Index: asn1-x509.c
==================================================================
--- asn1-x509.c
+++ asn1-x509.c
@@ -143,11 +143,13 @@
 	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
 	if (read_ret != 0) {
 		return(-1);
 	}
 
-	*outbuf = x509.issuer.asn1rep;
+	if (outbuf) {
+		*outbuf = x509.issuer.asn1rep;
+	}
 
 	return(x509.issuer.asn1rep_len);
 }
 
 ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
@@ -157,11 +159,13 @@
 	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
 	if (read_ret != 0) {
 		return(-1);
 	}
 
-	*outbuf = x509.subject.asn1rep;
+	if (outbuf) {
+		*outbuf = x509.subject.asn1rep;
+	}
 
 	return(x509.subject.asn1rep_len);
 }
 
 ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
@@ -171,9 +175,11 @@
 	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
 	if (read_ret != 0) {
 		return(-1);
 	}
 
-	*outbuf = x509.serial_number.asn1rep;
+	if (outbuf) {
+		*outbuf = x509.serial_number.asn1rep;
+	}
 
 	return(x509.serial_number.asn1rep_len);
 }

Index: cackey.c
==================================================================
--- cackey.c
+++ cackey.c
@@ -1437,11 +1437,11 @@
 	CK_ULONG ulValueLen;
 	CK_OBJECT_CLASS ck_object_class;
 	CK_CERTIFICATE_TYPE ck_certificate_type;
 	CK_KEY_TYPE ck_key_type;
 	CK_UTF8CHAR ucTmpBuf[1024];
-	unsigned char certificate[16384];
+	unsigned char *certificate;
 	ssize_t certificate_len = -1, x509_read_ret;
 	int pValue_free;
 
 	CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);
 
@@ -1449,21 +1449,35 @@
 		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid object class");
 
 		return(NULL);
 	}
 
-	retval_count = 16;
-	retval = malloc(retval_count * sizeof(*retval));
+	/* Get Cert */
+	if (identity == NULL) {
+		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid identiy provided");
 
-	/* XXX: Get Cert */
-	certificate_len = -1;
+		return(NULL);
+	}
 
-	if (certificate_len == -1) {
+	certificate = identity->certificate;
+	certificate_len = identity->certificate_len;
+
+	if (certificate_len == -1 || certificate == NULL) {
 		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), this identity does not have an X.509 certificate associated with it and will not work");
 
 		return(NULL);
 	}
+
+	/* Verify that certificate is ASN.1 encoded X.509 certificate */
+	if (x509_to_serial(certificate, certificate_len, NULL) < 0) {
+		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), the X.509 certificate associated with this identity is not valid");
+
+		return(NULL);
+	}
+
+	retval_count = 16;
+	retval = malloc(retval_count * sizeof(*retval));
 
 	for (curr_attr_type = 0; curr_attr_type < 0xce53635f; curr_attr_type++) {
 		if (curr_attr_type == 0x800) {
 			curr_attr_type = 0xce536300;
 		}
@@ -2976,11 +2990,11 @@
 			identities = malloc(num_ids * sizeof(*identities));
 
 			id_idx = 0;
 			for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
 				for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
-					identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], -1, &identities[id_idx].attributes_count);
+					identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], cert_idx, &identities[id_idx].attributes_count);
 
 					if (identities[id_idx].attributes == NULL) {
 						identities[id_idx].attributes_count = 0;
 					}