|
Packit |
b00eeb |
/*
|
|
Packit |
b00eeb |
* gnome-keyring
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Copyright (C) 2008 Stefan Walter
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* This program is free software; you can redistribute it and/or modify
|
|
Packit |
b00eeb |
* it under the terms of the GNU Lesser General Public License as
|
|
Packit |
b00eeb |
* published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
b00eeb |
* the License, or (at your option) any later version.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* This program is distributed in the hope that it will be useful, but
|
|
Packit |
b00eeb |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
b00eeb |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
b00eeb |
* Lesser General Public License for more details.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit |
b00eeb |
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include "config.h"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include "gcr-deprecated-base.h"
|
|
Packit |
b00eeb |
#include "gcr-internal.h"
|
|
Packit |
b00eeb |
#include "gcr-library.h"
|
|
Packit |
b00eeb |
#include "gcr-types.h"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include "egg/egg-error.h"
|
|
Packit |
b00eeb |
#include "egg/egg-libgcrypt.h"
|
|
Packit |
b00eeb |
#include "egg/egg-secure-memory.h"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include <p11-kit/p11-kit.h>
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include <gck/gck.h>
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include <gcrypt.h>
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include <glib/gi18n-lib.h>
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* SECTION:gcr-library
|
|
Packit |
b00eeb |
* @title: Library Utilities
|
|
Packit |
b00eeb |
* @short_description: Library utilities such as version checks
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Basic library utilities such as version checks.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* GCR_CHECK_VERSION:
|
|
Packit |
b00eeb |
* @major: the major version to check for
|
|
Packit |
b00eeb |
* @minor: the minor version to check for
|
|
Packit |
b00eeb |
* @micro: the micro version to check for
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Checks the version of the Gcr libarry that is being compiled
|
|
Packit |
b00eeb |
* against.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* <example>
|
|
Packit |
b00eeb |
* <title>Checking the version of the Gcr library</title>
|
|
Packit |
b00eeb |
* <programlisting>
|
|
Packit |
b00eeb |
* #if !GCR_CHECK_VERSION (3, 0, 0)
|
|
Packit |
b00eeb |
* #warning Old Gcr version, disabling functionality
|
|
Packit |
b00eeb |
* #endif
|
|
Packit |
b00eeb |
* </programlisting>
|
|
Packit |
b00eeb |
* </example>
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: %TRUE if the version of the Gcr header files
|
|
Packit |
b00eeb |
* is the same as or newer than the passed-in version.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* GCR_MAJOR_VERSION:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* The major version number of the Gcr library.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* GCR_MINOR_VERSION:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* The minor version number of the Gcr library.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* GCR_MICRO_VERSION:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* The micro version number of the Gcr library.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* SECTION:gcr-pkcs11
|
|
Packit |
b00eeb |
* @title: Library PKCS#11
|
|
Packit |
b00eeb |
* @short_description: functions for manipulating GCR library global settings.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Manage or lookup various global aspesct and settings of the library.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* The GCR library maintains a global list of PKCS\#11 modules to use for
|
|
Packit |
b00eeb |
* its various lookups and storage operations. Each module is represented by
|
|
Packit |
b00eeb |
* a GckModule object. You can examine this list by using
|
|
Packit |
b00eeb |
* gcr_pkcs11_get_modules().
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* The list is configured automatically by looking for system installed
|
|
Packit |
b00eeb |
* PKCS\#11 modules. It's not not normally necessary to modify this list. But
|
|
Packit |
b00eeb |
* if you have special needs, you can use the gcr_pkcs11_set_modules() and
|
|
Packit |
b00eeb |
* gcr_pkcs11_add_module() to do so.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Trust assertions are stored and looked up in specific PKCS\#11 slots.
|
|
Packit |
b00eeb |
* You can examine this list with gcr_pkcs11_get_trust_lookup_slots()
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* SECTION:gcr-private
|
|
Packit |
b00eeb |
* @title: Private declarations
|
|
Packit |
b00eeb |
* @short_description: private declarations to supress warnings.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* This section is only here to supress warnings, and should not be displayed.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_LOCK_DEFINE_STATIC (modules);
|
|
Packit |
b00eeb |
static GList *all_modules = NULL;
|
|
Packit |
b00eeb |
static gboolean initialized_modules = FALSE;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_LOCK_DEFINE_STATIC (uris);
|
|
Packit |
b00eeb |
static gboolean initialized_uris = FALSE;
|
|
Packit |
b00eeb |
static gchar *trust_store_uri = NULL;
|
|
Packit |
b00eeb |
static gchar **trust_lookup_uris = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/* -----------------------------------------------------------------------------
|
|
Packit |
b00eeb |
* ERRORS
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GQuark
|
|
Packit |
b00eeb |
gcr_data_error_get_domain (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
static GQuark domain = 0;
|
|
Packit |
b00eeb |
if (domain == 0)
|
|
Packit |
b00eeb |
domain = g_quark_from_static_string ("gcr-parser-error");
|
|
Packit |
b00eeb |
return domain;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GQuark
|
|
Packit |
b00eeb |
gcr_error_get_domain (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
static GQuark domain = 0;
|
|
Packit |
b00eeb |
if (domain == 0)
|
|
Packit |
b00eeb |
domain = g_quark_from_static_string ("gcr-error");
|
|
Packit |
b00eeb |
return domain;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/* -----------------------------------------------------------------------------
|
|
Packit |
b00eeb |
* INITIALIZATION
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
_gcr_uninitialize_library (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
G_LOCK (modules);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gck_list_unref_free (all_modules);
|
|
Packit |
b00eeb |
all_modules = NULL;
|
|
Packit |
b00eeb |
initialized_modules = FALSE;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_UNLOCK (modules);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_LOCK (uris);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
initialized_uris = FALSE;
|
|
Packit |
b00eeb |
g_free (trust_store_uri);
|
|
Packit |
b00eeb |
trust_store_uri = NULL;
|
|
Packit |
b00eeb |
g_strfreev (trust_lookup_uris);
|
|
Packit |
b00eeb |
trust_lookup_uris = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_UNLOCK (uris);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
_gcr_initialize_library (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
static gint gcr_initialize = 0;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (g_atomic_int_add (&gcr_initialize, 1) == 0)
|
|
Packit |
b00eeb |
return;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/* Initialize the libgcrypt library if needed */
|
|
Packit |
b00eeb |
egg_libgcrypt_initialize ();
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_debug ("initialized library");
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
initialize_uris (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GPtrArray *uris;
|
|
Packit |
b00eeb |
GList *l;
|
|
Packit |
b00eeb |
gchar *uri;
|
|
Packit |
b00eeb |
gchar *debug;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (initialized_uris)
|
|
Packit |
b00eeb |
return;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (!initialized_modules) {
|
|
Packit |
b00eeb |
g_debug ("modules not initialized");
|
|
Packit |
b00eeb |
return;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_LOCK (uris);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (!initialized_uris) {
|
|
Packit |
b00eeb |
/* Ask for the global x-trust-store option */
|
|
Packit |
b00eeb |
trust_store_uri = p11_kit_config_option (NULL, "x-trust-store");
|
|
Packit |
b00eeb |
for (l = all_modules; !trust_store_uri && l != NULL; l = g_list_next (l)) {
|
|
Packit |
b00eeb |
trust_store_uri = p11_kit_config_option (gck_module_get_functions (l->data),
|
|
Packit |
b00eeb |
"x-trust-store");
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
uris = g_ptr_array_new ();
|
|
Packit |
b00eeb |
uri = p11_kit_config_option (NULL, "x-trust-lookup");
|
|
Packit |
b00eeb |
if (uri != NULL)
|
|
Packit |
b00eeb |
g_ptr_array_add (uris, uri);
|
|
Packit |
b00eeb |
for (l = all_modules; l != NULL; l = g_list_next (l)) {
|
|
Packit |
b00eeb |
uri = p11_kit_config_option (gck_module_get_functions (l->data),
|
|
Packit |
b00eeb |
"x-trust-lookup");
|
|
Packit |
b00eeb |
if (uri != NULL)
|
|
Packit |
b00eeb |
g_ptr_array_add (uris, uri);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
g_ptr_array_add (uris, NULL);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
trust_lookup_uris = (gchar**)g_ptr_array_free (uris, FALSE);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_debug ("trust store uri is: %s", trust_store_uri);
|
|
Packit |
b00eeb |
debug = g_strjoinv (" ", trust_lookup_uris);
|
|
Packit |
b00eeb |
g_debug ("trust lookup uris are: %s", debug);
|
|
Packit |
b00eeb |
g_free (debug);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
initialized_uris = TRUE;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_UNLOCK (uris);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
on_initialize_registered (GObject *object,
|
|
Packit |
b00eeb |
GAsyncResult *result,
|
|
Packit |
b00eeb |
gpointer user_data)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
GList *results;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
results = gck_modules_initialize_registered_finish (result, &error);
|
|
Packit |
b00eeb |
if (error != NULL) {
|
|
Packit |
b00eeb |
g_debug ("failed %s", error->message);
|
|
Packit |
b00eeb |
g_simple_async_result_take_error (res, error);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
} else {
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_LOCK (modules);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (!initialized_modules) {
|
|
Packit |
b00eeb |
all_modules = g_list_concat(all_modules, results);
|
|
Packit |
b00eeb |
results = NULL;
|
|
Packit |
b00eeb |
initialized_modules = TRUE;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_UNLOCK (modules);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gck_list_unref_free (results);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_debug ("completed initialize of registered modules");
|
|
Packit |
b00eeb |
g_simple_async_result_complete (res);
|
|
Packit |
b00eeb |
g_object_unref (res);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_initialize_async:
|
|
Packit |
b00eeb |
* @cancellable: optional cancellable used to cancel the operation
|
|
Packit |
b00eeb |
* @callback: callback which will be called when the operation completes
|
|
Packit |
b00eeb |
* @user_data: data passed to the callback
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Asynchronously initialize the registered PKCS\#11 modules.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
gcr_pkcs11_initialize_async (GCancellable *cancellable,
|
|
Packit |
b00eeb |
GAsyncReadyCallback callback,
|
|
Packit |
b00eeb |
gpointer user_data)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GSimpleAsyncResult *res;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
res = g_simple_async_result_new (NULL, callback, user_data,
|
|
Packit |
b00eeb |
gcr_pkcs11_initialize_async);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (initialized_modules) {
|
|
Packit |
b00eeb |
g_debug ("already initialized, no need to async");
|
|
Packit |
b00eeb |
g_simple_async_result_complete_in_idle (res);
|
|
Packit |
b00eeb |
} else {
|
|
Packit |
b00eeb |
gck_modules_initialize_registered_async (cancellable,
|
|
Packit |
b00eeb |
on_initialize_registered,
|
|
Packit |
b00eeb |
g_object_ref (res));
|
|
Packit |
b00eeb |
g_debug ("starting initialize of registered modules");
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_object_unref (res);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_initialize_finish:
|
|
Packit |
b00eeb |
* @result: the asynchronous result
|
|
Packit |
b00eeb |
* @error: location to place an error on failure
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Complete the asynchronous operation to initialize the registered PKCS\#11
|
|
Packit |
b00eeb |
* modules.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: whether the operation was successful or not.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
gboolean
|
|
Packit |
b00eeb |
gcr_pkcs11_initialize_finish (GAsyncResult *result,
|
|
Packit |
b00eeb |
GError **error)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
g_return_val_if_fail (g_simple_async_result_is_valid (result, NULL,
|
|
Packit |
b00eeb |
gcr_pkcs11_initialize_async), FALSE);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
|
|
Packit |
b00eeb |
return FALSE;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
return TRUE;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_initialize:
|
|
Packit |
b00eeb |
* @cancellable: optional cancellable used to cancel the operation
|
|
Packit |
b00eeb |
* @error: location to place an error on failure
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Asynchronously initialize the registered PKCS\#11 modules.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: whether the operation was successful or not.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gboolean
|
|
Packit |
b00eeb |
gcr_pkcs11_initialize (GCancellable *cancellable,
|
|
Packit |
b00eeb |
GError **error)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GList *results;
|
|
Packit |
b00eeb |
GError *err = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (initialized_modules)
|
|
Packit |
b00eeb |
return TRUE;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
results = gck_modules_initialize_registered (cancellable, &err;;
|
|
Packit |
b00eeb |
if (err == NULL) {
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_debug ("registered module initialize succeeded: %d modules",
|
|
Packit |
b00eeb |
g_list_length (results));
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_LOCK (modules);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (!initialized_modules) {
|
|
Packit |
b00eeb |
all_modules = g_list_concat (all_modules, results);
|
|
Packit |
b00eeb |
results = NULL;
|
|
Packit |
b00eeb |
initialized_modules = TRUE;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_UNLOCK (modules);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
} else {
|
|
Packit |
b00eeb |
g_debug ("registered module initialize failed: %s", err->message);
|
|
Packit |
b00eeb |
g_propagate_error (error, err);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gck_list_unref_free (results);
|
|
Packit |
b00eeb |
return (err == NULL);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_get_modules:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* List all the PKCS\#11 modules that are used by the GCR library.
|
|
Packit |
b00eeb |
* Each module is a #GckModule object.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* An empty list of modules will be returned if gcr_pkcs11_set_modules(),
|
|
Packit |
b00eeb |
* or gcr_pkcs11_initialize() has not yet run.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* When done with the list, free it with gck_list_unref_free().
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: (transfer full) (element-type Gck.Module): a newly allocated list
|
|
Packit |
b00eeb |
* of #GckModule objects
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
GList*
|
|
Packit |
b00eeb |
gcr_pkcs11_get_modules (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
if (!initialized_modules)
|
|
Packit |
b00eeb |
g_debug ("pkcs11 not yet initialized");
|
|
Packit |
b00eeb |
else if (!all_modules)
|
|
Packit |
b00eeb |
g_debug ("no modules loaded");
|
|
Packit |
b00eeb |
return gck_list_ref_copy (all_modules);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_set_modules:
|
|
Packit |
b00eeb |
* @modules: (element-type Gck.Module): a list of #GckModule
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Set the list of PKCS\#11 modules that are used by the GCR library.
|
|
Packit |
b00eeb |
* Each module in the list is a #GckModule object.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* It is not normally necessary to call this function. The available
|
|
Packit |
b00eeb |
* PKCS\#11 modules installed on the system are automatically loaded
|
|
Packit |
b00eeb |
* by the GCR library.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
gcr_pkcs11_set_modules (GList *modules)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GList *l;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
for (l = modules; l; l = g_list_next (l))
|
|
Packit |
b00eeb |
g_return_if_fail (GCK_IS_MODULE (l->data));
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
modules = gck_list_ref_copy (modules);
|
|
Packit |
b00eeb |
gck_list_unref_free (all_modules);
|
|
Packit |
b00eeb |
all_modules = modules;
|
|
Packit |
b00eeb |
initialized_modules = TRUE;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_add_module:
|
|
Packit |
b00eeb |
* @module: a #GckModule
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Add a #GckModule to the list of PKCS\#11 modules that are used by the
|
|
Packit |
b00eeb |
* GCR library.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* It is not normally necessary to call this function. The available
|
|
Packit |
b00eeb |
* PKCS\#11 modules installed on the system are automatically loaded
|
|
Packit |
b00eeb |
* by the GCR library.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
gcr_pkcs11_add_module (GckModule *module)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
g_return_if_fail (GCK_IS_MODULE (module));
|
|
Packit |
b00eeb |
all_modules = g_list_append (all_modules, g_object_ref (module));
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_add_module_from_file:
|
|
Packit |
b00eeb |
* @module_path: the full file path of the PKCS\#11 module
|
|
Packit |
b00eeb |
* @unused: unused
|
|
Packit |
b00eeb |
* @error: a #GError or NULL
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Initialize a PKCS\#11 module and add it to the modules that are
|
|
Packit |
b00eeb |
* used by the GCR library. Note that is an error to initialize the same
|
|
Packit |
b00eeb |
* PKCS\#11 module twice.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* It is not normally necessary to call this function. The available
|
|
Packit |
b00eeb |
* PKCS\#11 modules installed on the system are automatically loaded
|
|
Packit |
b00eeb |
* by the GCR library.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: whether the module was sucessfully added.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
gboolean
|
|
Packit |
b00eeb |
gcr_pkcs11_add_module_from_file (const gchar *module_path, gpointer unused,
|
|
Packit |
b00eeb |
GError **error)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GckModule *module;
|
|
Packit |
b00eeb |
GError *err = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_return_val_if_fail (module_path, FALSE);
|
|
Packit |
b00eeb |
g_return_val_if_fail (!error || !*error, FALSE);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
module = gck_module_initialize (module_path, NULL, &err;;
|
|
Packit |
b00eeb |
if (module == NULL) {
|
|
Packit |
b00eeb |
g_debug ("initializing module failed: %s: %s",
|
|
Packit |
b00eeb |
module_path, err->message);
|
|
Packit |
b00eeb |
g_propagate_error (error, err);
|
|
Packit |
b00eeb |
return FALSE;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_pkcs11_add_module (module);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_debug ("initialized and added module: %s", module_path);
|
|
Packit |
b00eeb |
g_object_unref (module);
|
|
Packit |
b00eeb |
return TRUE;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_get_trust_store_slot:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Selects an appropriate PKCS\#11 slot to store trust assertions. The slot
|
|
Packit |
b00eeb |
* to use is normally configured automatically by the system.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* This will only return a valid result after the gcr_pkcs11_initialize()
|
|
Packit |
b00eeb |
* method has been called.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* When done with the #GckSlot, use g_object_unref() to release it.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: (transfer full): the #GckSlot to use for trust assertions.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
GckSlot *
|
|
Packit |
b00eeb |
gcr_pkcs11_get_trust_store_slot (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GckSlot *slot;
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (!initialized_modules)
|
|
Packit |
b00eeb |
return NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
initialize_uris ();
|
|
Packit |
b00eeb |
slot = gck_modules_token_for_uri (all_modules, trust_store_uri, &error);
|
|
Packit |
b00eeb |
if (!slot) {
|
|
Packit |
b00eeb |
if (error) {
|
|
Packit |
b00eeb |
g_warning ("error finding slot to store trust assertions: %s: %s",
|
|
Packit |
b00eeb |
trust_store_uri, egg_error_message (error));
|
|
Packit |
b00eeb |
g_clear_error (&error);
|
|
Packit |
b00eeb |
} else {
|
|
Packit |
b00eeb |
g_debug ("no trust store slot found");
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
return slot;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_get_trust_lookup_slots:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* List all the PKCS\#11 slots that are used by the GCR library for lookup
|
|
Packit |
b00eeb |
* of trust assertions. Each slot is a #GckSlot object.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* This will return an empty list if the gcr_pkcs11_initialize() function has
|
|
Packit |
b00eeb |
* not yet been called.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* When done with the list, free it with gck_list_unref_free().
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: (transfer full) (element-type Gck.Slot): a list of #GckSlot objects
|
|
Packit |
b00eeb |
* to use for lookup of trust.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
GList*
|
|
Packit |
b00eeb |
gcr_pkcs11_get_trust_lookup_slots (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GList *results = NULL;
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gchar **uri;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (!initialized_modules)
|
|
Packit |
b00eeb |
return NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
initialize_uris ();
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
for (uri = trust_lookup_uris; uri && *uri; ++uri) {
|
|
Packit |
b00eeb |
results = g_list_concat (results, gck_modules_tokens_for_uri (all_modules, *uri, &error));
|
|
Packit |
b00eeb |
if (error != NULL) {
|
|
Packit |
b00eeb |
g_warning ("error finding slot for trust assertions: %s: %s",
|
|
Packit |
b00eeb |
*uri, egg_error_message (error));
|
|
Packit |
b00eeb |
g_clear_error (&error);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (results == NULL)
|
|
Packit |
b00eeb |
g_debug ("no trust lookup slots found");
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
return results;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_get_trust_store_uri:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Get the PKCS\#11 URI that is used to identify which slot to use for
|
|
Packit |
b00eeb |
* storing trust storage.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: (allow-none): the uri which identifies trust storage slot
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
const gchar*
|
|
Packit |
b00eeb |
gcr_pkcs11_get_trust_store_uri (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
initialize_uris ();
|
|
Packit |
b00eeb |
return trust_store_uri;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_set_trust_store_uri:
|
|
Packit |
b00eeb |
* @pkcs11_uri: (allow-none): the uri which identifies trust storage slot
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Set the PKCS\#11 URI that is used to identify which slot to use for
|
|
Packit |
b00eeb |
* storing trust assertions.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* It is not normally necessary to call this function. The relevant
|
|
Packit |
b00eeb |
* PKCS\#11 slot is automatically configured by the GCR library.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
gcr_pkcs11_set_trust_store_uri (const gchar *pkcs11_uri)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
G_LOCK (uris);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_free (trust_store_uri);
|
|
Packit |
b00eeb |
trust_store_uri = g_strdup (pkcs11_uri);
|
|
Packit |
b00eeb |
initialized_uris = TRUE;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_UNLOCK (uris);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_get_trust_lookup_uris:
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Get the PKCS\#11 URIs that are used to identify which slots to use for
|
|
Packit |
b00eeb |
* lookup trust assertions.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Returns: (allow-none) (transfer none): the uri which identifies trust storage slot
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
const gchar **
|
|
Packit |
b00eeb |
gcr_pkcs11_get_trust_lookup_uris (void)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
initialize_uris ();
|
|
Packit |
b00eeb |
return (const gchar **)trust_lookup_uris;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/**
|
|
Packit |
b00eeb |
* gcr_pkcs11_set_trust_lookup_uris:
|
|
Packit |
b00eeb |
* @pkcs11_uris: (allow-none): the uris which identifies trust lookup slots
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* Set the PKCS\#11 URIs that are used to identify which slots to use for
|
|
Packit |
b00eeb |
* lookup of trust assertions.
|
|
Packit |
b00eeb |
*
|
|
Packit |
b00eeb |
* It is not normally necessary to call this function. The relevant
|
|
Packit |
b00eeb |
* PKCS\#11 slots are automatically configured by the GCR library.
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
gcr_pkcs11_set_trust_lookup_uris (const gchar **pkcs11_uris)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
G_LOCK (uris);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_strfreev (trust_lookup_uris);
|
|
Packit |
b00eeb |
trust_lookup_uris = g_strdupv ((gchar**)pkcs11_uris);
|
|
Packit |
b00eeb |
initialized_uris = TRUE;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
G_UNLOCK (uris);
|
|
Packit |
b00eeb |
}
|