[gnome-keyring/trust-store] Change terminology to 'pinned certificate' from 'exception'.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/trust-store] Change terminology to 'pinned certificate' from 'exception'.
- Date: Fri, 10 Dec 2010 22:27:50 +0000 (UTC)
commit 2ac2d39cfd9b4fa265f560f1b0f57b006f019ad0
Author: Stef Walter <stefw collabora co uk>
Date: Fri Dec 10 22:09:42 2010 +0000
Change terminology to 'pinned certificate' from 'exception'.
The matching terminology of 'anchored certificate' and 'pinned
certificate' makes things consistent and understandable.
docs/reference/gcr/gcr-sections.txt | 24 +-
gck/gck-dump.c | 6 +-
gcr/gcr-certificate-chain.c | 8 +-
gcr/gcr-trust.c | 262 ++++++++++++------------
gcr/gcr-trust.h | 24 +-
gcr/tests/test-certificate-chain.c | 8 +-
gcr/tests/test-trust.c | 74 ++++----
pkcs11/pkcs11i.h | 6 +-
pkcs11/roots-store/gkm-roots-trust.c | 6 +-
pkcs11/xdg-store/gkm-xdg-assertion.c | 6 +-
pkcs11/xdg-store/gkm-xdg-trust-netscape.c | 314 -----------------------------
pkcs11/xdg-store/gkm-xdg-trust-netscape.h | 59 ------
pkcs11/xdg-store/gkm-xdg-trust.c | 18 +-
pkcs11/xdg-store/tests/test-xdg-trust.c | 78 ++++----
tool/gkr-tool-trust.c | 4 +-
15 files changed, 260 insertions(+), 637 deletions(-)
---
diff --git a/docs/reference/gcr/gcr-sections.txt b/docs/reference/gcr/gcr-sections.txt
index 1d714d1..8eeedf5 100644
--- a/docs/reference/gcr/gcr-sections.txt
+++ b/docs/reference/gcr/gcr-sections.txt
@@ -154,18 +154,18 @@ GCR_PURPOSE_SERVER_AUTH
GCR_PURPOSE_CLIENT_AUTH
GCR_PURPOSE_EMAIL
GCR_PURPOSE_CODE_SIGNING
-gcr_trust_is_certificate_anchor
-gcr_trust_is_certificate_anchor_async
-gcr_trust_is_certificate_anchor_finish
-gcr_trust_is_certificate_exception
-gcr_trust_is_certificate_exception_async
-gcr_trust_is_certificate_exception_finish
-gcr_trust_add_certificate_exception
-gcr_trust_add_certificate_exception_async
-gcr_trust_add_certificate_exception_finish
-gcr_trust_remove_certificate_exception
-gcr_trust_remove_certificate_exception_async
-gcr_trust_remove_certificate_exception_finish
+gcr_trust_is_certificate_anchored
+gcr_trust_is_certificate_anchored_async
+gcr_trust_is_certificate_anchored_finish
+gcr_trust_is_certificate_pinned
+gcr_trust_is_certificate_pinned_async
+gcr_trust_is_certificate_pinned_finish
+gcr_trust_add_pinned_certificate
+gcr_trust_add_pinned_certificate_async
+gcr_trust_add_pinned_certificate_finish
+gcr_trust_remove_pinned_certificate
+gcr_trust_remove_pinned_certificate_async
+gcr_trust_remove_pinned_certificate_finish
</SECTION>
<SECTION>
diff --git a/gck/gck-dump.c b/gck/gck-dump.c
index 09c3f4b..9b35e86 100644
--- a/gck/gck-dump.c
+++ b/gck/gck-dump.c
@@ -66,9 +66,9 @@ dump_assertion_type_value (gulong type)
{
switch (type) {
#define DX(x) case x: g_printerr ("%s", #x); break;
- DX(CKT_G_CERTIFICATE_UNTRUSTED);
- DX(CKT_G_CERTIFICATE_TRUST_EXCEPTION);
- DX(CKT_G_CERTIFICATE_TRUST_ANCHOR);
+ DX(CKT_G_UNTRUSTED_CERTIFICATE);
+ DX(CKT_G_PINNED_CERTIFICATE);
+ DX(CKT_G_ANCHORED_CERTIFICATE);
#undef DX
default:
diff --git a/gcr/gcr-certificate-chain.c b/gcr/gcr-certificate-chain.c
index 89fc921..347daf0 100644
--- a/gcr/gcr-certificate-chain.c
+++ b/gcr/gcr-certificate-chain.c
@@ -248,8 +248,8 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
/* First check for pinned certificates */
certificate = g_ptr_array_index (pv->certificates, 0);
if (lookups && pv->peer) {
- ret = gcr_trust_is_certificate_exception (certificate, pv->purpose,
- pv->peer, cancellable, &error);
+ ret = gcr_trust_is_certificate_pinned (certificate, pv->purpose,
+ pv->peer, cancellable, &error);
if (!ret && error) {
g_propagate_error (rerror, error);
return FALSE;
@@ -307,8 +307,8 @@ perform_build_chain (GcrCertificateChainPrivate *pv, GCancellable *cancellable,
/* See if this certificate is an anchor */
if (lookups) {
- ret = gcr_trust_is_certificate_anchor (certificate, pv->purpose,
- cancellable, &error);
+ ret = gcr_trust_is_certificate_anchored (certificate, pv->purpose,
+ cancellable, &error);
if (!ret && error) {
g_propagate_error (rerror, error);
diff --git a/gcr/gcr-trust.c b/gcr/gcr-trust.c
index c720d25..b788023 100644
--- a/gcr/gcr-trust.c
+++ b/gcr/gcr-trust.c
@@ -51,15 +51,15 @@
* authorized to act as such. To check if a certificate is a trust anchor use
* gcr_trust_is_certificate_anchor().
*
- * Certificate exceptions are used when a user overrides the default trust
+ * Pinned certificates are used when a user overrides the default trust
* decision for a given certificate. They're often used with self-signed
- * certificates. Certificate exceptions are always only valid for a single peer
+ * certificates. Pinned certificates are always only valid for a single peer
* such as the remote host with which TLS is being performed. To lookup
- * certificate exceptions use gcr_trust_is_certificate_exception().
+ * pinned certificates use gcr_trust_is_certificate_pinned().
*
* After the user has requested to override the trust decision
- * about a given certificate then a certificate exception can be added by using
- * the gcr_trust_add_certificate_exception() function.
+ * about a given certificate then a pinned certificates can be added by using
+ * the gcr_trust_add_pinned_certificate() function.
*
* These functions do not constitute a viable method for verifying certificates
* used in TLS or other locations. Instead they support such verification
@@ -166,17 +166,17 @@ prepare_trust_attrs (GcrCertificate *certificate, CK_ASSERTION_TYPE type)
}
/* ----------------------------------------------------------------------------------
- * GET CERTIFICATE EXCEPTION
+ * GET PINNED CERTIFICATE
*/
static GckEnumerator*
-prepare_is_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
+prepare_is_certificate_pinned (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
+ attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
@@ -198,7 +198,7 @@ prepare_is_certificate_exception (GcrCertificate *certificate, const gchar *purp
}
static gboolean
-perform_is_certificate_exception (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_is_certificate_pinned (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GckObject *object;
@@ -218,28 +218,27 @@ perform_is_certificate_exception (GckEnumerator *en, GCancellable *cancellable,
}
/**
- * gcr_trust_is_certificate_exception:
+ * gcr_trust_is_certificate_pinned:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned
* @cancellable: a #GCancellable
* @error: a #GError, or NULL
*
- * Check if there is a recorded exception for connections using @certificate
- * for @purpose to communicate with @peer. A certificate exception overrides
- * all other certificate verification.
+ * Check if @certificate is pinned for @purpose to communicate with @peer.
+ * A pinned certificate overrides all other certificate verification.
*
- * This call may block, see gcr_trust_is_certificate_exception_async() for the
+ * This call may block, see gcr_trust_is_certificate_pinned_async() for the
* non-blocking version.
*
* In the case of an error, %FALSE is also returned. Check @error to detect
* if an error occurred.
*
- * Returns: %TRUE if the certificate has a certificate exception
+ * Returns: %TRUE if the certificate is pinned for the host and purpose
*/
gboolean
-gcr_trust_is_certificate_exception (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable, GError **error)
+gcr_trust_is_certificate_pinned (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
@@ -250,10 +249,10 @@ gcr_trust_is_certificate_exception (GcrCertificate *certificate, const gchar *pu
_gcr_initialize ();
- en = prepare_is_certificate_exception (certificate, purpose, peer);
+ en = prepare_is_certificate_pinned (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
- ret = perform_is_certificate_exception (en, cancellable, error);
+ ret = perform_is_certificate_pinned (en, cancellable, error);
g_object_unref (en);
@@ -261,11 +260,11 @@ gcr_trust_is_certificate_exception (GcrCertificate *certificate, const gchar *pu
}
static void
-thread_is_certificate_exception (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_is_certificate_pinned (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_is_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+ perform_is_certificate_pinned (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
@@ -274,26 +273,25 @@ thread_is_certificate_exception (GSimpleAsyncResult *result, GObject *object, GC
}
/**
- * gcr_trust_is_certificate_exception_async:
+ * gcr_trust_is_certificate_pinned_async:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned
* @cancellable: a #GCancellable
* @callback: a #GAsyncReadyCallback to call when the operation completes
* @user_data: the data to pass to callback function
*
- * Check if there is a recorded exception for connections using @certificate
- * for @purpose to communicate with @peer. A certificate exception overrides
- * all other certificate verification.
+ * Check if @certificate is pinned for @purpose to communicate with @peer. A
+ * pinned certificate overrides all other certificate verification.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_is_certificate_exception_finish() to get the result of the
+ * gcr_trust_is_certificate_pinned_finish() to get the result of the
* operation.
*/
void
-gcr_trust_is_certificate_exception_async (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable,
- GAsyncReadyCallback callback, gpointer user_data)
+gcr_trust_is_certificate_pinned_async (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
@@ -304,13 +302,13 @@ gcr_trust_is_certificate_exception_async (GcrCertificate *certificate, const gch
_gcr_initialize ();
- en = prepare_is_certificate_exception (certificate, purpose, peer);
+ en = prepare_is_certificate_pinned (certificate, purpose, peer);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_is_certificate_exception_async);
+ gcr_trust_is_certificate_pinned_async);
- g_simple_async_result_run_in_thread (async, thread_is_certificate_exception,
+ g_simple_async_result_run_in_thread (async, thread_is_certificate_pinned,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
@@ -318,20 +316,20 @@ gcr_trust_is_certificate_exception_async (GcrCertificate *certificate, const gch
}
/**
- * gcr_trust_is_certificate_exception_finish:
+ * gcr_trust_is_certificate_pinned_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_is_certificate_exception_async().
+ * gcr_trust_is_certificate_pinned_async().
*
* In the case of an error, %FALSE is also returned. Check @error to detect
* if an error occurred.
*
- * Returns: %TRUE if the certificate has a certificate exception
+ * Returns: %TRUE if the certificate is pinned.
*/
gboolean
-gcr_trust_is_certificate_exception_finish (GAsyncResult *result, GError **error)
+gcr_trust_is_certificate_pinned_finish (GAsyncResult *result, GError **error)
{
GcrTrustOperation *op;
GObject *object;
@@ -343,7 +341,7 @@ gcr_trust_is_certificate_exception_finish (GAsyncResult *result, GError **error)
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_is_certificate_exception_async), FALSE);
+ gcr_trust_is_certificate_pinned_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
@@ -353,17 +351,17 @@ gcr_trust_is_certificate_exception_finish (GAsyncResult *result, GError **error)
}
/* ----------------------------------------------------------------------------------
- * ADD CERTIFICATE EXCEPTION
+ * ADD PINNED CERTIFICATE
*/
static GckEnumerator*
-prepare_add_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
+prepare_add_pinned_certificate (GcrCertificate *certificate, const gchar *purpose, const gchar *peer)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
+ attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
@@ -386,7 +384,7 @@ prepare_add_certificate_exception (GcrCertificate *certificate, const gchar *pur
}
static gboolean
-perform_add_certificate_exception (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_add_pinned_certificate (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GckAttributes *attrs;
@@ -444,28 +442,28 @@ perform_add_certificate_exception (GckEnumerator *en, GCancellable *cancellable,
}
/**
- * gcr_trust_add_certificate_exception:
+ * gcr_trust_add_pinned_certificate:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @error: a #GError, or NULL
*
- * Add a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer. A certificate exception overrides all other
- * certificate verification and should be used with care.
+ * Add a pinned @certificate for connections to @peer for @purpose. A pinned
+ * certificate overrides all other certificate verification and should be
+ * used with care.
*
- * If the same certificate exception already exists, then this operation
+ * If the same pinned certificate already exists, then this operation
* does not add another, and succeeds without error.
*
- * This call may block, see gcr_trust_add_certificate_exception_async() for the
+ * This call may block, see gcr_trust_add_pinned_certificate_async() for the
* non-blocking version.
*
- * Returns: %TRUE if the certificate exception is recorded successfully
+ * Returns: %TRUE if the pinned certificate is recorded successfully
*/
gboolean
-gcr_trust_add_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
- GCancellable *cancellable, GError **error)
+gcr_trust_add_pinned_certificate (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
+ GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
@@ -476,10 +474,10 @@ gcr_trust_add_certificate_exception (GcrCertificate *certificate, const gchar *p
_gcr_initialize ();
- en = prepare_add_certificate_exception (certificate, purpose, peer);
+ en = prepare_add_pinned_certificate (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
- ret = perform_add_certificate_exception (en, cancellable, error);
+ ret = perform_add_pinned_certificate (en, cancellable, error);
g_object_unref (en);
@@ -487,11 +485,11 @@ gcr_trust_add_certificate_exception (GcrCertificate *certificate, const gchar *p
}
static void
-thread_add_certificate_exception (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_add_pinned_certificate (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_add_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+ perform_add_pinned_certificate (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
@@ -500,29 +498,29 @@ thread_add_certificate_exception (GSimpleAsyncResult *result, GObject *object, G
}
/**
- * gcr_trust_add_certificate_exception_async:
+ * gcr_trust_add_pinned_certificate_async:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @callback: a #GAsyncReadyCallback to call when the operation completes
* @user_data: the data to pass to callback function
*
- * Add a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer. A certificate exception overrides all other
- * certificate verification and should be used with care.
+ * Add a pinned certificate for communication with @peer for @purpose. A pinned
+ * certificate overrides all other certificate verification and should be used
+ * with care.
*
- * If the same certificate exception already exists, then this operation
+ * If the same pinned certificate already exists, then this operation
* does not add another, and succeeds without error.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_add_certificate_exception_finish() to get the result of the
+ * gcr_trust_add_pinned_certificate_finish() to get the result of the
* operation.
*/
void
-gcr_trust_add_certificate_exception_async (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable,
- GAsyncReadyCallback callback, gpointer user_data)
+gcr_trust_add_pinned_certificate_async (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
@@ -533,13 +531,13 @@ gcr_trust_add_certificate_exception_async (GcrCertificate *certificate, const gc
_gcr_initialize ();
- en = prepare_add_certificate_exception (certificate, purpose, peer);
+ en = prepare_add_pinned_certificate (certificate, purpose, peer);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_add_certificate_exception_async);
+ gcr_trust_add_pinned_certificate_async);
- g_simple_async_result_run_in_thread (async, thread_add_certificate_exception,
+ g_simple_async_result_run_in_thread (async, thread_add_pinned_certificate,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
@@ -547,17 +545,17 @@ gcr_trust_add_certificate_exception_async (GcrCertificate *certificate, const gc
}
/**
- * gcr_trust_add_certificate_exception_finish:
+ * gcr_trust_add_pinned_certificate_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_add_certificate_exception_async().
+ * gcr_trust_add_pinned_certificate_async().
*
- * Returns: %TRUE if the certificate exception is recorded successfully
+ * Returns: %TRUE if the pinned certificate is recorded successfully
*/
gboolean
-gcr_trust_add_certificate_exception_finish (GAsyncResult *result, GError **error)
+gcr_trust_add_pinned_certificate_finish (GAsyncResult *result, GError **error)
{
GObject *object;
@@ -568,7 +566,7 @@ gcr_trust_add_certificate_exception_finish (GAsyncResult *result, GError **error
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_add_certificate_exception_async), FALSE);
+ gcr_trust_add_pinned_certificate_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
@@ -577,18 +575,18 @@ gcr_trust_add_certificate_exception_finish (GAsyncResult *result, GError **error
}
/* -----------------------------------------------------------------------
- * REMOVE CERTIFICATE EXCEPTION
+ * REMOVE PINNED CERTIFICATE
*/
static GckEnumerator*
-prepare_remove_certificate_exception (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer)
+prepare_remove_pinned_certificate (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
+ attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
@@ -610,7 +608,7 @@ prepare_remove_certificate_exception (GcrCertificate *certificate, const gchar *
}
static gboolean
-perform_remove_certificate_exception (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_remove_pinned_certificate (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GList *objects, *l;
@@ -646,27 +644,26 @@ perform_remove_certificate_exception (GckEnumerator *en, GCancellable *cancellab
}
/**
- * gcr_trust_remove_certificate_exception:
+ * gcr_trust_remove_pinned_certificate:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @error: a #GError, or NULL
*
- * Remove a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer.
+ * Remove a pinned certificate for communication with @peer for @purpose.
*
- * If the same certificate exception does not exist, or was already removed,
+ * If the same pinned certificate does not exist, or was already removed,
* then this operation succeeds without error.
*
- * This call may block, see gcr_trust_remove_certificate_exception_async() for the
+ * This call may block, see gcr_trust_remove_pinned_certificate_async() for the
* non-blocking version.
*
- * Returns: %TRUE if the certificate exception no longer exists
+ * Returns: %TRUE if the pinned certificate no longer exists
*/
gboolean
-gcr_trust_remove_certificate_exception (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
- GCancellable *cancellable, GError **error)
+gcr_trust_remove_pinned_certificate (GcrCertificate *certificate, const gchar *purpose, const gchar *peer,
+ GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
@@ -677,10 +674,10 @@ gcr_trust_remove_certificate_exception (GcrCertificate *certificate, const gchar
_gcr_initialize ();
- en = prepare_remove_certificate_exception (certificate, purpose, peer);
+ en = prepare_remove_pinned_certificate (certificate, purpose, peer);
g_return_val_if_fail (en, FALSE);
- ret = perform_remove_certificate_exception (en, cancellable, error);
+ ret = perform_remove_pinned_certificate (en, cancellable, error);
g_object_unref (en);
@@ -688,11 +685,11 @@ gcr_trust_remove_certificate_exception (GcrCertificate *certificate, const gchar
}
static void
-thread_remove_certificate_exception (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_remove_pinned_certificate (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_remove_certificate_exception (GCK_ENUMERATOR (object), cancel, &error);
+ perform_remove_pinned_certificate (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
@@ -701,28 +698,27 @@ thread_remove_certificate_exception (GSimpleAsyncResult *result, GObject *object
}
/**
- * gcr_trust_remove_certificate_exception_async:
+ * gcr_trust_remove_pinned_certificate_async:
* @certificate: a #GcrCertificate
* @purpose: the purpose string
- * @peer: the peer for this exception
+ * @peer: the peer for this pinned certificate
* @cancellable: a #GCancellable
* @callback: a #GAsyncReadyCallback to call when the operation completes
* @user_data: the data to pass to callback function
*
- * Remove a recorded exception for connections using @certificate for @purpose
- * to communicate with @peer.
+ * Remove a pinned certificate for communication with @peer for @purpose.
*
- * If the same certificate exception does not exist, or was already removed,
+ * If the same pinned certificate does not exist, or was already removed,
* then this operation succeeds without error.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_remove_certificate_exception_finish() to get the result of the
+ * gcr_trust_remove_pinned_certificate_finish() to get the result of the
* operation.
*/
void
-gcr_trust_remove_certificate_exception_async (GcrCertificate *certificate, const gchar *purpose,
- const gchar *peer, GCancellable *cancellable,
- GAsyncReadyCallback callback, gpointer user_data)
+gcr_trust_remove_pinned_certificate_async (GcrCertificate *certificate, const gchar *purpose,
+ const gchar *peer, GCancellable *cancellable,
+ GAsyncReadyCallback callback, gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
@@ -733,13 +729,13 @@ gcr_trust_remove_certificate_exception_async (GcrCertificate *certificate, const
_gcr_initialize ();
- en = prepare_remove_certificate_exception (certificate, purpose, peer);
+ en = prepare_remove_pinned_certificate (certificate, purpose, peer);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_remove_certificate_exception_async);
+ gcr_trust_remove_pinned_certificate_async);
- g_simple_async_result_run_in_thread (async, thread_remove_certificate_exception,
+ g_simple_async_result_run_in_thread (async, thread_remove_pinned_certificate,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
@@ -747,17 +743,17 @@ gcr_trust_remove_certificate_exception_async (GcrCertificate *certificate, const
}
/**
- * gcr_trust_remove_certificate_exception_finish:
+ * gcr_trust_remove_pinned_certificate_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_remove_certificate_exception_async().
+ * gcr_trust_remove_pinned_certificate_async().
*
- * Returns: %TRUE if the certificate exception no longer exists
+ * Returns: %TRUE if the pinned certificate no longer exists
*/
gboolean
-gcr_trust_remove_certificate_exception_finish (GAsyncResult *result, GError **error)
+gcr_trust_remove_pinned_certificate_finish (GAsyncResult *result, GError **error)
{
GObject *object;
@@ -768,7 +764,7 @@ gcr_trust_remove_certificate_exception_finish (GAsyncResult *result, GError **er
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_remove_certificate_exception_async), FALSE);
+ gcr_trust_remove_pinned_certificate_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
@@ -781,13 +777,13 @@ gcr_trust_remove_certificate_exception_finish (GAsyncResult *result, GError **er
*/
static GckEnumerator*
-prepare_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpose)
+prepare_is_certificate_anchored (GcrCertificate *certificate, const gchar *purpose)
{
GckAttributes *attrs;
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_CERTIFICATE_TRUST_ANCHOR);
+ attrs = prepare_trust_attrs (certificate, CKT_G_ANCHORED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
@@ -808,7 +804,7 @@ prepare_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpose
}
static gboolean
-perform_is_certificate_anchor (GckEnumerator *en, GCancellable *cancellable, GError **error)
+perform_is_certificate_anchored (GckEnumerator *en, GCancellable *cancellable, GError **error)
{
GcrTrustOperation *op;
GckObject *object;
@@ -828,7 +824,7 @@ perform_is_certificate_anchor (GckEnumerator *en, GCancellable *cancellable, GEr
}
/**
- * gcr_trust_is_certificate_anchor:
+ * gcr_trust_is_certificate_anchored:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
* @cancellable: a #GCancellable
@@ -838,7 +834,7 @@ perform_is_certificate_anchor (GckEnumerator *en, GCancellable *cancellable, GEr
* anchor is used to verify the signatures on other certificates when verifying
* a certificate chain. Also known as a trusted certificate authority.
*
- * This call may block, see gcr_trust_is_certificate_anchor_async() for the
+ * This call may block, see gcr_trust_is_certificate_anchored_async() for the
* non-blocking version.
*
* In the case of an error, %FALSE is also returned. Check @error to detect
@@ -847,8 +843,8 @@ perform_is_certificate_anchor (GckEnumerator *en, GCancellable *cancellable, GEr
* Returns: %TRUE if the certificate is a trust anchor
*/
gboolean
-gcr_trust_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpose,
- GCancellable *cancellable, GError **error)
+gcr_trust_is_certificate_anchored (GcrCertificate *certificate, const gchar *purpose,
+ GCancellable *cancellable, GError **error)
{
GckEnumerator *en;
gboolean ret;
@@ -858,10 +854,10 @@ gcr_trust_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpo
_gcr_initialize ();
- en = prepare_is_certificate_anchor (certificate, purpose);
+ en = prepare_is_certificate_anchored (certificate, purpose);
g_return_val_if_fail (en, FALSE);
- ret = perform_is_certificate_anchor (en, cancellable, error);
+ ret = perform_is_certificate_anchored (en, cancellable, error);
g_object_unref (en);
@@ -869,11 +865,11 @@ gcr_trust_is_certificate_anchor (GcrCertificate *certificate, const gchar *purpo
}
static void
-thread_is_certificate_anchor (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
+thread_is_certificate_anchored (GSimpleAsyncResult *result, GObject *object, GCancellable *cancel)
{
GError *error = NULL;
- perform_is_certificate_anchor (GCK_ENUMERATOR (object), cancel, &error);
+ perform_is_certificate_anchored (GCK_ENUMERATOR (object), cancel, &error);
if (error != NULL) {
g_simple_async_result_set_from_error (result, error);
@@ -882,7 +878,7 @@ thread_is_certificate_anchor (GSimpleAsyncResult *result, GObject *object, GCanc
}
/**
- * gcr_trust_is_certificate_anchor_async:
+ * gcr_trust_is_certificate_anchored_async:
* @certificate: a #GcrCertificate to check
* @purpose: the purpose string
* @cancellable: a #GCancellable
@@ -894,12 +890,12 @@ thread_is_certificate_anchor (GSimpleAsyncResult *result, GObject *object, GCanc
* a certificate chain. Also known as a trusted certificate authority.
*
* When the operation is finished, callback will be called. You can then call
- * gcr_trust_is_certificate_anchor_finish() to get the result of the operation.
+ * gcr_trust_is_certificate_anchored_finish() to get the result of the operation.
*/
void
-gcr_trust_is_certificate_anchor_async (GcrCertificate *certificate, const gchar *purpose,
- GCancellable *cancellable, GAsyncReadyCallback callback,
- gpointer user_data)
+gcr_trust_is_certificate_anchored_async (GcrCertificate *certificate, const gchar *purpose,
+ GCancellable *cancellable, GAsyncReadyCallback callback,
+ gpointer user_data)
{
GSimpleAsyncResult *async;
GckEnumerator *en;
@@ -909,13 +905,13 @@ gcr_trust_is_certificate_anchor_async (GcrCertificate *certificate, const gchar
_gcr_initialize ();
- en = prepare_is_certificate_anchor (certificate, purpose);
+ en = prepare_is_certificate_anchored (certificate, purpose);
g_return_if_fail (en);
async = g_simple_async_result_new (G_OBJECT (en), callback, user_data,
- gcr_trust_is_certificate_anchor_async);
+ gcr_trust_is_certificate_anchored_async);
- g_simple_async_result_run_in_thread (async, thread_is_certificate_anchor,
+ g_simple_async_result_run_in_thread (async, thread_is_certificate_anchored,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
@@ -923,12 +919,12 @@ gcr_trust_is_certificate_anchor_async (GcrCertificate *certificate, const gchar
}
/**
- * gcr_trust_is_certificate_anchor_finish:
+ * gcr_trust_is_certificate_anchored_finish:
* @result: the #GAsyncResult passed to the callback
* @error: a #GError, or NULL
*
* Finishes an asynchronous operation started by
- * gcr_trust_is_certificate_anchor_async().
+ * gcr_trust_is_certificate_anchored_async().
*
* In the case of an error, %FALSE is also returned. Check @error to detect
* if an error occurred.
@@ -936,7 +932,7 @@ gcr_trust_is_certificate_anchor_async (GcrCertificate *certificate, const gchar
* Returns: %TRUE if the certificate is a trust anchor
*/
gboolean
-gcr_trust_is_certificate_anchor_finish (GAsyncResult *result, GError **error)
+gcr_trust_is_certificate_anchored_finish (GAsyncResult *result, GError **error)
{
GcrTrustOperation *op;
GObject *object;
@@ -948,7 +944,7 @@ gcr_trust_is_certificate_anchor_finish (GAsyncResult *result, GError **error)
object = g_async_result_get_source_object (result);
g_return_val_if_fail (g_simple_async_result_is_valid (result, object,
- gcr_trust_is_certificate_anchor_async), FALSE);
+ gcr_trust_is_certificate_anchored_async), FALSE);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
return FALSE;
diff --git a/gcr/gcr-trust.h b/gcr/gcr-trust.h
index 53ff770..3c7e8a9 100644
--- a/gcr/gcr-trust.h
+++ b/gcr/gcr-trust.h
@@ -35,66 +35,66 @@ G_BEGIN_DECLS
#define GCR_PURPOSE_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
#define GCR_PURPOSE_EMAIL "1.3.6.1.5.5.7.3.4"
-gboolean gcr_trust_is_certificate_exception (GcrCertificate *certificate,
+gboolean gcr_trust_is_certificate_pinned (GcrCertificate *certificate,
const gchar *purpose,
const gchar *peer,
GCancellable *cancellable,
GError **error);
-void gcr_trust_is_certificate_exception_async (GcrCertificate *certificate,
+void gcr_trust_is_certificate_pinned_async (GcrCertificate *certificate,
const gchar *purpose,
const gchar *peer,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data);
-gboolean gcr_trust_is_certificate_exception_finish (GAsyncResult *result,
+gboolean gcr_trust_is_certificate_pinned_finish (GAsyncResult *result,
GError **error);
-gboolean gcr_trust_add_certificate_exception (GcrCertificate *certificate,
+gboolean gcr_trust_add_pinned_certificate (GcrCertificate *certificate,
const gchar *purpose,
const gchar *peer,
GCancellable *cancellable,
GError **error);
-void gcr_trust_add_certificate_exception_async (GcrCertificate *certificate,
+void gcr_trust_add_pinned_certificate_async (GcrCertificate *certificate,
const gchar *purpose,
const gchar *peer,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data);
-gboolean gcr_trust_add_certificate_exception_finish (GAsyncResult *result,
+gboolean gcr_trust_add_pinned_certificate_finish (GAsyncResult *result,
GError **error);
-gboolean gcr_trust_remove_certificate_exception (GcrCertificate *certificate,
+gboolean gcr_trust_remove_pinned_certificate (GcrCertificate *certificate,
const gchar *purpose,
const gchar *peer,
GCancellable *cancellable,
GError **error);
-void gcr_trust_remove_certificate_exception_async (GcrCertificate *certificate,
+void gcr_trust_remove_pinned_certificate_async (GcrCertificate *certificate,
const gchar *purpose,
const gchar *peer,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data);
-gboolean gcr_trust_remove_certificate_exception_finish (GAsyncResult *result,
+gboolean gcr_trust_remove_pinned_certificate_finish (GAsyncResult *result,
GError **error);
-gboolean gcr_trust_is_certificate_anchor (GcrCertificate *certificate,
+gboolean gcr_trust_is_certificate_anchored (GcrCertificate *certificate,
const gchar *purpose,
GCancellable *cancellable,
GError **error);
-void gcr_trust_is_certificate_anchor_async (GcrCertificate *certificate,
+void gcr_trust_is_certificate_anchored_async (GcrCertificate *certificate,
const gchar *purpose,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data);
-gboolean gcr_trust_is_certificate_anchor_finish (GAsyncResult *result,
+gboolean gcr_trust_is_certificate_anchored_finish (GAsyncResult *result,
GError **error);
G_END_DECLS
diff --git a/gcr/tests/test-certificate-chain.c b/gcr/tests/test-certificate-chain.c
index 7aeaca6..95f5b63 100644
--- a/gcr/tests/test-certificate-chain.c
+++ b/gcr/tests/test-certificate-chain.c
@@ -171,11 +171,11 @@ add_anchor_to_module (GcrCertificate *certificate, const gchar *purpose)
data = gcr_certificate_get_der_data (certificate, &n_data);
g_assert (data);
- /* And add a certificate exception for the signed certificate */
+ /* And add a pinned certificate for the signed certificate */
attrs = gck_attributes_new ();
gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_CERTIFICATE_TRUST_ANCHOR);
+ gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_ANCHORED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_mock_module_take_object (attrs);
}
@@ -190,11 +190,11 @@ add_pinned_to_module (GcrCertificate *certificate, const gchar *purpose, const g
data = gcr_certificate_get_der_data (certificate, &n_data);
g_assert (data);
- /* And add a certificate exception for the signed certificate */
+ /* And add a pinned certificate for the signed certificate */
attrs = gck_attributes_new ();
gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_CERTIFICATE_TRUST_EXCEPTION);
+ gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_PINNED_CERTIFICATE);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
gck_attributes_add_string (attrs, CKA_G_PEER, host);
gck_mock_module_take_object (attrs);
diff --git a/gcr/tests/test-trust.c b/gcr/tests/test-trust.c
index 1d4e4b6..73f9b34 100644
--- a/gcr/tests/test-trust.c
+++ b/gcr/tests/test-trust.c
@@ -78,36 +78,36 @@ TESTING_TEARDOWN (trust_setup)
gck_assert_cmprv (rv, ==, CKR_OK);
}
-TESTING_TEST (trust_is_exception_none)
+TESTING_TEST (trust_is_pinned_none)
{
GError *error = NULL;
gboolean trust;
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, FALSE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_add_and_is_exception)
+TESTING_TEST (trust_add_and_is_pinned)
{
GError *error = NULL;
gboolean trust;
gboolean ret;
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, FALSE);
g_assert (error == NULL);
- ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ ret = gcr_trust_add_pinned_certificate (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, TRUE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_add_certificate_exception_fail)
+TESTING_TEST (trust_add_certificate_pinned_fail)
{
GError *error = NULL;
gboolean ret;
@@ -115,30 +115,30 @@ TESTING_TEST (trust_add_certificate_exception_fail)
/* Make this function fail */
funcs.C_CreateObject = gck_mock_fail_C_CreateObject;
- ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_CLIENT_AUTH, "peer", NULL, &error);
+ ret = gcr_trust_add_pinned_certificate (certificate, GCR_PURPOSE_CLIENT_AUTH, "peer", NULL, &error);
g_assert (ret == FALSE);
g_assert_error (error, GCK_ERROR, CKR_FUNCTION_FAILED);
}
-TESTING_TEST (trust_add_and_remov_exception)
+TESTING_TEST (trust_add_and_remov_pinned)
{
GError *error = NULL;
gboolean trust;
gboolean ret;
- ret = gcr_trust_add_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ ret = gcr_trust_add_pinned_certificate (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, TRUE);
g_assert (error == NULL);
- ret = gcr_trust_remove_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ ret = gcr_trust_remove_pinned_certificate (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
- trust = gcr_trust_is_certificate_exception (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
+ trust = gcr_trust_is_certificate_pinned (certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
g_assert_cmpint (trust, ==, FALSE);
g_assert (error == NULL);
}
@@ -151,97 +151,97 @@ fetch_async_result (GObject *source, GAsyncResult *result, gpointer user_data)
testing_wait_stop ();
}
-TESTING_TEST (trust_add_and_is_exception_async)
+TESTING_TEST (trust_add_and_is_pinned_async)
{
GAsyncResult *result = NULL;
GError *error = NULL;
gboolean trust;
gboolean ret;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == FALSE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_add_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host",
+ gcr_trust_add_pinned_certificate_async (certificate, GCR_PURPOSE_EMAIL, "host",
NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_add_certificate_exception_finish (result, &error);
+ ret = gcr_trust_add_pinned_certificate_finish (result, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
}
-TESTING_TEST (trust_add_and_remov_exception_async)
+TESTING_TEST (trust_add_and_remov_pinned_async)
{
GAsyncResult *result = NULL;
GError *error = NULL;
gboolean trust;
gboolean ret;
- gcr_trust_add_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_add_pinned_certificate_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_add_certificate_exception_finish (result, &error);
+ ret = gcr_trust_add_pinned_certificate_finish (result, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_remove_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_remove_pinned_certificate_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_remove_certificate_exception_finish (result, &error);
+ ret = gcr_trust_remove_pinned_certificate_finish (result, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
- gcr_trust_is_certificate_exception_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_pinned_async (certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- trust = gcr_trust_is_certificate_exception_finish (result, &error);
+ trust = gcr_trust_is_certificate_pinned_finish (result, &error);
g_assert (trust == FALSE);
g_assert (error == NULL);
g_object_unref (result);
result = NULL;
}
-TESTING_TEST (trust_is_certificate_anchor_not)
+TESTING_TEST (trust_is_certificate_anchored_not)
{
GError *error = NULL;
gboolean ret;
- ret = gcr_trust_is_certificate_anchor (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
+ ret = gcr_trust_is_certificate_anchored (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
g_assert (ret == FALSE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_is_certificate_anchor_yes)
+TESTING_TEST (trust_is_certificate_anchored_yes)
{
GError *error = NULL;
GckAttributes *attrs;
@@ -256,25 +256,25 @@ TESTING_TEST (trust_is_certificate_anchor_yes)
gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
gck_attributes_add_string (attrs, CKA_G_PURPOSE, GCR_PURPOSE_CLIENT_AUTH);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_CERTIFICATE_TRUST_ANCHOR);
+ gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_ANCHORED_CERTIFICATE);
gck_mock_module_take_object (attrs);
- ret = gcr_trust_is_certificate_anchor (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
+ ret = gcr_trust_is_certificate_anchored (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
g_assert (ret == TRUE);
g_assert (error == NULL);
}
-TESTING_TEST (trust_is_certificate_anchor_async)
+TESTING_TEST (trust_is_certificate_anchored_async)
{
GAsyncResult *result = NULL;
GError *error = NULL;
gboolean ret;
- gcr_trust_is_certificate_anchor_async (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, fetch_async_result, &result);
+ gcr_trust_is_certificate_anchored_async (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, fetch_async_result, &result);
testing_wait_until (500);
g_assert (result);
- ret = gcr_trust_is_certificate_anchor_finish (result, &error);
+ ret = gcr_trust_is_certificate_anchored_finish (result, &error);
g_assert (ret == FALSE);
g_assert (error == NULL);
diff --git a/pkcs11/pkcs11i.h b/pkcs11/pkcs11i.h
index 9ac2375..9e925ca 100644
--- a/pkcs11/pkcs11i.h
+++ b/pkcs11/pkcs11i.h
@@ -135,10 +135,10 @@ typedef CK_G_APPLICATION* CK_G_APPLICATION_PTR;
typedef CK_ULONG CK_ASSERTION_TYPE;
-#define CKT_G_CERTIFICATE_UNTRUSTED 1UL
+#define CKT_G_UNTRUSTED_CERTIFICATE 1UL
-#define CKT_G_CERTIFICATE_TRUST_EXCEPTION 2UL
+#define CKT_G_PINNED_CERTIFICATE 2UL
-#define CKT_G_CERTIFICATE_TRUST_ANCHOR 3UL
+#define CKT_G_ANCHORED_CERTIFICATE 3UL
#endif /* PKCS11I_H */
diff --git a/pkcs11/roots-store/gkm-roots-trust.c b/pkcs11/roots-store/gkm-roots-trust.c
index 07034e3..323a4d8 100644
--- a/pkcs11/roots-store/gkm-roots-trust.c
+++ b/pkcs11/roots-store/gkm-roots-trust.c
@@ -175,13 +175,13 @@ build_linked_assertion (GkmRootsTrust *self, GkmTrustLevel level, const gchar *p
case GKM_TRUST_UNKNOWN:
return;
case GKM_TRUST_TRUSTED:
- type = CKT_G_CERTIFICATE_TRUST_EXCEPTION;
+ type = CKT_G_PINNED_CERTIFICATE;
break;
case GKM_TRUST_UNTRUSTED:
- type = CKT_G_CERTIFICATE_UNTRUSTED;
+ type = CKT_G_UNTRUSTED_CERTIFICATE;
break;
case GKM_TRUST_ANCHOR:
- type = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+ type = CKT_G_ANCHORED_CERTIFICATE;
break;
default:
g_assert_not_reached ();
diff --git a/pkcs11/xdg-store/gkm-xdg-assertion.c b/pkcs11/xdg-store/gkm-xdg-assertion.c
index 0c6fcde..7f4cefa 100644
--- a/pkcs11/xdg-store/gkm-xdg-assertion.c
+++ b/pkcs11/xdg-store/gkm-xdg-assertion.c
@@ -66,8 +66,8 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
lookups[0].ulValueLen = sizeof (klass);
switch (type) {
- case CKT_G_CERTIFICATE_TRUST_ANCHOR:
- case CKT_G_CERTIFICATE_TRUST_EXCEPTION:
+ case CKT_G_ANCHORED_CERTIFICATE:
+ case CKT_G_PINNED_CERTIFICATE:
value = gkm_attributes_find (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE);
if (!value) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
@@ -79,7 +79,7 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
n_lookups = 2;
break;
- case CKT_G_CERTIFICATE_UNTRUSTED:
+ case CKT_G_UNTRUSTED_CERTIFICATE:
serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER);
issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER);
if (!serial || !issuer) {
diff --git a/pkcs11/xdg-store/gkm-xdg-trust.c b/pkcs11/xdg-store/gkm-xdg-trust.c
index 71f7659..785aa1f 100644
--- a/pkcs11/xdg-store/gkm-xdg-trust.c
+++ b/pkcs11/xdg-store/gkm-xdg-trust.c
@@ -223,11 +223,11 @@ static GQuark
assertion_type_to_level_enum (CK_ASSERTION_TYPE type)
{
switch (type) {
- case CKT_G_CERTIFICATE_UNTRUSTED:
+ case CKT_G_UNTRUSTED_CERTIFICATE:
return TRUST_UNTRUSTED;
- case CKT_G_CERTIFICATE_TRUST_ANCHOR:
+ case CKT_G_ANCHORED_CERTIFICATE:
return TRUST_TRUSTED_ANCHOR;
- case CKT_G_CERTIFICATE_TRUST_EXCEPTION:
+ case CKT_G_PINNED_CERTIFICATE:
return TRUST_TRUSTED;
default:
return 0;
@@ -238,11 +238,11 @@ static gboolean
level_enum_to_assertion_type (GQuark level, CK_ASSERTION_TYPE *type)
{
if (level == TRUST_UNTRUSTED)
- *type = CKT_G_CERTIFICATE_UNTRUSTED;
+ *type = CKT_G_UNTRUSTED_CERTIFICATE;
else if (level == TRUST_TRUSTED_ANCHOR)
- *type = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+ *type = CKT_G_ANCHORED_CERTIFICATE;
else if (level == TRUST_TRUSTED)
- *type = CKT_G_CERTIFICATE_TRUST_EXCEPTION;
+ *type = CKT_G_PINNED_CERTIFICATE;
else if (level == TRUST_UNKNOWN)
*type = 0;
else
@@ -653,11 +653,11 @@ gkm_xdg_trust_get_level (GkmTrust *base, const gchar *purpose)
return GKM_TRUST_UNKNOWN;
type = gkm_assertion_get_trust_type (assertion);
- if (type == CKT_G_CERTIFICATE_TRUST_ANCHOR)
+ if (type == CKT_G_ANCHORED_CERTIFICATE)
return GKM_TRUST_ANCHOR;
- else if (type == CKT_G_CERTIFICATE_TRUST_EXCEPTION)
+ else if (type == CKT_G_PINNED_CERTIFICATE)
return GKM_TRUST_TRUSTED;
- else if (type == CKT_G_CERTIFICATE_UNTRUSTED)
+ else if (type == CKT_G_UNTRUSTED_CERTIFICATE)
return GKM_TRUST_UNTRUSTED;
else
g_return_val_if_reached (GKM_TRUST_UNKNOWN);
diff --git a/pkcs11/xdg-store/tests/test-xdg-trust.c b/pkcs11/xdg-store/tests/test-xdg-trust.c
index 8a7ff45..bf73892 100644
--- a/pkcs11/xdg-store/tests/test-xdg-trust.c
+++ b/pkcs11/xdg-store/tests/test-xdg-trust.c
@@ -162,7 +162,7 @@ TESTING_TEST (trust_load_objects)
TESTING_TEST (trust_create_assertion_complete)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+ CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
@@ -193,7 +193,7 @@ TESTING_TEST (trust_create_assertion_complete)
TESTING_TEST (trust_complete_assertion_has_no_serial_or_issuer)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+ CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_ATTRIBUTE check;
CK_RV rv;
@@ -226,7 +226,7 @@ TESTING_TEST (trust_complete_assertion_netscape_md5_hash)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
CK_OBJECT_CLASS nklass = CKO_NETSCAPE_TRUST;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_EXCEPTION;
+ CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
@@ -263,7 +263,7 @@ TESTING_TEST (trust_complete_assertion_netscape_sha1_hash)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
CK_OBJECT_CLASS nklass = CKO_NETSCAPE_TRUST;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_EXCEPTION;
+ CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
@@ -302,7 +302,7 @@ TESTING_TEST (trust_create_assertion_missing_type)
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
- /* Missing CKT_G_CERTIFICATE_TRUST_ANCHOR */
+ /* Missing CKT_G_ANCHORED_CERTIFICATE */
CK_ATTRIBUTE attrs[] = {
{ CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &klass, sizeof (klass) },
@@ -334,7 +334,7 @@ TESTING_TEST (trust_create_assertion_bad_type)
TESTING_TEST (trust_create_assertion_missing_cert_value)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+ CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
@@ -352,7 +352,7 @@ TESTING_TEST (trust_create_assertion_missing_cert_value)
TESTING_TEST (trust_create_assertion_bad_cert_value)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+ CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
@@ -371,7 +371,7 @@ TESTING_TEST (trust_create_assertion_bad_cert_value)
TESTING_TEST (trust_create_assertion_null_cert_value)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+ CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
@@ -390,7 +390,7 @@ TESTING_TEST (trust_create_assertion_null_cert_value)
TESTING_TEST (trust_create_assertion_for_untrusted)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_UNTRUSTED;
+ CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
@@ -422,7 +422,7 @@ TESTING_TEST (trust_create_assertion_for_untrusted)
TESTING_TEST (trust_create_assertion_for_untrusted_no_purpose)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_UNTRUSTED;
+ CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
@@ -440,7 +440,7 @@ TESTING_TEST (trust_create_assertion_for_untrusted_no_purpose)
TESTING_TEST (trust_create_assertion_for_untrusted_no_serial)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_UNTRUSTED;
+ CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
@@ -458,7 +458,7 @@ TESTING_TEST (trust_create_assertion_for_untrusted_no_serial)
TESTING_TEST (trust_create_assertion_twice)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_UNTRUSTED;
+ CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object_1 = 0;
CK_OBJECT_HANDLE object_2 = 0;
CK_RV rv;
@@ -491,7 +491,7 @@ TESTING_TEST (trust_create_assertion_twice)
TESTING_TEST (trust_untrusted_assertion_has_no_cert_value)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_UNTRUSTED;
+ CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_ATTRIBUTE check;
CK_RV rv;
@@ -520,7 +520,7 @@ TESTING_TEST (trust_untrusted_assertion_has_no_cert_value)
TESTING_TEST (trust_create_assertion_complete_on_token)
{
CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_EXCEPTION;
+ CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_OBJECT_HANDLE results[8];
@@ -558,7 +558,7 @@ TESTING_TEST (trust_create_assertion_complete_on_token)
TESTING_TEST (trust_destroy_assertion_on_token)
{
- CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_EXCEPTION;
+ CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE results[8];
CK_BBOOL token = CK_TRUE;
CK_ULONG n_objects = 0;
@@ -720,80 +720,80 @@ _assert_negative_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpos
TESTING_TEST (trust_netscape_map_server_auth)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.1",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.1",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.1",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_client_auth)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.2",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.2",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.2",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_code_signing)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.3",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.3",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.3",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_email)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.4",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.4",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.4",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_ipsec_endpoint)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.5",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.5",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.5",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_ipsec_tunnel)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.6",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.6",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.6",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_ipsec_user)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.7",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.7",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.7",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_time_stamping)
{
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.8",
+ assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.8",
+ assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.8",
+ assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_UNTRUSTED);
}
diff --git a/tool/gkr-tool-trust.c b/tool/gkr-tool-trust.c
index edd0b2c..967a3c1 100644
--- a/tool/gkr-tool-trust.c
+++ b/tool/gkr-tool-trust.c
@@ -1,5 +1,5 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-/* gkr-tool-trust.c: Command line certificate trust exceptions
+/* gkr-tool-trust.c: Command line pinned certificates
Copyright (C) 2010 Stefan Walter
@@ -102,7 +102,7 @@ purpose_to_string (GcrPurpose purpose)
}
static int
-get_certificate_exception (GcrCertificate *certificate, GcrPurpose purpose)
+get_pinned_certificate (GcrCertificate *certificate, GcrPurpose purpose)
{
GError *error = NULL;
const gchar *string;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
