attrs: Print out the CKA_VALUE for certificates when debugging

While it's true that we shouldn't be pritning out CKA_VALUE in
certain cases, like for keys, we obviously can do so for certificates.

We don't have keys anyway, but in the interest of being general
purpose use the class to determine whether CKA_VALUE can be printed

5 files changed, 63 insertions, 20 deletions

diff --git a/common/attrs.c b/common/attrs.c
index cce1aaf..e656189 100644
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -274,7 +274,7 @@ p11_attrs_findn (CK_ATTRIBUTE *attrs,
 }
 
 bool
-p11_attrs_find_bool (CK_ATTRIBUTE *attrs,
+p11_attrs_find_bool (const CK_ATTRIBUTE *attrs,
                      CK_ATTRIBUTE_TYPE type,
                      CK_BBOOL *value)
 {
@@ -293,7 +293,7 @@ p11_attrs_find_bool (CK_ATTRIBUTE *attrs,
 }
 
 bool
-p11_attrs_findn_bool (CK_ATTRIBUTE *attrs,
+p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs,
                       CK_ULONG count,
                       CK_ATTRIBUTE_TYPE type,
                       CK_BBOOL *value)
@@ -313,7 +313,7 @@ p11_attrs_findn_bool (CK_ATTRIBUTE *attrs,
 }
 
 bool
-p11_attrs_find_ulong (CK_ATTRIBUTE *attrs,
+p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs,
                       CK_ATTRIBUTE_TYPE type,
                       CK_ULONG *value)
 {
@@ -331,6 +331,26 @@ p11_attrs_find_ulong (CK_ATTRIBUTE *attrs,
 	return false;
 }
 
+bool
+p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs,
+                       CK_ULONG count,
+                       CK_ATTRIBUTE_TYPE type,
+                       CK_ULONG *value)
+{
+	CK_ULONG i;
+
+	for (i = 0; i < count; i++) {
+		if (attrs[i].type == type &&
+		    attrs[i].ulValueLen == sizeof (CK_ULONG) &&
+		    attrs[i].pValue != NULL) {
+			*value = *((CK_ULONG *)attrs[i].pValue);
+			return true;
+		}
+	}
+
+	return false;
+}
+
 void *
 p11_attrs_find_value (CK_ATTRIBUTE *attrs,
                       CK_ATTRIBUTE_TYPE type,
@@ -551,7 +571,8 @@ attribute_is_trust_value (const CK_ATTRIBUTE *attr)
 }
 
 static bool
-attribute_is_sensitive (const CK_ATTRIBUTE *attr)
+attribute_is_sensitive (const CK_ATTRIBUTE *attr,
+                        CK_OBJECT_CLASS klass)
 {
 	/*
 	 * Don't print any just attribute, since they may contain
@@ -667,6 +688,9 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr)
 	X (CKA_TRUST_STEP_UP_APPROVED)
 	X (CKA_CERT_SHA1_HASH)
 	X (CKA_CERT_MD5_HASH)
+	case CKA_VALUE:
+		return (klass != CKO_CERTIFICATE &&
+			klass != CKO_X_CERTIFICATE_EXTENSION);
 	#undef X
 	}
 
@@ -786,7 +810,8 @@ format_some_bytes (p11_buffer *buffer,
 
 static void
 format_attribute (p11_buffer *buffer,
-                  const CK_ATTRIBUTE *attr)
+                  const CK_ATTRIBUTE *attr,
+                  CK_OBJECT_CLASS klass)
 {
 	p11_buffer_add (buffer, "{ ", -1);
 	format_attribute_type (buffer, attr->type);
@@ -805,7 +830,7 @@ format_attribute (p11_buffer *buffer,
 		format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue));
 	} else if (attribute_is_trust_value (attr)) {
 		format_trust_value (buffer, *((CK_TRUST *)attr->pValue));
-	} else if (attribute_is_sensitive (attr)) {
+	} else if (attribute_is_sensitive (attr, klass)) {
 		buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen);
 	} else {
 		buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen);
@@ -820,10 +845,15 @@ format_attributes (p11_buffer *buffer,
                    int count)
 {
 	CK_BBOOL first = CK_TRUE;
+	CK_OBJECT_CLASS klass;
 	int i;
 
 	if (count < 0)
 		count = p11_attrs_count (attrs);
+
+	if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass))
+		klass = CKA_INVALID;
+
 	buffer_append_printf (buffer, "(%d) [", count);
 	for (i = 0; i < count; i++) {
 		if (first)
@@ -831,7 +861,7 @@ format_attributes (p11_buffer *buffer,
 		else
 			p11_buffer_add (buffer, ", ", 2);
 		first = CK_FALSE;
-		format_attribute (buffer, attrs + i);
+		format_attribute (buffer, attrs + i, klass);
 	}
 	p11_buffer_add (buffer, " ]", -1);
 }
@@ -848,11 +878,12 @@ p11_attrs_to_string (const CK_ATTRIBUTE *attrs,
 }
 
 char *
-p11_attr_to_string (const CK_ATTRIBUTE *attr)
+p11_attr_to_string (const CK_ATTRIBUTE *attr,
+                    CK_OBJECT_CLASS klass)
 {
 	p11_buffer buffer;
 	if (!p11_buffer_init_null (&buffer, 32))
 		return_val_if_reached (NULL);
-	format_attribute (&buffer, attr);
+	format_attribute (&buffer, attr, klass);
 	return p11_buffer_steal (&buffer, NULL);
 }
diff --git a/common/attrs.h b/common/attrs.h
index 87e0af1..233ac79 100644
--- a/common/attrs.h
+++ b/common/attrs.h
@@ -74,16 +74,21 @@ CK_ATTRIBUTE *      p11_attrs_findn         (CK_ATTRIBUTE *attrs,
                                              CK_ULONG count,
                                              CK_ATTRIBUTE_TYPE type);
 
-bool                p11_attrs_find_bool     (CK_ATTRIBUTE *attrs,
+bool                p11_attrs_find_bool     (const CK_ATTRIBUTE *attrs,
                                              CK_ATTRIBUTE_TYPE type,
                                              CK_BBOOL *value);
 
-bool                p11_attrs_findn_bool    (CK_ATTRIBUTE *attrs,
+bool                p11_attrs_findn_bool    (const CK_ATTRIBUTE *attrs,
                                              CK_ULONG count,
                                              CK_ATTRIBUTE_TYPE type,
                                              CK_BBOOL *value);
 
-bool                p11_attrs_find_ulong    (CK_ATTRIBUTE *attrs,
+bool                p11_attrs_find_ulong    (const CK_ATTRIBUTE *attrs,
+                                             CK_ATTRIBUTE_TYPE type,
+                                             CK_ULONG *value);
+
+bool                p11_attrs_findn_ulong   (const CK_ATTRIBUTE *attrs,
+                                             CK_ULONG count,
                                              CK_ATTRIBUTE_TYPE type,
                                              CK_ULONG *value);
 
@@ -107,7 +112,8 @@ bool                p11_attrs_matchn        (const CK_ATTRIBUTE *attrs,
 char *              p11_attrs_to_string     (const CK_ATTRIBUTE *attrs,
                                              int count);
 
-char *              p11_attr_to_string      (const CK_ATTRIBUTE *attr);
+char *              p11_attr_to_string      (const CK_ATTRIBUTE *attr,
+                                             CK_OBJECT_CLASS klass);
 
 bool                p11_attr_equal          (const void *one,
                                              const void *two);
diff --git a/common/tests/test-attrs.c b/common/tests/test-attrs.c
index 61fcef3..324ed90 100644
--- a/common/tests/test-attrs.c
+++ b/common/tests/test-attrs.c
@@ -470,7 +470,7 @@ test_to_string (CuTest *tc)
 	char *string;
 
 
-	string = p11_attr_to_string (&one);
+	string = p11_attr_to_string (&one, CKA_INVALID);
 	CuAssertStrEquals (tc, "{ CKA_LABEL = (3) \"yay\" }", string);
 	free (string);
 
diff --git a/trust/tests/test-data.c b/trust/tests/test-data.c
index b235f33..6c55fd0 100644
--- a/trust/tests/test-data.c
+++ b/trust/tests/test-data.c
@@ -104,7 +104,7 @@ test_check_id_msg (CuTest *cu,
 	one = p11_attrs_find (expected, CKA_ID);
 	two = p11_attrs_find (attr, CKA_ID);
 
-	test_check_attr_msg (cu, file, line, one, two);
+	test_check_attr_msg (cu, file, line, CKA_INVALID, one, two);
 }
 
 void
@@ -114,11 +114,15 @@ test_check_attrs_msg (CuTest *cu,
                       CK_ATTRIBUTE *expected,
                       CK_ATTRIBUTE *attrs)
 {
+	CK_OBJECT_CLASS klass;
 	CK_ATTRIBUTE *attr;
 
+	if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass))
+		klass = CKA_INVALID;
+
 	while (!p11_attrs_terminator (expected)) {
 		attr = p11_attrs_find (attrs, expected->type);
-		test_check_attr_msg (cu, file, line, expected, attr);
+		test_check_attr_msg (cu, file, line, klass, expected, attr);
 		expected++;
 	}
 }
@@ -127,6 +131,7 @@ void
 test_check_attr_msg (CuTest *cu,
                      const char *file,
                      int line,
+                     CK_OBJECT_CLASS klass,
                      CK_ATTRIBUTE *expected,
                      CK_ATTRIBUTE *attr)
 {
@@ -135,14 +140,14 @@ test_check_attr_msg (CuTest *cu,
 
 	if (attr == NULL) {
 		asprintf (&message, "expected %s but found NULL",
-		          p11_attr_to_string (expected));
+		          p11_attr_to_string (expected, klass));
 		CuFail_Line (cu, file, line, "attribute does not match", message);
 	}
 
 	if (!p11_attr_equal (attr, expected)) {
 		asprintf (&message, "expected %s but found %s",
-		          p11_attr_to_string (expected),
-		          p11_attr_to_string (attr));
+		          p11_attr_to_string (expected, klass),
+		          p11_attr_to_string (attr, klass));
 		CuFail_Line (cu, file, line, "attribute does not match", message);
 	}
 }
diff --git a/trust/tests/test-data.h b/trust/tests/test-data.h
index 9daff87..275dd70 100644
--- a/trust/tests/test-data.h
+++ b/trust/tests/test-data.h
@@ -68,11 +68,12 @@ void      test_check_attrs_msg         (CuTest *cu,
                                         CK_ATTRIBUTE *attrs);
 
 #define   test_check_attr(cu, expected, attr) \
-	test_check_attr_msg (cu, __FILE__, __LINE__, expected, attr)
+	test_check_attr_msg (cu, __FILE__, __LINE__, CKA_INVALID, expected, attr)
 
 void      test_check_attr_msg          (CuTest *cu,
                                         const char *file,
                                         int line,
+                                        CK_OBJECT_CLASS klass,
                                         CK_ATTRIBUTE *expected,
                                         CK_ATTRIBUTE *attr);