diff options
| author | Stef Walter <stef@thewalter.net> | 2014-09-12 15:37:02 +0200 |
|---|---|---|
| committer | Stef Walter <stefw@redhat.com> | 2014-10-09 11:49:59 +0200 |
| commit | b3579cb54bd5cd16e9740404408b2505b4b1e26b (patch) | |
| tree | 78b63008d006071f4173ac8107da5e37a740fde7 /trust/persist.c | |
| parent | c1dd399d265f20bd3df4dc76dcf735aba1ffa515 (diff) | |
| download | p11-kit-b3579cb54bd5cd16e9740404408b2505b4b1e26b.tar.gz | |
trust: Allow 'BEGIN PUBLIC KEY' PEM blocks in .p11-kit files
These PEM blocks contribute a CKA_PUBLIC_KEY_INFO to the object
being read/written.
https://bugs.freedesktop.org/show_bug.cgi?id=83799
Diffstat (limited to 'trust/persist.c')
| -rw-r--r-- | trust/persist.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/trust/persist.c b/trust/persist.c index 1b41568..ae76342 100644 --- a/trust/persist.c +++ b/trust/persist.c @@ -557,6 +557,15 @@ certificate_to_attributes (const unsigned char *der, return p11_attrs_build (NULL, &klass, &certificate_type, &value, NULL); } +static CK_ATTRIBUTE * +public_key_to_attributes (const unsigned char *der, + size_t length) +{ + /* Eventually we might choose to contribute a class here ... */ + CK_ATTRIBUTE public_key = { CKA_PUBLIC_KEY_INFO, (void *)der, length }; + return p11_attrs_build (NULL, &public_key, NULL); +} + typedef struct { p11_lexer *lexer; CK_ATTRIBUTE *attrs; @@ -577,6 +586,11 @@ on_pem_block (const char *type, pb->attrs = p11_attrs_merge (pb->attrs, attrs, false); pb->result = true; + } else if (strcmp (type, "PUBLIC KEY") == 0) { + attrs = public_key_to_attributes (contents, length); + pb->attrs = p11_attrs_merge (pb->attrs, attrs, false); + pb->result = true; + } else { p11_lexer_msg (pb->lexer, "unsupported pem block in store"); pb->result = false; @@ -697,10 +711,12 @@ p11_persist_write (p11_persist *persist, { char string[sizeof (CK_ULONG) * 4]; CK_ATTRIBUTE *cert_value; + CK_ATTRIBUTE *spki_value; const char *nick; int i; cert_value = find_certificate_value (attrs); + spki_value = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); p11_buffer_add (buf, "[" PERSIST_HEADER "]\n", -1); @@ -713,6 +729,11 @@ p11_persist_write (p11_persist *persist, attrs[i].type == CKA_VALUE)) continue; + /* These are written later? */ + if (spki_value != NULL && + attrs[i].type == CKA_PUBLIC_KEY_INFO) + continue; + /* These are never written */ if (attrs[i].type == CKA_TOKEN || attrs[i].type == CKA_X_ORIGIN || @@ -737,6 +758,9 @@ p11_persist_write (p11_persist *persist, if (cert_value != NULL) { if (!p11_pem_write (cert_value->pValue, cert_value->ulValueLen, "CERTIFICATE", buf)) return_val_if_reached (false); + } else if (spki_value != NULL) { + if (!p11_pem_write (spki_value->pValue, spki_value->ulValueLen, "PUBLIC KEY", buf)) + return_val_if_reached (false); } p11_buffer_add (buf, "\n", 1); |