trust: Make extraction and correlation of certificate info optional

This is so that the code can be shared by the upcoming 'trust dump'
command where correlation between related objects is not desired.

diff --git a/trust/enumerate.c b/trust/enumerate.c
index 750bba3166d5cf4ad65a14f6097780d7537a1583..ad0565f0dc9d40fa0f4686661a5ea42357ee1e77 100644 (file)
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -308,24 +308,26 @@ extract_info (p11_enumerate *ex)
                return false;
 
        /* If a certificate then  */
-       if (ex->klass != CKO_CERTIFICATE) {
-               p11_message ("skipping non-certificate object");
-               return false;
-       }
+       if (ex->flags & P11_ENUMERATE_CORRELATE) {
+               if (ex->klass != CKO_CERTIFICATE) {
+                       p11_message ("skipping non-certificate object");
+                       return false;
+               }
 
-       if (!extract_certificate (ex))
-               return false;
+               if (!extract_certificate (ex))
+                       return false;
+
+               attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
+               if (attr) {
+                       ex->attached = load_attached_extensions (ex, attr);
+                       if (!ex->attached)
+                               return false;
+               }
 
-       attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
-       if (attr) {
-               ex->attached = load_attached_extensions (ex, attr);
-               if (!ex->attached)
+               if (!extract_purposes (ex))
                        return false;
        }
 
-       if (!extract_purposes (ex))
-               return false;
-
        return true;
 }
 

diff --git a/trust/enumerate.h b/trust/enumerate.h
index 411820a09eb2152839df9e23b31b6f0bd3048449..41cea096e501a6ed51f0ddbc34c1f2adbfdbcdc2 100644 (file)
--- a/trust/enumerate.h
+++ b/trust/enumerate.h
@@ -49,6 +49,7 @@ enum {
        P11_ENUMERATE_ANCHORS = 1 << 21,
        P11_ENUMERATE_BLACKLIST = 1 << 22,
        P11_ENUMERATE_COLLAPSE = 1 << 23,
+       P11_ENUMERATE_CORRELATE = 1 << 24,
 };
 
 typedef struct {

diff --git a/trust/list.c b/trust/list.c
index 12120e5fdd80836a57c030add777adab5de2641a..9e31aba5fdaf616dc98739e4a6b36a1cdb915cfb 100644 (file)
--- a/trust/list.c
+++ b/trust/list.c
@@ -253,6 +253,7 @@ p11_trust_list (int argc,
        if (!p11_enumerate_ready (&ex, "trust-policy"))
                exit (1);
 
+       ex.flags |= P11_ENUMERATE_CORRELATE;
        ret = list_iterate (&ex, details) ? 0 : 1;
 
        p11_enumerate_cleanup (&ex);

diff --git a/trust/test-bundle.c b/trust/test-bundle.c
index 3af7277c6a6a4c18d7e865e9626cf9a47b56139b..3f4bcad437959336077b3ced79cedcfb987edb05 100644 (file)
--- a/trust/test-bundle.c
+++ b/trust/test-bundle.c
@@ -74,6 +74,7 @@ setup (void *unused)
        assert_num_eq (CKR_OK, rv);
 
        p11_enumerate_init (&test.ex);
+       test.ex.flags |= P11_ENUMERATE_CORRELATE;
 
        test.directory = p11_test_directory ("test-extract");
 }

diff --git a/trust/test-cer.c b/trust/test-cer.c
index 422b528158fdc1c48862481ead981744bac694fb..a412efffe6fbec2ef9bf320a9698a84ec8919db9 100644 (file)
--- a/trust/test-cer.c
+++ b/trust/test-cer.c
@@ -74,6 +74,7 @@ setup (void *unused)
        assert_num_eq (CKR_OK, rv);
 
        p11_enumerate_init (&test.ex);
+       test.ex.flags |= P11_ENUMERATE_CORRELATE;
 
        test.directory = p11_test_directory ("test-extract");
 }

diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c
index 424437e3062ba2e19a0926a13040e0c45a433f6d..3e188b24b0321c5c9d0b3ce91666ea3a0610d16d 100644 (file)
--- a/trust/test-enumerate.c
+++ b/trust/test-enumerate.c
@@ -62,6 +62,7 @@ test_file_name_for_label (void)
        char *name;
 
        p11_enumerate_init (&ex);
+       ex.flags |= P11_ENUMERATE_CORRELATE;
 
        ex.attrs = p11_attrs_build (NULL, &label, NULL);
 
@@ -79,6 +80,7 @@ test_file_name_for_class (void)
        char *name;
 
        p11_enumerate_init (&ex);
+       ex.flags |= P11_ENUMERATE_CORRELATE;
 
        ex.klass = CKO_CERTIFICATE;
 
@@ -104,7 +106,7 @@ test_comment_for_label (void)
 
        p11_enumerate_init (&ex);
 
-       ex.flags = P11_EXTRACT_COMMENT;
+       ex.flags = P11_EXTRACT_COMMENT | P11_ENUMERATE_CORRELATE;
        ex.attrs = p11_attrs_build (NULL, &label, NULL);
 
        comment = p11_enumerate_comment (&ex, true);
@@ -127,6 +129,7 @@ test_comment_not_enabled (void)
 
        p11_enumerate_init (&ex);
 
+       ex.flags |= P11_ENUMERATE_CORRELATE;
        ex.attrs = p11_attrs_build (NULL, &label, NULL);
 
        comment = p11_enumerate_comment (&ex, true);
@@ -156,6 +159,7 @@ setup (void *unused)
        assert_num_eq (CKR_OK, rv);
 
        p11_enumerate_init (&test.ex);
+       test.ex.flags |= P11_ENUMERATE_CORRELATE;
 
        /* Prefill the modules */
        test.modules[0] = &test.module;
@@ -406,7 +410,7 @@ test_duplicate_distrusted (void)
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 
-       test.ex.flags = P11_ENUMERATE_COLLAPSE;
+       test.ex.flags = P11_ENUMERATE_COLLAPSE | P11_ENUMERATE_CORRELATE;
        p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
        p11_enumerate_ready (&test.ex, NULL);
 
@@ -432,7 +436,7 @@ test_trusted_match (void)
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
-       test.ex.flags = P11_ENUMERATE_ANCHORS;
+       test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_CORRELATE;
        p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
        p11_enumerate_ready (&test.ex, NULL);
 
@@ -450,7 +454,7 @@ test_distrust_match (void)
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
-       test.ex.flags = P11_ENUMERATE_BLACKLIST;
+       test.ex.flags = P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
        p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
        p11_enumerate_ready (&test.ex, NULL);
 
@@ -475,7 +479,7 @@ test_override_by_issuer_serial (void)
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
-       test.ex.flags =  P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
+       test.ex.flags =  P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
        p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
        p11_enumerate_ready (&test.ex, NULL);
 
@@ -498,7 +502,7 @@ test_override_by_public_key (void)
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
        mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key);
 
-       test.ex.flags =  P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
+       test.ex.flags =  P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
        p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
        p11_enumerate_ready (&test.ex, NULL);
 

diff --git a/trust/test-openssl.c b/trust/test-openssl.c
index 3cba1ed89b29d911033e6521a9dc219cf507e69c..b1276dfb534ab6afb407a17a55fdf0781cc70684 100644 (file)
--- a/trust/test-openssl.c
+++ b/trust/test-openssl.c
@@ -77,6 +77,7 @@ setup (void *unused)
        assert_num_eq (CKR_OK, rv);
 
        p11_enumerate_init (&test.ex);
+       test.ex.flags |= P11_ENUMERATE_CORRELATE;
 
        test.directory = p11_test_directory ("test-extract");
 }