[rs-commit] r36 - /redwax-tool/trunk/redwax_p11kit.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Thu Nov 18 13:22:04 CET 2021
Author: minfrin at redwax.eu
Date: Thu Nov 18 13:22:03 2021
New Revision: 36
Log:
Read the class from the smartcard first to determine object type.
Modified:
redwax-tool/trunk/redwax_p11kit.c
Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c (original)
+++ redwax-tool/trunk/redwax_p11kit.c Thu Nov 18 13:22:03 2021
@@ -1119,12 +1119,13 @@
while (1) {
+ CK_OBJECT_CLASS clazz;
+
CK_ATTRIBUTE class_template[] = {
- {CKA_CLASS, NULL_PTR, 0},
- {CKA_CERTIFICATE_TYPE, NULL_PTR, 0}
+ {CKA_CLASS, NULL_PTR, 0}
};
- int class_template_len = 2;
+ int class_template_len = 1;
ret = module->C_FindObjects(session, &object, 1,
&object_count);
@@ -1134,138 +1135,173 @@
ret = redwax_p11kit_read_attributes(pool, module, session, object,
class_template, class_template_len);
- if (ret == CKR_OK) {
-
- CK_OBJECT_CLASS clazz = *(CK_OBJECT_CLASS_PTR)class_template[0].pValue;
- CK_CERTIFICATE_TYPE type = *(CK_CERTIFICATE_TYPE *)class_template[1].pValue;
-
- /* 4.6 Certificate objects */
- if (CKO_CERTIFICATE == clazz) {
-
- /* 4.6.3 X.509 public key certificate objects */
- if (CKC_X_509 == type) {
-
- CK_ATTRIBUTE cert_template[] =
- { { CKA_VALUE, NULL_PTR, 0 }, { CKA_TRUSTED, NULL_PTR, 0 } };
- int cert_template_len = 2;
-
- ret = redwax_p11kit_read_attributes(pool, module, session, object,
- cert_template, cert_template_len);
- if (ret == CKR_OK || ret == CKR_ATTRIBUTE_SENSITIVE
- || ret == CKR_ATTRIBUTE_TYPE_INVALID) {
-
- CK_BBOOL trusted = *(CK_BBOOL *)cert_template[1].pValue;
-
- redwax_certificate_t *cert = apr_pcalloc(pool,
- sizeof(redwax_certificate_t));
-
- apr_pool_create(&cert->pool, r->pool);
-
- cert->common.type = REDWAX_CERTIFICATE_X509;
-
- cert->der = apr_pmemdup(cert->pool,
- cert_template[0].pValue,
- cert_template[0].ulValueLen);
- cert->len = cert_template[0].ulValueLen;
-
- rt_run_normalise_certificate(r, cert, 1);
-
- if (REDWAX_CERTIFICATE_INTERMEDIATE
- == cert->common.category && trusted) {
- cert->common.category = REDWAX_CERTIFICATE_TRUSTED;
- }
-
- switch (cert->common.category) {
- case REDWAX_CERTIFICATE_END_ENTITY: {
-
- redwax_certificate_t *c = apr_array_push(r->certs_in);
- memcpy(c, cert, sizeof(*cert));
-
- redwax_print_error(r, "pkcs11-in: certificate: %s\n",
- cert->common.subject);
-
- break;
- }
- case REDWAX_CERTIFICATE_INTERMEDIATE: {
-
- redwax_certificate_t *c = apr_array_push(r->intermediates_in);
- memcpy(c, cert, sizeof(*cert));
-
- redwax_print_error(r, "pkcs11-in: intermediate: %s\n",
- cert->common.subject);
-
- break;
- }
- case REDWAX_CERTIFICATE_ROOT: {
-
- // fixme: root, but nowhere to put it
-
- redwax_certificate_t *c = apr_array_push(r->trusted_in);
- memcpy(c, cert, sizeof(*cert));
-
- redwax_print_error(r, "pkcs11-in: root: %s\n",
- cert->common.subject);
-
- break;
- }
- case REDWAX_CERTIFICATE_TRUSTED: {
-
- redwax_certificate_t *c = apr_array_push(r->trusted_in);
- memcpy(c, cert, sizeof(*cert));
-
- redwax_print_error(r, "pkcs11-in: trusted: %s\n",
- cert->common.subject);
-
- break;
- }
- default: {
-
- redwax_print_error(r, "pkcs11-in: unrecognised "
- "certificate, skipped: %s\n",
- cert->common.subject);
-
- break;
- }
- }
-
- }
-
- }
-
- /* 4.6.4 WTLS public key certificate objects */
- else if (CKC_WTLS == type) {
-
- redwax_print_error(r,
- "pkcs11-in: WTLS certificate found on '%s', skipping\n",
- redwax_pstrntrim(pool, (const char*) tokenInfo->label,
- sizeof(tokenInfo->label)));
-
- }
-
- /* 4.6.5 X.509 attribute certificate objects */
- else if (CKC_X_509_ATTR_CERT == type) {
-
- redwax_print_error(r,
- "pkcs11-in: Attribute certificate cert found on '%s', skipping\n",
- redwax_pstrntrim(pool, (const char*) tokenInfo->label,
- sizeof(tokenInfo->label)));
-
- }
-
- }
-
- else if (CKO_PRIVATE_KEY == clazz) {
-
- redwax_print_error(r,
- "pkcs11-in: Private key found on '%s', skipping\n",
- redwax_pstrntrim(pool, (const char*) tokenInfo->label,
- sizeof(tokenInfo->label)));
-
- }
-
- /* all other object types are ignored for now */
-
- }
+ if (ret != CKR_OK) {
+
+ /* ignore anything we cannot read */
+ continue;
+ }
+
+ clazz = *(CK_OBJECT_CLASS_PTR)class_template[0].pValue;
+
+ /* 4.6 Certificate objects */
+ if (CKO_CERTIFICATE == clazz) {
+
+ CK_CERTIFICATE_TYPE type;
+
+ CK_ATTRIBUTE type_template[] = {
+ {CKA_CERTIFICATE_TYPE, NULL_PTR, 0}
+ };
+
+ int type_template_len = 1;
+
+ ret = redwax_p11kit_read_attributes(pool, module, session, object,
+ type_template, type_template_len);
+ if (ret != CKR_OK) {
+
+ /* ignore anything we cannot read */
+ continue;
+ }
+
+ type = *(CK_CERTIFICATE_TYPE *)class_template[0].pValue;
+
+ /* 4.6.3 X.509 public key certificate objects */
+ /* 4.6.5 X.509 attribute certificate objects */
+ if (CKC_X_509 == type || CKC_X_509_ATTR_CERT == type) {
+
+ CK_ATTRIBUTE cert_template[] =
+ { { CKA_VALUE, NULL_PTR, 0 }, { CKA_TRUSTED, NULL_PTR, 0 } };
+ int cert_template_len = 2;
+
+ ret = redwax_p11kit_read_attributes(pool, module, session, object,
+ cert_template, cert_template_len);
+ if (ret == CKR_OK || ret == CKR_ATTRIBUTE_SENSITIVE
+ || ret == CKR_ATTRIBUTE_TYPE_INVALID) {
+
+ CK_BBOOL trusted = *(CK_BBOOL *)cert_template[1].pValue;
+
+ redwax_certificate_t *cert = apr_pcalloc(pool,
+ sizeof(redwax_certificate_t));
+
+ apr_pool_create(&cert->pool, r->pool);
+
+ cert->common.type = REDWAX_CERTIFICATE_X509;
+
+ cert->der = apr_pmemdup(cert->pool,
+ cert_template[0].pValue,
+ cert_template[0].ulValueLen);
+ cert->len = cert_template[0].ulValueLen;
+
+ rt_run_normalise_certificate(r, cert, 1);
+
+ if (REDWAX_CERTIFICATE_INTERMEDIATE
+ == cert->common.category && trusted) {
+ cert->common.category = REDWAX_CERTIFICATE_TRUSTED;
+ }
+
+ switch (cert->common.category) {
+ case REDWAX_CERTIFICATE_END_ENTITY: {
+
+ redwax_certificate_t *c = apr_array_push(r->certs_in);
+ memcpy(c, cert, sizeof(*cert));
+
+ redwax_print_error(r, "pkcs11-in: certificate: %s\n",
+ cert->common.subject);
+
+ break;
+ }
+ case REDWAX_CERTIFICATE_INTERMEDIATE: {
+
+ redwax_certificate_t *c = apr_array_push(r->intermediates_in);
+ memcpy(c, cert, sizeof(*cert));
+
+ redwax_print_error(r, "pkcs11-in: intermediate: %s\n",
+ cert->common.subject);
+
+ break;
+ }
+ case REDWAX_CERTIFICATE_ROOT: {
+
+ // fixme: root, but nowhere to put it
+
+ redwax_certificate_t *c = apr_array_push(r->trusted_in);
+ memcpy(c, cert, sizeof(*cert));
+
+ redwax_print_error(r, "pkcs11-in: root: %s\n",
+ cert->common.subject);
+
+ break;
+ }
+ case REDWAX_CERTIFICATE_TRUSTED: {
+
+ redwax_certificate_t *c = apr_array_push(r->trusted_in);
+ memcpy(c, cert, sizeof(*cert));
+
+ redwax_print_error(r, "pkcs11-in: trusted: %s\n",
+ cert->common.subject);
+
+ break;
+ }
+ default: {
+
+ redwax_print_error(r, "pkcs11-in: unrecognised "
+ "certificate, skipped: %s\n",
+ cert->common.subject);
+
+ break;
+ }
+ }
+
+ }
+
+ }
+
+ /* 4.6.4 WTLS public key certificate objects */
+ else if (CKC_WTLS == type) {
+
+ redwax_print_error(r,
+ "pkcs11-in: WTLS certificate found on '%s', skipping\n",
+ redwax_pstrntrim(pool, (const char*) tokenInfo->label,
+ sizeof(tokenInfo->label)));
+
+ }
+
+ /* all other certs */
+ else {
+
+ redwax_print_error(r,
+ "pkcs11-in: Certificate '%s' with type %d not understood, skipping\n",
+ redwax_pstrntrim(pool, (const char*) tokenInfo->label,
+ sizeof(tokenInfo->label)), (int)type);
+
+ }
+
+ }
+
+ else if (CKO_PUBLIC_KEY == clazz) {
+
+ /* we ignore public keys for now */
+
+ }
+
+ else if (CKO_PRIVATE_KEY == clazz) {
+
+ redwax_print_error(r,
+ "pkcs11-in: Private key found on '%s', skipping\n",
+ redwax_pstrntrim(pool, (const char*) tokenInfo->label,
+ sizeof(tokenInfo->label)));
+
+ }
+ else {
+
+ redwax_print_error(r,
+ "pkcs11-in: Object %d found on '%s', skipping\n",
+ (int)clazz, redwax_pstrntrim(pool, (const char*) tokenInfo->label,
+ sizeof(tokenInfo->label)));
+
+ }
+
+ /* all other object types are ignored for now */
+
}
More information about the rs-commit
mailing list