Add basic trust module

This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.

1 files changed, 27 insertions, 0 deletions

diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am
new file mode 100644
index 0000000..03dca0d
--- /dev/null
+++ b/build/certs/Makefile.am
@@ -0,0 +1,27 @@
+
+# Note that nothing here is distributed. It just lives in the git repository
+# We copy everything into its final location, and those test files are
+# distributed in the tarballs
+
+TRUST = $(top_srcdir)/trust/tests
+
+prepare-certs:
+	cp -v cacert3.der $(TRUST)/anchors
+	cp -v cacert3.der $(TRUST)/files
+	cp -v cacert-ca.der $(TRUST)/certificates
+	cp -v cacert-ca.der $(TRUST)/files
+	cp -v self-server.der $(TRUST)/files
+	cp -v self-signed-with-eku.der $(TRUST)/certificates
+	cp -v self-signed-with-ku.der $(TRUST)/certificates
+	cp -v testing-ca.der $(TRUST)/anchors
+	cp -v testing-server.der $(TRUST)/files
+
+# Rebuild the self-signed certificates. This is almost never necessary and
+# will require other changes in the code, mostly here as documentation
+build-self-signed:
+	openssl req -new -x509 -outform DER -out self-signed-with-eku.der \
+		-newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-eku.example.com \
+		-config with-eku.conf -set_serial 888 -extensions v3_ca
+	openssl req -new -x509 -outform DER -out self-signed-with-ku.der \
+		-newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-ku.example.com \
+		-config with-ku.conf -set_serial 888 -extensions v3_ca