When listing all objects of a type, restrict their class to the specified.

1 files changed, 10 insertions, 1 deletions

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 73744cff1b..a4b7728b16 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1491,7 +1491,6 @@ find_obj_url (struct pkcs11_session_info *sinfo,
 
   while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
     {
-
       a[0].type = CKA_VALUE;
       a[0].value = cert_data;
       a[0].value_len = MAX_CERT_SIZE;
@@ -2262,6 +2261,16 @@ find_objs (struct pkcs11_session_info* sinfo,
         }
     }
 
+  /* Find objects with given class and type */
+  attr = p11_kit_uri_get_attribute (find_data->info, CKA_CLASS);
+  if (attr)
+    {
+      if(attr->value && attr->value_len == sizeof (ck_object_class_t))
+        class = *((ck_object_class_t*)attr->value);
+      if (class == CKO_CERTIFICATE)
+        type = CKC_X_509;
+    }
+
   cert_data = gnutls_malloc (MAX_CERT_SIZE);
   if (cert_data == NULL)
     {