bool (*validate) (p11_builder *, CK_ATTRIBUTE *);
} attrs[32];
CK_ATTRIBUTE * (*populate) (p11_builder *, p11_index *, CK_ATTRIBUTE *);
- CK_RV (*validate) (p11_builder *, CK_ATTRIBUTE *);
+ CK_RV (*validate) (p11_builder *, CK_ATTRIBUTE *, CK_ATTRIBUTE *);
} builder_schema;
static node_asn *
return p11_attrs_build (attrs, &category, &empty_value, NULL);
}
-static CK_RV
-certificate_validate (p11_builder *builder,
- CK_ATTRIBUTE *attrs)
+static bool
+have_attribute (CK_ATTRIBUTE *attrs1,
+ CK_ATTRIBUTE *attrs2,
+ CK_ATTRIBUTE_TYPE type)
{
CK_ATTRIBUTE *attr;
+ attr = p11_attrs_find (attrs1, type);
+ if (attr == NULL)
+ attr = p11_attrs_find (attrs2, type);
+ return attr != NULL && attr->ulValueLen > 0;
+}
+
+static CK_RV
+certificate_validate (p11_builder *builder,
+ CK_ATTRIBUTE *attrs,
+ CK_ATTRIBUTE *merge)
+{
/*
* In theory we should be validating that in the absence of CKA_VALUE
* various other fields must be set. However we do not enforce this
* but issuer and serial number, for blacklisting purposes.
*/
- attr = p11_attrs_find (attrs, CKA_URL);
- if (attr != NULL && attr->ulValueLen > 0) {
- attr = p11_attrs_find (attrs, CKA_HASH_OF_SUBJECT_PUBLIC_KEY);
- if (attr == NULL || attr->ulValueLen == 0) {
+ if (have_attribute (attrs, merge, CKA_URL)) {
+ if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) {
p11_message ("missing the CKA_HASH_OF_SUBJECT_PUBLIC_KEY attribute");
return CKR_TEMPLATE_INCONSISTENT;
}
- attr = p11_attrs_find (attrs, CKA_HASH_OF_ISSUER_PUBLIC_KEY);
- if (attr == NULL || attr->ulValueLen == 0) {
+ if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) {
p11_message ("missing the CKA_HASH_OF_ISSUER_PUBLIC_KEY attribute");
return CKR_TEMPLATE_INCONSISTENT;
}
NORMAL_BUILD,
{ COMMON_ATTRS,
{ CKA_CERTIFICATE_TYPE, REQUIRE | CREATE, type_ulong },
- { CKA_TRUSTED, NONE, type_bool },
- { CKA_X_DISTRUSTED, NONE, type_bool },
+ { CKA_TRUSTED, CREATE | WANT, type_bool },
+ { CKA_X_DISTRUSTED, CREATE | WANT, type_bool },
{ CKA_CERTIFICATE_CATEGORY, CREATE | WANT, type_ulong },
{ CKA_CHECK_VALUE, CREATE | WANT, },
{ CKA_START_DATE, CREATE | MODIFY | WANT, type_date },
{ CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CREATE },
{ CKA_HASH_OF_ISSUER_PUBLIC_KEY, CREATE },
{ CKA_JAVA_MIDP_SECURITY_DOMAIN, CREATE, type_ulong },
- { CKA_X_PUBLIC_KEY_INFO, CREATE | WANT, type_der_key },
+ { CKA_X_PUBLIC_KEY_INFO, WANT, type_der_key },
{ CKA_INVALID },
}, certificate_populate, certificate_validate,
};
}, common_populate
};
-static void
-attrs_filter_if_unchanged (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge)
-{
- CK_ATTRIBUTE *attr;
- int in, out;
-
- assert (attrs != NULL);
- assert (merge != NULL);
-
- for (in = 0, out = 0; !p11_attrs_terminator (merge + in); in++) {
- attr = p11_attrs_find (attrs, merge[in].type);
- if (attr && p11_attr_equal (attr, merge + in)) {
- free (merge[in].pValue);
- merge[in].pValue = NULL;
- merge[in].ulValueLen = 0;
- } else {
- if (in != out)
- memcpy (merge + out, merge + in, sizeof (CK_ATTRIBUTE));
- out++;
- }
- }
-
- merge[out].type = CKA_INVALID;
- assert (p11_attrs_terminator (merge + out));
-}
-
static const char *
value_name (const p11_constant *info,
CK_ATTRIBUTE_TYPE type)
return value_name (p11_constant_types, type);
}
-static CK_RV
-validate_for_schema (p11_builder *builder,
- const builder_schema *schema,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge)
-{
- CK_ATTRIBUTE *shallow;
- CK_ULONG nattrs;
- CK_ULONG nmerge;
- CK_RV rv;
-
- if (!schema->validate)
- return CKR_OK;
-
- nattrs = p11_attrs_count (attrs);
- nmerge = p11_attrs_count (merge);
-
- /* Make a shallow copy of the combined attributes for validation */
- shallow = calloc (nmerge + nattrs + 1, sizeof (CK_ATTRIBUTE));
- return_val_if_fail (shallow != NULL, CKR_GENERAL_ERROR);
-
- memcpy (shallow, merge, sizeof (CK_ATTRIBUTE) * nmerge);
- memcpy (shallow + nmerge, attrs, sizeof (CK_ATTRIBUTE) * nattrs);
-
- /* The terminator attribute */
- shallow[nmerge + nattrs].type = CKA_INVALID;
- assert(p11_attrs_terminator (shallow + nmerge + nattrs));
-
- rv = (schema->validate) (builder, shallow);
- free (shallow);
-
- return rv;
-}
-
static CK_RV
build_for_schema (p11_builder *builder,
p11_index *index,
const builder_schema *schema,
- CK_ATTRIBUTE **object,
- CK_ATTRIBUTE *merge)
+ CK_ATTRIBUTE *attrs,
+ CK_ATTRIBUTE *merge,
+ CK_ATTRIBUTE **extra)
{
- CK_ATTRIBUTE *extra;
- CK_ATTRIBUTE *attrs;
CK_BBOOL modifiable;
+ CK_ATTRIBUTE *attr;
bool modifying;
bool creating;
bool populate;
int i, j;
CK_RV rv;
- attrs = *object;
populate = false;
/* Signifies that data is being loaded */
}
}
- if (attrs != NULL)
- attrs_filter_if_unchanged (attrs, merge);
-
if (creating && (builder->flags & P11_BUILDER_FLAG_TOKEN)) {
if (schema->build_flags & GENERATED_CLASS) {
p11_message ("objects of this type cannot be created");
}
for (i = 0; merge[i].type != CKA_INVALID; i++) {
+
+ /* Don't validate attribute if not changed */
+ attr = p11_attrs_find (attrs, merge[i].type);
+ if (attr && p11_attr_equal (attr, merge + i))
+ continue;
+
found = false;
for (j = 0; schema->attrs[j].type != CKA_INVALID; j++) {
if (schema->attrs[j].type != merge[i].type)
}
}
- if (populate && schema->populate) {
- extra = schema->populate (builder, index, merge);
- if (extra != NULL)
- merge = p11_attrs_merge (merge, extra, false);
- }
+ if (populate && schema->populate)
+ *extra = schema->populate (builder, index, merge);
/* Validate the result, before committing to the change. */
- if (!loading) {
- rv = validate_for_schema (builder, schema, attrs, merge);
- if (rv != CKR_OK) {
- p11_attrs_free (merge);
+ if (!loading && schema->validate) {
+ rv = (schema->validate) (builder, attrs, merge);
+ if (rv != CKR_OK)
return rv;
- }
}
- *object = p11_attrs_merge (attrs, merge, true);
- return_val_if_fail (*object != NULL, CKR_HOST_MEMORY);
-
return CKR_OK;
}
CK_RV
p11_builder_build (void *bilder,
p11_index *index,
- CK_ATTRIBUTE **object,
- CK_ATTRIBUTE *merge)
+ CK_ATTRIBUTE *attrs,
+ CK_ATTRIBUTE *merge,
+ CK_ATTRIBUTE **populate)
{
p11_builder *builder = bilder;
- CK_ATTRIBUTE *attrs;
CK_OBJECT_CLASS klass;
CK_CERTIFICATE_TYPE type;
CK_BBOOL token;
return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
return_val_if_fail (merge != NULL, CKR_GENERAL_ERROR);
- attrs = *object;
-
if (!p11_attrs_find_ulong (attrs ? attrs : merge, CKA_CLASS, &klass)) {
p11_message ("no CKA_CLASS attribute found");
return CKR_TEMPLATE_INCOMPLETE;
p11_message ("missing %s on object", type_name (CKA_CERTIFICATE_TYPE));
return CKR_TEMPLATE_INCOMPLETE;
} else if (type == CKC_X_509) {
- return build_for_schema (builder, index, &certificate_schema, object, merge);
+ return build_for_schema (builder, index, &certificate_schema, attrs, merge, populate);
} else {
p11_message ("%s unsupported %s", value_name (p11_constant_certs, type),
type_name (CKA_CERTIFICATE_TYPE));
}
case CKO_X_CERTIFICATE_EXTENSION:
- return build_for_schema (builder, index, &extension_schema, object, merge);
+ return build_for_schema (builder, index, &extension_schema, attrs, merge, populate);
case CKO_DATA:
- return build_for_schema (builder, index, &data_schema, object, merge);
+ return build_for_schema (builder, index, &data_schema, attrs, merge, populate);
case CKO_NSS_TRUST:
- return build_for_schema (builder, index, &trust_schema, object, merge);
+ return build_for_schema (builder, index, &trust_schema, attrs, merge, populate);
case CKO_NSS_BUILTIN_ROOT_LIST:
- return build_for_schema (builder, index, &builtin_schema, object, merge);
+ return build_for_schema (builder, index, &builtin_schema, attrs, merge, populate);
case CKO_X_TRUST_ASSERTION:
- return build_for_schema (builder, index, &assertion_schema, object, merge);
+ return build_for_schema (builder, index, &assertion_schema, attrs, merge, populate);
default:
p11_message ("%s unsupported object class",
test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
assert_ptr_not_null (test.builder);
- test.index = p11_index_new (p11_builder_build, p11_builder_changed, test.builder);
+ test.index = p11_index_new (p11_builder_build, NULL, p11_builder_changed, test.builder);
assert_ptr_not_null (test.index);
}
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, merge, true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (check, attrs);
p11_attrs_free (attrs);
}
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, merge, true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
}
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_hash_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, merge, true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
}
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
}
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
}
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
/* Add a stapled certificate */
assert_num_eq (CKR_OK, rv);
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
/*
* Even though the certificate is not a valid CA, the presence of the
* stapled certificate extension transforms it into a CA.
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
p11_attrs_free (merge);
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
p11_attrs_free (merge);
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (check, attrs);
p11_attrs_free (attrs);
}
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
}
test_valid_bool (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_BBOOL value = CK_TRUE;
CK_RV rv;
{ CKA_INVALID },
};
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- p11_attrs_free (attrs);
+ p11_attrs_free (extra);
}
static void
test_invalid_bool (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = "123";
input[0].ulValueLen = 3;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = NULL;
input[0].ulValueLen = sizeof (CK_BBOOL);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
p11_message_loud ();
test_valid_ulong (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_ULONG value = 2;
CK_RV rv;
{ CKA_INVALID },
};
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- p11_attrs_free (attrs);
+ p11_attrs_free (extra);
}
static void
test_invalid_ulong (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = "123";
input[0].ulValueLen = 3;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = NULL;
input[0].ulValueLen = sizeof (CK_ULONG);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
p11_message_loud ();
test_valid_utf8 (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = NULL;
input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- p11_attrs_free (attrs);
+ p11_attrs_free (extra);
}
static void
test_invalid_utf8 (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = "\xfex23";
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = NULL;
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
p11_message_loud ();
test_valid_dates (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_DATE date;
CK_RV rv;
};
memcpy (&date, "20001010", sizeof (date));
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
p11_attrs_free (attrs);
attrs = NULL;
input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
p11_attrs_free (attrs);
test_invalid_dates (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_DATE date;
CK_RV rv;
p11_message_quiet ();
memcpy (&date, "AAAABBCC", sizeof (date));
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
memcpy (&date, "20001580", sizeof (date));
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
p11_message_loud ();
test_valid_name (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = NULL;
input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
p11_attrs_free (attrs);
input[0].pValue = (void *)test_cacert3_ca_issuer;
input[0].ulValueLen = sizeof (test_cacert3_ca_issuer);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
p11_attrs_free (attrs);
test_invalid_name (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = "blah";
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = NULL;
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
p11_message_loud ();
test_valid_serial (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = NULL;
input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- p11_attrs_free (attrs);
+ p11_attrs_free (extra);
attrs = NULL;
input[0].pValue = (void *)test_cacert3_ca_serial;
input[0].ulValueLen = sizeof (test_cacert3_ca_serial);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- p11_attrs_free (attrs);
+ p11_attrs_free (extra);
}
static void
test_invalid_serial (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = "blah";
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = (void *)test_cacert3_ca_subject;
input[0].ulValueLen = sizeof (test_cacert3_ca_subject);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = NULL;
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
p11_message_loud ();
test_valid_cert (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = NULL;
input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- p11_attrs_free (attrs);
+ p11_attrs_free (extra);
attrs = NULL;
input[0].pValue = (void *)test_cacert3_ca_der;
input[0].ulValueLen = sizeof (test_cacert3_ca_der);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- p11_attrs_free (attrs);
+ p11_attrs_free (extra);
}
static void
test_invalid_cert (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
input[0].pValue = "blah";
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = (void *)test_cacert3_ca_subject;
input[0].ulValueLen = sizeof (test_cacert3_ca_subject);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
input[0].pValue = NULL;
input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
p11_message_loud ();
test_invalid_schema (void)
{
CK_ATTRIBUTE *attrs = NULL;
+ CK_ATTRIBUTE *extra = NULL;
CK_RV rv;
CK_ATTRIBUTE input[] = {
p11_message_quiet ();
/* Missing CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY */
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
p11_message_loud ();
test_create_not_settable (void)
{
/*
- * CKA_TRUSTED cannot be set by the normal user according to spec
+ * CKA_X_PUBLIC_KEY_INFO cannot be created/modified
*/
CK_ATTRIBUTE input[] = {
{ CKA_CLASS, &certificate, sizeof (certificate) },
{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
{ CKA_INVALID },
};
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
p11_attrs_free (merge);
test_create_but_loadable (void)
{
/*
- * CKA_TRUSTED cannot be set on creation, but can be set if we're
+ * CKA_X_PUBLIC_KEY_INFO cannot be set on creation, but can be set if we're
* loading from our store. This is signified by batching.
*/
CK_ATTRIBUTE input[] = {
{ CKA_CLASS, &certificate, sizeof (certificate) },
{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
{ CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
{ CKA_INVALID },
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_index_load (test.index);
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
p11_index_finish (test.index);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (input, attrs);
p11_attrs_free (attrs);
}
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
p11_attrs_free (merge);
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
p11_attrs_free (merge);
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
p11_attrs_free (merge);
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
p11_attrs_free (merge);
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
p11_attrs_free (merge);
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
p11_message_quiet ();
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
p11_attrs_free (merge);
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (modify));
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
}
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
+ extra = NULL;
merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, merge, true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
p11_message_quiet ();
+ extra = NULL;
merge = p11_attrs_dup (modify);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
p11_attrs_free (merge);
};
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (modify));
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
}
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *merge;
+ CK_ATTRIBUTE *extra;
CK_RV rv;
attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
+ extra = NULL;
+ rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
assert_num_eq (CKR_OK, rv);
+ attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
+ attrs = p11_attrs_merge (attrs, extra, false);
+
p11_message_quiet ();
+ extra = NULL;
merge = p11_attrs_dup (modify);
- rv = p11_builder_build (test.builder, test.index, &attrs, merge);
+ rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
p11_attrs_free (merge);
projects / p11-kit / commitdiff