diff options
author | Adam Williamson <awilliam@redhat.com> | 2015-01-13 20:52:20 -0800 |
---|---|---|
committer | Stef Walter <stefw@redhat.com> | 2015-01-14 13:36:47 +0100 |
commit | a6df1f21e42a3b57448eb6897b976ac8883908eb (patch) | |
tree | 78d0379a31c7370907086535c4fe1cc2159991ff /trust/extract-pem.c | |
parent | b65e3148a8ea2d54b17a8be617bbdcb026c49fcd (diff) |
trust: Add pem-directory-hash extract format
This allows extraction of a directory of standard PEM files
with the OpenSSL hash symlinks; this is a format used by
some popular platforms (Debian's /etc/ssl/certs is in this
form, and OpenSUSE provides it for compatibility).
Initially by: Ludwig Nussel <ludwig.nussel@suse.de>
Signed-off-by: Stef Walter <stefw@redhat.com>
* Added header, fixed compiler warnings
Diffstat (limited to 'trust/extract-pem.c')
-rw-r--r-- | trust/extract-pem.c | 49 |
1 files changed, 41 insertions, 8 deletions
diff --git a/trust/extract-pem.c b/trust/extract-pem.c index 1e1c857..a32d032 100644 --- a/trust/extract-pem.c +++ b/trust/extract-pem.c @@ -40,6 +40,7 @@ #include "debug.h" #include "extract.h" #include "message.h" +#include "path.h" #include "pem.h" #include "save.h" @@ -98,15 +99,18 @@ p11_extract_pem_bundle (p11_enumerate *ex, return ret; } -bool -p11_extract_pem_directory (p11_enumerate *ex, - const char *destination) +static bool +extract_pem_directory (p11_enumerate *ex, + const char *destination, + bool hash) { p11_save_file *file; p11_save_dir *dir; p11_buffer buf; bool ret = true; char *filename; + char *path; + char *name; CK_RV rv; dir = p11_save_open_directory (destination, ex->flags); @@ -121,14 +125,25 @@ p11_extract_pem_directory (p11_enumerate *ex, if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf)) return_val_if_reached (false); - filename = p11_enumerate_filename (ex); - return_val_if_fail (filename != NULL, false); + name = p11_enumerate_filename (ex); + return_val_if_fail (name != NULL, false); + + path = NULL; + + file = p11_save_open_file_in (dir, name, ".pem"); + ret = p11_save_write (file, buf.data, buf.len); - file = p11_save_open_file_in (dir, filename, ".pem"); - free (filename); + if (!p11_save_finish_file (file, &path, ret)) + ret = false; - ret = p11_save_write_and_finish (file, buf.data, buf.len); + if (ret && hash) { + filename = p11_path_base (path); + ret = p11_openssl_symlink(ex, dir, filename); + free (filename); + } + free (path); + free (name); if (!ret) break; } @@ -143,3 +158,21 @@ p11_extract_pem_directory (p11_enumerate *ex, p11_save_finish_directory (dir, ret); return ret; } + +bool +p11_extract_pem_directory (p11_enumerate *ex, + const char *destination) +{ + bool ret = true; + ret = extract_pem_directory (ex, destination, false); + return ret; +} + +bool +p11_extract_pem_directory_hash (p11_enumerate *ex, + const char *destination) +{ + bool ret = true; + ret = extract_pem_directory (ex, destination, true); + return ret; +} |