From: Krzysztof Jackiewicz Date: Wed, 31 Aug 2016 13:35:24 +0000 (+0200) Subject: Return incomplete PKCS12 with exportable parts only X-Git-Tag: submit/tizen/20160912.023936~6 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=eb6f294324e77e47d29548c2f5c85500d63aea39;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git Return incomplete PKCS12 with exportable parts only [Problem] There's no way to get CA certificates list for PKCS12 with non-exportable key. [Solution] Create an incomplete PKCS12 structure with exportable fields only. [Verification] Run ckm-tests --group=T310_CKMC_CAPI_PKCS12 Change-Id: I77b7ef153fc5d7eb16a587a5bb0450c6a74f6ba1 --- diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 7d32228..36f2ea7 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -993,33 +993,38 @@ int CKMLogic::getPKCS12Helper( retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label, keyPassword, keyObj); - if (retCode != CKM_API_SUCCESS) - return retCode; - - privKey = CKM::Key::create(keyObj->getBinary()); + if (retCode != CKM_API_SUCCESS) { + if (retCode != CKM_API_ERROR_NOT_EXPORTABLE) + return retCode; + } else { + privKey = CKM::Key::create(keyObj->getBinary()); + } // read certificate (mandatory) Crypto::GObjUPtr certObj; retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label, certPassword, certObj); - if (retCode != CKM_API_SUCCESS) - return retCode; - - cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER); + if (retCode != CKM_API_SUCCESS) { + if (retCode != CKM_API_ERROR_NOT_EXPORTABLE) + return retCode; + } else { + cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER); + } // read CA cert chain (optional) Crypto::GObjUPtrVector caChainObjs; retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label, certPassword, caChainObjs); - if (retCode != CKM_API_SUCCESS && - retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN) - return retCode; - - for (auto &caCertObj : caChainObjs) - caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(), - DataFormat::FORM_DER)); + if (retCode != CKM_API_SUCCESS && retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN) { + if (retCode != CKM_API_ERROR_NOT_EXPORTABLE) + return retCode; + } else { + for (auto &caCertObj : caChainObjs) + caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(), + DataFormat::FORM_DER)); + } // if anything found, return it if (privKey || cert || caChain.size() > 0)