diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-28 18:07:01 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-28 18:23:24 +0200 |
commit | 21e200fdfe407108ff58b8a26a2f827bf0bf38d3 (patch) | |
tree | 5b1513396883b628d08ee66fa167bbea00482491 /src/pkcs11.c | |
parent | 8d5ef8910cd5e80346c5aab2399c57532c1175cd (diff) | |
download | gnutls-21e200fdfe407108ff58b8a26a2f827bf0bf38d3.tar.gz |
Allow flags when importing objects from PKCS11 URLs. The only flag supported
now is the PKCS11_OBJ_FLAG_LOGIN, which forces login before accessing object on
a token. The reason is that some tokens do not allow access of any data without login.
Diffstat (limited to 'src/pkcs11.c')
-rw-r--r-- | src/pkcs11.c | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/src/pkcs11.c b/src/pkcs11.c index d092136599..f4275b940a 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -48,7 +48,7 @@ void pkcs11_delete(FILE* outfile, const char* url, int batch) { int ret; if (!batch) { - pkcs11_list(outfile, url, PKCS11_TYPE_ALL); + pkcs11_list(outfile, url, PKCS11_TYPE_ALL, 1/*login*/); ret = read_yesno("Are you sure you want to delete those objects? (Y/N): "); if (ret == 0) { exit(1); @@ -68,14 +68,18 @@ int ret; /* lists certificates from a token */ -void pkcs11_list( FILE* outfile, const char* url, int type) +void pkcs11_list( FILE* outfile, const char* url, int type, unsigned int login) { gnutls_pkcs11_obj_t *crt_list; gnutls_x509_crt_t xcrt; unsigned int crt_list_size = 0; int ret; char* output; -int i, flags; +int i, attrs; +unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; pkcs11_common(); @@ -83,15 +87,15 @@ int i, flags; url = "pkcs11:"; if (type == PKCS11_TYPE_TRUSTED) { - flags = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; } else if (type == PKCS11_TYPE_PK) { - flags = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; } else if (type == PKCS11_TYPE_CRT_ALL) { - flags = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; } else if (type == PKCS11_TYPE_PRIVKEY) { - flags = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; + attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; } else { - flags = GNUTLS_PKCS11_OBJ_ATTR_ALL; + attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; } /* give some initial value to avoid asking for the pkcs11 pin twice. @@ -103,7 +107,8 @@ int i, flags; exit(1); } - ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, flags); + ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, + attrs, obj_flags); if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { fprintf(stderr, "Error in crt_list_import (1): %s\n", gnutls_strerror(ret)); exit(1); @@ -121,7 +126,7 @@ int i, flags; exit(1); } - ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, flags); + ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, attrs, obj_flags); if (ret < 0) { fprintf(stderr, "Error in crt_list_import: %s\n", gnutls_strerror(ret)); exit(1); @@ -160,7 +165,7 @@ int i, flags; - if (flags == GNUTLS_PKCS11_OBJ_ATTR_ALL || flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) + if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) continue; ret = gnutls_x509_crt_init(&xcrt); @@ -195,13 +200,17 @@ int i, flags; return; } -void pkcs11_export(FILE* outfile, const char* url) +void pkcs11_export(FILE* outfile, const char* url, unsigned int login) { gnutls_pkcs11_obj_t crt; gnutls_x509_crt_t xcrt; gnutls_pubkey_t pubkey; int ret; size_t size; +unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; pkcs11_common(); @@ -214,7 +223,7 @@ size_t size; exit(1); } - ret = gnutls_pkcs11_obj_import_url( crt, url); + ret = gnutls_pkcs11_obj_import_url( crt, url, obj_flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); @@ -382,7 +391,7 @@ unsigned int key_usage; xcrt = load_cert(0); if (xcrt != NULL) { if (trusted) - flags |= GNUTLS_PKCS11_OBJ_FLAG_TRUSTED; + flags |= GNUTLS_PKCS11_COPY_FLAG_MARK_TRUSTED; ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); @@ -394,7 +403,7 @@ unsigned int key_usage; xkey = load_private_key(0); if (xkey != NULL) { - ret = gnutls_pkcs11_copy_x509_privkey(url, xkey, label, key_usage); + ret = gnutls_pkcs11_copy_x509_privkey(url, xkey, label, key_usage, flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); |