luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-07-31 22:23:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

gtlscertificate: Add support for PKCS #11 backed certificates

Browse Source 
This adds properties to allow backends to expose PKCS #11 support.
This commit is contained in:
Patrick Griffis
2019-06-19 09:10:52 -07:00
committed by Patrick Griffis
parent 96c25ceba6
commit b6d8efbebc
5 changed files with 196 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
gio/tests/gtesttlsbackend.c
View File

@@ -91,6 +91,8 @@ struct _GTestTlsCertificate {
gchar *key_pem;
gchar *cert_pem;
GTlsCertificate *issuer;
gchar *pkcs11_uri;
gchar *private_key_pkcs11_uri;
};
struct _GTestTlsCertificateClass {
@@ -103,7 +105,9 @@ enum
PROP_CERT_CERTIFICATE_PEM,
PROP_CERT_PRIVATE_KEY,
PROP_CERT_PRIVATE_KEY_PEM,
PROP_CERT_ISSUER
PROP_CERT_ISSUER,
PROP_CERT_PKCS11_URI,
PROP_CERT_PRIVATE_KEY_PKCS11_URI,
};
static void g_test_tls_certificate_initable_iface_init (GInitableIface *iface);
@@ -141,6 +145,15 @@ g_test_tls_certificate_get_property (GObject *object,
case PROP_CERT_ISSUER:
g_value_set_object (value, cert->issuer);
break;
case PROP_CERT_PKCS11_URI:
/* This test value simulates a backend that ignores the value
because it is unsupported */
if (g_strcmp0 (cert->pkcs11_uri, "unsupported") != 0)
g_value_set_string (value, cert->pkcs11_uri);
break;
case PROP_CERT_PRIVATE_KEY_PKCS11_URI:
g_value_set_string (value, cert->private_key_pkcs11_uri);
break;
default:
g_assert_not_reached ();
break;
@@ -166,6 +179,12 @@ g_test_tls_certificate_set_property (GObject *object,
case PROP_CERT_ISSUER:
cert->issuer = g_value_dup_object (value);
break;
case PROP_CERT_PKCS11_URI:
cert->pkcs11_uri = g_value_dup_string (value);
break;
case PROP_CERT_PRIVATE_KEY_PKCS11_URI:
cert->private_key_pkcs11_uri = g_value_dup_string (value);
break;
case PROP_CERT_CERTIFICATE:
case PROP_CERT_PRIVATE_KEY:
/* ignore */
@@ -183,6 +202,8 @@ g_test_tls_certificate_finalize (GObject *object)
g_free (cert->cert_pem);
g_free (cert->key_pem);
g_free (cert->pkcs11_uri);
g_free (cert->private_key_pkcs11_uri);
g_clear_object (&cert->issuer);
G_OBJECT_CLASS (g_test_tls_certificate_parent_class)->finalize (object);
@@ -205,6 +226,8 @@ g_test_tls_certificate_class_init (GTestTlsCertificateClass *test_class)
g_object_class_override_property (gobject_class, PROP_CERT_PRIVATE_KEY, "private-key");
g_object_class_override_property (gobject_class, PROP_CERT_PRIVATE_KEY_PEM, "private-key-pem");
g_object_class_override_property (gobject_class, PROP_CERT_ISSUER, "issuer");
g_object_class_override_property (gobject_class, PROP_CERT_PKCS11_URI, "pkcs11-uri");
g_object_class_override_property (gobject_class, PROP_CERT_PRIVATE_KEY_PKCS11_URI, "private-key-pkcs11-uri");
}
static void

37
gio/tests/tls-certificate.c
View File

@@ -398,6 +398,38 @@ list_from_file (const Reference *ref)
g_assert_cmpint (g_list_length (list), ==, 0);
}
static void
from_pkcs11_uri (void)
{
GError *error = NULL;
GTlsCertificate *cert;
gchar *pkcs11_uri = NULL;
cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
g_assert_no_error (error);
g_assert_nonnull (cert);
g_object_get (cert, "pkcs11-uri", &pkcs11_uri, NULL);
g_assert_cmpstr ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", ==, pkcs11_uri);
g_free (pkcs11_uri);
g_object_unref (cert);
}
static void
from_unsupported_pkcs11_uri (void)
{
GError *error = NULL;
GTlsCertificate *cert;
/* This is a magic value in gtesttlsbackend.c simulating an unsupported backend */
cert = g_tls_certificate_new_from_pkcs11_uris ("unsupported", NULL, &error);
g_assert_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED);
g_assert_null (cert);
g_clear_error (&error);
}
int
main (int argc,
char *argv[])
@@ -464,6 +496,11 @@ main (int argc,
&ref, (GTestDataFunc)from_files_pkcs8enc);
g_test_add_data_func ("/tls-certificate/list_from_file",
&ref, (GTestDataFunc)list_from_file);
g_test_add_func ("/tls-certificate/pkcs11-uri",
from_pkcs11_uri);
g_test_add_func ("/tls-certificate/pkcs11-uri-unsupported",
from_unsupported_pkcs11_uri);
rtv = g_test_run();