3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
|
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
|
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
+
-
-
+
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
|
cackey_free_certs(identities[id_idx].pcsc_identity, 1, 1);
}
}
free(identities);
}
static unsigned long cackey_read_dod_identities(struct cackey_identity *identities, unsigned long id_idx, unsigned long num_dod_certs) {
unsigned long cert_idx;
for (cert_idx = 0; cert_idx < num_dod_certs; cert_idx++) {
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
return(id_idx);
}
static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
struct cackey_pcsc_identity *pcsc_identities;
struct cackey_identity *identities;
unsigned long num_ids, id_idx, curr_id_type;
unsigned long num_certs, num_dod_certs, cert_idx;
int include_extra_certs = 0;
CACKEY_DEBUG_PRINTF("Called.");
if (ids_found == NULL) {
CACKEY_DEBUG_PRINTF("Error. ids_found is NULL");
return(NULL);
}
#ifdef CACKEY_CARD_SLOT_INCLUDE_EXTRA_CERTS
include_extra_certs = 1;
if (slot->internal) {
/* Add DoD Certificates and Netscape Trust Objects */
num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
num_ids = num_dod_certs * 3;
#endif
if (getenv("CACKEY_DOD_CERTS_ON_HW_SLOTS") != NULL) {
include_extra_certs = 1;
}
if (getenv("CACKEY_NO_DOD_CERTS_ON_HW_SLOTS") != NULL) {
include_extra_certs = 0;
}
identities = malloc(num_ids * sizeof(*identities));
if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
id_idx = 0;
for (cert_idx = 0; cert_idx < num_dod_certs; cert_idx++) {
num_dod_certs = 0;
} else {
num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
identities[id_idx].pcsc_identity = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
if (slot->internal) {
num_ids = num_dod_certs;
if (num_ids != 0) {
identities = malloc(num_ids * sizeof(*identities));
cackey_read_dod_identities(identities, 0, num_dod_certs);
} else {
identities[id_idx].pcsc_identity = NULL;
identities = NULL;
identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
id_idx++;
}
*ids_found = num_ids;
return(identities);
}
pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
if (pcsc_identities != NULL) {
/* Convert number of Certs to number of objects */
num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
if (include_extra_certs) {
num_ids += num_dod_certs;
}
identities = malloc(num_ids * sizeof(*identities));
/* Add certificates, public keys, and private keys from the smartcard */
id_idx = 0;
for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], cert_idx, &identities[id_idx].attributes_count);
identities[id_idx].pcsc_identity = malloc(sizeof(*identities[id_idx].pcsc_identity));
memcpy(identities[id_idx].pcsc_identity, &pcsc_identities[cert_idx], sizeof(*identities[id_idx].pcsc_identity));
identities[id_idx].pcsc_identity->certificate = malloc(pcsc_identities[cert_idx].certificate_len);
memcpy(identities[id_idx].pcsc_identity->certificate, pcsc_identities[cert_idx].certificate, pcsc_identities[cert_idx].certificate_len);
id_idx++;
}
}
if (include_extra_certs) {
CACKEY_DEBUG_PRINTF("Including DoD Certificates on hardware slot");
cackey_read_dod_identities(identities, id_idx, num_dod_certs);
}
cackey_free_certs(pcsc_identities, num_certs, 1);
*ids_found = num_ids;
return(identities);
}
*ids_found = 0;
return(NULL);
}
CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
CK_C_INITIALIZE_ARGS CK_PTR args;
|