attrs: Print out the CKA_VALUE for certificates when debugging

While it's true that we shouldn't be pritning out CKA_VALUE in
certain cases, like for keys, we obviously can do so for certificates.

We don't have keys anyway, but in the interest of being general
purpose use the class to determine whether CKA_VALUE can be printed

diff --git a/common/attrs.c b/common/attrs.c
index cce1aaf72916f63e46a7f56fdb13aec744afff05..e6561898df63fa86f88ff74181af8084e769040e 100644 (file)
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -274,7 +274,7 @@ p11_attrs_findn (CK_ATTRIBUTE *attrs,
 }
 
 bool
-p11_attrs_find_bool (CK_ATTRIBUTE *attrs,
+p11_attrs_find_bool (const CK_ATTRIBUTE *attrs,
                      CK_ATTRIBUTE_TYPE type,
                      CK_BBOOL *value)
 {
@@ -293,7 +293,7 @@ p11_attrs_find_bool (CK_ATTRIBUTE *attrs,
 }
 
 bool
-p11_attrs_findn_bool (CK_ATTRIBUTE *attrs,
+p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs,
                       CK_ULONG count,
                       CK_ATTRIBUTE_TYPE type,
                       CK_BBOOL *value)
@@ -313,7 +313,7 @@ p11_attrs_findn_bool (CK_ATTRIBUTE *attrs,
 }
 
 bool
-p11_attrs_find_ulong (CK_ATTRIBUTE *attrs,
+p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs,
                       CK_ATTRIBUTE_TYPE type,
                       CK_ULONG *value)
 {
@@ -331,6 +331,26 @@ p11_attrs_find_ulong (CK_ATTRIBUTE *attrs,
        return false;
 }
 
+bool
+p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs,
+                       CK_ULONG count,
+                       CK_ATTRIBUTE_TYPE type,
+                       CK_ULONG *value)
+{
+       CK_ULONG i;
+
+       for (i = 0; i < count; i++) {
+               if (attrs[i].type == type &&
+                   attrs[i].ulValueLen == sizeof (CK_ULONG) &&
+                   attrs[i].pValue != NULL) {
+                       *value = *((CK_ULONG *)attrs[i].pValue);
+                       return true;
+               }
+       }
+
+       return false;
+}
+
 void *
 p11_attrs_find_value (CK_ATTRIBUTE *attrs,
                       CK_ATTRIBUTE_TYPE type,
@@ -551,7 +571,8 @@ attribute_is_trust_value (const CK_ATTRIBUTE *attr)
 }
 
 static bool
-attribute_is_sensitive (const CK_ATTRIBUTE *attr)
+attribute_is_sensitive (const CK_ATTRIBUTE *attr,
+                        CK_OBJECT_CLASS klass)
 {
        /*
         * Don't print any just attribute, since they may contain
@@ -667,6 +688,9 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr)
        X (CKA_TRUST_STEP_UP_APPROVED)
        X (CKA_CERT_SHA1_HASH)
        X (CKA_CERT_MD5_HASH)
+       case CKA_VALUE:
+               return (klass != CKO_CERTIFICATE &&
+                       klass != CKO_X_CERTIFICATE_EXTENSION);
        #undef X
        }
 
@@ -786,7 +810,8 @@ format_some_bytes (p11_buffer *buffer,
 
 static void
 format_attribute (p11_buffer *buffer,
-                  const CK_ATTRIBUTE *attr)
+                  const CK_ATTRIBUTE *attr,
+                  CK_OBJECT_CLASS klass)
 {
        p11_buffer_add (buffer, "{ ", -1);
        format_attribute_type (buffer, attr->type);
@@ -805,7 +830,7 @@ format_attribute (p11_buffer *buffer,
                format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue));
        } else if (attribute_is_trust_value (attr)) {
                format_trust_value (buffer, *((CK_TRUST *)attr->pValue));
-       } else if (attribute_is_sensitive (attr)) {
+       } else if (attribute_is_sensitive (attr, klass)) {
                buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen);
        } else {
                buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen);
@@ -820,10 +845,15 @@ format_attributes (p11_buffer *buffer,
                    int count)
 {
        CK_BBOOL first = CK_TRUE;
+       CK_OBJECT_CLASS klass;
        int i;
 
        if (count < 0)
                count = p11_attrs_count (attrs);
+
+       if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass))
+               klass = CKA_INVALID;
+
        buffer_append_printf (buffer, "(%d) [", count);
        for (i = 0; i < count; i++) {
                if (first)
@@ -831,7 +861,7 @@ format_attributes (p11_buffer *buffer,
                else
                        p11_buffer_add (buffer, ", ", 2);
                first = CK_FALSE;
-               format_attribute (buffer, attrs + i);
+               format_attribute (buffer, attrs + i, klass);
        }
        p11_buffer_add (buffer, " ]", -1);
 }
@@ -848,11 +878,12 @@ p11_attrs_to_string (const CK_ATTRIBUTE *attrs,
 }
 
 char *
-p11_attr_to_string (const CK_ATTRIBUTE *attr)
+p11_attr_to_string (const CK_ATTRIBUTE *attr,
+                    CK_OBJECT_CLASS klass)
 {
        p11_buffer buffer;
        if (!p11_buffer_init_null (&buffer, 32))
                return_val_if_reached (NULL);
-       format_attribute (&buffer, attr);
+       format_attribute (&buffer, attr, klass);
        return p11_buffer_steal (&buffer, NULL);
 }

diff --git a/common/attrs.h b/common/attrs.h
index 87e0af1e48d2abcc2b1c60a8aad9f5dbd40b6f9b..233ac7994e9b6525a9a9413cd24566ebe54a1b23 100644 (file)
--- a/common/attrs.h
+++ b/common/attrs.h
@@ -74,16 +74,21 @@ CK_ATTRIBUTE *      p11_attrs_findn         (CK_ATTRIBUTE *attrs,
                                              CK_ULONG count,
                                              CK_ATTRIBUTE_TYPE type);
 
-bool                p11_attrs_find_bool     (CK_ATTRIBUTE *attrs,
+bool                p11_attrs_find_bool     (const CK_ATTRIBUTE *attrs,
                                              CK_ATTRIBUTE_TYPE type,
                                              CK_BBOOL *value);
 
-bool                p11_attrs_findn_bool    (CK_ATTRIBUTE *attrs,
+bool                p11_attrs_findn_bool    (const CK_ATTRIBUTE *attrs,
                                              CK_ULONG count,
                                              CK_ATTRIBUTE_TYPE type,
                                              CK_BBOOL *value);
 
-bool                p11_attrs_find_ulong    (CK_ATTRIBUTE *attrs,
+bool                p11_attrs_find_ulong    (const CK_ATTRIBUTE *attrs,
+                                             CK_ATTRIBUTE_TYPE type,
+                                             CK_ULONG *value);
+
+bool                p11_attrs_findn_ulong   (const CK_ATTRIBUTE *attrs,
+                                             CK_ULONG count,
                                              CK_ATTRIBUTE_TYPE type,
                                              CK_ULONG *value);
 
@@ -107,7 +112,8 @@ bool                p11_attrs_matchn        (const CK_ATTRIBUTE *attrs,
 char *              p11_attrs_to_string     (const CK_ATTRIBUTE *attrs,
                                              int count);
 
-char *              p11_attr_to_string      (const CK_ATTRIBUTE *attr);
+char *              p11_attr_to_string      (const CK_ATTRIBUTE *attr,
+                                             CK_OBJECT_CLASS klass);
 
 bool                p11_attr_equal          (const void *one,
                                              const void *two);

diff --git a/common/tests/test-attrs.c b/common/tests/test-attrs.c
index 61fcef3f46466dff4cc4cae52bf83edda3996078..324ed90e0921ad7b8c71f8798b6dc5cf6a98692d 100644 (file)
--- a/common/tests/test-attrs.c
+++ b/common/tests/test-attrs.c
@@ -470,7 +470,7 @@ test_to_string (CuTest *tc)
        char *string;
 
 
-       string = p11_attr_to_string (&one);
+       string = p11_attr_to_string (&one, CKA_INVALID);
        CuAssertStrEquals (tc, "{ CKA_LABEL = (3) \"yay\" }", string);
        free (string);
 

diff --git a/trust/tests/test-data.c b/trust/tests/test-data.c
index b235f33f2ed98836221c7d5d84f0088c2409685d..6c55fd0484cc86f0bd196cbb1fe324f3d2135391 100644 (file)
--- a/trust/tests/test-data.c
+++ b/trust/tests/test-data.c
@@ -104,7 +104,7 @@ test_check_id_msg (CuTest *cu,
        one = p11_attrs_find (expected, CKA_ID);
        two = p11_attrs_find (attr, CKA_ID);
 
-       test_check_attr_msg (cu, file, line, one, two);
+       test_check_attr_msg (cu, file, line, CKA_INVALID, one, two);
 }
 
 void
@@ -114,11 +114,15 @@ test_check_attrs_msg (CuTest *cu,
                       CK_ATTRIBUTE *expected,
                       CK_ATTRIBUTE *attrs)
 {
+       CK_OBJECT_CLASS klass;
        CK_ATTRIBUTE *attr;
 
+       if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass))
+               klass = CKA_INVALID;
+
        while (!p11_attrs_terminator (expected)) {
                attr = p11_attrs_find (attrs, expected->type);
-               test_check_attr_msg (cu, file, line, expected, attr);
+               test_check_attr_msg (cu, file, line, klass, expected, attr);
                expected++;
        }
 }
@@ -127,6 +131,7 @@ void
 test_check_attr_msg (CuTest *cu,
                      const char *file,
                      int line,
+                     CK_OBJECT_CLASS klass,
                      CK_ATTRIBUTE *expected,
                      CK_ATTRIBUTE *attr)
 {
@@ -135,14 +140,14 @@ test_check_attr_msg (CuTest *cu,
 
        if (attr == NULL) {
                asprintf (&message, "expected %s but found NULL",
-                         p11_attr_to_string (expected));
+                         p11_attr_to_string (expected, klass));
                CuFail_Line (cu, file, line, "attribute does not match", message);
        }
 
        if (!p11_attr_equal (attr, expected)) {
                asprintf (&message, "expected %s but found %s",
-                         p11_attr_to_string (expected),
-                         p11_attr_to_string (attr));
+                         p11_attr_to_string (expected, klass),
+                         p11_attr_to_string (attr, klass));
                CuFail_Line (cu, file, line, "attribute does not match", message);
        }
 }

diff --git a/trust/tests/test-data.h b/trust/tests/test-data.h
index 9daff87d1d7c3404287ab3a614469928f5d30e9c..275dd70472a8bb5f549241fdd6a0605f01ac5e80 100644 (file)
--- a/trust/tests/test-data.h
+++ b/trust/tests/test-data.h
@@ -68,11 +68,12 @@ void      test_check_attrs_msg         (CuTest *cu,
                                         CK_ATTRIBUTE *attrs);
 
 #define   test_check_attr(cu, expected, attr) \
-       test_check_attr_msg (cu, __FILE__, __LINE__, expected, attr)
+       test_check_attr_msg (cu, __FILE__, __LINE__, CKA_INVALID, expected, attr)
 
 void      test_check_attr_msg          (CuTest *cu,
                                         const char *file,
                                         int line,
+                                        CK_OBJECT_CLASS klass,
                                         CK_ATTRIBUTE *expected,
                                         CK_ATTRIBUTE *attr);