[gnome-keyring/trust-store] Rename CKA_G_ trust prefix to CKA_X_ and move to own file.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/trust-store] Rename CKA_G_ trust prefix to CKA_X_ and move to own file.
- Date: Fri, 10 Dec 2010 22:27:55 +0000 (UTC)
commit eeeaa5c0c2a3589488a20b370bcc65ed679b0ddf
Author: Stef Walter <stefw collabora co uk>
Date: Fri Dec 10 22:26:41 2010 +0000
Rename CKA_G_ trust prefix to CKA_X_ and move to own file.
Move the PKCS#11 trust extensions to its own file and give it
its own prefix.
daemon/ssh-agent/gkd-ssh-agent-ops.c | 1 -
gck/gck-dump.c | 27 ++--
gcr/gcr-trust.c | 31 ++--
gcr/tests/test-certificate-chain.c | 21 ++-
gcr/tests/test-trust.c | 10 +-
pkcs11/Makefile.am | 4 +-
pkcs11/gkm/gkm-assertion.c | 12 +-
pkcs11/gkm/gkm-certificate.c | 2 +-
pkcs11/gkm/gkm-module.c | 1 -
pkcs11/gkm/gkm-object.c | 1 -
pkcs11/pkcs11g.h | 47 -----
pkcs11/pkcs11i.h | 43 ++---
pkcs11/pkcs11x.h | 44 +++++
pkcs11/roots-store/gkm-roots-trust.c | 9 +-
pkcs11/rpc-layer/gkm-rpc-dispatch.c | 1 -
pkcs11/ssh-store/tests/unit-test-private-key.c | 2 +-
pkcs11/wrap-layer/gkm-wrap-layer.c | 1 -
pkcs11/xdg-store/gkm-xdg-assertion.c | 27 ++--
pkcs11/xdg-store/gkm-xdg-trust.c | 31 ++--
pkcs11/xdg-store/tests/test-xdg-trust.c | 216 ++++++++++++------------
20 files changed, 265 insertions(+), 266 deletions(-)
---
diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c
index 54d81da..7c2620f 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-ops.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c
@@ -27,7 +27,6 @@
#include "gck/gck.h"
#include "pkcs11/pkcs11.h"
-#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "egg/egg-error.h"
diff --git a/gck/gck-dump.c b/gck/gck-dump.c
index 9b35e86..ca488b0 100644
--- a/gck/gck-dump.c
+++ b/gck/gck-dump.c
@@ -32,6 +32,7 @@
#include <string.h>
#include "pkcs11/pkcs11i.h"
+#include "pkcs11/pkcs11x.h"
static void
dump_class_value (gulong klass)
@@ -49,7 +50,7 @@ dump_class_value (gulong klass)
DX(CKO_G_COLLECTION);
DX(CKO_G_SEARCH);
DX(CKO_G_CREDENTIAL);
- DX(CKO_G_TRUST_ASSERTION);
+ DX(CKO_X_TRUST_ASSERTION);
#undef DX
default:
@@ -66,9 +67,9 @@ dump_assertion_type_value (gulong type)
{
switch (type) {
#define DX(x) case x: g_printerr ("%s", #x); break;
- DX(CKT_G_UNTRUSTED_CERTIFICATE);
- DX(CKT_G_PINNED_CERTIFICATE);
- DX(CKT_G_ANCHORED_CERTIFICATE);
+ DX(CKT_X_UNTRUSTED_CERTIFICATE);
+ DX(CKT_X_PINNED_CERTIFICATE);
+ DX(CKT_X_ANCHORED_CERTIFICATE);
#undef DX
default:
@@ -98,9 +99,9 @@ dump_attribute_value (GckAttribute *attr)
}
break;
- case CKA_G_ASSERTION_TYPE:
- if (attr->length == sizeof (CK_ASSERTION_TYPE)) {
- dump_assertion_type_value (*(CK_ASSERTION_TYPE*)attr->value);
+ case CKA_X_ASSERTION_TYPE:
+ if (attr->length == sizeof (CK_X_ASSERTION_TYPE)) {
+ dump_assertion_type_value (*(CK_X_ASSERTION_TYPE*)attr->value);
return;
}
break;
@@ -171,8 +172,8 @@ dump_attribute_value (GckAttribute *attr)
case CKA_MIME_TYPES:
case CKA_G_COLLECTION:
case CKA_G_SCHEMA:
- case CKA_G_PURPOSE:
- case CKA_G_PEER:
+ case CKA_X_PURPOSE:
+ case CKA_X_PEER:
if (g_utf8_validate (attr->value, attr->length, NULL)) {
int length = MIN (32, attr->length);
g_printerr ("%.*s%s", length, (gchar*)attr->value,
@@ -307,10 +308,10 @@ dump_attribute_type (GckAttribute *attr)
DX(CKA_G_OBJECT);
DX(CKA_G_CREDENTIAL);
DX(CKA_G_CREDENTIAL_TEMPLATE);
- DX(CKA_G_ASSERTION_TYPE);
- DX(CKA_G_CERTIFICATE_VALUE);
- DX(CKA_G_PURPOSE);
- DX(CKA_G_PEER);
+ DX(CKA_X_ASSERTION_TYPE);
+ DX(CKA_X_CERTIFICATE_VALUE);
+ DX(CKA_X_PURPOSE);
+ DX(CKA_X_PEER);
#undef DX
default:
diff --git a/gcr/gcr-trust.c b/gcr/gcr-trust.c
index b788023..575df92 100644
--- a/gcr/gcr-trust.c
+++ b/gcr/gcr-trust.c
@@ -33,6 +33,7 @@
#include "pkcs11/pkcs11n.h"
#include "pkcs11/pkcs11i.h"
+#include "pkcs11/pkcs11x.h"
/**
* SECTION:gcr-trust
@@ -148,19 +149,19 @@ trust_operation_get (GckEnumerator *en)
}
static GckAttributes*
-prepare_trust_attrs (GcrCertificate *certificate, CK_ASSERTION_TYPE type)
+prepare_trust_attrs (GcrCertificate *certificate, CK_X_ASSERTION_TYPE type)
{
GckAttributes *attrs;
gconstpointer data;
gsize n_data;
attrs = gck_attributes_new ();
- gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, type);
+ gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
+ gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, type);
data = gcr_certificate_get_der_data (certificate, &n_data);
g_return_val_if_fail (data, NULL);
- gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
+ gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data);
return attrs;
}
@@ -176,11 +177,11 @@ prepare_is_certificate_pinned (GcrCertificate *certificate, const gchar *purpose
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
+ attrs = prepare_trust_attrs (certificate, CKT_X_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
- gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
- gck_attributes_add_string (attrs, CKA_G_PEER, peer);
+ gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
+ gck_attributes_add_string (attrs, CKA_X_PEER, peer);
/*
* TODO: We need to be able to sort the modules by preference
@@ -361,11 +362,11 @@ prepare_add_pinned_certificate (GcrCertificate *certificate, const gchar *purpos
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
+ attrs = prepare_trust_attrs (certificate, CKT_X_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
- gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
- gck_attributes_add_string (attrs, CKA_G_PEER, peer);
+ gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
+ gck_attributes_add_string (attrs, CKA_X_PEER, peer);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
/*
@@ -586,11 +587,11 @@ prepare_remove_pinned_certificate (GcrCertificate *certificate, const gchar *pur
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_PINNED_CERTIFICATE);
+ attrs = prepare_trust_attrs (certificate, CKT_X_PINNED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
- gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
- gck_attributes_add_string (attrs, CKA_G_PEER, peer);
+ gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
+ gck_attributes_add_string (attrs, CKA_X_PEER, peer);
/*
* TODO: We need to be able to sort the modules by preference
@@ -783,10 +784,10 @@ prepare_is_certificate_anchored (GcrCertificate *certificate, const gchar *purpo
GckEnumerator *en;
GList *modules;
- attrs = prepare_trust_attrs (certificate, CKT_G_ANCHORED_CERTIFICATE);
+ attrs = prepare_trust_attrs (certificate, CKT_X_ANCHORED_CERTIFICATE);
g_return_val_if_fail (attrs, NULL);
- gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
+ gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
/*
* TODO: We need to be able to sort the modules by preference
diff --git a/gcr/tests/test-certificate-chain.c b/gcr/tests/test-certificate-chain.c
index 95f5b63..6749466 100644
--- a/gcr/tests/test-certificate-chain.c
+++ b/gcr/tests/test-certificate-chain.c
@@ -10,6 +10,9 @@
#include "gck/gck-mock.h"
#include "gck/gck-test.h"
+#include "pkcs11/pkcs11.h"
+#include "pkcs11/pkcs11x.h"
+
#include <glib.h>
#include <string.h>
@@ -173,10 +176,10 @@ add_anchor_to_module (GcrCertificate *certificate, const gchar *purpose)
/* And add a pinned certificate for the signed certificate */
attrs = gck_attributes_new ();
- gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
- gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_ANCHORED_CERTIFICATE);
- gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
+ gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data);
+ gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
+ gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
+ gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
gck_mock_module_take_object (attrs);
}
@@ -192,11 +195,11 @@ add_pinned_to_module (GcrCertificate *certificate, const gchar *purpose, const g
/* And add a pinned certificate for the signed certificate */
attrs = gck_attributes_new ();
- gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, data, n_data);
- gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_PINNED_CERTIFICATE);
- gck_attributes_add_string (attrs, CKA_G_PURPOSE, purpose);
- gck_attributes_add_string (attrs, CKA_G_PEER, host);
+ gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, data, n_data);
+ gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
+ gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_PINNED_CERTIFICATE);
+ gck_attributes_add_string (attrs, CKA_X_PURPOSE, purpose);
+ gck_attributes_add_string (attrs, CKA_X_PEER, host);
gck_mock_module_take_object (attrs);
}
diff --git a/gcr/tests/test-trust.c b/gcr/tests/test-trust.c
index 73f9b34..38dd226 100644
--- a/gcr/tests/test-trust.c
+++ b/gcr/tests/test-trust.c
@@ -29,7 +29,9 @@
#include "gck/gck-mock.h"
#include "gck/gck-test.h"
+#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11n.h"
+#include "pkcs11/pkcs11x.h"
#include <glib.h>
@@ -252,11 +254,11 @@ TESTING_TEST (trust_is_certificate_anchored_yes)
/* Create a certificate root trust */
attrs = gck_attributes_new ();
der = gcr_certificate_get_der_data (certificate, &n_der);
- gck_attributes_add_data (attrs, CKA_G_CERTIFICATE_VALUE, der, n_der);
- gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_G_TRUST_ASSERTION);
+ gck_attributes_add_data (attrs, CKA_X_CERTIFICATE_VALUE, der, n_der);
+ gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_X_TRUST_ASSERTION);
gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
- gck_attributes_add_string (attrs, CKA_G_PURPOSE, GCR_PURPOSE_CLIENT_AUTH);
- gck_attributes_add_ulong (attrs, CKA_G_ASSERTION_TYPE, CKT_G_ANCHORED_CERTIFICATE);
+ gck_attributes_add_string (attrs, CKA_X_PURPOSE, GCR_PURPOSE_CLIENT_AUTH);
+ gck_attributes_add_ulong (attrs, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
gck_mock_module_take_object (attrs);
ret = gcr_trust_is_certificate_anchored (certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
diff --git a/pkcs11/Makefile.am b/pkcs11/Makefile.am
index e24c173..3b4d744 100644
--- a/pkcs11/Makefile.am
+++ b/pkcs11/Makefile.am
@@ -4,8 +4,8 @@ incdir = $(includedir)/gck
inc_HEADERS = \
pkcs11.h \
- pkcs11g.h \
- pkcs11n.h
+ pkcs11n.h \
+ pkcs11x.h
EXTRA_DIST = \
pkcs11i.h
diff --git a/pkcs11/gkm/gkm-assertion.c b/pkcs11/gkm/gkm-assertion.c
index c35e3f5..fcda26c 100644
--- a/pkcs11/gkm/gkm-assertion.c
+++ b/pkcs11/gkm/gkm-assertion.c
@@ -27,8 +27,8 @@
#include "gkm-trust.h"
#include "gkm-util.h"
-#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
+#include "pkcs11/pkcs11x.h"
#include <glib/gi18n.h>
@@ -68,16 +68,16 @@ gkm_assertion_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
case CKA_PRIVATE:
return gkm_attribute_set_bool (attr, CK_FALSE);
case CKA_CLASS:
- return gkm_attribute_set_ulong (attr, CKO_G_TRUST_ASSERTION);
+ return gkm_attribute_set_ulong (attr, CKO_X_TRUST_ASSERTION);
case CKA_MODIFIABLE:
return gkm_attribute_set_bool (attr, CK_FALSE);
/* Various trust flags */
- case CKA_G_ASSERTION_TYPE:
+ case CKA_X_ASSERTION_TYPE:
return gkm_attribute_set_ulong (attr, self->pv->type);
- case CKA_G_PURPOSE:
+ case CKA_X_PURPOSE:
return gkm_attribute_set_string (attr, self->pv->purpose);
- case CKA_G_PEER:
+ case CKA_X_PEER:
if (!self->pv->peer)
return CKR_ATTRIBUTE_TYPE_INVALID;
return gkm_attribute_set_string (attr, self->pv->peer);
@@ -85,7 +85,7 @@ gkm_assertion_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
/* Certificate reference values */
case CKA_SERIAL_NUMBER:
case CKA_ISSUER:
- case CKA_G_CERTIFICATE_VALUE:
+ case CKA_X_CERTIFICATE_VALUE:
return gkm_object_get_attribute (GKM_OBJECT (self->pv->trust), session, attr);
default:
diff --git a/pkcs11/gkm/gkm-certificate.c b/pkcs11/gkm/gkm-certificate.c
index af1cb37..866e703 100644
--- a/pkcs11/gkm/gkm-certificate.c
+++ b/pkcs11/gkm/gkm-certificate.c
@@ -40,7 +40,7 @@
#include "egg/egg-asn1x.h"
#include "pkcs11/pkcs11.h"
-#include "pkcs11/pkcs11g.h"
+#include "pkcs11/pkcs11i.h"
#include <glib/gi18n.h>
diff --git a/pkcs11/gkm/gkm-module.c b/pkcs11/gkm/gkm-module.c
index 8b27c5a..bcc5ee6 100644
--- a/pkcs11/gkm/gkm-module.c
+++ b/pkcs11/gkm/gkm-module.c
@@ -22,7 +22,6 @@
#include "config.h"
#include "pkcs11/pkcs11.h"
-#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "gkm-aes-key.h"
diff --git a/pkcs11/gkm/gkm-object.c b/pkcs11/gkm/gkm-object.c
index 8f39867..6c0e2c4 100644
--- a/pkcs11/gkm/gkm-object.c
+++ b/pkcs11/gkm/gkm-object.c
@@ -22,7 +22,6 @@
#include "config.h"
#include "pkcs11/pkcs11.h"
-#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "gkm-attributes.h"
diff --git a/pkcs11/pkcs11i.h b/pkcs11/pkcs11i.h
index 9e925ca..e85e6cf 100644
--- a/pkcs11/pkcs11i.h
+++ b/pkcs11/pkcs11i.h
@@ -1,5 +1,5 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-/* pkcs11g.h - GNOME internal definitions to PKCS#11
+/* pkcs11i.h - GNOME internal definitions to PKCS#11
Copyright (C) 2008, Stef Walter
@@ -25,7 +25,24 @@
#define PKCS11I_H
#include "pkcs11.h"
-#include "pkcs11g.h"
+
+#define CKA_GNOME (CKA_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
+#define CKO_GNOME (CKO_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
+#define CKR_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
+#define CKM_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
+#define CKK_GNOME (CKR_VENDOR_DEFINED | 0x474E4D45UL /* GNME */ )
+
+/* -------------------------------------------------------------------
+ * OBJECT UNIQUE IDENTIFIER
+ */
+
+/* A string unique among all objects on a given machine */
+#define CKA_GNOME_UNIQUE (CKA_GNOME + 350)
+
+/* -------------------------------------------------------------------
+ */
+
+#define CKA_GNOME_TRANSIENT (CKA_GNOME + 201)
/* Signifies that nobody is logged in */
#define CKU_NONE G_MAXULONG
@@ -119,26 +136,4 @@ typedef CK_G_APPLICATION* CK_G_APPLICATION_PTR;
#define CKA_G_CREDENTIAL_TEMPLATE (CKA_GNOME + 205)
-/* -------------------------------------------------------------------
- * TRUST ASSERTIONS
- */
-
-#define CKO_G_TRUST_ASSERTION (CKO_GNOME + 400)
-
-#define CKA_G_ASSERTION_TYPE (CKO_GNOME + 401)
-
-#define CKA_G_CERTIFICATE_VALUE (CKO_GNOME + 402)
-
-#define CKA_G_PURPOSE (CKO_GNOME + 403)
-
-#define CKA_G_PEER (CKO_GNOME + 404)
-
-typedef CK_ULONG CK_ASSERTION_TYPE;
-
-#define CKT_G_UNTRUSTED_CERTIFICATE 1UL
-
-#define CKT_G_PINNED_CERTIFICATE 2UL
-
-#define CKT_G_ANCHORED_CERTIFICATE 3UL
-
#endif /* PKCS11I_H */
diff --git a/pkcs11/pkcs11x.h b/pkcs11/pkcs11x.h
new file mode 100644
index 0000000..365e799
--- /dev/null
+++ b/pkcs11/pkcs11x.h
@@ -0,0 +1,44 @@
+/* pkcs11x.h
+ Copyright 2010 Collabora Ltd
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. */
+
+
+#ifndef PKCS11X_H
+#define PKCS11X_H
+
+#include "pkcs11.h"
+
+#define CKA_XDG (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ )
+#define CKO_XDG (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ )
+
+/* -------------------------------------------------------------------
+ * TRUST ASSERTIONS
+ */
+
+#define CKO_X_TRUST_ASSERTION (CKO_XDG + 100)
+
+#define CKA_X_ASSERTION_TYPE (CKA_XDG + 1)
+
+#define CKA_X_CERTIFICATE_VALUE (CKA_XDG + 2)
+
+#define CKA_X_PURPOSE (CKA_XDG + 3)
+
+#define CKA_X_PEER (CKA_XDG + 4)
+
+typedef CK_ULONG CK_X_ASSERTION_TYPE;
+
+#define CKT_X_UNTRUSTED_CERTIFICATE 1UL
+
+#define CKT_X_PINNED_CERTIFICATE 2UL
+
+#define CKT_X_ANCHORED_CERTIFICATE 3UL
+
+#endif /* PKCS11X_H */
diff --git a/pkcs11/roots-store/gkm-roots-trust.c b/pkcs11/roots-store/gkm-roots-trust.c
index 323a4d8..b07e6ea 100644
--- a/pkcs11/roots-store/gkm-roots-trust.c
+++ b/pkcs11/roots-store/gkm-roots-trust.c
@@ -34,6 +34,7 @@
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11n.h"
+#include "pkcs11/pkcs11x.h"
#include <glib/gi18n.h>
@@ -175,13 +176,13 @@ build_linked_assertion (GkmRootsTrust *self, GkmTrustLevel level, const gchar *p
case GKM_TRUST_UNKNOWN:
return;
case GKM_TRUST_TRUSTED:
- type = CKT_G_PINNED_CERTIFICATE;
+ type = CKT_X_PINNED_CERTIFICATE;
break;
case GKM_TRUST_UNTRUSTED:
- type = CKT_G_UNTRUSTED_CERTIFICATE;
+ type = CKT_X_UNTRUSTED_CERTIFICATE;
break;
case GKM_TRUST_ANCHOR:
- type = CKT_G_ANCHORED_CERTIFICATE;
+ type = CKT_X_ANCHORED_CERTIFICATE;
break;
default:
g_assert_not_reached ();
@@ -240,7 +241,7 @@ gkm_roots_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUT
return hash_certificate (self, GCRY_MD_MD5, attr);
case CKA_CERT_SHA1_HASH:
return hash_certificate (self, GCRY_MD_SHA1, attr);
- case CKA_G_CERTIFICATE_VALUE:
+ case CKA_X_CERTIFICATE_VALUE:
return full_certificate (self, attr);
default:
diff --git a/pkcs11/rpc-layer/gkm-rpc-dispatch.c b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
index 09e80eb..6b94d70 100644
--- a/pkcs11/rpc-layer/gkm-rpc-dispatch.c
+++ b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
@@ -27,7 +27,6 @@
#include "gkm-rpc-private.h"
#include "pkcs11/pkcs11.h"
-#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include "egg/egg-error.h"
diff --git a/pkcs11/ssh-store/tests/unit-test-private-key.c b/pkcs11/ssh-store/tests/unit-test-private-key.c
index 93bd6f3..e8d6959 100644
--- a/pkcs11/ssh-store/tests/unit-test-private-key.c
+++ b/pkcs11/ssh-store/tests/unit-test-private-key.c
@@ -30,7 +30,7 @@
#include "ssh-store/gkm-ssh-private-key.h"
-#include "pkcs11g.h"
+#include "pkcs11i.h"
static GkmModule *module = NULL;
static GkmSession *session = NULL;
diff --git a/pkcs11/wrap-layer/gkm-wrap-layer.c b/pkcs11/wrap-layer/gkm-wrap-layer.c
index d74b0de..acca058 100644
--- a/pkcs11/wrap-layer/gkm-wrap-layer.c
+++ b/pkcs11/wrap-layer/gkm-wrap-layer.c
@@ -25,7 +25,6 @@
#include "gkm-wrap-prompt.h"
#include "pkcs11/pkcs11.h"
-#include "pkcs11/pkcs11g.h"
#include "pkcs11/pkcs11i.h"
#include <glib.h>
diff --git a/pkcs11/xdg-store/gkm-xdg-assertion.c b/pkcs11/xdg-store/gkm-xdg-assertion.c
index 7f4cefa..e67633d 100644
--- a/pkcs11/xdg-store/gkm-xdg-assertion.c
+++ b/pkcs11/xdg-store/gkm-xdg-assertion.c
@@ -34,6 +34,7 @@
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11n.h"
+#include "pkcs11/pkcs11x.h"
#include <glib/gi18n.h>
@@ -49,7 +50,7 @@ G_DEFINE_TYPE (GkmXdgAssertion, gkm_xdg_assertion, GKM_TYPE_ASSERTION);
static GkmXdgTrust*
lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
- GkmTransaction *transaction, CK_ASSERTION_TYPE type,
+ GkmTransaction *transaction, CK_X_ASSERTION_TYPE type,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, gboolean *created)
{
CK_ATTRIBUTE_PTR serial, issuer, value;
@@ -66,9 +67,9 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
lookups[0].ulValueLen = sizeof (klass);
switch (type) {
- case CKT_G_ANCHORED_CERTIFICATE:
- case CKT_G_PINNED_CERTIFICATE:
- value = gkm_attributes_find (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE);
+ case CKT_X_ANCHORED_CERTIFICATE:
+ case CKT_X_PINNED_CERTIFICATE:
+ value = gkm_attributes_find (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE);
if (!value) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
@@ -79,7 +80,7 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
n_lookups = 2;
break;
- case CKT_G_UNTRUSTED_CERTIFICATE:
+ case CKT_X_UNTRUSTED_CERTIFICATE:
serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER);
issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER);
if (!serial || !issuer) {
@@ -112,9 +113,9 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
trust = gkm_xdg_trust_create_for_assertion (module, manager, transaction,
lookups, n_lookups);
- gkm_attributes_consume (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE,
+ gkm_attributes_consume (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE,
CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
- gkm_attributes_consume (lookups, n_lookups, CKA_G_CERTIFICATE_VALUE,
+ gkm_attributes_consume (lookups, n_lookups, CKA_X_CERTIFICATE_VALUE,
CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
if (!gkm_transaction_get_failed (transaction))
@@ -130,7 +131,7 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
{
GkmAssertion *assertion;
- CK_ASSERTION_TYPE type;
+ CK_X_ASSERTION_TYPE type;
GkmManager *manager;
gboolean created = FALSE;
GkmXdgTrust *trust;
@@ -139,17 +140,17 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
g_return_val_if_fail (attrs || !n_attrs, NULL);
- if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_G_ASSERTION_TYPE, &type)) {
+ if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_X_ASSERTION_TYPE, &type)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
- if (!gkm_attributes_find_string (attrs, n_attrs, CKA_G_PURPOSE, &purpose)) {
+ if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PURPOSE, &purpose)) {
gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
return NULL;
}
- if (!gkm_attributes_find_string (attrs, n_attrs, CKA_G_PEER, &peer))
+ if (!gkm_attributes_find_string (attrs, n_attrs, CKA_X_PEER, &peer))
peer = NULL;
/* Try to find or create an appropriate trust object for this assertion */
@@ -182,7 +183,7 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
/* A new trust assertion */
} else {
- gkm_attributes_consume (attrs, n_attrs, CKA_G_ASSERTION_TYPE, CKA_G_PURPOSE, G_MAXULONG);
+ gkm_attributes_consume (attrs, n_attrs, CKA_X_ASSERTION_TYPE, CKA_X_PURPOSE, G_MAXULONG);
gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (assertion),
TRUE, attrs, n_attrs);
}
@@ -216,7 +217,7 @@ gkm_xdg_assertion_class_init (GkmXdgAssertionClass *klass)
GkmFactory*
gkm_xdg_assertion_get_factory (void)
{
- static CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
+ static CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
static CK_ATTRIBUTE attributes[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
diff --git a/pkcs11/xdg-store/gkm-xdg-trust.c b/pkcs11/xdg-store/gkm-xdg-trust.c
index 785aa1f..7686271 100644
--- a/pkcs11/xdg-store/gkm-xdg-trust.c
+++ b/pkcs11/xdg-store/gkm-xdg-trust.c
@@ -39,6 +39,7 @@
#include "pkcs11/pkcs11i.h"
#include "pkcs11/pkcs11n.h"
+#include "pkcs11/pkcs11x.h"
#include <libtasn1.h>
@@ -220,14 +221,14 @@ validate_integer (CK_ATTRIBUTE_PTR attr)
}
static GQuark
-assertion_type_to_level_enum (CK_ASSERTION_TYPE type)
+assertion_type_to_level_enum (CK_X_ASSERTION_TYPE type)
{
switch (type) {
- case CKT_G_UNTRUSTED_CERTIFICATE:
+ case CKT_X_UNTRUSTED_CERTIFICATE:
return TRUST_UNTRUSTED;
- case CKT_G_ANCHORED_CERTIFICATE:
+ case CKT_X_ANCHORED_CERTIFICATE:
return TRUST_TRUSTED_ANCHOR;
- case CKT_G_PINNED_CERTIFICATE:
+ case CKT_X_PINNED_CERTIFICATE:
return TRUST_TRUSTED;
default:
return 0;
@@ -235,14 +236,14 @@ assertion_type_to_level_enum (CK_ASSERTION_TYPE type)
}
static gboolean
-level_enum_to_assertion_type (GQuark level, CK_ASSERTION_TYPE *type)
+level_enum_to_assertion_type (GQuark level, CK_X_ASSERTION_TYPE *type)
{
if (level == TRUST_UNTRUSTED)
- *type = CKT_G_UNTRUSTED_CERTIFICATE;
+ *type = CKT_X_UNTRUSTED_CERTIFICATE;
else if (level == TRUST_TRUSTED_ANCHOR)
- *type = CKT_G_ANCHORED_CERTIFICATE;
+ *type = CKT_X_ANCHORED_CERTIFICATE;
else if (level == TRUST_TRUSTED)
- *type = CKT_G_PINNED_CERTIFICATE;
+ *type = CKT_X_PINNED_CERTIFICATE;
else if (level == TRUST_UNKNOWN)
*type = 0;
else
@@ -270,7 +271,7 @@ create_assertions (void)
static GkmAssertion*
create_assertion (GkmXdgTrust *self, GNode *asn)
{
- CK_ASSERTION_TYPE type;
+ CK_X_ASSERTION_TYPE type;
GkmAssertion *assertion;
GQuark level;
gchar *purpose;
@@ -608,7 +609,7 @@ gkm_xdg_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
return trust_get_integer (self, "serialNumber", attr);
case CKA_ISSUER:
return trust_get_der (self, "issuer", attr);
- case CKA_G_CERTIFICATE_VALUE:
+ case CKA_X_CERTIFICATE_VALUE:
return trust_get_complete (self, attr);
/* Certificate hash values */
@@ -653,11 +654,11 @@ gkm_xdg_trust_get_level (GkmTrust *base, const gchar *purpose)
return GKM_TRUST_UNKNOWN;
type = gkm_assertion_get_trust_type (assertion);
- if (type == CKT_G_ANCHORED_CERTIFICATE)
+ if (type == CKT_X_ANCHORED_CERTIFICATE)
return GKM_TRUST_ANCHOR;
- else if (type == CKT_G_PINNED_CERTIFICATE)
+ else if (type == CKT_X_PINNED_CERTIFICATE)
return GKM_TRUST_TRUSTED;
- else if (type == CKT_G_UNTRUSTED_CERTIFICATE)
+ else if (type == CKT_X_UNTRUSTED_CERTIFICATE)
return GKM_TRUST_UNTRUSTED;
else
g_return_val_if_reached (GKM_TRUST_UNKNOWN);
@@ -802,7 +803,7 @@ gkm_xdg_trust_create_for_assertion (GkmModule *module, GkmManager *manager,
serial = gkm_attributes_find (attrs, n_attrs, CKA_SERIAL_NUMBER);
issuer = gkm_attributes_find (attrs, n_attrs, CKA_ISSUER);
- cert = gkm_attributes_find (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE);
+ cert = gkm_attributes_find (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE);
/* A trust object with just serial + issuer */
if (serial != NULL && issuer != NULL) {
@@ -836,7 +837,7 @@ gkm_xdg_trust_create_for_assertion (GkmModule *module, GkmManager *manager,
return NULL;
}
- gkm_attributes_consume (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE, CKA_ISSUER,
+ gkm_attributes_consume (attrs, n_attrs, CKA_X_CERTIFICATE_VALUE, CKA_ISSUER,
CKA_SERIAL_NUMBER, G_MAXULONG);
return trust;
diff --git a/pkcs11/xdg-store/tests/test-xdg-trust.c b/pkcs11/xdg-store/tests/test-xdg-trust.c
index bf73892..622d5fc 100644
--- a/pkcs11/xdg-store/tests/test-xdg-trust.c
+++ b/pkcs11/xdg-store/tests/test-xdg-trust.c
@@ -28,7 +28,9 @@
#include "gkm/gkm-module.h"
#include "gkm/gkm-session.h"
+#include "pkcs11/pkcs11.h"
#include "pkcs11/pkcs11n.h"
+#include "pkcs11/pkcs11x.h"
static GkmModule *module = NULL;
static GkmSession *session = NULL;
@@ -161,18 +163,18 @@ TESTING_TEST (trust_load_objects)
TESTING_TEST (trust_create_assertion_complete)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
+ { CKA_X_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
@@ -192,17 +194,17 @@ TESTING_TEST (trust_create_assertion_complete)
TESTING_TEST (trust_complete_assertion_has_no_serial_or_issuer)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_ATTRIBUTE check;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
+ { CKA_X_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
@@ -224,19 +226,19 @@ TESTING_TEST (trust_complete_assertion_has_no_serial_or_issuer)
TESTING_TEST (trust_complete_assertion_netscape_md5_hash)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
CK_OBJECT_CLASS nklass = CKO_NETSCAPE_TRUST;
- CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
+ CK_X_ASSERTION_TYPE atype = CKT_X_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
+ { CKA_X_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
CK_ATTRIBUTE lookup[] = {
@@ -261,19 +263,19 @@ TESTING_TEST (trust_complete_assertion_netscape_md5_hash)
TESTING_TEST (trust_complete_assertion_netscape_sha1_hash)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
CK_OBJECT_CLASS nklass = CKO_NETSCAPE_TRUST;
- CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
+ CK_X_ASSERTION_TYPE atype = CKT_X_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
+ { CKA_X_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
CK_ATTRIBUTE lookup[] = {
@@ -298,15 +300,15 @@ TESTING_TEST (trust_complete_assertion_netscape_sha1_hash)
TESTING_TEST (trust_create_assertion_missing_type)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
- /* Missing CKT_G_ANCHORED_CERTIFICATE */
+ /* Missing CKT_X_ANCHORED_CERTIFICATE */
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
+ { CKA_X_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
@@ -315,16 +317,16 @@ TESTING_TEST (trust_create_assertion_missing_type)
TESTING_TEST (trust_create_assertion_bad_type)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = 0xFFFF;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = 0xFFFF;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
- /* Missing CKA_G_CERTIFICATE_VALUE */
+ /* Missing CKA_X_CERTIFICATE_VALUE */
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
@@ -333,16 +335,16 @@ TESTING_TEST (trust_create_assertion_bad_type)
TESTING_TEST (trust_create_assertion_missing_cert_value)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
- /* Missing CKA_G_CERTIFICATE_VALUE */
+ /* Missing CKA_X_CERTIFICATE_VALUE */
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
@@ -351,17 +353,17 @@ TESTING_TEST (trust_create_assertion_missing_cert_value)
TESTING_TEST (trust_create_assertion_bad_cert_value)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
- /* Bad CKA_G_CERTIFICATE_VALUE */
+ /* Bad CKA_X_CERTIFICATE_VALUE */
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, "12", 2 },
+ { CKA_X_CERTIFICATE_VALUE, "12", 2 },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
@@ -370,17 +372,17 @@ TESTING_TEST (trust_create_assertion_bad_cert_value)
TESTING_TEST (trust_create_assertion_null_cert_value)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_ANCHORED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_ANCHORED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
- /* Bad CKA_G_CERTIFICATE_VALUE */
+ /* Bad CKA_X_CERTIFICATE_VALUE */
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, NULL, 0 },
+ { CKA_X_CERTIFICATE_VALUE, NULL, 0 },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
};
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
@@ -389,8 +391,8 @@ TESTING_TEST (trust_create_assertion_null_cert_value)
TESTING_TEST (trust_create_assertion_for_untrusted)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_ULONG n_objects = 0;
@@ -398,8 +400,8 @@ TESTING_TEST (trust_create_assertion_for_untrusted)
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
{ CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
{ CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) }
};
@@ -421,14 +423,14 @@ TESTING_TEST (trust_create_assertion_for_untrusted)
TESTING_TEST (trust_create_assertion_for_untrusted_no_purpose)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
{ CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
{ CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) }
};
@@ -439,15 +441,15 @@ TESTING_TEST (trust_create_assertion_for_untrusted_no_purpose)
TESTING_TEST (trust_create_assertion_for_untrusted_no_serial)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
{ CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) }
};
@@ -457,16 +459,16 @@ TESTING_TEST (trust_create_assertion_for_untrusted_no_serial)
TESTING_TEST (trust_create_assertion_twice)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object_1 = 0;
CK_OBJECT_HANDLE object_2 = 0;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
{ CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
{ CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) }
};
@@ -490,27 +492,27 @@ TESTING_TEST (trust_create_assertion_twice)
TESTING_TEST (trust_untrusted_assertion_has_no_cert_value)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_UNTRUSTED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_UNTRUSTED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_ATTRIBUTE check;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "test-purpose", 12 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "test-purpose", 12 },
{ CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
{ CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) }
};
- /* Created as untrusted, should have no CKA_G_CERTIFICATE_VALUE */
+ /* Created as untrusted, should have no CKA_X_CERTIFICATE_VALUE */
rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
gkm_assert_cmprv (rv, ==, CKR_OK);
gkm_assert_cmpulong (object, !=, 0);
- check.type = CKA_G_CERTIFICATE_VALUE;
+ check.type = CKA_X_CERTIFICATE_VALUE;
check.pValue = NULL;
check.ulValueLen = 0;
rv = gkm_session_C_GetAttributeValue (session, object, &check, 1);
@@ -519,8 +521,8 @@ TESTING_TEST (trust_untrusted_assertion_has_no_cert_value)
TESTING_TEST (trust_create_assertion_complete_on_token)
{
- CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
- CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
+ CK_OBJECT_CLASS klass = CKO_X_TRUST_ASSERTION;
+ CK_X_ASSERTION_TYPE atype = CKT_X_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE check = 0;
CK_OBJECT_HANDLE results[8];
@@ -529,10 +531,10 @@ TESTING_TEST (trust_create_assertion_complete_on_token)
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
+ { CKA_X_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &klass, sizeof (klass) },
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
- { CKA_G_PURPOSE, "other", 5 },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_PURPOSE, "other", 5 },
{ CKA_TOKEN, &token, sizeof (token) },
};
@@ -558,14 +560,14 @@ TESTING_TEST (trust_create_assertion_complete_on_token)
TESTING_TEST (trust_destroy_assertion_on_token)
{
- CK_ASSERTION_TYPE atype = CKT_G_PINNED_CERTIFICATE;
+ CK_X_ASSERTION_TYPE atype = CKT_X_PINNED_CERTIFICATE;
CK_OBJECT_HANDLE results[8];
CK_BBOOL token = CK_TRUE;
CK_ULONG n_objects = 0;
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
- { CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
+ { CKA_X_ASSERTION_TYPE, &atype, sizeof (atype) },
{ CKA_TOKEN, &token, sizeof (token) },
};
@@ -592,11 +594,11 @@ TESTING_TEST (trust_destroy_assertion_on_token)
}
static void
-_assert_positive_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpose,
+_assert_positive_netscape (CK_X_ASSERTION_TYPE assertion_type, const gchar *purpose,
CK_ATTRIBUTE_TYPE netscape_type, CK_TRUST netscape_trust,
const gchar *description)
{
- CK_OBJECT_CLASS aklass = CKO_G_TRUST_ASSERTION;
+ CK_OBJECT_CLASS aklass = CKO_X_TRUST_ASSERTION;
CK_OBJECT_CLASS nklass = CKO_NETSCAPE_TRUST;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE results[256];
@@ -610,10 +612,10 @@ _assert_positive_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpos
CK_RV rv;
CK_ATTRIBUTE attrs[] = {
- { CKA_G_CERTIFICATE_VALUE, cert_data, n_cert_data },
+ { CKA_X_CERTIFICATE_VALUE, cert_data, n_cert_data },
{ CKA_CLASS, &aklass, sizeof (aklass) },
- { CKA_G_ASSERTION_TYPE, &assertion_type, sizeof (assertion_type) },
- { CKA_G_PURPOSE, (void*)purpose, strlen (purpose) },
+ { CKA_X_ASSERTION_TYPE, &assertion_type, sizeof (assertion_type) },
+ { CKA_X_PURPOSE, (void*)purpose, strlen (purpose) },
{ CKA_TOKEN, &fval, sizeof (fval) },
};
@@ -656,11 +658,11 @@ _assert_positive_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpos
}
static void
-_assert_negative_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpose,
+_assert_negative_netscape (CK_X_ASSERTION_TYPE assertion_type, const gchar *purpose,
CK_ATTRIBUTE_TYPE netscape_type, CK_TRUST netscape_trust,
const gchar *description)
{
- CK_OBJECT_CLASS aklass = CKO_G_TRUST_ASSERTION;
+ CK_OBJECT_CLASS aklass = CKO_X_TRUST_ASSERTION;
CK_OBJECT_CLASS nklass = CKO_NETSCAPE_TRUST;
CK_OBJECT_HANDLE object = 0;
CK_OBJECT_HANDLE results[256];
@@ -674,8 +676,8 @@ _assert_negative_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpos
{ CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) },
{ CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) },
{ CKA_CLASS, &aklass, sizeof (aklass) },
- { CKA_G_ASSERTION_TYPE, &assertion_type, sizeof (assertion_type) },
- { CKA_G_PURPOSE, (void*)purpose, strlen (purpose) },
+ { CKA_X_ASSERTION_TYPE, &assertion_type, sizeof (assertion_type) },
+ { CKA_X_PURPOSE, (void*)purpose, strlen (purpose) },
{ CKA_TOKEN, &fval, sizeof (fval) },
};
@@ -720,80 +722,80 @@ _assert_negative_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpos
TESTING_TEST (trust_netscape_map_server_auth)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.1",
CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_client_auth)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.2",
CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_code_signing)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.3",
CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_email)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.4",
CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_ipsec_endpoint)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.5",
CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_ipsec_tunnel)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.6",
CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_ipsec_user)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.7",
CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_UNTRUSTED);
}
TESTING_TEST (trust_netscape_map_time_stamping)
{
- assert_positive_netscape (CKT_G_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
+ assert_positive_netscape (CKT_X_PINNED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_TRUSTED);
- assert_positive_netscape (CKT_G_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
+ assert_positive_netscape (CKT_X_ANCHORED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_TRUSTED_DELEGATOR);
- assert_negative_netscape (CKT_G_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
+ assert_negative_netscape (CKT_X_UNTRUSTED_CERTIFICATE, "1.3.6.1.5.5.7.3.8",
CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_UNTRUSTED);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
