CACKey
Check-in [b957a3fa2e]
Login
HomeDownloadsSource CodeWiki
Overview
Comment:Updated to allow the user to specify (via environment variables) whether or not to include the DoD certificates on the hardware slot tokens
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | dodcerts-on-seperate-slot
Files: files | file ages | folders
SHA1: b957a3fa2eb1a0b34e41ce4381477de4923a414d
User & Date: rkeene on 2012-07-21 06:50:25
Other Links: branch diff | manifest | tags
Context
2012-07-21
06:54
Updated test for --enable-dod-certs-on-hw-slots configure option check-in: ba2bf716e9 user: rkeene tags: dodcerts-on-seperate-slot
06:50
Updated to allow the user to specify (via environment variables) whether or not to include the DoD certificates on the hardware slot tokens check-in: b957a3fa2e user: rkeene tags: dodcerts-on-seperate-slot
06:19
Protected access to cackey_slots with mutex check-in: 90faf75892 user: rkeene tags: dodcerts-on-seperate-slot
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified cackey.c from [8e07ff4bd1] to [0661f619de]. 

3408
3409
3410
3411
3412
3413
3414




















3415
3416
3417
3418
3419
3420

3421
3422
3423
3424
3425
3426
3427
3428
3429


3430
3431
3432
3433
3434
3435









3436
3437

3438
3439



3440
3441
3442
3443
3444
3445
3446







3447


3448

3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461




3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479






3480
3481
3482
3483
3484
3485
3486

3487
3488
3489
3490
3491
3492
3493

3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452






3453
3454
3455
3456
3457
3458
3459
3460
3461

3462
3463


3464
3465
3466







3467
3468
3469
3470
3471
3472
3473
3474
3475
3476

3477


3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+






+









+
+
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-

+
-
-
+
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+

+
+
-
+
-
-











+
+
+
+


















+
+
+
+
+
+







+









			cackey_free_certs(identities[id_idx].pcsc_identity, 1, 1);
		}
	}

	free(identities);
}

static unsigned long cackey_read_dod_identities(struct cackey_identity *identities, unsigned long id_idx, unsigned long num_dod_certs) {
	unsigned long cert_idx;

	for (cert_idx = 0; cert_idx < num_dod_certs; cert_idx++) {
		identities[id_idx].pcsc_identity = NULL;
		identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
		id_idx++;

		identities[id_idx].pcsc_identity = NULL;
		identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
		id_idx++;

		identities[id_idx].pcsc_identity = NULL;
		identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
		id_idx++;
	}

	return(id_idx);
}

static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
	struct cackey_pcsc_identity *pcsc_identities;
	struct cackey_identity *identities;
	unsigned long num_ids, id_idx, curr_id_type;
	unsigned long num_certs, num_dod_certs, cert_idx;
	int include_extra_certs = 0;

	CACKEY_DEBUG_PRINTF("Called.");

	if (ids_found == NULL) {
		CACKEY_DEBUG_PRINTF("Error.  ids_found is NULL");

		return(NULL);
	}

#ifdef CACKEY_CARD_SLOT_INCLUDE_EXTRA_CERTS
	include_extra_certs = 1;
	if (slot->internal) {
		/* Add DoD Certificates and Netscape Trust Objects */
		num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);

		num_ids = num_dod_certs * 3;

#endif

	if (getenv("CACKEY_DOD_CERTS_ON_HW_SLOTS") != NULL) {
		include_extra_certs = 1;
	}

	if (getenv("CACKEY_NO_DOD_CERTS_ON_HW_SLOTS") != NULL) {
		include_extra_certs = 0;
	}
		identities = malloc(num_ids * sizeof(*identities));

	if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
		id_idx = 0;
		for (cert_idx = 0; cert_idx < num_dod_certs; cert_idx++) {
		num_dod_certs = 0;
	} else {
		num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
			identities[id_idx].pcsc_identity = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
			id_idx++;

			identities[id_idx].pcsc_identity = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
			id_idx++;
	}

	if (slot->internal) {
		num_ids = num_dod_certs;

		if (num_ids != 0) {
			identities = malloc(num_ids * sizeof(*identities));

			cackey_read_dod_identities(identities, 0, num_dod_certs);
		} else {
			identities[id_idx].pcsc_identity = NULL;
			identities = NULL;
			identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
			id_idx++;
		}

		*ids_found = num_ids;

		return(identities);
	}

	pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
	if (pcsc_identities != NULL) {
		/* Convert number of Certs to number of objects */
		num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;

		if (include_extra_certs) {
			num_ids += num_dod_certs;
		}

		identities = malloc(num_ids * sizeof(*identities));

		/* Add certificates, public keys, and private keys from the smartcard */
		id_idx = 0;
		for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
			for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
				identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], cert_idx, &identities[id_idx].attributes_count);

				identities[id_idx].pcsc_identity = malloc(sizeof(*identities[id_idx].pcsc_identity));
				memcpy(identities[id_idx].pcsc_identity, &pcsc_identities[cert_idx], sizeof(*identities[id_idx].pcsc_identity));

				identities[id_idx].pcsc_identity->certificate = malloc(pcsc_identities[cert_idx].certificate_len);
				memcpy(identities[id_idx].pcsc_identity->certificate, pcsc_identities[cert_idx].certificate, pcsc_identities[cert_idx].certificate_len);

				id_idx++;
			}
		}

		if (include_extra_certs) {
			CACKEY_DEBUG_PRINTF("Including DoD Certificates on hardware slot");

			cackey_read_dod_identities(identities, id_idx, num_dod_certs);
		}

		cackey_free_certs(pcsc_identities, num_certs, 1);

		*ids_found = num_ids;

		return(identities);
	}


	*ids_found = 0;
	return(NULL);
}

CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
	CK_C_INITIALIZE_ARGS CK_PTR args;

Modified configure.ac from [8952b0e3fb] to [86141e7a07]. 

138
139
140
141
142
143
144





145
146
147
148
149
150
151

138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156








+
+
+
+
+








		AC_MSG_RESULT(okay)
	], [
		AC_MSG_RESULT(failed)

		AC_MSG_FAILURE([simple PC/SC program failed])
	]
)

dnl Option to enable DoD certs on hardware slot
AC_ARG_ENABLE(dod-certs-on-hw-slots, AC_HELP_STRING([--enable-dod-certs-on-hw-slots], [Specify that DoD certificates should be made available on hardware token slots]), [
	AC_DEFINE(CACKEY_CARD_SLOT_INCLUDE_EXTRA_CERTS, [1], [Specify that DoD certificates should be made available on hardware token slots])
])

dnl Set version script, to limit the scope of symbols
DC_SETVERSIONSCRIPT(libcackey.vers, libcackey.syms)

dnl Upate LDFLAGS to include setting the run-time linker path to the same as our compile-time linker
DC_SYNC_RPATH

Powered by Fossil · RSS