trust: Use descriptive labels for tokens

Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534
author: Stef Walter <stefw@gnome.org> 2013-03-19 19:03:12 +0100
committer: Stef Walter <stefw@gnome.org> 2013-03-19 19:16:30 +0100
commit: 80303340701c2cba78937193084f3d716b883b55 (patch)
tree: de4b51e53827a1ec300913a00a6c1121eb06db7a
parent: 832015f1fd91a9e94478514d7fe9b21e050f121a (diff)
download: p11-kit-80303340701c2cba78937193084f3d716b883b55.tar.gz
8 files changed, 112 insertions, 27 deletions
diff --git a/trust/Makefile.am b/trust/Makefile.am
index aff512e..38c6b98 100644
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -7,6 +7,8 @@ COMMON = $(top_srcdir)/common
 INCLUDES = \
 	-I$(top_srcdir) \
 	-I$(top_srcdir)/common \
+	-DDATADIR=\"$(datadir)\" \
+	-DSYSCONFDIR=\"$(sysconfdir)\" \
 	$(LIBTASN1_CFLAGS) \
 	$(NULL)
 
diff --git a/trust/module.c b/trust/module.c
index ed93479..a819303 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -56,8 +56,7 @@
 
 #define MANUFACTURER_ID         "PKCS#11 Kit                     "
 #define LIBRARY_DESCRIPTION     "PKCS#11 Kit Trust Module        "
-#define TOKEN_LABEL             "System Trust Anchors and Policy "
-#define TOKEN_MODEL             "PKCS#11 Kit      "
+#define TOKEN_MODEL             "p11-kit-trust    "
 #define TOKEN_SERIAL_NUMBER     "1                "
 
 /* Initial slot id: non-zero and non-one */
@@ -168,12 +167,31 @@ static bool
 create_tokens_inlock (p11_array *tokens,
                       const char *paths)
 {
+	/*
+	 * TRANSLATORS: These label strings are used in PKCS#11 URIs and
+	 * unfortunately cannot be marked translatable. If localization is
+	 * desired they should be translated in GUI applications. These
+	 * strings will not change arbitrarily.
+	 */
+
+	struct {
+		const char *prefix;
+		const char *label;
+	} labels[] = {
+		{ DATADIR, "Default Trust" },
+		{ SYSCONFDIR, "System Trust" },
+		{ NULL },
+	};
+
 	p11_token *token;
 	p11_token *check;
 	CK_SLOT_ID slot;
 	const char *path;
+	const char *label;
 	char *remaining;
+	char *base;
 	char *pos;
+	int i;
 
 	p11_debug ("using paths: %s", paths);
 
@@ -191,13 +209,33 @@ create_tokens_inlock (p11_array *tokens,
 		}
 
 		if (path[0] != '\0') {
+			/* The slot for the new token */
 			slot = BASE_SLOT_ID + tokens->num;
-			token = p11_token_new (slot, path);
+
+			label = NULL;
+			base = NULL;
+
+			/* Claim the various labels based on prefix */
+			for (i = 0; label == NULL && labels[i].prefix != NULL; i++) {
+				if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) {
+					label = labels[i].label;
+					labels[i].label = NULL;
+				}
+			}
+
+			/* Didn't find a label above, then make one based on the path */
+			if (!label) {
+				label = base = p11_basename (path);
+				return_val_if_fail (base != NULL, false);
+			}
+
+			token = p11_token_new (slot, path, label);
 			return_val_if_fail (token != NULL, false);
 
 			if (!p11_array_push (tokens, token))
 				return_val_if_reached (false);
 
+			free (base);
 			assert (lookup_slot_inlock (slot, &check) == CKR_OK && check == token);
 		}
 	}
@@ -511,8 +549,8 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
 		memset (info, 0, sizeof (*info));
 		info->firmwareVersion.major = 0;
 		info->firmwareVersion.minor = 0;
-		info->hardwareVersion.major = 0;
-		info->hardwareVersion.minor = 0;
+		info->hardwareVersion.major = PACKAGE_MAJOR;
+		info->hardwareVersion.minor = PACKAGE_MINOR;
 		info->flags = CKF_TOKEN_PRESENT;
 		strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
 
@@ -537,7 +575,7 @@ sys_C_GetTokenInfo (CK_SLOT_ID id,
 {
 	CK_RV rv = CKR_OK;
 	p11_token *token;
-	char *path;
+	const char *label;
 	size_t length;
 
 	return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
@@ -551,8 +589,8 @@ sys_C_GetTokenInfo (CK_SLOT_ID id,
 		memset (info, 0, sizeof (*info));
 		info->firmwareVersion.major = 0;
 		info->firmwareVersion.minor = 0;
-		info->hardwareVersion.major = 0;
-		info->hardwareVersion.minor = 0;
+		info->hardwareVersion.major = PACKAGE_MAJOR;
+		info->hardwareVersion.minor = PACKAGE_MINOR;
 		info->flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED;
 		strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
 		strncpy ((char*)info->model, TOKEN_MODEL, 16);
@@ -568,14 +606,13 @@ sys_C_GetTokenInfo (CK_SLOT_ID id,
 		info->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
 		info->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
 
-		/* If too long, copy the last 32 characters into buffer */
-		path = p11_basename (p11_token_get_path (token));
-		length = strlen (path);
+		/* If too long, copy the first 32 characters into buffer */
+		label = p11_token_get_label (token);
+		length = strlen (label);
 		if (length > sizeof (info->label))
 			length = sizeof (info->label);
 		memset (info->label, ' ', sizeof (info->label));
-		memcpy (info->label, path, length);
-		free (path);
+		memcpy (info->label, label, length);
 	}
 
 	p11_unlock ();
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
index a964948..aedc6f3 100644
--- a/trust/tests/Makefile.am
+++ b/trust/tests/Makefile.am
@@ -7,6 +7,8 @@ INCLUDES = \
 	-I$(top_srcdir) \
 	-I$(srcdir)/.. \
 	-I$(top_srcdir)/common \
+	-DDATADIR=\"$(datadir)\" \
+	-DSYSCONFDIR=\"$(sysconfdir)\" \
 	$(CUTEST_CFLAGS)
 
 noinst_LTLIBRARIES = \
diff --git a/trust/tests/frob-token.c b/trust/tests/frob-token.c
index 622dad4..5d57ec1 100644
--- a/trust/tests/frob-token.c
+++ b/trust/tests/frob-token.c
@@ -52,7 +52,7 @@ main (int argc,
 		return 2;
 	}
 
-	token = p11_token_new (1, argv[1]);
+	token = p11_token_new (1, argv[1], "Label");
 	count = p11_token_load (token);
 
 	printf ("%d files loaded\n", count);
diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c
index de0a3b1..57df78e 100644
--- a/trust/tests/test-module.c
+++ b/trust/tests/test-module.c
@@ -184,6 +184,8 @@ test_get_slot_info (CuTest *cu)
 static void
 test_get_token_info (CuTest *cu)
 {
+	CK_C_INITIALIZE_ARGS args;
+	CK_FUNCTION_LIST *module;
 	CK_SLOT_ID slots[NUM_SLOTS];
 	CK_TOKEN_INFO info;
 	char label[32];
@@ -193,20 +195,29 @@ test_get_token_info (CuTest *cu)
 
 	/* These are the paths passed in in setup() */
 	const char *labels[] = {
-		"input",
-		"self-signed-with-ku.der",
-		"thawte.pem"
+		"System Trust",
+		"Default Trust",
+		"the-basename",
 	};
 
-	setup (cu);
+	/* This is the entry point of the trust module, linked to this test */
+	rv = C_GetFunctionList (&module);
+	CuAssertTrue (cu, rv == CKR_OK);
+
+	memset (&args, 0, sizeof (args));
+	args.pReserved = "paths='" SYSCONFDIR "/input:" DATADIR "/files/blah:" "/some/other/path/the-basename'";
+	args.flags = CKF_OS_LOCKING_OK;
+
+	rv = module->C_Initialize (&args);
+	CuAssertTrue (cu, rv == CKR_OK);
 
 	count = NUM_SLOTS;
-	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
+	rv = module->C_GetSlotList (CK_TRUE, slots, &count);
+	CuAssertTrue (cu, rv == CKR_OK);
+	CuAssertTrue (cu, count == NUM_SLOTS);
 
 	for (i = 0; i < NUM_SLOTS; i++) {
-		rv = test.module->C_GetTokenInfo (slots[i], &info);
+		rv = module->C_GetTokenInfo (slots[i], &info);
 		CuAssertIntEquals (cu, CKR_OK, rv);
 
 		memset (label, ' ', sizeof (label));
@@ -214,7 +225,8 @@ test_get_token_info (CuTest *cu)
 		CuAssertTrue (cu, memcmp (info.label, label, sizeof (label)) == 0);
 	}
 
-	teardown (cu);
+	rv = module->C_Finalize (NULL);
+	CuAssertIntEquals (cu, CKR_OK, rv);
 }
 
 static void
diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c
index c62fae2..ebe434d 100644
--- a/trust/tests/test-token.c
+++ b/trust/tests/test-token.c
@@ -54,7 +54,7 @@ static void
 setup (CuTest *cu,
        const char *path)
 {
-	test.token = p11_token_new (333, path);
+	test.token = p11_token_new (333, path, "Label");
 	CuAssertPtrNotNull (cu, test.token);
 }
 
@@ -208,6 +208,16 @@ test_token_path (CuTest *cu)
 }
 
 static void
+test_token_label (CuTest *cu)
+{
+	setup (cu, "/wheee");
+
+	CuAssertStrEquals (cu, "Label", p11_token_get_label (test.token));
+
+	teardown (cu);
+}
+
+static void
 test_token_slot (CuTest *cu)
 {
 	setup (cu, "/unneeded");
@@ -231,6 +241,7 @@ main (void)
 	SUITE_ADD_TEST (suite, test_token_load);
 	SUITE_ADD_TEST (suite, test_token_flags);
 	SUITE_ADD_TEST (suite, test_token_path);
+	SUITE_ADD_TEST (suite, test_token_label);
 	SUITE_ADD_TEST (suite, test_token_slot);
 
 	CuSuiteRun (suite);
diff --git a/trust/token.c b/trust/token.c
index b0c0704..e0c2089 100644
--- a/trust/token.c
+++ b/trust/token.c
@@ -62,7 +62,8 @@ struct _p11_token {
 	p11_parser *parser;
 	p11_index *index;
 	p11_builder *builder;
-	const char *path;
+	char *path;
+	char *label;
 	CK_SLOT_ID slot;
 	int loaded;
 };
@@ -253,15 +254,21 @@ p11_token_free (p11_token *token)
 	p11_index_free (token->index);
 	p11_parser_free (token->parser);
 	p11_builder_free (token->builder);
+	free (token->path);
+	free (token->label);
 	free (token);
 }
 
 p11_token *
 p11_token_new (CK_SLOT_ID slot,
-               const char *path)
+               const char *path,
+               const char *label)
 {
 	p11_token *token;
 
+	return_val_if_fail (path != NULL, NULL);
+	return_val_if_fail (label != NULL, NULL);
+
 	token = calloc (1, sizeof (p11_token));
 	return_val_if_fail (token != NULL, NULL);
 
@@ -280,13 +287,24 @@ p11_token_new (CK_SLOT_ID slot,
 	token->path = strdup (path);
 	return_val_if_fail (token->path != NULL, NULL);
 
+	token->label = strdup (label);
+	return_val_if_fail (token->label != NULL, NULL);
+
 	token->slot = slot;
 	token->loaded = 0;
 
+	p11_debug ("token: %s: %s", token->label, token->path);
 	return token;
 }
 
 const char *
+p11_token_get_label (p11_token *token)
+{
+	return_val_if_fail (token != NULL, NULL);
+	return token->label;
+}
+
+const char *
 p11_token_get_path (p11_token *token)
 {
 	return_val_if_fail (token != NULL, NULL);
diff --git a/trust/token.h b/trust/token.h
index 43cebaa..d7375e7 100644
--- a/trust/token.h
+++ b/trust/token.h
@@ -42,7 +42,8 @@
 typedef struct _p11_token p11_token;
 
 p11_token *     p11_token_new         (CK_SLOT_ID slot,
-                                       const char *path);
+                                       const char *path,
+                                       const char *label);
 
 void            p11_token_free        (p11_token *token);
 
@@ -52,6 +53,8 @@ p11_index *     p11_token_index       (p11_token *token);
 
 const char *    p11_token_get_path    (p11_token *token);
 
+const char *    p11_token_get_label   (p11_token *token);
+
 CK_SLOT_ID      p11_token_get_slot    (p11_token *token);
 
 #endif /* P11_TOKEN_H_ */
author	Stef Walter <stefw@gnome.org>	2013-03-19 19:03:12 +0100
committer	Stef Walter <stefw@gnome.org>	2013-03-19 19:16:30 +0100
commit	80303340701c2cba78937193084f3d716b883b55 (patch)
tree	de4b51e53827a1ec300913a00a6c1121eb06db7a
parent	832015f1fd91a9e94478514d7fe9b21e050f121a (diff)
download	p11-kit-80303340701c2cba78937193084f3d716b883b55.tar.gz