diff options
| author | wyllys <none@none> | 2008-04-03 14:25:19 -0700 |
|---|---|---|
| committer | wyllys <none@none> | 2008-04-03 14:25:19 -0700 |
| commit | fa60c371cd00bdca17de2ff18fe3e64d051ae61b (patch) | |
| tree | 2ebb5dfcf1b5725debd600e618ca49c8149df684 /usr/src/cmd/cmd-crypto/pktool/list.c | |
| parent | c08e5e1a6b0518eb8f644673c26e1d3f22a773b0 (diff) | |
| download | illumos-gate-fa60c371cd00bdca17de2ff18fe3e64d051ae61b.tar.gz | |
6669251 KMF needs to support empty PINs
6669357 KMF pkcs11 incorrectly sets some attributes when creating certificates and keys
6679525 [CLI] Subcommands in pktool's help are overtranslated
6680520 pktool needs to prompt for PIN more often
Diffstat (limited to 'usr/src/cmd/cmd-crypto/pktool/list.c')
| -rw-r--r-- | usr/src/cmd/cmd-crypto/pktool/list.c | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/usr/src/cmd/cmd-crypto/pktool/list.c b/usr/src/cmd/cmd-crypto/pktool/list.c index 02f4da1d65..ad20acb868 100644 --- a/usr/src/cmd/cmd-crypto/pktool/list.c +++ b/usr/src/cmd/cmd-crypto/pktool/list.c @@ -311,11 +311,13 @@ list_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass, KMF_RETURN rv; KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN; int numattr = 0; - KMF_ATTRIBUTE attrlist[16]; + KMF_ATTRIBUTE attrlist[18]; boolean_t token_bool = B_TRUE; boolean_t private = B_FALSE; KMF_KEY_CLASS keyclass; KMF_ENCODE_FORMAT format; + int auth = 0; + KMF_CREDENTIAL cred = {NULL, 0}; /* * Symmetric keys and RSA/DSA private keys are always @@ -332,6 +334,13 @@ list_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass, return (rv); } + rv = token_auth_needed(kmfhandle, token, &auth); + if (rv != KMF_OK) + return (rv); + + if (tokencred != NULL) + cred = *tokencred; + if (oclass & (PK_KEY_OBJ | PK_PRIVATE_OBJ)) { kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype)); @@ -409,6 +418,16 @@ list_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass, if (rv == KMF_OK && (oclass & PK_PUBKEY_OBJ)) { int num = numattr; + if (auth > 0 && (tokencred == NULL || + tokencred->cred == NULL) && + (cred.cred == NULL)) { + (void) get_token_password(kstype, token, &cred); + kmf_set_attr_at_index(attrlist, numattr, + KMF_CREDENTIAL_ATTR, + &cred, sizeof (KMF_CREDENTIAL)); + numattr++; + } + private = B_FALSE; keyclass = KMF_ASYM_PUB; kmf_set_attr_at_index(attrlist, num, @@ -429,7 +448,18 @@ list_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass, if (oclass & (PK_CERT_OBJ | PK_PUBLIC_OBJ)) { kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype)); + numattr++; + if (auth > 0 && (cred.cred == NULL)) { + (void) get_token_password(kstype, token, &cred); + } + + if (cred.cred != NULL) { + kmf_set_attr_at_index(attrlist, numattr, + KMF_CREDENTIAL_ATTR, + &cred, sizeof (KMF_CREDENTIAL)); + numattr++; + } if (objlabel != NULL) { kmf_set_attr_at_index(attrlist, numattr, @@ -452,7 +482,7 @@ list_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass, numattr++; } - if (serial != NULL) { + if (serial != NULL && serial->val != NULL) { kmf_set_attr_at_index(attrlist, numattr, KMF_BIGINT_ATTR, serial, sizeof (KMF_BIGINT)); |