trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec

 * Use the concepts and PKCS#11 objects described in the
   recently updated (still work in progress) storing trust spec.
 * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
   the CKA_PUBLIC_KEY_INFO isn't defined yet.
 * Most notably, the association between certificates and stapled
   extensions is by public key.
 * Rework some of the tests to take into account the above.

1 files changed, 21 insertions, 16 deletions

diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c
index 312a779..b7603b0 100644
--- a/trust/extract-openssl.c
+++ b/trust/extract-openssl.c
@@ -106,20 +106,24 @@ load_usage_ext (p11_extract_info *ex,
                 const unsigned char *ext_oid,
                 p11_array **oids)
 {
-	CK_ATTRIBUTE attr = { CKA_OBJECT_ID, (void *)ext_oid,
-	                      p11_oid_length (ext_oid) };
-	void *value;
+	unsigned char *value;
+	node_asn *ext = NULL;
 	size_t length;
 
-	value = p11_attrs_find_value (p11_dict_get (ex->stapled, &attr), CKA_VALUE, &length);
-	if (value == NULL) {
+	if (ex->stapled)
+		ext = p11_dict_get (ex->stapled, ext_oid);
+	if (ext == NULL) {
 		*oids = NULL;
 		return true;
 	}
 
+	value = p11_asn1_read (ext, "extnValue", &length);
+	return_val_if_fail (value != NULL, false);
+
 	*oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length);
 	return_val_if_fail (*oids != NULL, false);
 
+	free (value);
 	return true;
 }
 
@@ -221,21 +225,22 @@ static bool
 write_keyid (p11_extract_info *ex,
              node_asn *asn)
 {
-	CK_ATTRIBUTE attr = { CKA_OBJECT_ID,
-	                      (void *)P11_OID_SUBJECT_KEY_IDENTIFIER,
-	                      sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) };
-	CK_ATTRIBUTE *value;
+	unsigned char *value = NULL;
+	node_asn *ext = NULL;
+	size_t length = 0;
 	int ret;
 
-	value = p11_attrs_find_valid (p11_dict_get (ex->stapled, &attr), CKA_VALUE);
-	if (value == NULL) {
-		ret = asn1_write_value (asn, "keyid", NULL, 0);
-		return_val_if_fail (ret == ASN1_SUCCESS, false);
-	} else {
-		ret = asn1_write_value (asn, "keyid", value->pValue, value->ulValueLen);
-		return_val_if_fail (ret == ASN1_SUCCESS, false);
+	if (ex->stapled)
+		ext = p11_dict_get (ex->stapled, P11_OID_SUBJECT_KEY_IDENTIFIER);
+	if (ext != NULL) {
+		value = p11_asn1_read (ext, "extnValue", &length);
+		return_val_if_fail (value != NULL, false);
 	}
 
+	ret = asn1_write_value (asn, "keyid", value, length);
+	return_val_if_fail (ret == ASN1_SUCCESS, false);
+	free (value);
+
 	return true;
 }