diff options
author | Stef Walter <stefw@collabora.co.uk> | 2011-10-05 11:02:44 +0200 |
---|---|---|
committer | Stef Walter <stefw@collabora.co.uk> | 2011-10-05 11:02:44 +0200 |
commit | 50250a36df564b9851f90e96eb382837d071bb4e (patch) | |
tree | 876e5b8970f835ca4ba611e2169ba17d50080631 | |
parent | 60de0d8afc6bac2a749cd13cd4ec21b0b54a957c (diff) | |
download | gnome-keyring-50250a36df564b9851f90e96eb382837d071bb4e.tar.gz |
gcr: Parse required attributes out of certificates
* PKCS#11 requires the CKA_SUBJECT, CKA_ISSUER and
CKA_SERIAL_NUMBER in new certificate objects, so we parse
them in the parser.
-rw-r--r-- | gcr/gcr-parser.c | 66 |
1 files changed, 45 insertions, 21 deletions
diff --git a/gcr/gcr-parser.c b/gcr/gcr-parser.c index 23f02121..ffcdd091 100644 --- a/gcr/gcr-parser.c +++ b/gcr/gcr-parser.c @@ -227,8 +227,6 @@ parsed_attribute (GcrParsed *parsed, static gboolean parsed_asn1_number (GcrParsed *parsed, GNode *asn, - const guchar *data, - gsize n_data, const gchar *part, CK_ATTRIBUTE_TYPE type) { @@ -236,7 +234,6 @@ parsed_asn1_number (GcrParsed *parsed, gsize n_value; g_assert (asn); - g_assert (data); g_assert (parsed); value = egg_asn1x_get_integer_as_usg (egg_asn1x_node (asn, part, NULL), &n_value); @@ -247,6 +244,26 @@ parsed_asn1_number (GcrParsed *parsed, return TRUE; } +static gboolean +parsed_asn1_element (GcrParsed *parsed, + GNode *asn, + const gchar *part, + CK_ATTRIBUTE_TYPE type) +{ + const guchar *value; + gsize n_value; + + g_assert (asn); + g_assert (parsed); + + value = egg_asn1x_get_raw_element (egg_asn1x_node (asn, part, NULL), &n_value); + if (value == NULL) + return FALSE; + + parsed_attribute (parsed, type, value, n_value); + return TRUE; +} + static void parsed_ulong_attribute (GcrParsed *parsed, CK_ATTRIBUTE_TYPE type, @@ -469,12 +486,12 @@ parse_der_private_key_rsa (GcrParser *self, const guchar *data, gsize n_data) goto done; } - if (!parsed_asn1_number (parsed, asn, data, n_data, "modulus", CKA_MODULUS) || - !parsed_asn1_number (parsed, asn, data, n_data, "publicExponent", CKA_PUBLIC_EXPONENT) || - !parsed_asn1_number (parsed, asn, data, n_data, "privateExponent", CKA_PRIVATE_EXPONENT) || - !parsed_asn1_number (parsed, asn, data, n_data, "prime1", CKA_PRIME_1) || - !parsed_asn1_number (parsed, asn, data, n_data, "prime2", CKA_PRIME_2) || - !parsed_asn1_number (parsed, asn, data, n_data, "coefficient", CKA_COEFFICIENT)) + if (!parsed_asn1_number (parsed, asn, "modulus", CKA_MODULUS) || + !parsed_asn1_number (parsed, asn, "publicExponent", CKA_PUBLIC_EXPONENT) || + !parsed_asn1_number (parsed, asn, "privateExponent", CKA_PRIVATE_EXPONENT) || + !parsed_asn1_number (parsed, asn, "prime1", CKA_PRIME_1) || + !parsed_asn1_number (parsed, asn, "prime2", CKA_PRIME_2) || + !parsed_asn1_number (parsed, asn, "coefficient", CKA_COEFFICIENT)) goto done; parsed_fire (self, parsed); @@ -512,10 +529,10 @@ parse_der_private_key_dsa (GcrParser *self, const guchar *data, gsize n_data) parsed_boolean_attribute (parsed, CKA_PRIVATE, CK_TRUE); ret = GCR_ERROR_FAILURE; - if (!parsed_asn1_number (parsed, asn, data, n_data, "p", CKA_PRIME) || - !parsed_asn1_number (parsed, asn, data, n_data, "q", CKA_SUBPRIME) || - !parsed_asn1_number (parsed, asn, data, n_data, "g", CKA_BASE) || - !parsed_asn1_number (parsed, asn, data, n_data, "priv", CKA_VALUE)) + if (!parsed_asn1_number (parsed, asn, "p", CKA_PRIME) || + !parsed_asn1_number (parsed, asn, "q", CKA_SUBPRIME) || + !parsed_asn1_number (parsed, asn, "g", CKA_BASE) || + !parsed_asn1_number (parsed, asn, "priv", CKA_VALUE)) goto done; parsed_fire (self, parsed); @@ -551,10 +568,10 @@ parse_der_private_key_dsa_parts (GcrParser *self, const guchar *keydata, gsize n parsed_boolean_attribute (parsed, CKA_PRIVATE, CK_TRUE); ret = GCR_ERROR_FAILURE; - if (!parsed_asn1_number (parsed, asn_params, params, n_params, "p", CKA_PRIME) || - !parsed_asn1_number (parsed, asn_params, params, n_params, "q", CKA_SUBPRIME) || - !parsed_asn1_number (parsed, asn_params, params, n_params, "g", CKA_BASE) || - !parsed_asn1_number (parsed, asn_key, keydata, n_keydata, NULL, CKA_VALUE)) + if (!parsed_asn1_number (parsed, asn_params, "p", CKA_PRIME) || + !parsed_asn1_number (parsed, asn_params, "q", CKA_SUBPRIME) || + !parsed_asn1_number (parsed, asn_params, "g", CKA_BASE) || + !parsed_asn1_number (parsed, asn_key, NULL, CKA_VALUE)) goto done; parsed_fire (self, parsed); @@ -774,8 +791,9 @@ static gint parse_der_certificate (GcrParser *self, const guchar *data, gsize n_data) { gchar *name = NULL; - GNode *asn; GcrParsed *parsed; + GNode *node; + GNode *asn; asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", data, n_data); if (asn == NULL) @@ -787,10 +805,11 @@ parse_der_certificate (GcrParser *self, const guchar *data, gsize n_data) parsing_object (parsed, CKO_CERTIFICATE); parsed_ulong_attribute (parsed, CKA_CERTIFICATE_TYPE, CKC_X_509); - if (gcr_parser_get_parsed_label (self) == NULL) - name = egg_dn_read_part (egg_asn1x_node (asn, "tbsCertificate", "subject", "rdnSequence", NULL), "CN"); + node = egg_asn1x_node (asn, "tbsCertificate", NULL); + g_return_val_if_fail (node != NULL, GCR_ERROR_FAILURE); - egg_asn1x_destroy (asn); + if (gcr_parser_get_parsed_label (self) == NULL) + name = egg_dn_read_part (egg_asn1x_node (node, "subject", "rdnSequence", NULL), "CN"); if (name != NULL) { parsed_label (parsed, name); @@ -798,8 +817,13 @@ parse_der_certificate (GcrParser *self, const guchar *data, gsize n_data) } parsed_attribute (parsed, CKA_VALUE, data, n_data); + parsed_asn1_element (parsed, node, "subject", CKA_SUBJECT); + parsed_asn1_element (parsed, node, "issuer", CKA_ISSUER); + parsed_asn1_number (parsed, node, "serialNumber", CKA_SERIAL_NUMBER); parsed_fire (self, parsed); + egg_asn1x_destroy (asn); + pop_parsed (self, parsed); return SUCCESS; } |