#include "config.h"
-#include "common/attrs.h"
-#include "common/debug.h"
-#include "common/pkcs11x.h"
+#include "compat.h"
+#include "attrs.h"
+#include "debug.h"
+#include "pkcs11x.h"
#include "p11-kit/iter.h"
#include "p11-kit/p11-kit.h"
#include <stdlib.h>
#include <string.h>
-int
-main (int argc,
- char *argv[])
+static void
+dump_object (P11KitIter *iter,
+ CK_ATTRIBUTE *attrs)
+{
+ CK_ATTRIBUTE label = { CKA_LABEL, };
+ CK_ATTRIBUTE *attr;
+ char *string;
+ char *name;
+ CK_RV rv;
+
+ attr = p11_attrs_find_valid (attrs, CKA_LABEL);
+ if (!attr) {
+ rv = p11_kit_iter_load_attributes (iter, &label, 1);
+ if (rv == CKR_OK)
+ attr = &label;
+ }
+
+ if (attr)
+ name = strndup (attr->pValue, attr->ulValueLen);
+ else
+ name = strdup ("unknown");
+
+ string = p11_attrs_to_string (attrs);
+ printf ("\"%s\" = %s\n", name, string);
+ free (string);
+
+ free (label.pValue);
+}
+
+static int
+dump_trust_module (const char *path)
{
CK_FUNCTION_LIST *module;
- CK_TRUST untrusted = CKT_NSS_NOT_TRUSTED;
- CK_ATTRIBUTE server_not_trusted =
- { CKA_TRUST_SERVER_AUTH, &untrusted, sizeof (untrusted) };
+ CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
+ CK_ATTRIBUTE match =
+ { CKA_CLASS, &nss_trust, sizeof (nss_trust) };
P11KitIter *iter;
+ CK_ATTRIBUTE *attrs;
CK_RV rv;
- char *string;
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, NULL, 0 },
- { CKA_LABEL, NULL, 0 },
- { CKA_ISSUER, NULL, 0 },
- { CKA_SERIAL_NUMBER, NULL, 0 },
- { CKA_TRUST_SERVER_AUTH, NULL, 0 },
- { CKA_TRUST_EMAIL_PROTECTION, NULL, 0 },
- { CKA_TRUST_CODE_SIGNING, NULL, 0 },
- { CKA_TRUST_STEP_UP_APPROVED, NULL, 0 },
+ CK_ATTRIBUTE template[] = {
+ { CKA_CLASS,},
+ { CKA_LABEL, },
+ { CKA_CERT_MD5_HASH, },
+ { CKA_CERT_SHA1_HASH },
+ { CKA_ISSUER, },
+ { CKA_SERIAL_NUMBER, },
+ { CKA_TRUST_SERVER_AUTH, },
+ { CKA_TRUST_EMAIL_PROTECTION, },
+ { CKA_TRUST_CODE_SIGNING, },
+ { CKA_TRUST_STEP_UP_APPROVED, },
{ CKA_INVALID, }
};
- CK_ULONG count = p11_attrs_count (attrs);
- CK_ULONG i;
+ CK_ULONG count = p11_attrs_count (template);
- if (argc != 2) {
- fprintf (stderr, "usage: frob-nss-trust module\n");
- return 2;
- }
-
- rv = p11_kit_load_initialize_module (argv[1], &module);
+ rv = p11_kit_load_initialize_module (path, &module);
return_val_if_fail (rv == CKR_OK, 1);
iter = p11_kit_iter_new (NULL);
- p11_kit_iter_add_filter (iter, &server_not_trusted, 1);
+ p11_kit_iter_add_filter (iter, &match, 1);
p11_kit_iter_begin_with (iter, module, 0, 0);
while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ attrs = p11_attrs_dup (template);
rv = p11_kit_iter_load_attributes (iter, attrs, count);
- return_val_if_fail (rv == CKR_OK, 1);
- string = p11_attrs_to_string (attrs);
- printf ("%s\n", string);
- free (string);
+ return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1);
+ p11_attrs_purge (attrs);
+ dump_object (iter, attrs);
+ p11_attrs_free (attrs);
}
return_val_if_fail (rv == CKR_CANCEL, 1);
- for (i = 0; i < count; i++)
- free (attrs[i].pValue);
-
p11_kit_finalize_module (module);
return 0;
}
+
+static int
+compare_trust_modules (const char *path1,
+ const char *path2)
+{
+ CK_FUNCTION_LIST *module1;
+ CK_FUNCTION_LIST *module2;
+ CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
+ CK_ATTRIBUTE match =
+ { CKA_CLASS, &nss_trust, sizeof (nss_trust) };
+ P11KitIter *iter;
+ P11KitIter *iter2;
+ CK_ATTRIBUTE *check;
+ CK_RV rv;
+
+ CK_ATTRIBUTE template[] = {
+ { CKA_CLASS, },
+ { CKA_ISSUER, },
+ { CKA_SERIAL_NUMBER, },
+ { CKA_CERT_MD5_HASH, },
+ { CKA_CERT_SHA1_HASH },
+ { CKA_TRUST_SERVER_AUTH, },
+ { CKA_TRUST_EMAIL_PROTECTION, },
+ { CKA_TRUST_CODE_SIGNING, },
+ { CKA_TRUST_STEP_UP_APPROVED, },
+ { CKA_INVALID, }
+ };
+
+ rv = p11_kit_load_initialize_module (path1, &module1);
+ return_val_if_fail (rv == CKR_OK, 1);
+
+ rv = p11_kit_load_initialize_module (path2, &module2);
+ return_val_if_fail (rv == CKR_OK, 1);
+
+ iter = p11_kit_iter_new (NULL);
+ p11_kit_iter_add_filter (iter, &match, 1);
+ p11_kit_iter_begin_with (iter, module1, 0, 0);
+
+ while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
+ check = p11_attrs_dup (template);
+
+ rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check));
+ return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1);
+
+ /* Go through and remove anything not found */
+ p11_attrs_purge (check);
+
+ /* Check that this object exists */
+ iter2 = p11_kit_iter_new (NULL);
+ p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check));
+ p11_kit_iter_begin_with (iter2, module2, 0, 0);
+ rv = p11_kit_iter_next (iter2);
+ p11_kit_iter_free (iter2);
+
+ if (rv != CKR_OK)
+ dump_object (iter, check);
+
+ p11_attrs_free (check);
+ }
+
+ return_val_if_fail (rv == CKR_CANCEL, 1);
+ p11_kit_finalize_module (module1);
+ p11_kit_finalize_module (module2);
+
+ return 0;
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ if (argc == 2) {
+ return dump_trust_module (argv[1]);
+ } else if (argc == 3) {
+ return compare_trust_modules (argv[1], argv[2]);
+ } else {
+ fprintf (stderr, "usage: frob-nss-trust module\n");
+ fprintf (stderr, " frob-nss-trust module1 module2\n");
+ return 2;
+ }
+}
projects / p11-kit / commitdiff