From 46b743d63926e8171e6bca56a7365bb3fce3d9db Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 1 Sep 2011 12:50:01 +0200 Subject: [PATCH] gcr: Support multiple items inside a PKCS#12 bag. * This is how (at least) openssl sends along additional certs in a PKCS#12 file. * Create a new file personal.p12 to test this. --- gcr/gcr-parser.c | 13 ++++--------- gcr/tests/files/personal.p12 | Bin 0 -> 3396 bytes testing/ca-example/certs/personal.crt | 16 ++++++++++++++++ testing/ca-example/certs/personal.p12 | Bin 0 -> 3396 bytes testing/ca-example/commands.txt | 17 +++++++++++++++-- testing/ca-example/keys/personal.key | 30 ++++++++++++++++++++++++++++++ testing/ca-example/requests/personal.req | 15 +++++++++++++++ testing/ca-example/serial.txt | 2 +- 8 files changed, 81 insertions(+), 12 deletions(-) create mode 100644 gcr/tests/files/personal.p12 create mode 100644 testing/ca-example/certs/personal.crt create mode 100644 testing/ca-example/certs/personal.p12 create mode 100644 testing/ca-example/keys/personal.key create mode 100644 testing/ca-example/requests/personal.req diff --git a/gcr/gcr-parser.c b/gcr/gcr-parser.c index 22191b5..b845432 100644 --- a/gcr/gcr-parser.c +++ b/gcr/gcr-parser.c @@ -862,6 +862,7 @@ handle_pkcs12_bag (GcrParser *self, const guchar *data, gsize n_data) GQuark oid; const guchar *element; gsize n_element; + guint i; ret = GCR_ERROR_UNRECOGNIZED; @@ -877,20 +878,14 @@ handle_pkcs12_bag (GcrParser *self, const guchar *data, gsize n_data) /* * Now inside each bag are multiple elements. Who comes up * with this stuff? - * - * But this is where we draw the line. We only support one - * element per bag, not multiple elements, not strange - * nested bags, not fairy queens with magical wands in bags... - * - * Just one element per bag. */ - if (count >= 1) { + for (i = 1; i <= count; i++) { - oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, 1, "bagId", NULL)); + oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, i, "bagId", NULL)); if (!oid) goto done; - element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, 1, "bagValue", NULL), &n_element); + element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, i, "bagValue", NULL), &n_element); if (!element) goto done; diff --git a/gcr/tests/files/personal.p12 b/gcr/tests/files/personal.p12 new file mode 100644 index 0000000000000000000000000000000000000000..7ae3d05dc310d88633d97342b38b1af951a008fd GIT binary patch literal 3396 zcmY+FcQhM}8pab6GxjQ_gx0DM)JzeoMyXk~_XtYO8nsiiB3A8LqpEgFQF~K9rB)-c zSIwdn)i$@^IrrZ0-anrAJ?DAe^Zxn#;AlD|8IT-~rlX*s7LC=4J);9s0*ld*GY}f` z4UUF^1Gkx>C6 z(UiiM;hogHAhA{*Di#-1KeuaEQB%==E4v#asCr`k5i4CuR>yr-3&$kg5H&u_K^%fg z_`KC*9oBKXwEF5njnSB6HhbHb@&^f_%d?}>d#aOOt$cTu8%0IqgNP=nVr)X7)3>`{ zvc(yOM+L$gs-6|4&AXClaXRm8w4!+#j06Hkq-Y>)M$4jc8iZHDrN5FLZh|$s?(|Hr z)$J;;`q!x4YC#$Z6?#l{#8kGp&+s(}H2Q7l+uMKl71JgI!J!P%Qr10RZ)IP^XhqS{ z#dr&OygA?j(Hyqgx=B(y7rxzuWj)-wH>RMu1-~|2n_GT`fm2#!8w(3?4+ZAho@Lzt zX?tH|o@V97!Pjs9mOGT+FmLaDOr7G6ETdHP8h32VXWmXI9Jr-{aE?sJtTZ_sDcT_Q zcU#2ob~=5)k z`A7>UxCqA4aJsehjOrn?;p$QA5Dex{NkgF-?1Zdp47W%Zo8EGOZIg|p3loR&OME@yj%7j4qL z-9?y4p2a%&h-!udcU+OP_E^jueB0mMRbPemD--@>vDnOAsgbtHT+sHSrI+_#;blTa zOV$i?%Dc!11BYMNGeZLLKJ<`wnJTl?mxcE{k`4P}Eqf#pULoP=G#7WgfroY?Jz+9A zBmaBK16#diy1U1=)b<3^VD=AauHTP3eE>?u?zloGnuo54Bx{igcjP%u2 zc=}ln#klz{JSnAE&8%~PO;6YtPVlkza0PsBGjm==7UXtsUJOrH=BstU4yih`{gN#l zl3$1!!6-(5>2fx*usZYMo1LCC;&q0f@2YF|PD^~aQT&-IZhoo$?w#R4V-n*g8^Y|W zq_N$^m_ocvRiJMkQ@{mhkjTM+tBe)FR~Va4j4Yg&kUdRNLc?G?y&gSxG>5oP!(T$y zgD#I}9enQN&zr~L3w_F2yxE)76Y=@wKTBzbr!s>UgVbQFeySD<5~|-dVbT|i8IISK zIfdWvGau=a@M`dcp~n27q|-RU zzPR#Nhism^#cCc)Qdg_@uM{2*b}%$9elcjT^1 z*16h{i~aGC<|mQ#SFQAuX-SJB16T*w6lph?TU_sAX=IA+{EVhmIT&y5D-uHOnD5`c zAQ)e%mk6V~svSlwle1*^T$mMR{BW6iQ=;7l=g{A9=>DROS;@{0bPPZnFuFZyU%kn5T2=OmEgqOGw`290eJ z^dL053+46jTJ3nYNGw-UfY?%B1u;<}N?oo{yyPRw%HI;p%Qqr5IY*z{%F*7o|DcdE zx;GS%_u65G9Ny75*E`dev~Pu*lJzTrMlz(3^Mmo9A9-#Bn_Y?enB>?}d;EDPv$K4> zRs!O)yu%Pkv-ji18eYi|O9EiI2I&e-|8ivn3iI3!Etl@~PVn$glD6_mICe|HsTj@+ zdJXNUcXvQ*pfJpUF)V&aa#H;=SS3yAUE*O;%-WY@0+lD=rmgP&RI0;gCQrQ%SN9SX zapKei7rpvvdZfk4r{oJb8XWXLU@b<2-9Tut^B>#(kE|(Z|ASc?AXzaQbO1+#cK(mP z8vX-cZ0HwC?YKa#6#Kb5*NYlTOR6GFZIzF zD;N-h85SH<^1Do%>sArXnB|kaevqTp9XN>9eW6Mz3Q?Nw|B!5{?04^U{$x<7x;hN% zJi$7#ORatOhpaH;E|9#defLO^wby~^-R>mWD7=yWlX|;t7d9VaZf?OEi%s1A z;fX@B({%7!hfBmMK;BreRQ<+C^O4nAD@wPp1#0sC4G?=F07^0q+-S# zG2?x5M&oC#wQc^s>1$O8+ve2A2AN>Kk`(@Sx!WqfyhEK`?Phz*XMQ`a7gJxOE$_>$ zVGQcZqU9_udp$~6aj@*#1V~;bc$DFK^ns!CS&py=1G7fRI7iT1V1*}jGadt;bx7y! zND=XxBEk*vlMKlHtHjkC-FAj6k86!h`&G}MOU?xhdarCXXLx4NU$HQyGG}nxle(?S zIhVC*WXs0FlTRvmd=YihBefv@M1ij9#8+)gR4fQQm0P}a*6t&|Z%Ln9y+_{=24^}U zrSjvRb2Q&D5Kd&-E9iN&*H1Ybr3?&;Y0!XN&Tr!}q-R7Pk+_*qwyn-)22DoK8ulOU zqCJ;ebPVa_tNB7hBQ=+YONi!Mh80cLfvzS)9vOJSL<~eF P@R;|_VCBfqzsvPsZ=+Ya literal 0 HcmV?d00001 diff --git a/testing/ca-example/certs/personal.crt b/testing/ca-example/certs/personal.crt new file mode 100644 index 0000000..2c3d54e --- /dev/null +++ b/testing/ca-example/certs/personal.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICmTCCAgICAQwwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTA5MDExMDM0NDRaFw0yMTA4MjkxMDM0 +NDRaMB8xHTAbBgNVBAMMFHBlcnNvbmFsQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRaLlKQr538QVsrdCMMOrDLA/Y3VBoRoUtqT +BAbIX3YEg6TAPSY6Z7ef7mHMSQVr06Bv7bMqPYtzlKe6XMNiRXvEszSlW42e0V+H +M/KQE24WC1zV/X+2yoEelz1GvUhRX+4oPT1n1cGKGuCE7ceZnBDkyPgP/fDplekz +YoDKdU/KLcNmdXFNXnLRsEqbRLAjBe1IcXaUhrxb8HM4yc9Jv72q7vP4DZ2bOX4i +eX775eBMevJcFftsL1jdnEzKX5H00WaK0kVAAji2Ej+yPZ8BLAIgPrjH1CY+we3F +jD+GUGJUhsCa1sQpDLxNxvk/KuXGOgL4ft0h7Op9X+wQNFwwBQIDAQABMA0GCSqG +SIb3DQEBBQUAA4GBAFpkc7qYXeyvs4OI8wEefQx2GrJvTl5cciIDRa/gIDX1E4HA +1EReBRAkrYSYq4BLN8uD1qhIZphlCC6rcdUvkepxbHa4w+uf0O7R0E4zWg3dYog9 +yYjP4nSG/xoh0EsSZjKb904Y4rohrWgQ0AcXCrZIZGl4/Z/rH92rxeMv6VEn +-----END CERTIFICATE----- diff --git a/testing/ca-example/certs/personal.p12 b/testing/ca-example/certs/personal.p12 new file mode 100644 index 0000000000000000000000000000000000000000..7ae3d05dc310d88633d97342b38b1af951a008fd GIT binary patch literal 3396 zcmY+FcQhM}8pab6GxjQ_gx0DM)JzeoMyXk~_XtYO8nsiiB3A8LqpEgFQF~K9rB)-c zSIwdn)i$@^IrrZ0-anrAJ?DAe^Zxn#;AlD|8IT-~rlX*s7LC=4J);9s0*ld*GY}f` z4UUF^1Gkx>C6 z(UiiM;hogHAhA{*Di#-1KeuaEQB%==E4v#asCr`k5i4CuR>yr-3&$kg5H&u_K^%fg z_`KC*9oBKXwEF5njnSB6HhbHb@&^f_%d?}>d#aOOt$cTu8%0IqgNP=nVr)X7)3>`{ zvc(yOM+L$gs-6|4&AXClaXRm8w4!+#j06Hkq-Y>)M$4jc8iZHDrN5FLZh|$s?(|Hr z)$J;;`q!x4YC#$Z6?#l{#8kGp&+s(}H2Q7l+uMKl71JgI!J!P%Qr10RZ)IP^XhqS{ z#dr&OygA?j(Hyqgx=B(y7rxzuWj)-wH>RMu1-~|2n_GT`fm2#!8w(3?4+ZAho@Lzt zX?tH|o@V97!Pjs9mOGT+FmLaDOr7G6ETdHP8h32VXWmXI9Jr-{aE?sJtTZ_sDcT_Q zcU#2ob~=5)k z`A7>UxCqA4aJsehjOrn?;p$QA5Dex{NkgF-?1Zdp47W%Zo8EGOZIg|p3loR&OME@yj%7j4qL z-9?y4p2a%&h-!udcU+OP_E^jueB0mMRbPemD--@>vDnOAsgbtHT+sHSrI+_#;blTa zOV$i?%Dc!11BYMNGeZLLKJ<`wnJTl?mxcE{k`4P}Eqf#pULoP=G#7WgfroY?Jz+9A zBmaBK16#diy1U1=)b<3^VD=AauHTP3eE>?u?zloGnuo54Bx{igcjP%u2 zc=}ln#klz{JSnAE&8%~PO;6YtPVlkza0PsBGjm==7UXtsUJOrH=BstU4yih`{gN#l zl3$1!!6-(5>2fx*usZYMo1LCC;&q0f@2YF|PD^~aQT&-IZhoo$?w#R4V-n*g8^Y|W zq_N$^m_ocvRiJMkQ@{mhkjTM+tBe)FR~Va4j4Yg&kUdRNLc?G?y&gSxG>5oP!(T$y zgD#I}9enQN&zr~L3w_F2yxE)76Y=@wKTBzbr!s>UgVbQFeySD<5~|-dVbT|i8IISK zIfdWvGau=a@M`dcp~n27q|-RU zzPR#Nhism^#cCc)Qdg_@uM{2*b}%$9elcjT^1 z*16h{i~aGC<|mQ#SFQAuX-SJB16T*w6lph?TU_sAX=IA+{EVhmIT&y5D-uHOnD5`c zAQ)e%mk6V~svSlwle1*^T$mMR{BW6iQ=;7l=g{A9=>DROS;@{0bPPZnFuFZyU%kn5T2=OmEgqOGw`290eJ z^dL053+46jTJ3nYNGw-UfY?%B1u;<}N?oo{yyPRw%HI;p%Qqr5IY*z{%F*7o|DcdE zx;GS%_u65G9Ny75*E`dev~Pu*lJzTrMlz(3^Mmo9A9-#Bn_Y?enB>?}d;EDPv$K4> zRs!O)yu%Pkv-ji18eYi|O9EiI2I&e-|8ivn3iI3!Etl@~PVn$glD6_mICe|HsTj@+ zdJXNUcXvQ*pfJpUF)V&aa#H;=SS3yAUE*O;%-WY@0+lD=rmgP&RI0;gCQrQ%SN9SX zapKei7rpvvdZfk4r{oJb8XWXLU@b<2-9Tut^B>#(kE|(Z|ASc?AXzaQbO1+#cK(mP z8vX-cZ0HwC?YKa#6#Kb5*NYlTOR6GFZIzF zD;N-h85SH<^1Do%>sArXnB|kaevqTp9XN>9eW6Mz3Q?Nw|B!5{?04^U{$x<7x;hN% zJi$7#ORatOhpaH;E|9#defLO^wby~^-R>mWD7=yWlX|;t7d9VaZf?OEi%s1A z;fX@B({%7!hfBmMK;BreRQ<+C^O4nAD@wPp1#0sC4G?=F07^0q+-S# zG2?x5M&oC#wQc^s>1$O8+ve2A2AN>Kk`(@Sx!WqfyhEK`?Phz*XMQ`a7gJxOE$_>$ zVGQcZqU9_udp$~6aj@*#1V~;bc$DFK^ns!CS&py=1G7fRI7iT1V1*}jGadt;bx7y! zND=XxBEk*vlMKlHtHjkC-FAj6k86!h`&G}MOU?xhdarCXXLx4NU$HQyGG}nxle(?S zIhVC*WXs0FlTRvmd=YihBefv@M1ij9#8+)gR4fQQm0P}a*6t&|Z%Ln9y+_{=24^}U zrSjvRb2Q&D5Kd&-E9iN&*H1Ybr3?&;Y0!XN&Tr!}q-R7Pk+_*qwyn-)22DoK8ulOU zqCJ;ebPVa_tNB7hBQ=+YONi!Mh80cLfvzS)9vOJSL<~eF P@R;|_VCBfqzsvPsZ=+Ya literal 0 HcmV?d00001 diff --git a/testing/ca-example/commands.txt b/testing/ca-example/commands.txt index ccbe23d..7470640 100644 --- a/testing/ca-example/commands.txt +++ b/testing/ca-example/commands.txt @@ -1,3 +1,16 @@ -$ openssl x509 -CAserial serial.txt -CA certs/ca.crt -CAkey keys/ca.key -days 3650 -req -in requests/client.req -out certs/client.crt +# Signing a client certificate +$ openssl x509 -CAserial serial.txt -CA certs/ca.crt -CAkey keys/ca.key \ + -days 3650 -req -in requests/client.req -out certs/client.crt -$ openssl x509 -signkey keys/server.key -days 3650 -req -in requests/server.req -out certs/server-self.crt +# Self-signing a certificate +$ openssl x509 -signkey keys/server.key -days 3650 -req \ + -in requests/server.req -out certs/server-self.crt + +# Generating an basic certificate request +$ openssl req -new -subj /CN=personal@example.com -out requests/personal.req \ + -keyout keys/personal.key + +# Creating a PKCS#12 file from key and certificate +openssl pkcs12 -export -in certs/personal.crt -inkey keys/personal.key \ + -certfile certs/ca.crt -name "Example Certificate" \ + -out certs/personal.p12 \ No newline at end of file diff --git a/testing/ca-example/keys/personal.key b/testing/ca-example/keys/personal.key new file mode 100644 index 0000000..fa2f875 --- /dev/null +++ b/testing/ca-example/keys/personal.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIh0hiA0TV0c8CAggA +MBQGCCqGSIb3DQMHBAiJTGwjsHvP4wSCBMhwsU0BvXw6lzRCGvJc3B2yvOTGn7zA +N4skd7Pl0swPFdjw3i1nU55A6+nOt9o2Uf6CL6j2hc8j4j2MbYAJL2OKmsk25utX +mqxNQs2saDGd1tPhcIfcAOqjSlIDndQl5qxf7czQ9iQCSIPJJ+rPV9h99Pt273q0 +gGSayzlt/wiD9K0v41CBosfLJ0O6w4d+mu1oHXUMSKc02wwsoMOLecnBWoEYeGV+ +6WmBc6jDDwZ14f/eBhOlS4hPduB2D5G59EirVheyjSuVuyIfLS+vSHQbMsJKyNdN +HD3mK7FVCt1a+VzrezeQaKOnvS2nnLIO0WnI80decYtS0ZIn/bPzOcogrtUEP/yr +X7rbnw4oWD5LxmDP8yqflJDSCealkcOb4xdvFHvwibuYvfmskTPcaOE31WGMYBXw +xgq0edd3skBolWa/I4y4gWWpWJNpROLdnKQRi/M4DG0RGidc/HcdV7lEYdj5l5zW +mPWZob44XMnyzs2WPb4bqKgeu2hSH/sxyMULtjOcKDgLp5EKLKq+SLeWkVqZGFjT +4ktAvTmsXqNfWMOSmUQQidPO1+He1AfKac4NMO7VMjjyPgDNKCwjPejL4cV376Lg +yxrk8vKt268LQ/l+hJ+S03mdk60VNWc/56yQ8WaekJYW1KmaY8VvXmkvZydo7+Kc +VvuUHt4BZoM/mQYEzuM8xL47e/b4MzZk+ygjzHWxubXdMbPtDM1jIN934DwGGWqd +bFzTK4YFTaw/pEmvvsMGiTBYy4NOxZSJD+JHAl1XMeafc1W4ISO8Hi7QLrApDPa2 +OvITfycPSf/AsR4fX//vldpwwT6NbGerawHR4fWqiYaeEBwCy5LKEo69yL/08Zeb +D4VJO2KjCcSlXH4iEFuMcQWMTH+jDKehMMhFEA7pYivIGYiN6YfhJbEplReM3Im4 +KJ7aZsUUSbtT/SD94RVM6o/tgiYbpHAYvas1YWyDc+6LV4rnPfU+xbTM25Wr1/uQ +QZ7pDsYP6t9UgkdwviqC67lid0fVKIuIKK7TJSIhRZK5E0N+ZO+fU5wt2q6lDHIV +54FLh4xU7F3pqr7zp0jePr4qNK3Mpe5K0hNXPYP7Qa3Y+9k5Ys8MM+ix3LBvwlcg +T/GaChCIGeIeK/HbKIbjNHHRQp+aCfKLMsmJiyyNZ6LPmt0aeX1xBQ/yelRyGjl8 +H/LPt+RKM3QCVgLAQEB5Sd0Ps7XsZr4X4KAjq0Eh3p5IOGB8pnng5lSBeNE3DzqU +94bGWnX3Z+bBuUGjpNaybEPWPIhYM2A7MtXNe5cx6Qxl4DJQ9Hu4foWpggbLyvkS +iViiwMacfBneJVyERMNzbeyu/whR1KfxV+JeYDObYzVvBVNf713UG6FkYWSMvShu +s+7UrlpX4lkZx78x6W8iOUBiWmzWGlS636pAQgx4GDmtX4D+Hrr5ZO7t9mu3qXYb +DIRC1Y/8pYpDjJoMdplPu6SuHVOYHgz9k4PKekWgjg417tke5XjoPUz7528CWrJY +5HCkoMXB0KMgoBvOSMVc99ZDCGSf6d9iWGKGq3teQrEwuexLfXQ08egzW5pmayrl +fNJw1fwfatRIXs6yUGhxtPMSJKhXtDU/AQC1f8vVZGKRJk1cxm9G0hyM7zh87d+y +wis= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/testing/ca-example/requests/personal.req b/testing/ca-example/requests/personal.req new file mode 100644 index 0000000..d3a449a --- /dev/null +++ b/testing/ca-example/requests/personal.req @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICZDCCAUwCAQAwHzEdMBsGA1UEAwwUcGVyc29uYWxAZXhhbXBsZS5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJFouUpCvnfxBWyt0Iww6sMsD9 +jdUGhGhS2pMEBshfdgSDpMA9Jjpnt5/uYcxJBWvToG/tsyo9i3OUp7pcw2JFe8Sz +NKVbjZ7RX4cz8pATbhYLXNX9f7bKgR6XPUa9SFFf7ig9PWfVwYoa4ITtx5mcEOTI ++A/98OmV6TNigMp1T8otw2Z1cU1ectGwSptEsCMF7UhxdpSGvFvwczjJz0m/varu +8/gNnZs5fiJ5fvvl4Ex68lwV+2wvWN2cTMpfkfTRZorSRUACOLYSP7I9nwEsAiA+ +uMfUJj7B7cWMP4ZQYlSGwJrWxCkMvE3G+T8q5cY6Avh+3SHs6n1f7BA0XDAFAgMB +AAGgADANBgkqhkiG9w0BAQUFAAOCAQEABjETedVq8CDdpnOLHDoAwmEer4CvWAfK +ltzIssiZYUmwsGV3ReQ9eSk0uqxu6A5V8r0Bn16zVHA1OSTi5SHkDGWNUWzwXRLs +8uvJPlK9io5JhsyvAZaR9OxHjvbVGLQJ8a3f86VEdFgDTYZehoT0VdEVpRT3QpZ7 +Zw91ClgZUZGmzGQyNP41shoq/51rSWmoKwcLwOHjV1hF5aTg3yO83EHdKyvsuAUt +h3+ZeJGLgXx91+Tx4zxOxsDgV3zgSTDnHOUSNms+ZihOEsjoBsn/mlSTIu5t/OAB +6MReWC+9xocnO0fujfsi9BzFCzojj638IY0BxK8IvO3fc7/TUPdt+A== +-----END CERTIFICATE REQUEST----- diff --git a/testing/ca-example/serial.txt b/testing/ca-example/serial.txt index eb589e9..d73cdef 100644 --- a/testing/ca-example/serial.txt +++ b/testing/ca-example/serial.txt @@ -1 +1 @@ -0B +0C -- 2.7.4