[gnome-keyring/trust-store] [xdg-store] Assertion creation test and fixes.

From: Stefan Walter <stefw src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keyring/trust-store] [xdg-store] Assertion creation test and fixes.
Date: Thu, 25 Nov 2010 03:25:05 +0000 (UTC)
commit 00a1c8b66f5cecbd08e50cb7390d62602a52b77b
Author: Stef Walter <stefw collabora co uk>
Date:   Thu Nov 25 03:24:09 2010 +0000

    [xdg-store] Assertion creation test and fixes.

 pkcs11/gkm/gkm-assertion.c              |   15 ++++++++++++++-
 pkcs11/xdg-store/gkm-xdg-assertion.c    |   28 ++++++++++++++--------------
 pkcs11/xdg-store/gkm-xdg-trust.c        |   22 ++++++++++++++--------
 pkcs11/xdg-store/tests/test-xdg-trust.c |   28 ++++++++++++++++++++++++++++
 4 files changed, 70 insertions(+), 23 deletions(-)
---
diff --git a/pkcs11/gkm/gkm-assertion.c b/pkcs11/gkm/gkm-assertion.c
index 5302652..c35e3f5 100644
--- a/pkcs11/gkm/gkm-assertion.c
+++ b/pkcs11/gkm/gkm-assertion.c
@@ -95,6 +95,18 @@ gkm_assertion_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_
 	return GKM_OBJECT_CLASS (gkm_assertion_parent_class)->get_attribute (base, session, attr);
 }
 
+static GObject*
+gkm_assertion_constructor (GType type, guint n_props, GObjectConstructParam *props)
+{
+	GkmAssertion *self = GKM_ASSERTION (G_OBJECT_CLASS (gkm_assertion_parent_class)->constructor(type, n_props, props));
+
+	g_return_val_if_fail (self, NULL);
+	g_return_val_if_fail (self->pv->purpose, NULL);
+	g_return_val_if_fail (self->pv->type, NULL);
+
+	return G_OBJECT (self);
+}
+
 static void
 gkm_assertion_init (GkmAssertion *self)
 {
@@ -179,6 +191,7 @@ gkm_assertion_class_init (GkmAssertionClass *klass)
 	GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
 	GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
 
+	gobject_class->constructor = gkm_assertion_constructor;
 	gobject_class->finalize = gkm_assertion_finalize;
 	gobject_class->set_property = gkm_assertion_set_property;
 	gobject_class->get_property = gkm_assertion_get_property;
@@ -197,7 +210,7 @@ gkm_assertion_class_init (GkmAssertionClass *klass)
 	         g_param_spec_string ("purpose", "Purpose", "The purpose for the trust",
 	                              NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
 
-	g_object_class_install_property (gobject_class, PROP_PURPOSE,
+	g_object_class_install_property (gobject_class, PROP_PEER,
 	         g_param_spec_string ("peer", "Peer", "Optional peer this assertion applies to",
 	                              NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
 
diff --git a/pkcs11/xdg-store/gkm-xdg-assertion.c b/pkcs11/xdg-store/gkm-xdg-assertion.c
index 55f5229..3755c73 100644
--- a/pkcs11/xdg-store/gkm-xdg-assertion.c
+++ b/pkcs11/xdg-store/gkm-xdg-assertion.c
@@ -75,7 +75,7 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
 		}
 
 		/* Attributes used for looking up trust object */
-		memcpy (lookups + 1, value, sizeof (value));
+		memcpy (lookups + 1, value, sizeof (*value));
 		n_lookups = 2;
 		break;
 
@@ -88,8 +88,8 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
 		}
 
 		/* Attributes used for looking up trust object */
-		memcpy (lookups + 1, issuer, sizeof (issuer));
-		memcpy (lookups + 2, issuer, sizeof (serial));
+		memcpy (lookups + 1, issuer, sizeof (*issuer));
+		memcpy (lookups + 2, serial, sizeof (*serial));
 		n_lookups = 2;
 		break;
 
@@ -104,23 +104,22 @@ lookup_or_create_trust_object (GkmSession *session, GkmManager *manager,
 	/* Found a matching trust object for this assertion */
 	if (objects) {
 		g_return_val_if_fail (GKM_XDG_IS_TRUST (objects->data), NULL);
-		trust = GKM_XDG_TRUST (objects->data);
+		trust = g_object_ref (objects->data);
 		g_list_free (objects);
 
 	/* Create a trust object for this assertion */
 	} else {
 		trust = gkm_xdg_trust_create_for_assertion (module, manager, transaction,
 		                                            lookups, n_lookups);
-	}
 
-	gkm_attributes_consume (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE,
-	                        CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
-	gkm_attributes_consume (lookups, n_lookups, CKA_G_CERTIFICATE_VALUE,
-	                        CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
+		gkm_attributes_consume (attrs, n_attrs, CKA_G_CERTIFICATE_VALUE,
+		                        CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
+		gkm_attributes_consume (lookups, n_lookups, CKA_G_CERTIFICATE_VALUE,
+		                        CKA_ISSUER, CKA_SERIAL_NUMBER, G_MAXULONG);
 
-	if (!gkm_transaction_get_failed (transaction)) {
-		gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (trust),
-		                                      TRUE, lookups, n_lookups);
+		if (!gkm_transaction_get_failed (transaction))
+			gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (trust),
+			                                      TRUE, lookups, n_lookups);
 	}
 
 	return trust;
@@ -168,8 +167,8 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
 	}
 
 	assertion = g_object_new (GKM_XDG_TYPE_ASSERTION,
-	                          "module", gkm_object_get_module (GKM_OBJECT (trust)),
-	                          "manager", gkm_object_get_manager (GKM_OBJECT (manager)),
+	                          "module", gkm_session_get_module (session),
+	                          "manager", manager,
 	                          "trust", trust,
 	                          "type", type,
 	                          "purpose", purpose,
@@ -195,6 +194,7 @@ factory_create_assertion (GkmSession *session, GkmTransaction *transaction,
 		                                      TRUE, attrs, n_attrs);
 	}
 
+	g_object_unref (trust);
 	return GKM_OBJECT (assertion);
 }
 
diff --git a/pkcs11/xdg-store/gkm-xdg-trust.c b/pkcs11/xdg-store/gkm-xdg-trust.c
index 20a4e30..18993ba 100644
--- a/pkcs11/xdg-store/gkm-xdg-trust.c
+++ b/pkcs11/xdg-store/gkm-xdg-trust.c
@@ -182,17 +182,22 @@ static gboolean
 validate_der (CK_ATTRIBUTE_PTR attr, const gchar *asn_type)
 {
 	GNode *asn;
+	gboolean valid = TRUE;
 
 	if (!attr->pValue || attr->ulValueLen == (CK_ULONG)-1)
 		return FALSE;
 
-	asn = egg_asn1x_create_and_decode (pkix_asn1_tab, asn_type, attr->pValue, attr->ulValueLen);
-	if (!asn)
-		return FALSE;
+	asn = egg_asn1x_create (pkix_asn1_tab, asn_type);
+	g_return_val_if_fail (asn, FALSE);
+
+	valid = egg_asn1x_decode (asn, attr->pValue, attr->ulValueLen);
+	if (!valid)
+		g_message ("failed to parse certificate passed to trust assertion: %s",
+		           egg_asn1x_message (asn));
 
 	/* Yes, this is an expensive check, but worthwhile */
 	egg_asn1x_destroy (asn);
-	return TRUE;
+	return valid;
 }
 
 static gboolean
@@ -363,7 +368,7 @@ complete_add_assertion (GkmTransaction *transaction, GObject *object, gpointer u
 	if (gkm_transaction_get_failed (transaction))
 		remove_assertion_from_trust (self, assertion, NULL);
 	else
-		g_object_run_dispose (G_OBJECT (object));
+		g_object_run_dispose (G_OBJECT (assertion));
 
 	g_object_unref (assertion);
 	return TRUE;
@@ -378,7 +383,7 @@ add_assertion_to_trust (GkmXdgTrust *self, GkmAssertion *assertion,
 	key = lookup_assertion_key (assertion);
 	g_assert (key);
 
-	g_hash_table_insert (self->pv->assertions, g_byte_array_ref (key), assertion);
+	g_hash_table_insert (self->pv->assertions, g_byte_array_ref (key), g_object_ref (assertion));
 	gkm_object_expose (GKM_OBJECT (assertion), gkm_object_is_exposed (GKM_OBJECT (self)));
 
 	if (transaction != NULL)
@@ -485,7 +490,8 @@ save_assertion (GNode *asn, GkmAssertion *assertion)
 	purpose = gkm_assertion_get_purpose (assertion);
 	peer = gkm_assertion_get_peer (assertion);
 
-	if (!egg_asn1x_set_oid_as_string (egg_asn1x_node (asn, "purpose", NULL), purpose) ||
+	if (!egg_asn1x_set_string_as_utf8 (egg_asn1x_node (asn, "purpose", NULL),
+	                                   g_strdup (purpose), g_free) ||
 	    !egg_asn1x_set_enumerated (egg_asn1x_node (asn, "level", NULL), level))
 		g_return_val_if_reached (FALSE);
 
@@ -779,7 +785,7 @@ gkm_xdg_trust_create_for_assertion (GkmModule *module, GkmManager *manager,
 			gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
 			return NULL;
 		}
-		if (!validate_der (cert, "TBSCertificate")) {
+		if (!validate_der (cert, "Certificate")) {
 			gkm_transaction_fail (transaction, CKR_ATTRIBUTE_VALUE_INVALID);
 			return NULL;
 		}
diff --git a/pkcs11/xdg-store/tests/test-xdg-trust.c b/pkcs11/xdg-store/tests/test-xdg-trust.c
index 988498e..e50b695 100644
--- a/pkcs11/xdg-store/tests/test-xdg-trust.c
+++ b/pkcs11/xdg-store/tests/test-xdg-trust.c
@@ -160,6 +160,34 @@ TESTING_TEST (trust_load_object)
 	gkm_assert_cmpulong (n_objects, ==, 1);
 }
 
+TESTING_TEST (trust_create_assertion)
+{
+	CK_OBJECT_CLASS klass = CKO_G_TRUST_ASSERTION;
+	CK_ASSERTION_TYPE atype = CKT_G_CERTIFICATE_TRUST_ANCHOR;
+	CK_OBJECT_HANDLE object = 0;
+	gpointer data;
+	gsize n_data;
+	CK_RV rv;
+
+	CK_ATTRIBUTE attrs[] = {
+		{ CKA_G_CERTIFICATE_VALUE, NULL, 0 },
+		{ CKA_CLASS, &klass, sizeof (klass) },
+		{ CKA_G_ASSERTION_TYPE, &atype, sizeof (atype) },
+		{ CKA_G_PURPOSE, "test-purpose", 12 },
+	};
+
+	data = testing_data_read ("test-certificate-2.cer", &n_data);
+	g_assert (data);
+
+	attrs[0].pValue = data;
+	attrs[0].ulValueLen = n_data;
+
+	rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object);
+	gkm_assert_cmprv (rv, ==, CKR_OK);
+	gkm_assert_cmpulong (object, !=, 0);
+}
+
+
 #if 0
 TESTING_TEST (trust_create)
 {
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]