[rs-commit] r59 - in /redwax-tool/trunk: redwax_openssl.c redwax_p11kit.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Nov 23 15:42:15 CET 2021
Author: minfrin at redwax.eu
Date: Tue Nov 23 15:42:14 2021
New Revision: 59
Log:
Display Id in the metadata. Fix pool lifetime issues
with p11.
Modified:
redwax-tool/trunk/redwax_openssl.c
redwax-tool/trunk/redwax_p11kit.c
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Tue Nov 23 15:42:14 2021
@@ -2154,6 +2154,13 @@
redwax_metadata_push_object(m, "Certificate", 0);
redwax_metadata_add_string(m, "Origin", cert->origin);
+ if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
+ cert->x509->id_der && cert->x509->id_len) {
+ redwax_metadata_add_string(m, "Id",
+ redwax_pencode_base16_binary(m->pool,
+ cert->x509->id_der, cert->x509->id_len,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
if (cert->label && cert->label_len) {
redwax_metadata_add_string(m, "Label",
apr_pstrndup(m->pool, cert->label, cert->label_len));
@@ -2199,6 +2206,13 @@
redwax_metadata_push_object(m, "Certificate", 0);
redwax_metadata_add_string(m, "Origin", cert->origin);
+ if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
+ cert->x509->id_der && cert->x509->id_len) {
+ redwax_metadata_add_string(m, "Id",
+ redwax_pencode_base16_binary(m->pool,
+ cert->x509->id_der, cert->x509->id_len,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
if (cert->label && cert->label_len) {
redwax_metadata_add_string(m, "Label",
apr_pstrndup(m->pool, cert->label, cert->label_len));
@@ -2239,6 +2253,13 @@
redwax_metadata_push_object(m, "Certificate", 0);
redwax_metadata_add_string(m, "Origin", cert->origin);
+ if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
+ cert->x509->id_der && cert->x509->id_len) {
+ redwax_metadata_add_string(m, "Id",
+ redwax_pencode_base16_binary(m->pool,
+ cert->x509->id_der, cert->x509->id_len,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
if (cert->label && cert->label_len) {
redwax_metadata_add_string(m, "Label",
apr_pstrndup(m->pool, cert->label, cert->label_len));
@@ -2268,6 +2289,12 @@
redwax_metadata_push_object(m, "Key", 0);
redwax_metadata_add_string(m, "Origin", key->origin);
+ if (key->common.id_der && key->common.id_len) {
+ redwax_metadata_add_string(m, "Id",
+ redwax_pencode_base16_binary(m->pool,
+ key->common.id_der, key->common.id_len,
+ REDWAX_ENCODE_LOWER, NULL));
+ }
if (key->label && key->label_len) {
redwax_metadata_add_string(m, "Label",
apr_pstrndup(m->pool, key->label, key->label_len));
Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c (original)
+++ redwax-tool/trunk/redwax_p11kit.c Tue Nov 23 15:42:14 2021
@@ -1103,7 +1103,9 @@
static const char *redwax_p11kit_origin(redwax_tool_t *r, apr_pool_t *pool,
CK_FUNCTION_LIST *module, CK_TOKEN_INFO *tokenInfo,
- CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
+ CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+ const unsigned char **id_der, apr_size_t *id_len,
+ const char **label, apr_size_t *label_len)
{
P11KitUri *origin_uri;
CK_TOKEN_INFO_PTR ck_token_info;
@@ -1136,8 +1138,19 @@
/* set id */
p11_kit_uri_set_attribute(origin_uri, &template[0]);
- /* set object */
+ if (id_der && id_len) {
+ *id_der = template[0].pValue;
+ *id_len = template[0].ulValueLen;
+ }
+
+ /* set label */
p11_kit_uri_set_attribute(origin_uri, &template[1]);
+
+ if (label && label_len) {
+ *label = redwax_pstrntrim(pool, (const char*) template[1].pValue,
+ template[1].ulValueLen);
+ *label_len = strlen(*label);
+ }
/* set type */
p11_kit_uri_set_attribute(origin_uri, &template[2]);
@@ -1225,11 +1238,10 @@
CK_OBJECT_CLASS clazz;
CK_ATTRIBUTE class_template[] = {
- {CKA_CLASS, NULL_PTR, 0},
- {CKA_LABEL, NULL_PTR, 0}
+ {CKA_CLASS, NULL_PTR, 0}
};
- int class_template_len = 2;
+ int class_template_len = 1;
ret = module->C_FindObjects(session, &object, 1,
&object_count);
@@ -1266,27 +1278,32 @@
continue;
}
- type = *(CK_CERTIFICATE_TYPE *)class_template[0].pValue;
+ type = *(CK_CERTIFICATE_TYPE *)type_template[0].pValue;
/* 4.6.3 X.509 public key certificate objects */
/* 4.6.5 X.509 attribute certificate objects */
if (CKC_X_509 == type || CKC_X_509_ATTR_CERT == type) {
CK_ATTRIBUTE cert_template[] =
- { { CKA_VALUE, NULL_PTR, 0 }, { CKA_TRUSTED, NULL_PTR, 0 } };
+ { { CKA_VALUE, NULL_PTR, 0 },
+ { CKA_TRUSTED, NULL_PTR, 0 }
+ };
int cert_template_len = 2;
- ret = redwax_p11kit_read_attributes(pool, module, session, object,
+ apr_pool_t *p;
+
+ apr_pool_create(&p, r->pool);
+
+ redwax_certificate_t *cert = apr_pcalloc(p,
+ sizeof(redwax_certificate_t));
+ cert->pool = p;
+
+ ret = redwax_p11kit_read_attributes(cert->pool, module, session, object,
cert_template, cert_template_len);
if (ret == CKR_OK || ret == CKR_ATTRIBUTE_SENSITIVE
|| ret == CKR_ATTRIBUTE_TYPE_INVALID) {
CK_BBOOL trusted = *(CK_BBOOL *)cert_template[1].pValue;
-
- redwax_certificate_t *cert = apr_pcalloc(pool,
- sizeof(redwax_certificate_t));
-
- apr_pool_create(&cert->pool, r->pool);
cert->common.type = REDWAX_CERTIFICATE_X509;
@@ -1297,15 +1314,13 @@
rt_run_normalise_certificate(r, cert, 1);
- cert->origin = redwax_p11kit_origin(r, pool, module,
- tokenInfo, session, object);
-
- cert->label = redwax_pstrntrim(pool,
- (const char*) class_template[1].pValue,
- class_template[1].ulValueLen);
- cert->label_len = strlen(cert->label);
-
- cert->token = redwax_pstrntrim(r->pool,
+ cert->origin = redwax_p11kit_origin(r, cert->pool, module,
+ tokenInfo, session, object,
+ cert->x509 ? &cert->x509->id_der : NULL,
+ cert->x509 ? &cert->x509->id_len : NULL, &cert->label,
+ &cert->label_len);
+
+ cert->token = redwax_pstrntrim(cert->pool,
(const char*) tokenInfo->label,
sizeof(tokenInfo->label));
cert->token_len = strlen(cert->token);
@@ -1405,11 +1420,10 @@
CK_KEY_TYPE type;
CK_ATTRIBUTE type_template[] = {
- {CKA_KEY_TYPE, NULL_PTR, 0},
- {CKA_ID, NULL_PTR, 0}
+ {CKA_KEY_TYPE, NULL_PTR, 0}
};
- int type_template_len = 2;
+ int type_template_len = 1;
ret = redwax_p11kit_read_attributes(pool, module, session, object,
type_template, type_template_len);
@@ -1440,13 +1454,11 @@
key = apr_array_push(r->keys_in);
- apr_pool_create(&key->pool, r->pool);
+ apr_pool_create(&key->pool, r->keys_in->pool);
key->common.type = REDWAX_KEY_RSA;
- key->common.id_der = type_template[1].pValue;
- key->common.id_len = type_template[1].ulValueLen;
-
- ret = redwax_p11kit_read_attributes(pool, module, session, object,
+
+ ret = redwax_p11kit_read_attributes(key->pool, module, session, object,
key_template, key_template_len);
if (ret == CKR_OK || ret == CKR_ATTRIBUTE_SENSITIVE
|| ret == CKR_ATTRIBUTE_TYPE_INVALID) {
@@ -1535,15 +1547,11 @@
}
- key->origin = redwax_p11kit_origin(r, pool, module, tokenInfo,
- session, object);
-
- key->label = redwax_pstrntrim(pool,
- (const char*) class_template[1].pValue,
- class_template[1].ulValueLen);
- key->label_len = strlen(key->label);
-
- key->token = redwax_pstrntrim(r->pool,
+ key->origin = redwax_p11kit_origin(r, key->pool, module,
+ tokenInfo, session, object, &key->common.id_der,
+ &key->common.id_len, &key->label, &key->label_len);
+
+ key->token = redwax_pstrntrim(key->pool,
(const char*) tokenInfo->label,
sizeof(tokenInfo->label));
key->token_len = strlen(key->token);
More information about the rs-commit
mailing list