Explicit pkcs11 certificate loading can enforce a module and a slot
This commit is contained in:
parent
5d4c27d077
commit
36e47a409b
|
@ -269,7 +269,8 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
|
||||||
pkcs11_manager_t *manager;
|
pkcs11_manager_t *manager;
|
||||||
pkcs11_library_t *p11;
|
pkcs11_library_t *p11;
|
||||||
certificate_t *cert = NULL;
|
certificate_t *cert = NULL;
|
||||||
CK_SLOT_ID slot;
|
CK_SLOT_ID current, slot = -1;
|
||||||
|
char *module = NULL;
|
||||||
|
|
||||||
while (TRUE)
|
while (TRUE)
|
||||||
{
|
{
|
||||||
|
@ -278,6 +279,12 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
|
||||||
case BUILD_PKCS11_KEYID:
|
case BUILD_PKCS11_KEYID:
|
||||||
keyid = va_arg(args, chunk_t);
|
keyid = va_arg(args, chunk_t);
|
||||||
continue;
|
continue;
|
||||||
|
case BUILD_PKCS11_SLOT:
|
||||||
|
slot = va_arg(args, int);
|
||||||
|
continue;
|
||||||
|
case BUILD_PKCS11_MODULE:
|
||||||
|
module = va_arg(args, char*);
|
||||||
|
continue;
|
||||||
case BUILD_END:
|
case BUILD_END:
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -296,7 +303,7 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
enumerator = manager->create_token_enumerator(manager);
|
enumerator = manager->create_token_enumerator(manager);
|
||||||
while (enumerator->enumerate(enumerator, &p11, &slot))
|
while (enumerator->enumerate(enumerator, &p11, ¤t))
|
||||||
{
|
{
|
||||||
CK_OBJECT_CLASS class = CKO_CERTIFICATE;
|
CK_OBJECT_CLASS class = CKO_CERTIFICATE;
|
||||||
CK_CERTIFICATE_TYPE type = CKC_X_509;
|
CK_CERTIFICATE_TYPE type = CKC_X_509;
|
||||||
|
@ -312,7 +319,16 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
|
||||||
CK_SESSION_HANDLE session;
|
CK_SESSION_HANDLE session;
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
|
|
||||||
rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL,
|
if (slot != -1 && slot != current)
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (module && !streq(module, p11->get_name(p11)))
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
|
||||||
&session);
|
&session);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
|
|
|
@ -68,7 +68,8 @@ pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot);
|
||||||
/**
|
/**
|
||||||
* Load a specific certificate from a token.
|
* Load a specific certificate from a token.
|
||||||
*
|
*
|
||||||
* Accepts a BUILD_PKCS11_KEYID as the only argument.
|
* Requires a BUILD_PKCS11_KEYID argument, and optionally BUILD_PKCS11_MODULE
|
||||||
|
* and/or BUILD_PKCS11_SLOT.
|
||||||
*
|
*
|
||||||
* @param type certificate type, must be CERT_X509
|
* @param type certificate type, must be CERT_X509
|
||||||
* @param args variable argument list, containing BUILD_PKCS11_KEYID.
|
* @param args variable argument list, containing BUILD_PKCS11_KEYID.
|
||||||
|
|
Loading…
Reference in New Issue