[gnome-keyring/with-p11-kit: 4/4] Use p11-kit to lookup trust uris.

[Stefan Walter <stefw src gnome org>]

commit afae4e14d620e604157985fa2797b870b678952a
Author: Stef Walter <stefw collabora co uk>
Date:   Tue Apr 5 16:22:57 2011 +0200

    Use p11-kit to lookup trust uris.

 gcr/Makefile.am                          |    1 +
 gcr/gcr-library.c                        |   38 +++++++++++++++++++++--------
 pkcs11/rpc-layer/gnome-keyring-module.in |    4 +++
 3 files changed, 32 insertions(+), 11 deletions(-)
---
diff --git a/gcr/Makefile.am b/gcr/Makefile.am
index bfecc9a..57c549d 100644
--- a/gcr/Makefile.am
+++ b/gcr/Makefile.am
@@ -104,6 +104,7 @@ libgcr GCR_VERSION_SUFFIX@_la_SOURCES = \
 libgcr GCR_VERSION_SUFFIX@_la_CFLAGS = \
 	-DGCK_API_SUBJECT_TO_CHANGE \
 	-DGCR_API_SUBJECT_TO_CHANGE \
+	-DP11_KIT_API_SUBJECT_TO_CHANGE \
 	-DGCR_COMPILATION \
 	-DUIDIR=\""$(uidir)"\"
 
diff --git a/gcr/gcr-library.c b/gcr/gcr-library.c
index 07651c7..e0bb5e6 100644
--- a/gcr/gcr-library.c
+++ b/gcr/gcr-library.c
@@ -32,6 +32,8 @@
 #include "egg/egg-libgcrypt.h"
 #include "egg/egg-secure-memory.h"
 
+#include "p11-kit/p11-kit.h"
+
 #include <gck/gck.h>
 
 #include <gcrypt.h>
@@ -159,25 +161,39 @@ void
 _gcr_initialize (void)
 {
 	static volatile gsize gcr_initialized = 0;
+	CK_FUNCTION_LIST_PTR_PTR module_list;
+	GPtrArray *uris;
+	gchar *uri;
+	guint i;
 
 	/* Initialize the libgcrypt library if needed */
 	egg_libgcrypt_initialize ();
 
 	if (g_once_init_enter (&gcr_initialized)) {
-		all_modules = gck_modules_initialize_registered ();
 
-		/*
-		 * Soon we're going to have support for using a configuration of
-		 * PKCS#11 modules using p11-kit. But for this release this is
-		 * hard coded.
-		 */
+		/* This calls p11_kit_initialize_registered */
+		all_modules = gck_modules_initialize_registered ();
 
-		trust_store_uri = g_strdup ("pkcs11:library-manufacturer=GNOME%20Keyring;serial=1:XDG:DEFAULT");
+		module_list = p11_kit_registered_modules ();
+
+		/* Ask for the global x-trust-store option */
+		trust_store_uri = p11_kit_registered_option (NULL, "x-trust-store");
+		for (i = 0; !trust_store_uri && module_list[i]; i++)
+			trust_store_uri = p11_kit_registered_option (module_list[i], "x-trust-store");
+
+		uris = g_ptr_array_new ();
+		uri = p11_kit_registered_option (NULL, "x-trust-lookup");
+		if (uri != NULL)
+			g_ptr_array_add (uris, uri);
+		for (i = 0; module_list[i]; i++) {
+			uri = p11_kit_registered_option (module_list[i], "x-trust-lookup");
+			if (uri != NULL)
+				g_ptr_array_add (uris, uri);
+		}
+		g_ptr_array_add (uris, NULL);
 
-		trust_lookup_uris = g_new0 (gchar*, 3);
-		trust_lookup_uris[0] = g_strdup ("pkcs11:library-manufacturer=GNOME%20Keyring;serial=1:ROOTS:DEFAULT");
-		trust_lookup_uris[1] = g_strdup ("pkcs11:library-manufacturer=GNOME%20Keyring;serial=1:XDG:DEFAULT");
-		trust_lookup_uris[2] = NULL;
+		trust_lookup_uris = (gchar**)g_ptr_array_free (uris, FALSE);
+		free (module_list);
 
 		g_once_init_leave (&gcr_initialized, 1);
 	}
diff --git a/pkcs11/rpc-layer/gnome-keyring-module.in b/pkcs11/rpc-layer/gnome-keyring-module.in
index 01be1e1..3e68ce5 100644
--- a/pkcs11/rpc-layer/gnome-keyring-module.in
+++ b/pkcs11/rpc-layer/gnome-keyring-module.in
@@ -2,3 +2,7 @@
 # This file describes how to load the gnome-keyring module
 
 module: @pkcs11dir@/gnome-keyring-pkcs11.so
+
+# And where to store and lookup trust objects
+x-trust-store: pkcs11:library-manufacturer=GNOME%20Keyring;serial=1:XDG:DEFAULT
+x-trust-lookup: pkcs11:library-manufacturer=GNOME%20Keyring