Now you can specify your card profile for pkcs15init, both on the command line if you use the pkcs15init tool and in the opensc.conf file. Not specifying gives the default one, like before.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1212 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
sth
parent
79a5456b24
commit
97da0b6149
|
|
@ -19,7 +19,7 @@ will create the basic files on the card, and initialize
|
|||
user PINs. To create the initial PKCS #15 structure,
|
||||
invoke the utility as
|
||||
.PP
|
||||
.B " pkcs15-init --create-pkcs15 --profile pkcs15
|
||||
.B " pkcs15-init --create-pkcs15
|
||||
.PP
|
||||
You will then be asked for several PINs (secret codes used to protect
|
||||
e.g. keys stored on the card), and PUKs. PUKs are secret codes that can
|
||||
|
|
@ -106,12 +106,15 @@ to contain the DER encoded X.509 certificate.
|
|||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-profile " \fIname\fP, " \-p " \fIname\fP"
|
||||
Tells \*(nm to load the specified profile. Currently, the
|
||||
Tells \*(nm to load the specified general profile. Currently, the
|
||||
only application profile defined is
|
||||
.BR pkcs15 ,
|
||||
but you can write your own profiles and specify them using this
|
||||
option.
|
||||
.TP
|
||||
.BR \-\-card-profile " \fIname\fP, " \-c " \fIname\fP"
|
||||
Tells \*(nm to load the specified card profile option.
|
||||
.TP
|
||||
.BR \-\-create-pkcs15 ", " \-C
|
||||
This tells \*(nm to create a PKCS #15 structure on the card, and
|
||||
initialize any PINs.
|
||||
|
|
|
|||
|
|
@ -775,7 +775,7 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card,
|
|||
struct sc_pkcs15_object *auth_obj;
|
||||
int rc;
|
||||
|
||||
rc = sc_pkcs15init_bind(p11card->card, "pkcs15", &profile);
|
||||
rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile);
|
||||
if (rc < 0)
|
||||
return sc_to_cryptoki_error(rc, p11card->reader);
|
||||
|
||||
|
|
@ -1079,7 +1079,7 @@ static CK_RV pkcs15_create_object(struct sc_pkcs11_card *p11card,
|
|||
return rv;
|
||||
|
||||
/* Bind the profile */
|
||||
rc = sc_pkcs15init_bind(p11card->card, "pkcs15", &profile);
|
||||
rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile);
|
||||
if (rc < 0)
|
||||
return sc_to_cryptoki_error(rc, p11card->reader);
|
||||
|
||||
|
|
@ -1197,7 +1197,7 @@ CK_RV pkcs15_gen_keypair(struct sc_pkcs11_card *p11card, struct sc_pkcs11_slot *
|
|||
if (pMechanism->mechanism != CKM_RSA_PKCS_KEY_PAIR_GEN)
|
||||
return CKR_MECHANISM_INVALID;
|
||||
|
||||
rc = sc_pkcs15init_bind(p11card->card, "pkcs15", &profile);
|
||||
rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile);
|
||||
if (rc < 0)
|
||||
return sc_to_cryptoki_error(rc, p11card->reader);
|
||||
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ static CK_RV pkcs15init_bind(struct sc_pkcs11_card *p11card)
|
|||
int rc;
|
||||
|
||||
card->ctx->log_errors = 0;
|
||||
rc = sc_pkcs15init_bind(card, "pkcs15", &profile);
|
||||
rc = sc_pkcs15init_bind(card, "pkcs15", NULL, &profile);
|
||||
card->ctx->log_errors = 1;
|
||||
if (rc == 0)
|
||||
p11card->fw_data = profile;
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ struct sc_pkcs15init_certargs {
|
|||
};
|
||||
|
||||
extern void sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *);
|
||||
extern int sc_pkcs15init_bind(struct sc_card *, const char *,
|
||||
extern int sc_pkcs15init_bind(struct sc_card *, const char *, const char *,
|
||||
struct sc_profile **);
|
||||
extern void sc_pkcs15init_unbind(struct sc_profile *);
|
||||
extern int sc_pkcs15init_set_lifecycle(sc_card_t *card, int lcycle);
|
||||
|
|
|
|||
|
|
@ -126,15 +126,44 @@ sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *cb)
|
|||
callbacks = cb;
|
||||
}
|
||||
|
||||
/* Returns 1 if the a profile was found in the card's card_driver block
|
||||
* in the config file, or 0 otherwise.
|
||||
* card_prof_name is a PATH_MAX -sized buffer that will hold the profile name */
|
||||
static int get_profile_from_config(struct sc_card *card, char *card_prof_name)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
const char *tmp;
|
||||
scconf_block **blocks, *blk;
|
||||
int i, r;
|
||||
|
||||
for (i = 0; ctx->conf_blocks[i]; i++) {
|
||||
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
|
||||
"card_driver", card->driver->short_name);
|
||||
blk = blocks[0];
|
||||
free(blocks);
|
||||
if (blk == NULL)
|
||||
continue;
|
||||
|
||||
tmp = scconf_get_str(blk, "profile", NULL);
|
||||
if (tmp != NULL) {
|
||||
strncpy(card_prof_name, tmp, PATH_MAX);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Set up profile
|
||||
*/
|
||||
int
|
||||
sc_pkcs15init_bind(struct sc_card *card, const char *name,
|
||||
struct sc_profile **result)
|
||||
const char *card_profile_name, struct sc_profile **result)
|
||||
{
|
||||
struct sc_profile *profile;
|
||||
const char *driver = card->driver->short_name;
|
||||
char card_prof_name[PATH_MAX];
|
||||
int r;
|
||||
|
||||
/* Put the card into administrative mode */
|
||||
|
|
@ -159,8 +188,17 @@ sc_pkcs15init_bind(struct sc_card *card, const char *name,
|
|||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* 1. Use card_profile_name if present,
|
||||
* 2. otherwise look in the config file, or
|
||||
* 3. otherwise use the default profile name.
|
||||
*/
|
||||
if (card_profile_name != NULL)
|
||||
strcpy(card_prof_name, card_profile_name); /* 1 */
|
||||
else if (!get_profile_from_config(card, card_prof_name)) /* 2 */
|
||||
strcpy(card_prof_name, driver); /* 3 */
|
||||
|
||||
if ((r = sc_profile_load(profile, name)) < 0
|
||||
|| (r = sc_profile_load(profile, driver)) < 0
|
||||
|| (r = sc_profile_load(profile, card_prof_name)) < 0
|
||||
|| (r = sc_profile_finish(profile)) < 0) {
|
||||
fprintf(stderr,
|
||||
"Failed to load profile: %s\n",
|
||||
|
|
|
|||
|
|
@ -156,6 +156,7 @@ const struct option options[] = {
|
|||
{ "no-prompt", no_argument, 0, OPT_NO_PROMPT },
|
||||
|
||||
{ "profile", required_argument, 0, 'p' },
|
||||
{ "card-profile", required_argument, 0, 'c' },
|
||||
{ "options-file", required_argument, 0, OPT_OPTIONS },
|
||||
{ "wait", no_argument, 0, 'w' },
|
||||
{ "debug", no_argument, 0, 'd' },
|
||||
|
|
@ -200,7 +201,8 @@ const char * option_help[] = {
|
|||
"Always ask for transport keys etc, even if the driver thinks it knows the key",
|
||||
"Do not prompt the user, except for PINs",
|
||||
|
||||
"Specify the profile to use",
|
||||
"Specify the general profile to use",
|
||||
"Specify the card profile option to use",
|
||||
"Read additional command line options from file",
|
||||
"Wait for card insertion",
|
||||
"Enable debugging output",
|
||||
|
|
@ -269,6 +271,7 @@ static int opt_reader = -1,
|
|||
opt_split_key = 0,
|
||||
opt_wait = 0;
|
||||
static char * opt_profile = "pkcs15";
|
||||
static char * opt_card_profile = NULL;
|
||||
static char * opt_infile = 0;
|
||||
static char * opt_format = 0;
|
||||
static char * opt_authid = 0;
|
||||
|
|
@ -326,7 +329,8 @@ main(int argc, char **argv)
|
|||
sc_pkcs15init_set_callbacks(&callbacks);
|
||||
|
||||
/* Bind the card-specific operations and load the profile */
|
||||
if ((r = sc_pkcs15init_bind(card, opt_profile, &profile)) < 0)
|
||||
if ((r = sc_pkcs15init_bind(card, opt_profile,
|
||||
opt_card_profile, &profile)) < 0)
|
||||
return 1;
|
||||
|
||||
set_secrets(profile);
|
||||
|
|
@ -1742,6 +1746,9 @@ handle_option(const struct option *opt)
|
|||
case 'p':
|
||||
opt_profile = optarg;
|
||||
break;
|
||||
case 'c':
|
||||
opt_card_profile = optarg;
|
||||
break;
|
||||
case 'q':
|
||||
opt_quiet = 1;
|
||||
break;
|
||||
|
|
|
|||
Loading…
Reference in New Issue