allow matching on SubjectKeyId

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15723 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-07-24 20:37:39 +00:00
parent 534d106cc9
commit 741d6b5d40
3 changed files with 27 additions and 14 deletions
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -1196,8 +1196,19 @@ _hx509_query_match_cert(const hx509_query *q, hx509_cert cert)
 	&& _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0)
 	return 0;

-    if ((q->match & HX509_QUERY_MATCH_SUBJECT_ID))
-	return 0;
+    if ((q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID)) {
+	SubjectKeyIdentifier si;
+	int ret;
+
+	ret = find_extension_subject_key_id(c, &si);
+	if (ret == 0) {
+	    if (heim_octet_string_cmp(&si, q->subject_id) != 0)
+		ret = 1;
+	    free_SubjectKeyIdentifier(&si);
+	}
+	if (ret)
+	    return 0;
+    }
    if ((q->match & HX509_QUERY_MATCH_ISSUER_ID))
 	return 0;
    if ((q->match & HX509_QUERY_PRIVATE_KEY)
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -103,6 +103,8 @@ find_CMSIdentifier(CMSIdentifier *client,
 	q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
 	break;
    case choice_CMSIdentifier_subjectKeyIdentifier:
+	q.subject_id = &client->u.subjectKeyIdentifier;
+	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
    default:
 	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
    }
--- a/lib/hx509/hx_locl.h
+++ b/lib/hx509/hx_locl.h
@@ -84,18 +84,18 @@ typedef struct hx509_path {

 struct hx509_query_data {
    int match;
-#define HX509_QUERY_FIND_ISSUER_CERT	0x001
-#define HX509_QUERY_MATCH_SERIALNUMBER	0x002
-#define HX509_QUERY_MATCH_ISSUER_NAME	0x004
-#define HX509_QUERY_MATCH_SUBJECT_NAME	0x008
-#define HX509_QUERY_MATCH_SUBJECT_ID	0x010
-#define HX509_QUERY_MATCH_ISSUER_ID	0x020
-#define HX509_QUERY_PRIVATE_KEY		0x040
-#define HX509_QUERY_ANCHOR		0x080
-#define HX509_QUERY_MATCH_CERTIFICATE	0x100
-#define HX509_QUERY_MATCH_LOCAL_KEY_ID	0x200
-#define HX509_QUERY_NO_MATCH_PATH	0x400
-#define HX509_QUERY_MASK		0x7ff
+#define HX509_QUERY_FIND_ISSUER_CERT		0x001
+#define HX509_QUERY_MATCH_SERIALNUMBER		0x002
+#define HX509_QUERY_MATCH_ISSUER_NAME		0x004
+#define HX509_QUERY_MATCH_SUBJECT_NAME		0x008
+#define HX509_QUERY_MATCH_SUBJECT_KEY_ID	0x010
+#define HX509_QUERY_MATCH_ISSUER_ID		0x020
+#define HX509_QUERY_PRIVATE_KEY			0x040
+#define HX509_QUERY_ANCHOR			0x080
+#define HX509_QUERY_MATCH_CERTIFICATE		0x100
+#define HX509_QUERY_MATCH_LOCAL_KEY_ID		0x200
+#define HX509_QUERY_NO_MATCH_PATH		0x400
+#define HX509_QUERY_MASK			0x7ff
    Certificate *subject;
    Certificate *certificate;
    heim_integer *serial;