[rs-commit] r56 - in /redwax-tool/trunk: redwax-tool.h redwax_nss.c redwax_openssl.c redwax_p11kit.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Nov 23 13:47:52 CET 2021
Author: minfrin at redwax.eu
Date: Tue Nov 23 13:47:51 2021
New Revision: 56
Log:
Add label to the metadata output, consistent naming.
Modified:
redwax-tool/trunk/redwax-tool.h
redwax-tool/trunk/redwax_nss.c
redwax-tool/trunk/redwax_openssl.c
redwax-tool/trunk/redwax_p11kit.c
Modified: redwax-tool/trunk/redwax-tool.h
==============================================================================
--- redwax-tool/trunk/redwax-tool.h (original)
+++ redwax-tool/trunk/redwax-tool.h Tue Nov 23 13:47:51 2021
@@ -146,7 +146,8 @@
const unsigned char *der;
apr_size_t len;
const char *origin;
- const char *name;
+ const char *label;
+ apr_size_t label_len;
void *ctx;
redwax_certificate_common_t common;
union {
@@ -209,7 +210,8 @@
const unsigned char *der;
apr_size_t len;
const char *origin;
- const char *name;
+ const char *label;
+ apr_size_t label_len;
void *ctx;
redwax_key_common_t common;
union {
Modified: redwax-tool/trunk/redwax_nss.c
==============================================================================
--- redwax-tool/trunk/redwax_nss.c (original)
+++ redwax-tool/trunk/redwax_nss.c Tue Nov 23 13:47:51 2021
@@ -105,6 +105,15 @@
return APR_SUCCESS;
}
+static apr_status_t cleanup_free(void *dummy)
+{
+ if (dummy) {
+ PORT_Free(dummy);
+ }
+
+ return APR_SUCCESS;
+}
+
static apr_status_t redwax_nss_initialise(redwax_tool_t *r)
{
return APR_SUCCESS;
@@ -353,7 +362,7 @@
PK11SlotInfo *slot;
CERTCertificate *x = NULL;
SECKEYPrivateKey *k = NULL;
- const char *name;
+ const char *label;
redwax_nss_secret_t s;
CK_TOKEN_INFO token = { { 0 } };
SECStatus rv;
@@ -416,8 +425,6 @@
s.what = apr_pstrndup(pool, (char*) token.label,
rtrim((char*) token.label, sizeof(token.label)));
- name = r->label_out;
-
if (r->key_out) {
for (i = 0; i < r->keys_out->nelts; i++)
{
@@ -427,8 +434,8 @@
siBuffer, (unsigned char *)key->der,
key->len};
- SECItem nickname = { siBuffer, (unsigned char*) key->name,
- key->name ? strlen(key->name) : 0 };
+ SECItem nickname = { siBuffer, (unsigned char*) key->label,
+ key->label_len };
if (!key->der) {
redwax_print_error(r, "nss-out: non-extractable private key, skipping\n");
@@ -467,7 +474,7 @@
}
}
- name = r->label_out;
+ label = r->label_out;
if (r->cert_out) {
for (i = 0; i < r->certs_out->nelts; i++)
@@ -484,10 +491,18 @@
apr_pool_cleanup_register(pool, x, cleanup_cert,
apr_pool_cleanup_null);
- if (!name) {
- CERTName *subject = CERT_AsciiToName(x->subjectName);
- if (subject) {
- name = CERT_GetCommonName(subject);
+ if (!label) {
+ if (cert->label) {
+ label = apr_pstrndup(pool, cert->label, cert->label_len);
+ }
+ else {
+ CERTName *subject = CERT_AsciiToName(x->subjectName);
+ if (subject) {
+ label = CERT_GetCommonName(subject);
+
+ apr_pool_cleanup_register(pool, label, cleanup_free,
+ apr_pool_cleanup_null);
+ }
}
}
@@ -499,10 +514,10 @@
apr_pool_cleanup_null);
if (k) {
- rv = PK11_ImportCertForKeyToSlot(slot, x, (char *)name, PR_TRUE, &s);
+ rv = PK11_ImportCertForKeyToSlot(slot, x, (char *)label, PR_TRUE, &s);
}
else {
- rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, name, PR_FALSE);
+ rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, label, PR_FALSE);
}
if (rv != SECSuccess) {
@@ -518,10 +533,10 @@
else {
if (k) {
- rv = PK11_ImportCertForKeyToSlot(slot, x, (char *)name, PR_TRUE, &s);
+ rv = PK11_ImportCertForKeyToSlot(slot, x, (char *)label, PR_TRUE, &s);
}
else {
- rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, name, PR_FALSE);
+ rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, label, PR_FALSE);
}
}
@@ -534,11 +549,11 @@
}
if (k) {
- PK11_SetPrivateKeyNickname(k, name);
+ PK11_SetPrivateKeyNickname(k, label);
}
/* we use the label once and once only */
- name = NULL;
+ label = NULL;
}
}
@@ -562,15 +577,23 @@
redwax_print_error(r, "nss-out: intermediate: %s\n", x->subjectName);
- subject = CERT_AsciiToName(x->subjectName);
- if (subject) {
- name = CERT_GetCommonName(subject);
+ if (cert->label) {
+ label = apr_pstrndup(pool, cert->label, cert->label_len);
}
else {
- name = apr_psprintf(pool, "(unspecified intermediate %d)", i);
- }
-
- rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, name, PR_FALSE);
+ subject = CERT_AsciiToName(x->subjectName);
+ if (subject) {
+ label = CERT_GetCommonName(subject);
+
+ apr_pool_cleanup_register(pool, label, cleanup_free,
+ apr_pool_cleanup_null);
+ }
+ else {
+ label = apr_psprintf(pool, "(unspecified intermediate %d)", i);
+ }
+ }
+
+ rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, label, PR_FALSE);
if (rv != SECSuccess) {
if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
@@ -583,7 +606,7 @@
}
else {
rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE,
- name, PR_FALSE);
+ label, PR_FALSE);
}
}
if (rv != SECSuccess) {
@@ -595,6 +618,7 @@
}
}
+// FIXME: we import trusted certs, but no roots
if (r->root_out || r->trust_out) {
@@ -617,14 +641,19 @@
redwax_print_error(r, "nss-out: trusted: %s\n", x->subjectName);
- name = cert->name;
- if (!name) {
+ if (cert->label) {
+ label = apr_pstrndup(pool, cert->label, cert->label_len);
+ }
+ else {
CERTName *subject = CERT_AsciiToName(x->subjectName);
if (subject) {
- name = CERT_GetCommonName(subject);
+ label = CERT_GetCommonName(subject);
+
+ apr_pool_cleanup_register(pool, label, cleanup_free,
+ apr_pool_cleanup_null);
}
else {
- name = apr_psprintf(pool, "(unspecified root %d)", i);
+ label = apr_psprintf(pool, "(unspecified root %d)", i);
}
}
@@ -638,7 +667,7 @@
return APR_EINVAL;
}
- rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, name, PR_FALSE);
+ rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, label, PR_FALSE);
if (rv != SECSuccess) {
if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
@@ -651,7 +680,7 @@
}
else {
rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE,
- name, PR_FALSE);
+ label, PR_FALSE);
}
}
if (rv != SECSuccess) {
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Tue Nov 23 13:47:51 2021
@@ -803,6 +803,8 @@
long len, error = 0;
+ int label_len;
+
if (!strcmp(file, "-")) {
if (r->complete) {
return APR_ENOENT;
@@ -905,6 +907,9 @@
}
cert->header = header;
+ cert->label = (const char *)X509_alias_get0(x, &label_len);
+ cert->label_len = label_len;
+
cert->der = data;
cert->len = len;
@@ -939,7 +944,8 @@
cert->common.category = REDWAX_CERTIFICATE_TRUSTED;
cert->header = header;
- cert->name = (const char *)X509_alias_get0(x, NULL);
+ cert->label = (const char *)X509_alias_get0(x, &label_len);
+ cert->label_len = label_len;
cert->len = i2d_X509(x, &der);
cert->der = der;
@@ -2148,6 +2154,10 @@
redwax_metadata_push_object(m, "Certificate", 0);
redwax_metadata_add_string(m, "Origin", cert->origin);
+ if (cert->label && cert->label_len) {
+ redwax_metadata_add_string(m, "Label",
+ apr_pstrndup(m->pool, cert->label, cert->label_len));
+ }
redwax_metadata_push_object(m, "Data", 0);
redwax_metadata_add_string(m, "Subject", cert->common.subject);
redwax_metadata_pop_object(m);
@@ -2185,6 +2195,10 @@
redwax_metadata_push_object(m, "Certificate", 0);
redwax_metadata_add_string(m, "Origin", cert->origin);
+ if (cert->label && cert->label_len) {
+ redwax_metadata_add_string(m, "Label",
+ apr_pstrndup(m->pool, cert->label, cert->label_len));
+ }
redwax_metadata_push_object(m, "Data", 0);
redwax_metadata_add_string(m, "Subject", cert->common.subject);
redwax_metadata_pop_object(m);
@@ -2217,6 +2231,10 @@
redwax_metadata_push_object(m, "Certificate", 0);
redwax_metadata_add_string(m, "Origin", cert->origin);
+ if (cert->label && cert->label_len) {
+ redwax_metadata_add_string(m, "Label",
+ apr_pstrndup(m->pool, cert->label, cert->label_len));
+ }
redwax_metadata_push_object(m, "Data", 0);
redwax_metadata_add_string(m, "Subject", cert->common.subject);
redwax_metadata_pop_object(m);
@@ -2238,6 +2256,10 @@
redwax_metadata_push_object(m, "Key", 0);
redwax_metadata_add_string(m, "Origin", key->origin);
+ if (key->label && key->label_len) {
+ redwax_metadata_add_string(m, "Label",
+ apr_pstrndup(m->pool, key->label, key->label_len));
+ }
redwax_metadata_pop_object(m);
}
Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c (original)
+++ redwax-tool/trunk/redwax_p11kit.c Tue Nov 23 13:47:51 2021
@@ -367,7 +367,7 @@
static apr_status_t redwax_pkcs11_write_cert(redwax_tool_t *r,
P11KitUri *parsed, CK_FUNCTION_LIST *module, CK_TOKEN_INFO *tokenInfo,
CK_SESSION_HANDLE session, const redwax_certificate_t *cert,
- const char *name)
+ const char *label)
{
CK_OBJECT_CLASS certificateClass = CKO_CERTIFICATE;
CK_CERTIFICATE_TYPE cert_type;
@@ -410,13 +410,13 @@
redwax_pkcs11_add_attribute(template, CKA_LABEL,
attr->pValue, attr->ulValueLen);
}
- else if (name) {
+ else if (label) {
redwax_pkcs11_add_attribute(template, CKA_LABEL,
- (void *)name, strlen(name));
- }
- else if (cert->name) {
+ (void *)label, strlen(label));
+ }
+ else if (cert->label) {
redwax_pkcs11_add_attribute(template, CKA_LABEL,
- (void *)cert->name, strlen(cert->name));
+ (void *)cert->label, cert->label_len);
}
/* CKA_CERTIFICATE_TYPE */
@@ -953,7 +953,7 @@
{
apr_pool_t *pool;
CK_SESSION_HANDLE session;
- const char *name;
+ const char *label;
redwax_pkcs11_session_t *s;
@@ -1008,7 +1008,7 @@
}
}
- name = r->label_out;
+ label = r->label_out;
if (r->cert_out) {
for (i = 0; i < r->certs_out->nelts; i++)
@@ -1021,13 +1021,13 @@
cert->common.subject);
status = redwax_pkcs11_write_cert(r, parsed, module, tokenInfo,
- session, cert, name);
+ session, cert, label);
if (status != APR_SUCCESS) {
return status;
}
/* we use the label once and once only */
- name = NULL;
+ label = NULL;
}
}
@@ -1043,7 +1043,7 @@
cert->common.subject);
status = redwax_pkcs11_write_cert(r, parsed, module, tokenInfo,
- session, cert, name);
+ session, cert, label);
if (status != APR_SUCCESS) {
return status;
}
@@ -1061,7 +1061,7 @@
cert->common.subject);
status = redwax_pkcs11_write_cert(r, parsed, module, tokenInfo,
- session, cert, name);
+ session, cert, label);
if (status != APR_SUCCESS) {
return status;
}
@@ -1225,10 +1225,11 @@
CK_OBJECT_CLASS clazz;
CK_ATTRIBUTE class_template[] = {
- {CKA_CLASS, NULL_PTR, 0}
+ {CKA_CLASS, NULL_PTR, 0},
+ {CKA_LABEL, NULL_PTR, 0}
};
- int class_template_len = 1;
+ int class_template_len = 2;
ret = module->C_FindObjects(session, &object, 1,
&object_count);
@@ -1298,6 +1299,11 @@
cert->origin = redwax_p11kit_origin(r, pool, module,
tokenInfo, session, object);
+
+ cert->label = redwax_pstrntrim(pool,
+ (const char*) class_template[1].pValue,
+ class_template[1].ulValueLen);
+ cert->label_len = strlen(cert->label);
if (REDWAX_CERTIFICATE_ROOT
== cert->common.category && trusted) {
@@ -1526,6 +1532,11 @@
key->origin = redwax_p11kit_origin(r, pool, module, tokenInfo,
session, object);
+
+ key->label = redwax_pstrntrim(pool,
+ (const char*) class_template[1].pValue,
+ class_template[1].ulValueLen);
+ key->label_len = strlen(key->label);
}
else {
More information about the rs-commit
mailing list