- added recommendation about 2 cert/key pairs

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1570 c6295689-39f2-0310-b995-f0e70906c6a9
2003-10-30 11:13:11 +00:00 · 2003-10-30 11:13:11 +00:00 · 60892cd0a3
parent c29e7d8510
commit 60892cd0a3
2 changed files with 29 additions and 2 deletions
--- a/src/pkcs15init/flex.profile
+++ b/src/pkcs15init/flex.profile
@ -44,9 +44,15 @@ filesystem {
 	# The DELETE=NONE ACLs will go away once the code
 	# works. It's here to make sure I can erase the card
 	# even if I mess up big time.
+	#
+	# If you have a 16K card and wish to store
+	# two cert/key pairs.
+	# Note if you want the two keys to be protected by the
+	# same pin, you need to increase the size of the pin-dir.
 	DF PKCS15-AppDF {
 	    ACL		= *=$SOPIN, FILES=NONE, DELETE=NONE;
 	    size	= 7500;
+	    #size	= 10000;

 	    # This "pin-domain" DF is a template that is
 	    # instantiated for each PIN created on the card.
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@ -1710,7 +1710,7 @@ select_id(sc_pkcs15_card_t *p15card, int type, sc_pkcs15_id_t *id,

 	/* If the user provided an ID, make sure we can use it */
 	if (id->len != 0) {
-		r = func(p15card, id, &obj);
+		r = sc_pkcs15_find_object_by_id(p15card, type, id, &obj);
 		if (r == SC_ERROR_OBJECT_NOT_FOUND)
 			return 0;
 		if (strcmp(obj->label, "deleted"))
@ -1727,8 +1727,29 @@ select_id(sc_pkcs15_card_t *p15card, int type, sc_pkcs15_id_t *id,
 		id->value[0] = nid++;
 		id->len = 1;

-		r = func(p15card, id, &obj);
+		r = sc_pkcs15_find_object_by_id(p15card, type, id, &obj);
 		if (r == SC_ERROR_OBJECT_NOT_FOUND) {
+			/* We don't have an object of that type yet.
+			 * If we're allocating a PRKEY object, make
+			 * sure there's no conflicting pubkey or cert
+			 * object either. */
+			if (type == SC_PKCS15_TYPE_PRKEY) {
+				sc_pkcs15_search_key_t search_key;
+
+				memset(&search_key, 0, sizeof(search_key));
+				search_key.class_mask = 
+					SC_PKCS15_SEARCH_CLASS_PUBKEY |
+					SC_PKCS15_SEARCH_CLASS_CERT;
+				search_key.id = id;
+
+				r = sc_pkcs15_search_objects(p15card,
+						&search_key,
+						NULL, 0);
+				/* If there is a pubkey or cert with
+				 * this ID, skip it. */
+				if (r > 0)
+					continue;
+			}
 			if (!unused_id.len)
 				unused_id = *id;
 			continue;