diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-04 15:48:38 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-04 15:48:38 +0200 |
commit | 7d4941715b5afc2ef8ea18716990d28965737c70 (patch) | |
tree | 65b860118fbcf084b855e3e8d78c818b6b8fe765 /trust/extract-openssl.c | |
parent | 2be55821c1ffab99b91c76c43c91dd95db1c21c7 (diff) | |
download | p11-kit-7d4941715b5afc2ef8ea18716990d28965737c70.tar.gz |
trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
Diffstat (limited to 'trust/extract-openssl.c')
-rw-r--r-- | trust/extract-openssl.c | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c index 312a779..b7603b0 100644 --- a/trust/extract-openssl.c +++ b/trust/extract-openssl.c @@ -106,20 +106,24 @@ load_usage_ext (p11_extract_info *ex, const unsigned char *ext_oid, p11_array **oids) { - CK_ATTRIBUTE attr = { CKA_OBJECT_ID, (void *)ext_oid, - p11_oid_length (ext_oid) }; - void *value; + unsigned char *value; + node_asn *ext = NULL; size_t length; - value = p11_attrs_find_value (p11_dict_get (ex->stapled, &attr), CKA_VALUE, &length); - if (value == NULL) { + if (ex->stapled) + ext = p11_dict_get (ex->stapled, ext_oid); + if (ext == NULL) { *oids = NULL; return true; } + value = p11_asn1_read (ext, "extnValue", &length); + return_val_if_fail (value != NULL, false); + *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length); return_val_if_fail (*oids != NULL, false); + free (value); return true; } @@ -221,21 +225,22 @@ static bool write_keyid (p11_extract_info *ex, node_asn *asn) { - CK_ATTRIBUTE attr = { CKA_OBJECT_ID, - (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, - sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }; - CK_ATTRIBUTE *value; + unsigned char *value = NULL; + node_asn *ext = NULL; + size_t length = 0; int ret; - value = p11_attrs_find_valid (p11_dict_get (ex->stapled, &attr), CKA_VALUE); - if (value == NULL) { - ret = asn1_write_value (asn, "keyid", NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } else { - ret = asn1_write_value (asn, "keyid", value->pValue, value->ulValueLen); - return_val_if_fail (ret == ASN1_SUCCESS, false); + if (ex->stapled) + ext = p11_dict_get (ex->stapled, P11_OID_SUBJECT_KEY_IDENTIFIER); + if (ext != NULL) { + value = p11_asn1_read (ext, "extnValue", &length); + return_val_if_fail (value != NULL, false); } + ret = asn1_write_value (asn, "keyid", value, length); + return_val_if_fail (ret == ASN1_SUCCESS, false); + free (value); + return true; } |