[gnome-keyring/trust-store: 105/105] [xdg-store] Start testing tool to create trust assertion files.

From: Stefan Walter <stefw src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keyring/trust-store: 105/105] [xdg-store] Start testing tool to create trust assertion files.
Date: Tue, 23 Nov 2010 03:09:38 +0000 (UTC)
commit c81dac584dfdac92f0fd54158a10c39f59479ce8
Author: Stef Walter <stefw collabora co uk>
Date:   Tue Nov 23 02:55:07 2010 +0000

    [xdg-store] Start testing tool to create trust assertion files.

 pkcs11/xdg-store/.gitignore                |    2 +
 pkcs11/xdg-store/asn1-def-xdg.c            |   42 -----
 pkcs11/xdg-store/tests/Makefile.am         |   10 +-
 pkcs11/xdg-store/tests/diddle-trust-file.c |  227 ++++++++++++++++++++++++++++
 pkcs11/xdg-store/xdg.asn                   |    4 +-
 5 files changed, 240 insertions(+), 45 deletions(-)
---
diff --git a/pkcs11/xdg-store/.gitignore b/pkcs11/xdg-store/.gitignore
new file mode 100644
index 0000000..102fd9d
--- /dev/null
+++ b/pkcs11/xdg-store/.gitignore
@@ -0,0 +1,2 @@
+/asn1-def-xdg.c
+/tests/diddle-trust-file
diff --git a/pkcs11/xdg-store/tests/Makefile.am b/pkcs11/xdg-store/tests/Makefile.am
index c6bbf81..6e56e48 100644
--- a/pkcs11/xdg-store/tests/Makefile.am
+++ b/pkcs11/xdg-store/tests/Makefile.am
@@ -13,4 +13,12 @@ EXTRA_DIST = \
 	p11-tests.conf \
 	test-data
 
-include $(top_srcdir)/testing/testing.make
\ No newline at end of file
+include $(top_srcdir)/testing/testing.make
+
+# ------------------------------------------------------------------------------
+
+noinst_PROGRAMS += \
+	diddle-trust-file
+
+diddle_trust_file_LDADD =  \
+	$(top_builddir)/egg/libegg.la
diff --git a/pkcs11/xdg-store/tests/diddle-trust-file.c b/pkcs11/xdg-store/tests/diddle-trust-file.c
new file mode 100644
index 0000000..cced961
--- /dev/null
+++ b/pkcs11/xdg-store/tests/diddle-trust-file.c
@@ -0,0 +1,227 @@
+/*
+ * gnome-keyring
+ *
+ * Copyright (C) Collabora Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include "config.h"
+
+#include "egg/egg-asn1x.h"
+#include "egg/egg-dn.h"
+#include "egg/egg-error.h"
+#include "egg/egg-asn1-defs.h"
+
+#include <libtasn1.h>
+#include <stdlib.h>
+
+/* Bring in the relevant definitions */
+#include "../asn1-def-xdg.c"
+
+static void
+barf_and_die (const gchar *msg, const gchar *detail)
+{
+	if (detail)
+		g_printerr ("diddle-trust-file: %s: %s\n", msg, detail);
+	else
+		g_printerr ("diddle-trust-file: %s\n", msg);
+	exit (1);
+}
+
+#if 0
+	gchar *contents;
+	gsize n_contents;
+	GNode *asn;
+#endif
+
+#if 0
+{
+	if (!g_file_get_contents (argv[1], &contents, &n_contents, &error))
+		barf_and_die ("couldn't load file", egg_error_message (error));
+
+	asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
+	g_return_val_if_fail (asn, 1);
+
+	if (!egg_asn1x_create_and_decode (contents, n_contents))
+		barf_and_die ("couldn't parse file", egg_asn1x_message (asn));
+
+	/* Print out the certificate we refer to first */
+	node = egg_asn1x_node (asn, "reference", "certReference", NULL);
+	if (egg_asn1x_have (node)) {
+		dump_certificate_reference (node);
+	} else {
+		node = egg_asn1x_node (asn, "reference", "certComplete", NULL);
+		if (egg_asn1x_have (node))
+			dump_certificate_complete (node);
+		else
+			barf_and_die ("unsupported certificate reference", NULL);
+	}
+
+
+}
+#endif
+
+static void
+create_trust_file_for_certificate (const gchar *filename, const gchar *certificate)
+{
+	GError *err = NULL;
+	GNode *asn, *cert, *choice, *ref;
+	gchar *data, *result;
+	gsize n_data, n_result;
+
+	if (!g_file_get_contents (certificate, &data, &n_data, &err))
+		barf_and_die ("couldn't read certificate file", egg_error_message (err));
+
+	/* Make sure the certificate is */
+	cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
+	g_return_if_fail (cert);
+	if (!egg_asn1x_decode (cert, data, n_data))
+		barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
+
+	asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
+	g_return_if_fail (asn);
+
+	ref = egg_asn1x_node (asn, "reference", NULL);
+	choice = egg_asn1x_node (ref, "certComplete", NULL);
+
+	if (!egg_asn1x_set_choice (ref, choice) ||
+	    !egg_asn1x_set_raw_element (choice, data, n_data, g_free))
+		g_return_if_reached ();
+
+	result = egg_asn1x_encode (asn, NULL, &n_result);
+	if (result == NULL)
+		barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
+
+	egg_asn1x_destroy (asn);
+	egg_asn1x_destroy (cert);
+
+	if (!g_file_set_contents (filename, result, n_result, &err))
+		barf_and_die ("couldn't write trust file", egg_error_message (err));
+}
+
+static void
+create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate)
+{
+	GError *err = NULL;
+	GNode *asn, *cert, *choice, *ref;
+	GNode *issuer, *serial;
+	gchar *data, *result;
+	gpointer value;
+	gconstpointer element;
+	gsize n_data, n_result, n_element, n_value;
+
+	if (!g_file_get_contents (certificate, &data, &n_data, &err))
+		barf_and_die ("couldn't read certificate file", egg_error_message (err));
+
+	/* Make sure the certificate is */
+	cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
+	g_return_if_fail (cert);
+	if (!egg_asn1x_decode (cert, data, n_data))
+		barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
+
+	/* Dig out the issuer and serial */
+	issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL);
+	serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL);
+	g_return_if_fail (issuer && serial);
+
+	/* Create up the trust structure */
+	asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
+	g_return_if_fail (asn);
+
+	/* Setup the type of trust assertion */
+	ref = egg_asn1x_node (asn, "reference", NULL);
+	choice = egg_asn1x_node (ref, "certReference", NULL);
+	if (!egg_asn1x_set_choice (ref, choice))
+		g_return_if_reached ();
+
+	/* Copy over the serial and issuer */
+	element = egg_asn1x_get_raw_element (issuer, &n_element);
+	if (!egg_asn1x_set_raw_element (egg_asn1x_node (choice, "issuer", NULL),
+	                                g_memdup (element, n_element), n_element, g_free))
+		g_return_if_reached ();
+	value = egg_asn1x_get_integer_as_raw (serial, NULL, &n_value);
+	if (!egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value, n_value, g_free))
+		g_return_if_reached ();
+
+	result = egg_asn1x_encode (asn, NULL, &n_result);
+	if (result == NULL)
+		barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
+
+	g_free (data);
+	egg_asn1x_destroy (cert);
+	egg_asn1x_destroy (asn);
+
+	if (!g_file_set_contents (filename, result, n_result, &err))
+		barf_and_die ("couldn't write trust file", egg_error_message (err));
+}
+
+/* --------------------------------------------------------------------------------
+ * MAIN
+ */
+
+static gchar *create_for_file = NULL;
+static gchar *refer_for_file = NULL;
+static gchar *add_trust_purpose = NULL;
+
+static GOptionEntry option_entries[] = {
+	{ "create", '\0', 0, G_OPTION_ARG_FILENAME, &create_for_file,
+	  "Create trust file for full certificate.", "certificate" },
+	{ "refer", '\0', 0, G_OPTION_ARG_FILENAME, &refer_for_file,
+	  "Create trust file for issuer+serial certificate", "certificate" },
+	{ "add-trust", '\0', 0, G_OPTION_ARG_STRING, &add_trust_purpose,
+	  "Add trust purpose to trust file", "purpose" },
+	{ NULL }
+};
+
+int
+main(int argc, char* argv[])
+{
+	GError *err = NULL;
+	GOptionContext *context;
+
+	context = g_option_context_new ("trust-file");
+	g_option_context_add_main_entries (context, option_entries, GETTEXT_PACKAGE);
+	if (!g_option_context_parse (context, &argc, &argv, &err))
+		barf_and_die (egg_error_message (err), NULL);
+
+	g_option_context_free (context);
+
+	if (argc != 2)
+		barf_and_die ("specify trust-file", NULL);
+
+	if (((create_for_file ? 1 : 0) +
+	     (refer_for_file ? 1 : 0) +
+	     (add_trust_purpose ? 1 : 0)) > 1)
+		barf_and_die ("incompatible options specified", NULL);
+
+	if (create_for_file)
+		create_trust_file_for_certificate (argv[1], create_for_file);
+	else if (refer_for_file)
+		create_trust_file_for_issuer_and_serial (argv[1], refer_for_file);
+#if 0
+	else if (add_trust_purpose)
+		add_trust_purpose_to_file (argv[1], add_trust_purpose);
+#endif
+
+	g_free (create_for_file);
+	g_free (refer_for_file);
+	g_free (add_trust_purpose);
+
+	return 0;
+}
diff --git a/pkcs11/xdg-store/xdg.asn b/pkcs11/xdg-store/xdg.asn
index bb7ccf8..41f7674 100644
--- a/pkcs11/xdg-store/xdg.asn
+++ b/pkcs11/xdg-store/xdg.asn
@@ -14,9 +14,9 @@ TrustLevel ::= ENUMERATED {
 }
 
 TrustAssertion ::= SEQUENCE {
-	purpose                 OBJECT IDENTIFIER,
+	purpose                 OCTET STRING,
 	level                   TrustLevel,
-	with                    OCTET STRING,
+	peer                    OCTET STRING,
 
 	additions               SEQUENCE OF ANY
 }
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]