cert to key is even more interesting than key to cert.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2407 c6295689-39f2-0310-b995-f0e70906c6a9

src/libp11/libp11-int.h

@@ -140,6 +140,9 @@ typedef struct pkcs11_cert_private {
 	size_t id_len;
 } PKCS11_CERT_private;
 #define PRIVCERT(cert)		((PKCS11_CERT_private *) cert->_private)
+#define CERT2SLOT(cert)		TOKEN2SLOT(CERT2TOKEN(cert))
+#define CERT2TOKEN(cert)	(PRIVCERT(cert)->parent)
+#define CERT2CTX(cert)		TOKEN2CTX(CERT2TOKEN(cert))
 
 /*
  * Mapping Cryptoki error codes to those used internally

src/libp11/libp11.h

@@ -166,6 +166,9 @@ extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *);
 /* Find the corresponding certificate (if any) */
 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
 
+/* Find the corresponding key (if any) */
+extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *);
+
 /* Get a list of all certificates associated with this token */
 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
 

src/libp11/p11_key.c

@@ -103,6 +103,28 @@ PKCS11_enumerate_keys(PKCS11_TOKEN * token, PKCS11_KEY ** keyp, unsigned int *co
 	return 0;
 }
 
+/*
+ * Find key matching a certificate
+ */
+PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *cert)
+{
+        PKCS11_CERT_private *cpriv;
+        PKCS11_KEY_private *kpriv;
+        PKCS11_KEY *key;
+        unsigned int n, count;
+
+	cpriv = PRIVCERT(cert);
+        if (PKCS11_enumerate_keys(CERT2TOKEN(cert), &key, &count))
+                return NULL;
+        for (n = 0; n < count; n++, key++) {
+                kpriv = PRIVKEY(key);
+                if (cpriv->id_len == kpriv->id_len
+                    && !memcmp(cpriv->id, kpriv->id, cpriv->id_len))
+                        return key;
+        }
+        return NULL;
+}
+
 /*
  * Store a private key on the token
  */