diff options
author | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2016-08-31 15:35:24 +0200 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2016-08-31 15:40:44 +0200 |
commit | eb6f294324e77e47d29548c2f5c85500d63aea39 (patch) | |
tree | 37cbe0c19260200db1945e32beda0ac25d322cc9 | |
parent | 5a30249a947b1bb52d31a5dd12e913afc9e90970 (diff) | |
download | key-manager-eb6f294324e77e47d29548c2f5c85500d63aea39.tar.gz key-manager-eb6f294324e77e47d29548c2f5c85500d63aea39.tar.bz2 key-manager-eb6f294324e77e47d29548c2f5c85500d63aea39.zip |
Return incomplete PKCS12 with exportable parts only
[Problem] There's no way to get CA certificates list for PKCS12 with
non-exportable key.
[Solution] Create an incomplete PKCS12 structure with exportable fields only.
[Verification] Run ckm-tests --group=T310_CKMC_CAPI_PKCS12
Change-Id: I77b7ef153fc5d7eb16a587a5bb0450c6a74f6ba1
-rw-r--r-- | src/manager/service/ckm-logic.cpp | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 7d322289..36f2ea77 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -993,33 +993,38 @@ int CKMLogic::getPKCS12Helper( retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label, keyPassword, keyObj); - if (retCode != CKM_API_SUCCESS) - return retCode; - - privKey = CKM::Key::create(keyObj->getBinary()); + if (retCode != CKM_API_SUCCESS) { + if (retCode != CKM_API_ERROR_NOT_EXPORTABLE) + return retCode; + } else { + privKey = CKM::Key::create(keyObj->getBinary()); + } // read certificate (mandatory) Crypto::GObjUPtr certObj; retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label, certPassword, certObj); - if (retCode != CKM_API_SUCCESS) - return retCode; - - cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER); + if (retCode != CKM_API_SUCCESS) { + if (retCode != CKM_API_ERROR_NOT_EXPORTABLE) + return retCode; + } else { + cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER); + } // read CA cert chain (optional) Crypto::GObjUPtrVector caChainObjs; retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label, certPassword, caChainObjs); - if (retCode != CKM_API_SUCCESS && - retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN) - return retCode; - - for (auto &caCertObj : caChainObjs) - caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(), - DataFormat::FORM_DER)); + if (retCode != CKM_API_SUCCESS && retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN) { + if (retCode != CKM_API_ERROR_NOT_EXPORTABLE) + return retCode; + } else { + for (auto &caCertObj : caChainObjs) + caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(), + DataFormat::FORM_DER)); + } // if anything found, return it if (privKey || cert || caChain.size() > 0) |