFAULT";
+
+static gchar *trust_store_uri = NULL;
GQuark
gcr_data_error_get_domain (void)
@@ -132,23 +153,97 @@ _gcr_initialize (void)
if (g_once_init_enter (&gcr_initialized)) {
all_modules = gck_modules_initialize_registered (0);
+
+ /* TODO: We should be loading this from a config file */
+ trust_store_uri = g_strdup ("pkcs11:manufacturer=Gnome%20Keyring;serial=1:XDG:DEFAULT");
+
g_once_init_leave (&gcr_initialized, 1);
}
}
+/**
+ * gcr_pkcs11_get_modules:
+ *
+ * List all the PKCS\#11 modules that are used by the GCR library.
+ * Each module is a #GckModule object.
+ *
+ * When done with the list, free it with gck_list_unref_free().
+ *
+ * Returns: A newly allocated list of #GckModule objects.
+ */
GList*
-_gcr_get_pkcs11_modules (void)
+gcr_pkcs11_get_modules (void)
+{
+ _gcr_initialize ();
+ return gck_list_ref_copy (all_modules);
+}
+
+/**
+ * gcr_pkcs11_set_modules:
+ * @list: a list of #GckModule
+ *
+ * Set the list of PKCS\#11 modules that are used by the GCR library.
+ * Each module in the list is a #GckModule object.
+ *
+ * It is not normally necessary to call this function. The available
+ * PKCS\#11 modules installed on the system are automatically loaded
+ * by the GCR library.
+ */
+void
+gcr_pkcs11_set_modules (GList *modules)
+{
+ GList *l;
+
+ _gcr_initialize ();
+
+ for (l = modules; l; l = g_list_next (l))
+ g_return_if_fail (GCK_IS_MODULE (l->data));
+
+ modules = gck_list_ref_copy (modules);
+ gck_list_unref_free (all_modules);
+ all_modules = modules;
+}
+
+/**
+ * gcr_pkcs11_add_module:
+ * @module: a #GckModule
+ *
+ * Add a #GckModule to the list of PKCS\#11 modules that are used by the
+ * GCR library.
+ *
+ * It is not normally necessary to call this function. The available
+ * PKCS\#11 modules installed on the system are automatically loaded
+ * by the GCR library.
+ */
+void
+gcr_pkcs11_add_module (GckModule *module)
{
- return all_modules;
+ g_return_if_fail (GCK_IS_MODULE (module));
+ _gcr_initialize ();
+ all_modules = g_list_append (all_modules, g_object_ref (module));
}
+/**
+ * gcr_pkcs11_get_trust_store_slot:
+ * @error: a #GError or NULL
+ *
+ * Selects an appropriate PKCS\#11 slot to store trust assertions. The slot
+ * to use is normally configured automatically by the system.
+ *
+ * When done with the #GckSlot, use g_object_unref() to release it.
+ *
+ * Returns: the #GckSlot to use for trust assertions.
+ */
GckSlot*
-_gcr_slot_for_storing_trust (GError **error)
+gcr_pkcs11_get_trust_store_slot (GError **error)
{
GList *modules;
GckSlot *slot;
- modules = _gcr_get_pkcs11_modules ();
+ g_return_val_if_fail (!error || !*error, NULL);
+
+ _gcr_initialize ();
+ modules = gcr_pkcs11_get_trust_lookup_modules ();
/*
* TODO: We need a better way to figure this out as far as
@@ -156,7 +251,7 @@ _gcr_slot_for_storing_trust (GError **error)
* gnome-keyring.
*/
- slot = gck_modules_token_for_uri (modules, trust_slot_uri, error);
+ slot = gck_modules_token_for_uri (modules, gcr_pkcs11_get_trust_store_uri (), error);
if (!slot) {
if (error && !*error) {
g_set_error (error, GCR_ERROR, /* TODO: */ 0,
@@ -164,23 +259,57 @@ _gcr_slot_for_storing_trust (GError **error)
}
}
+ gck_list_unref_free (modules);
return slot;
}
-#ifdef WITH_TESTS
+/**
+ * gcr_pkcs11_get_trust_lookup_modules:
+ *
+ * List all the PKCS\#11 modules that are used by the GCR library for lookup
+ * of trust assertions. Each module is a #GckModule object.
+ *
+ * When done with the list, free it with gck_list_unref_free().
+ *
+ * Returns: a list of #GckModule objects to use for lookup of trust.
+ */
+GList*
+gcr_pkcs11_get_trust_lookup_modules (void)
+{
+ /* TODO: This should be configurable, for now all modules */
+ _gcr_initialize ();
+ return gck_list_ref_copy (all_modules);
+}
-void
-_gcr_set_test_pkcs11_modules (GList *modules)
+/**
+ * gcr_pkcs11_get_trust_store_uri:
+ *
+ * Get the PKCS\#11 URI that is used to identify which slot to use for
+ * storing trust storage.
+ *
+ * Returns: the uri which identifies trust storage slot
+ */
+const gchar*
+gcr_pkcs11_get_trust_store_uri (void)
{
- modules = gck_list_ref_copy (modules);
- gck_list_unref_free (all_modules);
- all_modules = modules;
+ _gcr_initialize ();
+ return trust_store_uri;
}
+/**
+ * gcr_pkcs11_set_trust_store_uri:
+ * @pkcs11_uri: the uri which identifies trust storage slot
+ *
+ * Set the PKCS\#11 URI that is used to identify which slot to use for
+ * storing trust storage.
+ *
+ * It is not normally necessary to call this function. The relevant
+ * PKCS\#11 slot is automatically configured by the GCR library.
+ */
void
-_gcr_set_test_trust_slot (const gchar *uri)
+gcr_pkcs11_set_trust_store_uri (const gchar *pkcs11_uri)
{
- trust_slot_uri = uri;
+ _gcr_initialize ();
+ g_free (trust_store_uri);
+ trust_store_uri = g_strdup (pkcs11_uri);
}
-
-#endif /* WITH_TESTS */
diff --git a/gcr/gcr-library.h b/gcr/gcr-library.h
new file mode 100644
index 0000000..8a03109
--- /dev/null
+++ b/gcr/gcr-library.h
@@ -0,0 +1,49 @@
+/*
+ * gnome-keyring
+ *
+ * Copyright (C) 2010 Collabora Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#if !defined (__GCR_H_INSIDE__) && !defined (GCR_COMPILATION)
+#error "Only <gcr/gcr.h> can be included directly."
+#endif
+
+#ifndef GCR_LIBRARY_H_
+#define GCR_LIBRARY_H_
+
+#include "gcr-types.h"
+
+#include <glib.h>
+
+GList* gcr_pkcs11_get_modules (void);
+
+void gcr_pkcs11_set_modules (GList *modules);
+
+void gcr_pkcs11_add_module (GckModule *module);
+
+GList* gcr_pkcs11_get_trust_lookup_modules (void);
+
+GckSlot* gcr_pkcs11_get_trust_store_slot (GError **error);
+
+const gchar* gcr_pkcs11_get_trust_store_uri (void);
+
+void gcr_pkcs11_set_trust_store_uri (const gchar *pkcs11_uri);
+
+#endif /* GCR_LIBRARY_H_ */
diff --git a/gcr/gcr-parser.c b/gcr/gcr-parser.c
index 89a953d..bec7e50 100644
--- a/gcr/gcr-parser.c
+++ b/gcr/gcr-parser.c
@@ -24,6 +24,7 @@
#include "gck/gck.h"
#include "gcr-internal.h"
+#include "gcr-importer.h"
#include "gcr-marshal.h"
#include "gcr-parser.h"
#include "gcr-types.h"
diff --git a/gcr/gcr-pkcs11-certificate.c b/gcr/gcr-pkcs11-certificate.c
index 2ea8494..f889ad4 100644
--- a/gcr/gcr-pkcs11-certificate.c
+++ b/gcr/gcr-pkcs11-certificate.c
@@ -30,6 +30,7 @@
#include "gcr-certificate.h"
#include "gcr-internal.h"
+#include "gcr-library.h"
#include "pkcs11/pkcs11.h"
@@ -82,9 +83,10 @@ prepare_lookup_certificate_issuer (GcrCertificate *cert)
gck_attributes_add_data (search, CKA_SUBJECT, data, n_data);
g_free (data);
- modules = _gcr_get_pkcs11_modules ();
+ modules = gcr_pkcs11_get_modules ();
en = gck_modules_enumerate_objects (modules, search, 0);
gck_attributes_unref (search);
+ gck_list_unref_free (modules);
return en;
}
diff --git a/gcr/gcr-trust.c b/gcr/gcr-trust.c
index 324a950..c720d25 100644
--- a/gcr/gcr-trust.c
+++ b/gcr/gcr-trust.c
@@ -26,6 +26,7 @@
#include "gcr.h"
#include "gcr-types.h"
#include "gcr-internal.h"
+#include "gcr-library.h"
#include "gcr-trust.h"
#include <gck/gck.h>
@@ -175,8 +176,6 @@ prepare_is_certificate_exception (GcrCertificate *certificate, const gchar *purp
GckEnumerator *en;
GList *modules;
- modules = _gcr_get_pkcs11_modules ();
-
attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
g_return_val_if_fail (attrs, NULL);
@@ -189,9 +188,11 @@ prepare_is_certificate_exception (GcrCertificate *certificate, const gchar *purp
* others.
*/
+ modules = gcr_pkcs11_get_trust_lookup_modules ();
en = gck_modules_enumerate_objects (modules, attrs, 0);
trust_operation_init (en, attrs);
gck_attributes_unref (attrs);
+ gck_list_unref_free (modules);
return en;
}
@@ -247,6 +248,8 @@ gcr_trust_is_certificate_exception (GcrCertificate *certificate, const gchar *pu
g_return_val_if_fail (purpose, FALSE);
g_return_val_if_fail (peer, FALSE);
+ _gcr_initialize ();
+
en = prepare_is_certificate_exception (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
@@ -295,6 +298,12 @@ gcr_trust_is_certificate_exception_async (GcrCertificate *certificate, const gch
GSimpleAsyncResult *async;
GckEnumerator *en;
+ g_return_if_fail (GCR_CERTIFICATE (certificate));
+ g_return_if_fail (purpose);
+ g_return_if_fail (peer);
+
+ _gcr_initialize ();
+
en = prepare_is_certificate_exception (certificate, purpose, peer);
g_return_if_fail (en);
@@ -327,6 +336,11 @@ gcr_trust_is_certificate_exception_finish (GAsyncResult *result, GError **error)
GcrTrustOperation *op;
GObject *object;
+ g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
+
+ _gcr_initialize ();
+
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
gcr_trust_is_certificate_exception_async), FALSE);
@@ -349,8 +363,6 @@ prepare_add_certificate_exception (GcrCertificate *certificate, const gchar *pur
GckEnumerator *en;
GList *modules;
- modules = _gcr_get_pkcs11_modules ();
-
attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
g_return_val_if_fail (attrs, NULL);
@@ -364,9 +376,11 @@ prepare_add_certificate_exception (GcrCertificate *certificate, const gchar *pur
* others.
*/
+ modules = gcr_pkcs11_get_trust_lookup_modules ();
en = gck_modules_enumerate_objects (modules, attrs, CKF_RW_SESSION);
trust_operation_init (en, attrs);
gck_attributes_unref (attrs);
+ gck_list_unref_free (modules);
return en;
}
@@ -405,7 +419,7 @@ perform_add_certificate_exception (GckEnumerator *en, GCancellable *cancellable,
/* TODO: Add relevant label */
/* Find an appropriate token */
- slot = _gcr_slot_for_storing_trust (error);
+ slot = gcr_pkcs11_get_trust_store_slot (error);
if (slot != NULL) {
session = gck_slot_open_session (slot, CKF_RW_SESSION, NULL, error);
if (session != NULL) {
@@ -456,6 +470,12 @@ gcr_trust_add_certificate_exception (GcrCertificate *certificate, const gchar *p
GckEnumerator *en;
gboolean ret;
+ g_return_val_if_fail (GCR_IS_CERTIFICATE (certificate), FALSE);
+ g_return_val_if_fail (purpose, FALSE);
+ g_return_val_if_fail (peer, FALSE);
+
+ _gcr_initialize ();
+
en = prepare_add_certificate_exception (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
@@ -507,6 +527,12 @@ gcr_trust_add_certificate_exception_async (GcrCertificate *certificate, const gc
GSimpleAsyncResult *async;
GckEnumerator *en;
+ g_return_if_fail (GCR_IS_CERTIFICATE (certificate));
+ g_return_if_fail (purpose);
+ g_return_if_fail (peer);
+
+ _gcr_initialize ();
+
en = prepare_add_certificate_exception (certificate, purpose, peer);
g_return_if_fail (en);
@@ -535,6 +561,11 @@ gcr_trust_add_certificate_exception_finish (GAsyncResult *result, GError **error
{
GObject *object;
+ g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
+
+ _gcr_initialize ();
+
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
gcr_trust_add_certificate_exception_async), FALSE);
@@ -557,8 +588,6 @@ prepare_remove_certificate_exception (GcrCertificate *certificate, const gchar *
GckEnumerator *en;
GList *modules;
- modules = _gcr_get_pkcs11_modules ();
-
attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
g_return_val_if_fail (attrs, NULL);
@@ -571,9 +600,11 @@ prepare_remove_certificate_exception (GcrCertificate *certificate, const gchar *
* others.
*/
+ modules = gcr_pkcs11_get_trust_lookup_modules ();
en = gck_modules_enumerate_objects (modules, attrs, CKF_RW_SESSION);
trust_operation_init (en, attrs);
gck_attributes_unref (attrs);
+ gck_list_unref_free (modules);
return en;
}
@@ -640,6 +671,12 @@ gcr_trust_remove_certificate_exception (GcrCertificate *certificate, const gchar
GckEnumerator *en;
gboolean ret;
+ g_return_val_if_fail (GCR_IS_CERTIFICATE (certificate), FALSE);
+ g_return_val_if_fail (purpose, FALSE);
+ g_return_val_if_fail (peer, FALSE);
+
+ _gcr_initialize ();
+
en = prepare_remove_certificate_exception (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
@@ -690,6 +727,12 @@ gcr_trust_remove_certificate_exception_async (GcrCertificate *certificate, const
GSimpleAsyncResult *async;
GckEnumerator *en;
+ g_return_if_fail (GCR_IS_CERTIFICATE (certificate));
+ g_return_if_fail (purpose);
+ g_return_if_fail (peer);
+
+ _gcr_initialize ();
+
en = prepare_remove_certificate_exception (certificate, purpose, peer);
g_return_if_fail (en);
@@ -718,6 +761,11 @@ gcr_trust_remove_certificate_exception_finish (GAsyncResult *result, GError **er
{
GObject *object;
+ g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (result), FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
+
+ _gcr_initialize ();
+
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
gcr_trust_remove_certificate_exception_async), FALSE);
@@ -739,8 +787,6 @@ prepare_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpose
GckEnumerator *en;
GList *modules;
- modules = _gcr_get_pkcs11_modules ();
-
attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_ANCHOR);
g_return_val_if_fail (attrs, NULL);
@@ -752,9 +798,11 @@ prepare_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpose
* others.
*/
+ modules = gcr_pkcs11_get_trust_lookup_modules ();
en = gck_modules_enumerate_objects (modules, attrs, 0);
trust_operation_init (en, attrs);
gck_attributes_unref (attrs);
+ gck_list_unref_free (modules);
return en;
}
@@ -808,6 +856,8 @@ gcr_trust_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpo
g_return_val_if_fail (GCR_IS_CERTIFICATE (certificate), FALSE);
g_return_val_if_fail (purpose, FALSE);
+ _gcr_initialize ();
+
en = prepare_is_certificate_anchor (certificate, purpose);
g_return_val_if_fail (en, FALSE);
@@ -857,6 +907,8 @@ gcr_trust_is_certificate_anchor_async (GcrCertificate *certificate, const gchar
g_return_if_fail (GCR_IS_CERTIFICATE (certificate));
g_return_if_fail (purpose);
+ _gcr_initialize ();
+
en = prepare_is_certificate_anchor (certificate, purpose);
g_return_if_fail (en);
@@ -890,6 +942,10 @@ gcr_trust_is_certificate_anchor_finish (GAsyncResult *result, GError **error)
GObject *object;
g_return_val_if_fail (G_IS_ASYNC_RESULT (result), FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
+
+ _gcr_initialize ();
+
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
gcr_trust_is_certificate_anchor_async), FALSE);
diff --git a/gcr/gcr.h b/gcr/gcr.h
index ec7e4e2..84f22c9 100644
--- a/gcr/gcr.h
+++ b/gcr/gcr.h
@@ -40,6 +40,7 @@
#include "gcr-key-renderer.h"
#include "gcr-key-widget.h"
#include "gcr-importer.h"
+#include "gcr-library.h"
#include "gcr-parser.h"
#include "gcr-pkcs11-certificate.h"
#include "gcr-simple-certificate.h"
diff --git a/gcr/tests/test-pkcs11-certificate.c b/gcr/tests/test-pkcs11-certificate.c
index 64866d2..117c8c7 100644
--- a/gcr/tests/test-pkcs11-certificate.c
+++ b/gcr/tests/test-pkcs11-certificate.c
@@ -28,7 +28,6 @@
#include "egg/egg-asn1-defs.h"
#include "gcr.h"
-#include "gcr/gcr-internal.h"
#include "gck/gck-mock.h"
#include "gck/gck-test.h"
@@ -42,10 +41,10 @@ static gsize n_cert_data = 0;
static gpointer cert2_data = NULL;
static gsize n_cert2_data = 0;
static CK_FUNCTION_LIST funcs;
-static GList *modules = NULL;
TESTING_SETUP (pkcs11_certificate)
{
+ GList *modules = NULL;
GckAttributes *attrs;
CK_FUNCTION_LIST_PTR f;
GckModule *module;
@@ -71,8 +70,8 @@ TESTING_SETUP (pkcs11_certificate)
g_assert (!modules);
module = gck_module_new (&funcs, 0);
modules = g_list_prepend (modules, module);
-
- _gcr_set_test_pkcs11_modules (modules);
+ gcr_pkcs11_set_modules (modules);
+ gck_list_unref_free (modules);
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", cert_data, n_cert_data);
g_assert (asn);
@@ -104,9 +103,6 @@ TESTING_TEARDOWN (pkcs11_certificate)
rv = (funcs.C_Finalize) (NULL);
gck_assert_cmprv (rv, ==, CKR_OK);
-
- gck_list_unref_free (modules);
- modules = NULL;
}
TESTING_TEST (pkcs11_lookup_certificate_issuer)
diff --git a/gcr/tests/test-trust.c b/gcr/tests/test-trust.c
index 2facf64..1d4e4b6 100644
--- a/gcr/tests/test-trust.c
+++ b/gcr/tests/test-trust.c
@@ -25,7 +25,6 @@
#include "test-suite.h"
#include "gcr.h"
-#include "gcr/gcr-internal.h"
#include "gck/gck-mock.h"
#include "gck/gck-test.h"
@@ -35,11 +34,11 @@
#include <glib.h>
static CK_FUNCTION_LIST funcs;
-static GList *modules = NULL;
static GcrCertificate *certificate = NULL;
TESTING_SETUP (trust_setup)
{
+ GList *modules = NULL;
CK_FUNCTION_LIST_PTR f;
GckModule *module;
guchar *contents;
@@ -62,9 +61,10 @@ TESTING_SETUP (trust_setup)
g_assert (!modules);
module = gck_module_new (&funcs, 0);
modules = g_list_prepend (modules, module);
+ gcr_pkcs11_set_modules (modules);
+ gck_list_unref_free (modules);
- _gcr_set_test_pkcs11_modules (modules);
- _gcr_set_test_trust_slot (GCK_MOCK_SLOT_ONE_URI);
+ gcr_pkcs11_set_trust_store_uri (GCK_MOCK_SLOT_ONE_URI);
}
TESTING_TEARDOWN (trust_setup)
@@ -76,9 +76,6 @@ TESTING_TEARDOWN (trust_setup)
rv = (funcs.C_Finalize) (NULL);
gck_assert_cmprv (rv, ==, CKR_OK);
-
- gck_list_unref_free (modules);
- modules = NULL;
}
TESTING_TEST (trust_is_exception_none)
@@ -118,7 +115,7 @@ TESTING_TEST (trust_add_certificate_exception_fail)
/* Make this function fail */
funcs.C_CreateObject = gck_mock_fail_C_CreateObject;
- ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, NULL, &error);
+ ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_CLIENT_AUTH, "peer", NULL, &error);
g_assert (ret == FALSE);
g_assert_error (error, GCK_ERROR, CKR_FUNCTION_FAILED);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
