Line data Source code
1 : /*
2 : * gnome-keyring
3 : *
4 : * Copyright (C) 2010 Stefan Walter
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU Lesser General Public License as
8 : * published by the Free Software Foundation; either version 2.1 of
9 : * the License, or (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful, but
12 : * WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 : * Lesser General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU Lesser General Public
17 : * License along with this program; if not, see
18 : * <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "config.h"
22 :
23 : #include "gkm-trust.h"
24 :
25 : #include "gkm-attributes.h"
26 : #include "gkm-log.h"
27 : #include "gkm-object.h"
28 : #include "gkm-oids.h"
29 :
30 : #include "pkcs11/pkcs11n.h"
31 : #include "pkcs11/pkcs11i.h"
32 :
33 : #include <glib/gi18n.h>
34 :
35 130 : G_DEFINE_TYPE (GkmTrust, gkm_trust, GKM_TYPE_OBJECT);
36 :
37 : /* -----------------------------------------------------------------------------
38 : * INTERNAL
39 : */
40 :
41 : static CK_RV
42 24 : trust_get_usage (GkmTrust *self, const gchar *purpose, CK_ATTRIBUTE_PTR attr)
43 : {
44 : GkmTrustLevel level;
45 : CK_ULONG trust;
46 :
47 24 : level = gkm_trust_get_level_for_purpose (self, purpose);
48 :
49 24 : switch (level) {
50 0 : case GKM_TRUST_UNKNOWN:
51 0 : trust = CKT_NETSCAPE_TRUST_UNKNOWN;
52 0 : break;
53 8 : case GKM_TRUST_DISTRUSTED:
54 8 : trust = CKT_NETSCAPE_UNTRUSTED;
55 8 : break;
56 8 : case GKM_TRUST_TRUSTED:
57 8 : trust = CKT_NETSCAPE_TRUSTED;
58 8 : break;
59 8 : case GKM_TRUST_ANCHOR:
60 8 : trust = CKT_NETSCAPE_TRUSTED_DELEGATOR;
61 8 : break;
62 0 : default:
63 0 : g_return_val_if_reached (CKR_GENERAL_ERROR);
64 : };
65 :
66 24 : return gkm_attribute_set_ulong (attr, trust);
67 : }
68 :
69 : /* -----------------------------------------------------------------------------
70 : * OBJECT
71 : */
72 :
73 : static CK_RV
74 96 : gkm_trust_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE_PTR attr)
75 : {
76 96 : GkmTrust *self = GKM_TRUST (base);
77 :
78 : /*
79 : * This object exposes a netscape compatible trust object. However the
80 : * primary interface for dealing with trust is through GkmAssertion objects.
81 : */
82 :
83 96 : switch (attr->type)
84 : {
85 0 : case CKA_PRIVATE:
86 0 : return gkm_attribute_set_bool (attr, CK_FALSE);
87 0 : case CKA_TRUST_STEP_UP_APPROVED:
88 0 : return gkm_attribute_set_bool (attr, CK_FALSE);
89 0 : case CKA_CLASS:
90 0 : return gkm_attribute_set_ulong (attr, CKO_NETSCAPE_TRUST);
91 0 : case CKA_MODIFIABLE:
92 0 : return gkm_attribute_set_bool (attr, CK_FALSE);
93 :
94 : /*
95 : * TODO: Is it even useful to support overriding from certificate
96 : * defaults? For now we just return unknown for all of them, and
97 : * the caller should use whatever's in the certificate.
98 : */
99 0 : case CKA_TRUST_DIGITAL_SIGNATURE:
100 : case CKA_TRUST_NON_REPUDIATION:
101 : case CKA_TRUST_KEY_ENCIPHERMENT:
102 : case CKA_TRUST_DATA_ENCIPHERMENT:
103 : case CKA_TRUST_KEY_AGREEMENT:
104 : case CKA_TRUST_KEY_CERT_SIGN:
105 : case CKA_TRUST_CRL_SIGN:
106 0 : return gkm_attribute_set_ulong (attr, CKT_NETSCAPE_TRUST_UNKNOWN);
107 :
108 : /* Various trust flags */
109 3 : case CKA_TRUST_SERVER_AUTH:
110 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_SERVER_AUTH, attr);
111 3 : case CKA_TRUST_CLIENT_AUTH:
112 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_CLIENT_AUTH, attr);
113 3 : case CKA_TRUST_CODE_SIGNING:
114 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_CODE_SIGNING, attr);
115 3 : case CKA_TRUST_EMAIL_PROTECTION:
116 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_EMAIL, attr);
117 3 : case CKA_TRUST_IPSEC_END_SYSTEM:
118 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_IPSEC_ENDPOINT, attr);
119 3 : case CKA_TRUST_IPSEC_TUNNEL:
120 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_IPSEC_TUNNEL, attr);
121 3 : case CKA_TRUST_IPSEC_USER:
122 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_IPSEC_USER, attr);
123 3 : case CKA_TRUST_TIME_STAMPING:
124 3 : return trust_get_usage (self, GKM_OID_EXTUSAGE_TIME_STAMPING, attr);
125 :
126 : /* Certificate reference values */
127 0 : case CKA_SUBJECT:
128 : case CKA_SERIAL_NUMBER:
129 : case CKA_ISSUER:
130 : case CKA_CERT_MD5_HASH:
131 : case CKA_CERT_SHA1_HASH:
132 0 : g_warning ("derived class should have provided %s attribute",
133 : gkm_log_attr_type (attr->type));
134 0 : return CKR_ATTRIBUTE_TYPE_INVALID;
135 :
136 72 : default:
137 72 : break;
138 : };
139 :
140 72 : return GKM_OBJECT_CLASS (gkm_trust_parent_class)->get_attribute (base, session, attr);
141 : }
142 :
143 : static GkmTrustLevel
144 0 : gkm_trust_real_get_trust_level (GkmTrust *self, const gchar *purpose)
145 : {
146 0 : return GKM_TRUST_UNKNOWN;
147 : }
148 :
149 : static void
150 48 : gkm_trust_init (GkmTrust *self)
151 : {
152 : /* For future expansion */
153 48 : self->pv = NULL;
154 48 : }
155 :
156 : static void
157 2 : gkm_trust_class_init (GkmTrustClass *klass)
158 : {
159 2 : GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
160 2 : gkm_class->get_attribute = gkm_trust_get_attribute;
161 2 : klass->get_trust_level = gkm_trust_real_get_trust_level;
162 2 : }
163 :
164 : /* -----------------------------------------------------------------------------
165 : * PUBLIC
166 : */
167 :
168 : GkmTrustLevel
169 24 : gkm_trust_get_level_for_purpose (GkmTrust *self, const gchar *purpose)
170 : {
171 24 : g_return_val_if_fail (GKM_IS_TRUST (self), GKM_TRUST_UNKNOWN);
172 24 : g_return_val_if_fail (purpose, GKM_TRUST_UNKNOWN);
173 24 : g_assert (GKM_TRUST_GET_CLASS (self)->get_trust_level);
174 24 : return GKM_TRUST_GET_CLASS (self)->get_trust_level (self, purpose);
175 : }
|