[gnome-keyring] gcr: Support multiple items inside a PKCS#12 bag.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring] gcr: Support multiple items inside a PKCS#12 bag.
- Date: Thu, 1 Sep 2011 13:16:08 +0000 (UTC)
commit 3f3aea982006c85aca0186f3bf33a782f4bda4ff
Author: Stef Walter <stefw collabora co uk>
Date: Thu Sep 1 12:50:01 2011 +0200
gcr: Support multiple items inside a PKCS#12 bag.
* This is how (at least) openssl sends along additional certs in
a PKCS#12 file.
* Create a new file personal.p12 to test this.
gcr/gcr-parser.c | 13 ++++---------
gcr/tests/files/personal.p12 | Bin 0 -> 3396 bytes
testing/ca-example/certs/personal.crt | 16 ++++++++++++++++
testing/ca-example/certs/personal.p12 | Bin 0 -> 3396 bytes
testing/ca-example/commands.txt | 17 +++++++++++++++--
testing/ca-example/keys/personal.key | 30 ++++++++++++++++++++++++++++++
testing/ca-example/requests/personal.req | 15 +++++++++++++++
testing/ca-example/serial.txt | 2 +-
8 files changed, 81 insertions(+), 12 deletions(-)
---
diff --git a/gcr/gcr-parser.c b/gcr/gcr-parser.c
index f5139cf..e9b24de 100644
--- a/gcr/gcr-parser.c
+++ b/gcr/gcr-parser.c
@@ -862,6 +862,7 @@ handle_pkcs12_bag (GcrParser *self, const guchar *data, gsize n_data)
GQuark oid;
const guchar *element;
gsize n_element;
+ guint i;
ret = GCR_ERROR_UNRECOGNIZED;
@@ -877,20 +878,14 @@ handle_pkcs12_bag (GcrParser *self, const guchar *data, gsize n_data)
/*
* Now inside each bag are multiple elements. Who comes up
* with this stuff?
- *
- * But this is where we draw the line. We only support one
- * element per bag, not multiple elements, not strange
- * nested bags, not fairy queens with magical wands in bags...
- *
- * Just one element per bag.
*/
- if (count >= 1) {
+ for (i = 1; i <= count; i++) {
- oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, 1, "bagId", NULL));
+ oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, i, "bagId", NULL));
if (!oid)
goto done;
- element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, 1, "bagValue", NULL), &n_element);
+ element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, i, "bagValue", NULL), &n_element);
if (!element)
goto done;
diff --git a/gcr/tests/files/personal.p12 b/gcr/tests/files/personal.p12
new file mode 100644
index 0000000..7ae3d05
Binary files /dev/null and b/gcr/tests/files/personal.p12 differ
diff --git a/testing/ca-example/certs/personal.crt b/testing/ca-example/certs/personal.crt
new file mode 100644
index 0000000..2c3d54e
--- /dev/null
+++ b/testing/ca-example/certs/personal.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmTCCAgICAQwwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTA5MDExMDM0NDRaFw0yMTA4MjkxMDM0
+NDRaMB8xHTAbBgNVBAMMFHBlcnNvbmFsQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRaLlKQr538QVsrdCMMOrDLA/Y3VBoRoUtqT
+BAbIX3YEg6TAPSY6Z7ef7mHMSQVr06Bv7bMqPYtzlKe6XMNiRXvEszSlW42e0V+H
+M/KQE24WC1zV/X+2yoEelz1GvUhRX+4oPT1n1cGKGuCE7ceZnBDkyPgP/fDplekz
+YoDKdU/KLcNmdXFNXnLRsEqbRLAjBe1IcXaUhrxb8HM4yc9Jv72q7vP4DZ2bOX4i
+eX775eBMevJcFftsL1jdnEzKX5H00WaK0kVAAji2Ej+yPZ8BLAIgPrjH1CY+we3F
+jD+GUGJUhsCa1sQpDLxNxvk/KuXGOgL4ft0h7Op9X+wQNFwwBQIDAQABMA0GCSqG
+SIb3DQEBBQUAA4GBAFpkc7qYXeyvs4OI8wEefQx2GrJvTl5cciIDRa/gIDX1E4HA
+1EReBRAkrYSYq4BLN8uD1qhIZphlCC6rcdUvkepxbHa4w+uf0O7R0E4zWg3dYog9
+yYjP4nSG/xoh0EsSZjKb904Y4rohrWgQ0AcXCrZIZGl4/Z/rH92rxeMv6VEn
+-----END CERTIFICATE-----
diff --git a/testing/ca-example/certs/personal.p12 b/testing/ca-example/certs/personal.p12
new file mode 100644
index 0000000..7ae3d05
Binary files /dev/null and b/testing/ca-example/certs/personal.p12 differ
diff --git a/testing/ca-example/commands.txt b/testing/ca-example/commands.txt
index ccbe23d..7470640 100644
--- a/testing/ca-example/commands.txt
+++ b/testing/ca-example/commands.txt
@@ -1,3 +1,16 @@
-$ openssl x509 -CAserial serial.txt -CA certs/ca.crt -CAkey keys/ca.key -days 3650 -req -in requests/client.req -out certs/client.crt
+# Signing a client certificate
+$ openssl x509 -CAserial serial.txt -CA certs/ca.crt -CAkey keys/ca.key \
+ -days 3650 -req -in requests/client.req -out certs/client.crt
-$ openssl x509 -signkey keys/server.key -days 3650 -req -in requests/server.req -out certs/server-self.crt
+# Self-signing a certificate
+$ openssl x509 -signkey keys/server.key -days 3650 -req \
+ -in requests/server.req -out certs/server-self.crt
+
+# Generating an basic certificate request
+$ openssl req -new -subj /CN=personal example com -out requests/personal.req \
+ -keyout keys/personal.key
+
+# Creating a PKCS#12 file from key and certificate
+openssl pkcs12 -export -in certs/personal.crt -inkey keys/personal.key \
+ -certfile certs/ca.crt -name "Example Certificate" \
+ -out certs/personal.p12
\ No newline at end of file
diff --git a/testing/ca-example/keys/personal.key b/testing/ca-example/keys/personal.key
new file mode 100644
index 0000000..fa2f875
--- /dev/null
+++ b/testing/ca-example/keys/personal.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIh0hiA0TV0c8CAggA
+MBQGCCqGSIb3DQMHBAiJTGwjsHvP4wSCBMhwsU0BvXw6lzRCGvJc3B2yvOTGn7zA
+N4skd7Pl0swPFdjw3i1nU55A6+nOt9o2Uf6CL6j2hc8j4j2MbYAJL2OKmsk25utX
+mqxNQs2saDGd1tPhcIfcAOqjSlIDndQl5qxf7czQ9iQCSIPJJ+rPV9h99Pt273q0
+gGSayzlt/wiD9K0v41CBosfLJ0O6w4d+mu1oHXUMSKc02wwsoMOLecnBWoEYeGV+
+6WmBc6jDDwZ14f/eBhOlS4hPduB2D5G59EirVheyjSuVuyIfLS+vSHQbMsJKyNdN
+HD3mK7FVCt1a+VzrezeQaKOnvS2nnLIO0WnI80decYtS0ZIn/bPzOcogrtUEP/yr
+X7rbnw4oWD5LxmDP8yqflJDSCealkcOb4xdvFHvwibuYvfmskTPcaOE31WGMYBXw
+xgq0edd3skBolWa/I4y4gWWpWJNpROLdnKQRi/M4DG0RGidc/HcdV7lEYdj5l5zW
+mPWZob44XMnyzs2WPb4bqKgeu2hSH/sxyMULtjOcKDgLp5EKLKq+SLeWkVqZGFjT
+4ktAvTmsXqNfWMOSmUQQidPO1+He1AfKac4NMO7VMjjyPgDNKCwjPejL4cV376Lg
+yxrk8vKt268LQ/l+hJ+S03mdk60VNWc/56yQ8WaekJYW1KmaY8VvXmkvZydo7+Kc
+VvuUHt4BZoM/mQYEzuM8xL47e/b4MzZk+ygjzHWxubXdMbPtDM1jIN934DwGGWqd
+bFzTK4YFTaw/pEmvvsMGiTBYy4NOxZSJD+JHAl1XMeafc1W4ISO8Hi7QLrApDPa2
+OvITfycPSf/AsR4fX//vldpwwT6NbGerawHR4fWqiYaeEBwCy5LKEo69yL/08Zeb
+D4VJO2KjCcSlXH4iEFuMcQWMTH+jDKehMMhFEA7pYivIGYiN6YfhJbEplReM3Im4
+KJ7aZsUUSbtT/SD94RVM6o/tgiYbpHAYvas1YWyDc+6LV4rnPfU+xbTM25Wr1/uQ
+QZ7pDsYP6t9UgkdwviqC67lid0fVKIuIKK7TJSIhRZK5E0N+ZO+fU5wt2q6lDHIV
+54FLh4xU7F3pqr7zp0jePr4qNK3Mpe5K0hNXPYP7Qa3Y+9k5Ys8MM+ix3LBvwlcg
+T/GaChCIGeIeK/HbKIbjNHHRQp+aCfKLMsmJiyyNZ6LPmt0aeX1xBQ/yelRyGjl8
+H/LPt+RKM3QCVgLAQEB5Sd0Ps7XsZr4X4KAjq0Eh3p5IOGB8pnng5lSBeNE3DzqU
+94bGWnX3Z+bBuUGjpNaybEPWPIhYM2A7MtXNe5cx6Qxl4DJQ9Hu4foWpggbLyvkS
+iViiwMacfBneJVyERMNzbeyu/whR1KfxV+JeYDObYzVvBVNf713UG6FkYWSMvShu
+s+7UrlpX4lkZx78x6W8iOUBiWmzWGlS636pAQgx4GDmtX4D+Hrr5ZO7t9mu3qXYb
+DIRC1Y/8pYpDjJoMdplPu6SuHVOYHgz9k4PKekWgjg417tke5XjoPUz7528CWrJY
+5HCkoMXB0KMgoBvOSMVc99ZDCGSf6d9iWGKGq3teQrEwuexLfXQ08egzW5pmayrl
+fNJw1fwfatRIXs6yUGhxtPMSJKhXtDU/AQC1f8vVZGKRJk1cxm9G0hyM7zh87d+y
+wis=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/ca-example/requests/personal.req b/testing/ca-example/requests/personal.req
new file mode 100644
index 0000000..d3a449a
--- /dev/null
+++ b/testing/ca-example/requests/personal.req
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICZDCCAUwCAQAwHzEdMBsGA1UEAwwUcGVyc29uYWxAZXhhbXBsZS5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJFouUpCvnfxBWyt0Iww6sMsD9
+jdUGhGhS2pMEBshfdgSDpMA9Jjpnt5/uYcxJBWvToG/tsyo9i3OUp7pcw2JFe8Sz
+NKVbjZ7RX4cz8pATbhYLXNX9f7bKgR6XPUa9SFFf7ig9PWfVwYoa4ITtx5mcEOTI
++A/98OmV6TNigMp1T8otw2Z1cU1ectGwSptEsCMF7UhxdpSGvFvwczjJz0m/varu
+8/gNnZs5fiJ5fvvl4Ex68lwV+2wvWN2cTMpfkfTRZorSRUACOLYSP7I9nwEsAiA+
+uMfUJj7B7cWMP4ZQYlSGwJrWxCkMvE3G+T8q5cY6Avh+3SHs6n1f7BA0XDAFAgMB
+AAGgADANBgkqhkiG9w0BAQUFAAOCAQEABjETedVq8CDdpnOLHDoAwmEer4CvWAfK
+ltzIssiZYUmwsGV3ReQ9eSk0uqxu6A5V8r0Bn16zVHA1OSTi5SHkDGWNUWzwXRLs
+8uvJPlK9io5JhsyvAZaR9OxHjvbVGLQJ8a3f86VEdFgDTYZehoT0VdEVpRT3QpZ7
+Zw91ClgZUZGmzGQyNP41shoq/51rSWmoKwcLwOHjV1hF5aTg3yO83EHdKyvsuAUt
+h3+ZeJGLgXx91+Tx4zxOxsDgV3zgSTDnHOUSNms+ZihOEsjoBsn/mlSTIu5t/OAB
+6MReWC+9xocnO0fujfsi9BzFCzojj638IY0BxK8IvO3fc7/TUPdt+A==
+-----END CERTIFICATE REQUEST-----
diff --git a/testing/ca-example/serial.txt b/testing/ca-example/serial.txt
index eb589e9..d73cdef 100644
--- a/testing/ca-example/serial.txt
+++ b/testing/ca-example/serial.txt
@@ -1 +1 @@
-0B
+0C
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
