gcr: Support multiple items inside a PKCS#12 bag.
authorStef Walter <stefw@collabora.co.uk>
Thu, 1 Sep 2011 10:50:01 +0000 (12:50 +0200)
committerStef Walter <stefw@collabora.co.uk>
Thu, 1 Sep 2011 13:14:39 +0000 (15:14 +0200)
 * This is how (at least) openssl sends along additional certs in
   a PKCS#12 file.
 * Create a new file personal.p12 to test this.

gcr/gcr-parser.c
gcr/tests/files/personal.p12 [new file with mode: 0644]
testing/ca-example/certs/personal.crt [new file with mode: 0644]
testing/ca-example/certs/personal.p12 [new file with mode: 0644]
testing/ca-example/commands.txt
testing/ca-example/keys/personal.key [new file with mode: 0644]
testing/ca-example/requests/personal.req [new file with mode: 0644]
testing/ca-example/serial.txt

index 22191b5..b845432 100644 (file)
@@ -862,6 +862,7 @@ handle_pkcs12_bag (GcrParser *self, const guchar *data, gsize n_data)
        GQuark oid;
        const guchar *element;
        gsize n_element;
+       guint i;
 
        ret = GCR_ERROR_UNRECOGNIZED;
 
@@ -877,20 +878,14 @@ handle_pkcs12_bag (GcrParser *self, const guchar *data, gsize n_data)
        /*
         * Now inside each bag are multiple elements. Who comes up
         * with this stuff?
-        *
-        * But this is where we draw the line. We only support one
-        * element per bag, not multiple elements, not strange
-        * nested bags, not fairy queens with magical wands in bags...
-        *
-        * Just one element per bag.
         */
-       if (count >= 1) {
+       for (i = 1; i <= count; i++) {
 
-               oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, 1, "bagId", NULL));
+               oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, i, "bagId", NULL));
                if (!oid)
                        goto done;
 
-               element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, 1, "bagValue", NULL), &n_element);
+               element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, i, "bagValue", NULL), &n_element);
                if (!element)
                        goto done;
 
diff --git a/gcr/tests/files/personal.p12 b/gcr/tests/files/personal.p12
new file mode 100644 (file)
index 0000000..7ae3d05
Binary files /dev/null and b/gcr/tests/files/personal.p12 differ
diff --git a/testing/ca-example/certs/personal.crt b/testing/ca-example/certs/personal.crt
new file mode 100644 (file)
index 0000000..2c3d54e
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmTCCAgICAQwwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTA5MDExMDM0NDRaFw0yMTA4MjkxMDM0
+NDRaMB8xHTAbBgNVBAMMFHBlcnNvbmFsQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRaLlKQr538QVsrdCMMOrDLA/Y3VBoRoUtqT
+BAbIX3YEg6TAPSY6Z7ef7mHMSQVr06Bv7bMqPYtzlKe6XMNiRXvEszSlW42e0V+H
+M/KQE24WC1zV/X+2yoEelz1GvUhRX+4oPT1n1cGKGuCE7ceZnBDkyPgP/fDplekz
+YoDKdU/KLcNmdXFNXnLRsEqbRLAjBe1IcXaUhrxb8HM4yc9Jv72q7vP4DZ2bOX4i
+eX775eBMevJcFftsL1jdnEzKX5H00WaK0kVAAji2Ej+yPZ8BLAIgPrjH1CY+we3F
+jD+GUGJUhsCa1sQpDLxNxvk/KuXGOgL4ft0h7Op9X+wQNFwwBQIDAQABMA0GCSqG
+SIb3DQEBBQUAA4GBAFpkc7qYXeyvs4OI8wEefQx2GrJvTl5cciIDRa/gIDX1E4HA
+1EReBRAkrYSYq4BLN8uD1qhIZphlCC6rcdUvkepxbHa4w+uf0O7R0E4zWg3dYog9
+yYjP4nSG/xoh0EsSZjKb904Y4rohrWgQ0AcXCrZIZGl4/Z/rH92rxeMv6VEn
+-----END CERTIFICATE-----
diff --git a/testing/ca-example/certs/personal.p12 b/testing/ca-example/certs/personal.p12
new file mode 100644 (file)
index 0000000..7ae3d05
Binary files /dev/null and b/testing/ca-example/certs/personal.p12 differ
index ccbe23d..7470640 100644 (file)
@@ -1,3 +1,16 @@
-$ openssl x509 -CAserial serial.txt -CA certs/ca.crt -CAkey keys/ca.key -days 3650 -req -in requests/client.req -out certs/client.crt
+# Signing a client certificate
+$ openssl x509 -CAserial serial.txt -CA certs/ca.crt -CAkey keys/ca.key \
+       -days 3650 -req -in requests/client.req -out certs/client.crt
 
-$ openssl x509 -signkey keys/server.key -days 3650 -req -in requests/server.req -out certs/server-self.crt
+# Self-signing a certificate
+$ openssl x509 -signkey keys/server.key -days 3650 -req \
+       -in requests/server.req -out certs/server-self.crt
+
+# Generating an basic certificate request
+$ openssl req -new -subj /CN=personal@example.com -out requests/personal.req \
+       -keyout keys/personal.key
+
+# Creating a PKCS#12 file from key and certificate
+openssl pkcs12 -export -in certs/personal.crt -inkey keys/personal.key \
+       -certfile certs/ca.crt -name "Example Certificate" \
+       -out certs/personal.p12
\ No newline at end of file
diff --git a/testing/ca-example/keys/personal.key b/testing/ca-example/keys/personal.key
new file mode 100644 (file)
index 0000000..fa2f875
--- /dev/null
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIh0hiA0TV0c8CAggA
+MBQGCCqGSIb3DQMHBAiJTGwjsHvP4wSCBMhwsU0BvXw6lzRCGvJc3B2yvOTGn7zA
+N4skd7Pl0swPFdjw3i1nU55A6+nOt9o2Uf6CL6j2hc8j4j2MbYAJL2OKmsk25utX
+mqxNQs2saDGd1tPhcIfcAOqjSlIDndQl5qxf7czQ9iQCSIPJJ+rPV9h99Pt273q0
+gGSayzlt/wiD9K0v41CBosfLJ0O6w4d+mu1oHXUMSKc02wwsoMOLecnBWoEYeGV+
+6WmBc6jDDwZ14f/eBhOlS4hPduB2D5G59EirVheyjSuVuyIfLS+vSHQbMsJKyNdN
+HD3mK7FVCt1a+VzrezeQaKOnvS2nnLIO0WnI80decYtS0ZIn/bPzOcogrtUEP/yr
+X7rbnw4oWD5LxmDP8yqflJDSCealkcOb4xdvFHvwibuYvfmskTPcaOE31WGMYBXw
+xgq0edd3skBolWa/I4y4gWWpWJNpROLdnKQRi/M4DG0RGidc/HcdV7lEYdj5l5zW
+mPWZob44XMnyzs2WPb4bqKgeu2hSH/sxyMULtjOcKDgLp5EKLKq+SLeWkVqZGFjT
+4ktAvTmsXqNfWMOSmUQQidPO1+He1AfKac4NMO7VMjjyPgDNKCwjPejL4cV376Lg
+yxrk8vKt268LQ/l+hJ+S03mdk60VNWc/56yQ8WaekJYW1KmaY8VvXmkvZydo7+Kc
+VvuUHt4BZoM/mQYEzuM8xL47e/b4MzZk+ygjzHWxubXdMbPtDM1jIN934DwGGWqd
+bFzTK4YFTaw/pEmvvsMGiTBYy4NOxZSJD+JHAl1XMeafc1W4ISO8Hi7QLrApDPa2
+OvITfycPSf/AsR4fX//vldpwwT6NbGerawHR4fWqiYaeEBwCy5LKEo69yL/08Zeb
+D4VJO2KjCcSlXH4iEFuMcQWMTH+jDKehMMhFEA7pYivIGYiN6YfhJbEplReM3Im4
+KJ7aZsUUSbtT/SD94RVM6o/tgiYbpHAYvas1YWyDc+6LV4rnPfU+xbTM25Wr1/uQ
+QZ7pDsYP6t9UgkdwviqC67lid0fVKIuIKK7TJSIhRZK5E0N+ZO+fU5wt2q6lDHIV
+54FLh4xU7F3pqr7zp0jePr4qNK3Mpe5K0hNXPYP7Qa3Y+9k5Ys8MM+ix3LBvwlcg
+T/GaChCIGeIeK/HbKIbjNHHRQp+aCfKLMsmJiyyNZ6LPmt0aeX1xBQ/yelRyGjl8
+H/LPt+RKM3QCVgLAQEB5Sd0Ps7XsZr4X4KAjq0Eh3p5IOGB8pnng5lSBeNE3DzqU
+94bGWnX3Z+bBuUGjpNaybEPWPIhYM2A7MtXNe5cx6Qxl4DJQ9Hu4foWpggbLyvkS
+iViiwMacfBneJVyERMNzbeyu/whR1KfxV+JeYDObYzVvBVNf713UG6FkYWSMvShu
+s+7UrlpX4lkZx78x6W8iOUBiWmzWGlS636pAQgx4GDmtX4D+Hrr5ZO7t9mu3qXYb
+DIRC1Y/8pYpDjJoMdplPu6SuHVOYHgz9k4PKekWgjg417tke5XjoPUz7528CWrJY
+5HCkoMXB0KMgoBvOSMVc99ZDCGSf6d9iWGKGq3teQrEwuexLfXQ08egzW5pmayrl
+fNJw1fwfatRIXs6yUGhxtPMSJKhXtDU/AQC1f8vVZGKRJk1cxm9G0hyM7zh87d+y
+wis=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/ca-example/requests/personal.req b/testing/ca-example/requests/personal.req
new file mode 100644 (file)
index 0000000..d3a449a
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICZDCCAUwCAQAwHzEdMBsGA1UEAwwUcGVyc29uYWxAZXhhbXBsZS5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJFouUpCvnfxBWyt0Iww6sMsD9
+jdUGhGhS2pMEBshfdgSDpMA9Jjpnt5/uYcxJBWvToG/tsyo9i3OUp7pcw2JFe8Sz
+NKVbjZ7RX4cz8pATbhYLXNX9f7bKgR6XPUa9SFFf7ig9PWfVwYoa4ITtx5mcEOTI
++A/98OmV6TNigMp1T8otw2Z1cU1ectGwSptEsCMF7UhxdpSGvFvwczjJz0m/varu
+8/gNnZs5fiJ5fvvl4Ex68lwV+2wvWN2cTMpfkfTRZorSRUACOLYSP7I9nwEsAiA+
+uMfUJj7B7cWMP4ZQYlSGwJrWxCkMvE3G+T8q5cY6Avh+3SHs6n1f7BA0XDAFAgMB
+AAGgADANBgkqhkiG9w0BAQUFAAOCAQEABjETedVq8CDdpnOLHDoAwmEer4CvWAfK
+ltzIssiZYUmwsGV3ReQ9eSk0uqxu6A5V8r0Bn16zVHA1OSTi5SHkDGWNUWzwXRLs
+8uvJPlK9io5JhsyvAZaR9OxHjvbVGLQJ8a3f86VEdFgDTYZehoT0VdEVpRT3QpZ7
+Zw91ClgZUZGmzGQyNP41shoq/51rSWmoKwcLwOHjV1hF5aTg3yO83EHdKyvsuAUt
+h3+ZeJGLgXx91+Tx4zxOxsDgV3zgSTDnHOUSNms+ZihOEsjoBsn/mlSTIu5t/OAB
+6MReWC+9xocnO0fujfsi9BzFCzojj638IY0BxK8IvO3fc7/TUPdt+A==
+-----END CERTIFICATE REQUEST-----