pkcs15init: 'store-or-update' certificate option
This commit is contained in:
parent
3cf56d8fb7
commit
e0aec3764a
|
@ -265,6 +265,7 @@ struct sc_pkcs15init_skeyargs {
|
||||||
struct sc_pkcs15init_certargs {
|
struct sc_pkcs15init_certargs {
|
||||||
struct sc_pkcs15_id id;
|
struct sc_pkcs15_id id;
|
||||||
const char * label;
|
const char * label;
|
||||||
|
int update;
|
||||||
|
|
||||||
unsigned long x509_usage;
|
unsigned long x509_usage;
|
||||||
unsigned char authority;
|
unsigned char authority;
|
||||||
|
|
|
@ -1630,11 +1630,14 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
||||||
struct sc_pkcs15_cert_info *cert_info = NULL;
|
struct sc_pkcs15_cert_info *cert_info = NULL;
|
||||||
struct sc_pkcs15_object *object = NULL;
|
struct sc_pkcs15_object *object = NULL;
|
||||||
struct sc_pkcs15_object *key_object = NULL;
|
struct sc_pkcs15_object *key_object = NULL;
|
||||||
|
struct sc_path existing_path;
|
||||||
const char *label = NULL;
|
const char *label = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(ctx);
|
LOG_FUNC_CALLED(ctx);
|
||||||
|
|
||||||
|
memset(&existing_path, 0, sizeof(struct sc_path));
|
||||||
|
|
||||||
label = args->label;
|
label = args->label;
|
||||||
if (!label)
|
if (!label)
|
||||||
label = "Certificate";
|
label = "Certificate";
|
||||||
|
@ -1642,10 +1645,25 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
||||||
r = sc_pkcs15init_select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_CERT_X509,
|
r = sc_pkcs15init_select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_CERT_X509,
|
||||||
&args->id, &args->der_encoded);
|
&args->id, &args->der_encoded);
|
||||||
LOG_TEST_RET(ctx, r, "Get certificate 'intrinsic ID' error");
|
LOG_TEST_RET(ctx, r, "Get certificate 'intrinsic ID' error");
|
||||||
|
sc_log(ctx, "Cert(ID:%s) rv %i", sc_pkcs15_print_id(&args->id), r);
|
||||||
|
|
||||||
/* Select an ID if the user didn't specify one, otherwise
|
/* Select an ID if the user didn't specify one, otherwise make sure it's unique */
|
||||||
* make sure it's unique */
|
|
||||||
r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id);
|
r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id);
|
||||||
|
if (r == SC_ERROR_NON_UNIQUE_ID && args->update) {
|
||||||
|
struct sc_pkcs15_object *existing_obj = NULL;
|
||||||
|
|
||||||
|
r = sc_pkcs15_find_object_by_id(p15card, SC_PKCS15_TYPE_CERT, &args->id, &existing_obj);
|
||||||
|
if (!r) {
|
||||||
|
sc_log(ctx, "Found cert(ID:%s)", sc_pkcs15_print_id(&args->id));
|
||||||
|
existing_path = ((struct sc_pkcs15_cert_info *)existing_obj->data)->path;
|
||||||
|
|
||||||
|
sc_pkcs15_remove_object(p15card, existing_obj);
|
||||||
|
sc_pkcs15_free_object(existing_obj);
|
||||||
|
}
|
||||||
|
|
||||||
|
r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id);
|
||||||
|
}
|
||||||
|
sc_log(ctx, "Select ID Cert(ID:%s) rv %i", sc_pkcs15_print_id(&args->id), r);
|
||||||
LOG_TEST_RET(ctx, r, "Select certificate ID error");
|
LOG_TEST_RET(ctx, r, "Select certificate ID error");
|
||||||
|
|
||||||
object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_CERT_X509, label, NULL, NULL);
|
object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_CERT_X509, label, NULL, NULL);
|
||||||
|
@ -1657,8 +1675,14 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
||||||
sc_der_copy(&object->content, &args->der_encoded);
|
sc_der_copy(&object->content, &args->der_encoded);
|
||||||
sc_der_copy(&cert_info->value, &args->der_encoded);
|
sc_der_copy(&cert_info->value, &args->der_encoded);
|
||||||
|
|
||||||
|
if (existing_path.len) {
|
||||||
|
sc_log(ctx, "Using existing path %s", sc_print_path(&existing_path));
|
||||||
|
cert_info->path = existing_path;
|
||||||
|
}
|
||||||
|
|
||||||
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
|
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
|
||||||
sc_pkcs15_print_id(&cert_info->id), args->der_encoded.value, args->der_encoded.len);
|
sc_pkcs15_print_id(&cert_info->id), args->der_encoded.value, args->der_encoded.len);
|
||||||
|
|
||||||
if (!profile->pkcs15.direct_certificates)
|
if (!profile->pkcs15.direct_certificates)
|
||||||
r = sc_pkcs15init_store_data(p15card, profile, object, &args->der_encoded, &cert_info->path);
|
r = sc_pkcs15init_store_data(p15card, profile, object, &args->der_encoded, &cert_info->path);
|
||||||
|
|
||||||
|
|
|
@ -138,6 +138,7 @@ enum {
|
||||||
OPT_UPDATE_LAST_UPDATE,
|
OPT_UPDATE_LAST_UPDATE,
|
||||||
OPT_ERASE_APPLICATION,
|
OPT_ERASE_APPLICATION,
|
||||||
OPT_IGNORE_CA_CERTIFICATES,
|
OPT_IGNORE_CA_CERTIFICATES,
|
||||||
|
OPT_UPDATE_EXISTING,
|
||||||
|
|
||||||
OPT_PIN1 = 0x10000, /* don't touch these values */
|
OPT_PIN1 = 0x10000, /* don't touch these values */
|
||||||
OPT_PUK1 = 0x10001,
|
OPT_PUK1 = 0x10001,
|
||||||
|
@ -189,6 +190,7 @@ const struct option options[] = {
|
||||||
{ "finalize", no_argument, NULL, 'F' },
|
{ "finalize", no_argument, NULL, 'F' },
|
||||||
{ "update-last-update", no_argument, NULL, OPT_UPDATE_LAST_UPDATE},
|
{ "update-last-update", no_argument, NULL, OPT_UPDATE_LAST_UPDATE},
|
||||||
{ "ignore-ca-certificates",no_argument, NULL, OPT_IGNORE_CA_CERTIFICATES},
|
{ "ignore-ca-certificates",no_argument, NULL, OPT_IGNORE_CA_CERTIFICATES},
|
||||||
|
{ "update-existing", no_argument, NULL, OPT_UPDATE_EXISTING},
|
||||||
|
|
||||||
{ "extractable", no_argument, NULL, OPT_EXTRACTABLE },
|
{ "extractable", no_argument, NULL, OPT_EXTRACTABLE },
|
||||||
{ "insecure", no_argument, NULL, OPT_INSECURE },
|
{ "insecure", no_argument, NULL, OPT_INSECURE },
|
||||||
|
@ -249,6 +251,7 @@ static const char * option_help[] = {
|
||||||
"Finish initialization phase of the smart card",
|
"Finish initialization phase of the smart card",
|
||||||
"Update 'lastUpdate' attribut of tokenInfo",
|
"Update 'lastUpdate' attribut of tokenInfo",
|
||||||
"When storing PKCS#12 ignore CA certificates",
|
"When storing PKCS#12 ignore CA certificates",
|
||||||
|
"Store or update existing certificate",
|
||||||
|
|
||||||
"Private key stored as an extractable key",
|
"Private key stored as an extractable key",
|
||||||
"Insecure mode: do not require a PIN for private key",
|
"Insecure mode: do not require a PIN for private key",
|
||||||
|
@ -364,6 +367,7 @@ static int ignore_cmdline_pins = 0;
|
||||||
static struct secret opt_secrets[MAX_SECRETS];
|
static struct secret opt_secrets[MAX_SECRETS];
|
||||||
static unsigned int opt_secret_count;
|
static unsigned int opt_secret_count;
|
||||||
static int opt_ignore_ca_certs = 0;
|
static int opt_ignore_ca_certs = 0;
|
||||||
|
static int opt_update_existing = 0;
|
||||||
static int verbose = 0;
|
static int verbose = 0;
|
||||||
|
|
||||||
static struct sc_pkcs15init_callbacks callbacks = {
|
static struct sc_pkcs15init_callbacks callbacks = {
|
||||||
|
@ -1074,8 +1078,12 @@ do_store_certificate(struct sc_profile *profile)
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
|
|
||||||
|
if (opt_update_existing)
|
||||||
|
args.update = 1;
|
||||||
|
|
||||||
if (opt_objectid)
|
if (opt_objectid)
|
||||||
sc_pkcs15_format_id(opt_objectid, &args.id);
|
sc_pkcs15_format_id(opt_objectid, &args.id);
|
||||||
|
|
||||||
args.label = (opt_cert_label != 0 ? opt_cert_label : opt_label);
|
args.label = (opt_cert_label != 0 ? opt_cert_label : opt_label);
|
||||||
args.authority = opt_authority;
|
args.authority = opt_authority;
|
||||||
|
|
||||||
|
@ -1083,8 +1091,7 @@ do_store_certificate(struct sc_profile *profile)
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
r = do_convert_cert(&args.der_encoded, cert);
|
r = do_convert_cert(&args.der_encoded, cert);
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
r = sc_pkcs15init_store_certificate(p15card, profile,
|
r = sc_pkcs15init_store_certificate(p15card, profile, &args, NULL);
|
||||||
&args, NULL);
|
|
||||||
|
|
||||||
if (args.der_encoded.value)
|
if (args.der_encoded.value)
|
||||||
free(args.der_encoded.value);
|
free(args.der_encoded.value);
|
||||||
|
@ -2542,6 +2549,9 @@ handle_option(const struct option *opt)
|
||||||
case OPT_IGNORE_CA_CERTIFICATES:
|
case OPT_IGNORE_CA_CERTIFICATES:
|
||||||
opt_ignore_ca_certs = 1;
|
opt_ignore_ca_certs = 1;
|
||||||
break;
|
break;
|
||||||
|
case OPT_UPDATE_EXISTING:
|
||||||
|
opt_update_existing = 1;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
util_print_usage_and_die(app_name, options, option_help, NULL);
|
util_print_usage_and_die(app_name, options, option_help, NULL);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue