Check-in [9b6cdd281c]
Overview
Comment:Updated to use certificate from identity in attribute finding

Updated to correctly pass certificate number

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:9b6cdd281cde60e87516b596aae15a9874f1f3e3
User & Date: rkeene on 2010-05-13 15:58:32
Other Links: manifest | tags
Context
2010-05-13
16:19
Updated to determine subject from certificate check-in: 5534d640e4 user: rkeene tags: trunk
15:58
Updated to use certificate from identity in attribute finding

Updated to correctly pass certificate number check-in: 9b6cdd281c user: rkeene tags: trunk

00:36
Made DEBUG default build check-in: 9f3d0cb931 user: rkeene tags: trunk
Changes

Modified asn1-x509.c from [0fcacfecab] to [330bebdc8e].

   141    141   	int read_ret;
   142    142   
   143    143   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   144    144   	if (read_ret != 0) {
   145    145   		return(-1);
   146    146   	}
   147    147   
   148         -	*outbuf = x509.issuer.asn1rep;
          148  +	if (outbuf) {
          149  +		*outbuf = x509.issuer.asn1rep;
          150  +	}
   149    151   
   150    152   	return(x509.issuer.asn1rep_len);
   151    153   }
   152    154   
   153    155   ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
   154    156   	struct x509_object x509;
   155    157   	int read_ret;
   156    158   
   157    159   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   158    160   	if (read_ret != 0) {
   159    161   		return(-1);
   160    162   	}
   161    163   
   162         -	*outbuf = x509.subject.asn1rep;
          164  +	if (outbuf) {
          165  +		*outbuf = x509.subject.asn1rep;
          166  +	}
   163    167   
   164    168   	return(x509.subject.asn1rep_len);
   165    169   }
   166    170   
   167    171   ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
   168    172   	struct x509_object x509;
   169    173   	int read_ret;
   170    174   
   171    175   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   172    176   	if (read_ret != 0) {
   173    177   		return(-1);
   174    178   	}
   175    179   
   176         -	*outbuf = x509.serial_number.asn1rep;
          180  +	if (outbuf) {
          181  +		*outbuf = x509.serial_number.asn1rep;
          182  +	}
   177    183   
   178    184   	return(x509.serial_number.asn1rep_len);
   179    185   }

Modified cackey.c from [cd6ed6e22a] to [2223838f44].

  1435   1435   	CK_ATTRIBUTE curr_attr, *retval;
  1436   1436   	CK_VOID_PTR pValue;
  1437   1437   	CK_ULONG ulValueLen;
  1438   1438   	CK_OBJECT_CLASS ck_object_class;
  1439   1439   	CK_CERTIFICATE_TYPE ck_certificate_type;
  1440   1440   	CK_KEY_TYPE ck_key_type;
  1441   1441   	CK_UTF8CHAR ucTmpBuf[1024];
  1442         -	unsigned char certificate[16384];
         1442  +	unsigned char *certificate;
  1443   1443   	ssize_t certificate_len = -1, x509_read_ret;
  1444   1444   	int pValue_free;
  1445   1445   
  1446   1446   	CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);
  1447   1447   
  1448   1448   	if (objectclass != CKO_CERTIFICATE && objectclass != CKO_PUBLIC_KEY && objectclass != CKO_PRIVATE_KEY) {
  1449   1449   		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid object class");
  1450   1450   
  1451   1451   		return(NULL);
  1452   1452   	}
  1453   1453   
  1454         -	retval_count = 16;
  1455         -	retval = malloc(retval_count * sizeof(*retval));
         1454  +	/* Get Cert */
         1455  +	if (identity == NULL) {
         1456  +		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid identiy provided");
  1456   1457   
  1457         -	/* XXX: Get Cert */
  1458         -	certificate_len = -1;
         1458  +		return(NULL);
         1459  +	}
  1459   1460   
  1460         -	if (certificate_len == -1) {
         1461  +	certificate = identity->certificate;
         1462  +	certificate_len = identity->certificate_len;
         1463  +
         1464  +	if (certificate_len == -1 || certificate == NULL) {
  1461   1465   		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), this identity does not have an X.509 certificate associated with it and will not work");
  1462   1466   
  1463   1467   		return(NULL);
  1464   1468   	}
         1469  +
         1470  +	/* Verify that certificate is ASN.1 encoded X.509 certificate */
         1471  +	if (x509_to_serial(certificate, certificate_len, NULL) < 0) {
         1472  +		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), the X.509 certificate associated with this identity is not valid");
         1473  +
         1474  +		return(NULL);
         1475  +	}
         1476  +
         1477  +	retval_count = 16;
         1478  +	retval = malloc(retval_count * sizeof(*retval));
  1465   1479   
  1466   1480   	for (curr_attr_type = 0; curr_attr_type < 0xce53635f; curr_attr_type++) {
  1467   1481   		if (curr_attr_type == 0x800) {
  1468   1482   			curr_attr_type = 0xce536300;
  1469   1483   		}
  1470   1484   
  1471   1485   		pValue_free = 0;
................................................................................
  2974   2988   			num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
  2975   2989   
  2976   2990   			identities = malloc(num_ids * sizeof(*identities));
  2977   2991   
  2978   2992   			id_idx = 0;
  2979   2993   			for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
  2980   2994   				for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
  2981         -					identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], -1, &identities[id_idx].attributes_count);
         2995  +					identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], cert_idx, &identities[id_idx].attributes_count);
  2982   2996   
  2983   2997   					if (identities[id_idx].attributes == NULL) {
  2984   2998   						identities[id_idx].attributes_count = 0;
  2985   2999   					}
  2986   3000   
  2987   3001   					id_idx++;
  2988   3002   				}