From 741d6b5d406e000020d8401c2edc99f013c41a2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 24 Jul 2005 20:37:39 +0000
Subject: [PATCH] allow matching on SubjectKeyId

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15723 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cert.c    | 15 +++++++++++++--
 lib/hx509/cms.c     |  2 ++
 lib/hx509/hx_locl.h | 24 ++++++++++++------------
 3 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c
index b7800e9f6..bd8ea9d79 100644
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -1196,8 +1196,19 @@ _hx509_query_match_cert(const hx509_query *q, hx509_cert cert)
 	&& _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0)
 	return 0;
 
-    if ((q->match & HX509_QUERY_MATCH_SUBJECT_ID))
-	return 0;
+    if ((q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID)) {
+	SubjectKeyIdentifier si;
+	int ret;
+
+	ret = find_extension_subject_key_id(c, &si);
+	if (ret == 0) {
+	    if (heim_octet_string_cmp(&si, q->subject_id) != 0)
+		ret = 1;
+	    free_SubjectKeyIdentifier(&si);
+	}
+	if (ret)
+	    return 0;
+    }
     if ((q->match & HX509_QUERY_MATCH_ISSUER_ID))
 	return 0;
     if ((q->match & HX509_QUERY_PRIVATE_KEY)
diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c
index 5b7719768..bba1c30b9 100644
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -103,6 +103,8 @@ find_CMSIdentifier(CMSIdentifier *client,
 	q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
 	break;
     case choice_CMSIdentifier_subjectKeyIdentifier:
+	q.subject_id = &client->u.subjectKeyIdentifier;
+	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
     default:
 	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
     }
diff --git a/lib/hx509/hx_locl.h b/lib/hx509/hx_locl.h
index e98858eb3..d357acc1f 100644
--- a/lib/hx509/hx_locl.h
+++ b/lib/hx509/hx_locl.h
@@ -84,18 +84,18 @@ typedef struct hx509_path {
 
 struct hx509_query_data {
     int match;
-#define HX509_QUERY_FIND_ISSUER_CERT	0x001
-#define HX509_QUERY_MATCH_SERIALNUMBER	0x002
-#define HX509_QUERY_MATCH_ISSUER_NAME	0x004
-#define HX509_QUERY_MATCH_SUBJECT_NAME	0x008
-#define HX509_QUERY_MATCH_SUBJECT_ID	0x010
-#define HX509_QUERY_MATCH_ISSUER_ID	0x020
-#define HX509_QUERY_PRIVATE_KEY		0x040
-#define HX509_QUERY_ANCHOR		0x080
-#define HX509_QUERY_MATCH_CERTIFICATE	0x100
-#define HX509_QUERY_MATCH_LOCAL_KEY_ID	0x200
-#define HX509_QUERY_NO_MATCH_PATH	0x400
-#define HX509_QUERY_MASK		0x7ff
+#define HX509_QUERY_FIND_ISSUER_CERT		0x001
+#define HX509_QUERY_MATCH_SERIALNUMBER		0x002
+#define HX509_QUERY_MATCH_ISSUER_NAME		0x004
+#define HX509_QUERY_MATCH_SUBJECT_NAME		0x008
+#define HX509_QUERY_MATCH_SUBJECT_KEY_ID	0x010
+#define HX509_QUERY_MATCH_ISSUER_ID		0x020
+#define HX509_QUERY_PRIVATE_KEY			0x040
+#define HX509_QUERY_ANCHOR			0x080
+#define HX509_QUERY_MATCH_CERTIFICATE		0x100
+#define HX509_QUERY_MATCH_LOCAL_KEY_ID		0x200
+#define HX509_QUERY_NO_MATCH_PATH		0x400
+#define HX509_QUERY_MASK			0x7ff
     Certificate *subject;
     Certificate *certificate;
     heim_integer *serial;