if (public_key == NULL || public_key->type == CKA_INVALID)
public_key = p11_attrs_find_valid (cert, CKA_PUBLIC_KEY_INFO);
- /* Look for a stapled certificate extension */
+ /* Look for an attached certificate extension */
if (public_key != NULL) {
memcpy (match, public_key, sizeof (CK_ATTRIBUTE));
obj = p11_index_find (index, match, -1);
/*
* If there is no basic constraints extension, and the CA version is
* v1, and is self-signed, then we assume this is a certificate authority.
- * So we add a BasicConstraints stapled certificate extension
+ * So we add a BasicConstraints attached certificate extension
*/
is_ca = 1;
#include <string.h>
static bool
-load_stapled_extension (p11_dict *stapled,
- p11_dict *asn1_defs,
- const unsigned char *der,
- size_t len)
+load_attached_extension (p11_dict *attached,
+ p11_dict *asn1_defs,
+ const unsigned char *der,
+ size_t len)
{
char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
node_asn *ext;
ext = p11_asn1_decode (asn1_defs, "PKIX1.Extension", der, len, message);
if (ext == NULL) {
- p11_message ("couldn't parse stapled certificate extension: %s", message);
+ p11_message ("couldn't parse attached certificate extension: %s", message);
return false;
}
oid = memdup (der + start, length);
return_val_if_fail (oid != NULL, false);
- if (!p11_dict_set (stapled, oid, ext))
+ if (!p11_dict_set (attached, oid, ext))
return_val_if_reached (false);
return true;
}
static p11_dict *
-load_stapled_extensions (p11_enumerate *ex,
- CK_ATTRIBUTE *spki)
+load_attached_extensions (p11_enumerate *ex,
+ CK_ATTRIBUTE *spki)
{
CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION;
CK_ATTRIBUTE *attrs;
P11KitIter *iter;
CK_RV rv = CKR_OK;
- p11_dict *stapled;
+ p11_dict *attached;
CK_ATTRIBUTE match[] = {
{ CKA_CLASS, &extension, sizeof (extension) },
{ CKA_VALUE, },
};
- stapled = p11_dict_new (p11_oid_hash, p11_oid_equal,
+ attached = p11_dict_new (p11_oid_hash, p11_oid_equal,
free, p11_asn1_free);
/* No ID to use, just short circuit */
if (!spki->pValue || !spki->ulValueLen)
- return stapled;
+ return attached;
iter = p11_kit_iter_new (NULL, 0);
p11_kit_iter_add_filter (iter, match, 2);
attrs = p11_attrs_buildn (NULL, template, 1);
rv = p11_kit_iter_load_attributes (iter, attrs, 1);
if (rv == CKR_OK) {
- if (!load_stapled_extension (stapled, ex->asn1_defs,
- attrs[0].pValue,
- attrs[0].ulValueLen)) {
+ if (!load_attached_extension (attached, ex->asn1_defs,
+ attrs[0].pValue,
+ attrs[0].ulValueLen)) {
rv = CKR_GENERAL_ERROR;
}
}
}
if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("couldn't load stapled extensions for certificate: %s", p11_kit_strerror (rv));
- p11_dict_free (stapled);
- stapled = NULL;
+ p11_message ("couldn't load attached extensions for certificate: %s", p11_kit_strerror (rv));
+ p11_dict_free (attached);
+ attached = NULL;
}
p11_kit_iter_free (iter);
- return stapled;
+ return attached;
}
static bool
unsigned char *value = NULL;
size_t length;
- if (ex->stapled) {
- ext = p11_dict_get (ex->stapled, P11_OID_EXTENDED_KEY_USAGE);
+ if (ex->attached) {
+ ext = p11_dict_get (ex->attached, P11_OID_EXTENDED_KEY_USAGE);
if (ext != NULL) {
value = p11_asn1_read (ext, "extnValue", &length);
return_val_if_fail (value != NULL, false);
attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
if (attr) {
- ex->stapled = load_stapled_extensions (ex, attr);
- if (!ex->stapled)
+ ex->attached = load_attached_extensions (ex, attr);
+ if (!ex->attached)
return false;
}
ex->cert_der = NULL;
ex->cert_len = 0;
- p11_dict_free (ex->stapled);
- ex->stapled = NULL;
+ p11_dict_free (ex->attached);
+ ex->attached = NULL;
p11_array_free (ex->purposes);
ex->purposes = NULL;
size_t cert_len;
/* DER OID -> CK_ATTRIBUTE list */
- p11_dict *stapled;
+ p11_dict *attached;
/* Set of OID purposes as strings */
p11_array *purposes;
node_asn *ext = NULL;
size_t length;
- if (ex->stapled)
- ext = p11_dict_get (ex->stapled, ext_oid);
+ if (ex->attached)
+ ext = p11_dict_get (ex->attached, ext_oid);
if (ext == NULL) {
*oids = NULL;
return true;
size_t length = 0;
int ret;
- if (ex->stapled)
- ext = p11_dict_get (ex->stapled, P11_OID_SUBJECT_KEY_IDENTIFIER);
+ if (ex->attached)
+ ext = p11_dict_get (ex->attached, P11_OID_SUBJECT_KEY_IDENTIFIER);
if (ext != NULL) {
value = p11_asn1_read (ext, "extnValue", &length);
return_val_if_fail (value != NULL, false);
}
static CK_ATTRIBUTE *
-stapled_attrs (p11_parser *parser,
- CK_ATTRIBUTE *id,
- CK_ATTRIBUTE *public_key_info,
- const char *oid_str,
- const unsigned char *oid_der,
- bool critical,
- node_asn *ext)
+attached_attrs (p11_parser *parser,
+ CK_ATTRIBUTE *id,
+ CK_ATTRIBUTE *public_key_info,
+ const char *oid_str,
+ const unsigned char *oid_der,
+ bool critical,
+ node_asn *ext)
{
CK_ATTRIBUTE *attrs;
unsigned char *der;
}
static CK_ATTRIBUTE *
-stapled_eku_attrs (p11_parser *parser,
- CK_ATTRIBUTE *id,
- CK_ATTRIBUTE *public_key_info,
- const char *oid_str,
- const unsigned char *oid_der,
- bool critical,
- p11_dict *oid_strs)
+attached_eku_attrs (p11_parser *parser,
+ CK_ATTRIBUTE *id,
+ CK_ATTRIBUTE *public_key_info,
+ const char *oid_str,
+ const unsigned char *oid_der,
+ bool critical,
+ p11_dict *oid_strs)
{
CK_ATTRIBUTE *attrs;
p11_dictiter iter;
}
- attrs = stapled_attrs (parser, id, public_key_info, oid_str, oid_der, critical, dest);
+ attrs = attached_attrs (parser, id, public_key_info, oid_str, oid_der, critical, dest);
asn1_delete_structure (&dest);
return attrs;
*/
if (trust) {
- attrs = stapled_eku_attrs (parser, id, public_key_info,
- P11_OID_EXTENDED_KEY_USAGE_STR,
- P11_OID_EXTENDED_KEY_USAGE,
- true, trust);
+ attrs = attached_eku_attrs (parser, id, public_key_info,
+ P11_OID_EXTENDED_KEY_USAGE_STR,
+ P11_OID_EXTENDED_KEY_USAGE,
+ true, trust);
return_val_if_fail (attrs != NULL, NULL);
sink_object (parser, attrs);
}
*/
if (reject && p11_dict_size (reject) > 0) {
- attrs = stapled_eku_attrs (parser, id, public_key_info,
- P11_OID_OPENSSL_REJECT_STR,
- P11_OID_OPENSSL_REJECT,
- false, reject);
+ attrs = attached_eku_attrs (parser, id, public_key_info,
+ P11_OID_OPENSSL_REJECT_STR,
+ P11_OID_OPENSSL_REJECT,
+ false, reject);
return_val_if_fail (attrs != NULL, NULL);
sink_object (parser, attrs);
}
{
CK_ULONG category = 2; /* CA */
- CK_ATTRIBUTE stapled[] = {
+ CK_ATTRIBUTE attached[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
{ CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
CK_ATTRIBUTE *extra;
CK_RV rv;
- /* Adding the stapled extension *first*, and then the certificate */
+ /* Adding the attached extension *first*, and then the certificate */
- /* Add a stapled certificate */
- rv = p11_index_add (test.index, stapled, 4, NULL);
+ /* Add a attached certificate */
+ rv = p11_index_add (test.index, attached, 4, NULL);
assert_num_eq (CKR_OK, rv);
attrs = NULL;
/*
* Even though the certificate is not a valid CA, the presence of the
- * stapled certificate extension transforms it into a CA.
+ * attached certificate extension transforms it into a CA.
*/
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
{
CK_ULONG category = 2; /* CA */
- CK_ATTRIBUTE stapled[] = {
+ CK_ATTRIBUTE attached[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
{ CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
CK_ATTRIBUTE *attrs;
CK_OBJECT_HANDLE handle;
- /* Adding the certificate *first*, and then the stapled extension */
+ /* Adding the certificate *first*, and then the attached extension */
rv = p11_index_add (test.index, input, 4, &handle);
assert_num_eq (CKR_OK, rv);
- /* Add a stapled certificate */
- rv = p11_index_add (test.index, stapled, 4, NULL);
+ /* Add a attached certificate */
+ rv = p11_index_add (test.index, attached, 4, NULL);
assert_num_eq (CKR_OK, rv);
/*
* Even though the certificate is not a valid CA, the presence of the
- * stapled certificate extension transforms it into a CA.
+ * attached certificate extension transforms it into a CA.
*/
attrs = p11_index_lookup (test.index, handle);
test_check_attrs (expected, attrs);
{
CK_ULONG category = 0;
- CK_ATTRIBUTE stapled[] = {
+ CK_ATTRIBUTE attached[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
{ CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 },
category = 0;
assert (p11_index_find (test.index, match, -1) == 0);
- /* Add a stapled basic constraint */
- rv = p11_index_add (test.index, stapled, 4, NULL);
+ /* Add a attached basic constraint */
+ rv = p11_index_add (test.index, attached, 4, NULL);
assert_num_eq (CKR_OK, rv);
/* Now should be a CA */
static void
test_changed_staple_ku (void)
{
- CK_ATTRIBUTE stapled_ds_and_np[] = {
+ CK_ATTRIBUTE attached_ds_and_np[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) },
{ CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 },
p11_index_load (test.index);
rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
assert_num_eq (CKR_OK, rv);
- rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL);
+ rv = p11_index_take (test.index, p11_attrs_dup (attached_ds_and_np), NULL);
assert_num_eq (CKR_OK, rv);
p11_index_finish (test.index);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
- /* This should not match the above, with the stapled certificat ext */
+ /* This should not match the above, with the attached certificat ext */
assert_ptr_eq (NULL, test.ex.limit_to_purposes);
p11_enumerate_opt_purpose (&test.ex, "1.1.1");
assert_ptr_not_null (test.ex.limit_to_purposes);
/*
* Should have gotten:
* - 1 certificate
- * - 2 stapled extensions
+ * - 2 attached extensions
*/
assert_num_eq (3, test.parsed->num);
/*
* Should have gotten:
* - 1 certificate
- * - 2 stapled extensions
+ * - 2 attached extensions
*/
assert_num_eq (3, test.parsed->num);
cert = parsed_attrs (certificate_match, -1);
projects / p11-kit / commitdiff