From 7a53af1e6a7b9738ad603880537f3f466c01f6a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sat, 1 Apr 2006 02:10:24 +0000
Subject: [PATCH] Add HX509_QUERY_MATCH_KEY_HASH_SHA1

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16911 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cert.c    | 17 +++++++++++++++++
 lib/hx509/hx_locl.h | 44 +++++++++++++++++++++++---------------------
 2 files changed, 40 insertions(+), 21 deletions(-)

diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c
index 1c149b82e..b9eab06b9 100644
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -1589,6 +1589,23 @@ _hx509_query_match_cert(const hx509_query *q, hx509_cert cert)
 	    return 0;
     }
 
+    if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) {
+	heim_octet_string os;
+	int ret;
+
+	os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
+	os.length = 
+	    c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
+
+	ret = _hx509_verify_signature(NULL,
+				      hx509_signature_sha1(),
+				      &os,
+				      q->keyhash_sha1);
+	if (ret != 0)
+	    return 0;
+    }
+
+
     if (q->match & ~HX509_QUERY_MASK)
 	return 0;
 
diff --git a/lib/hx509/hx_locl.h b/lib/hx509/hx_locl.h
index 0c185bab8..15b6f61ef 100644
--- a/lib/hx509/hx_locl.h
+++ b/lib/hx509/hx_locl.h
@@ -87,27 +87,28 @@ typedef struct hx509_path {
 
 struct hx509_query_data {
     int match;
-#define HX509_QUERY_FIND_ISSUER_CERT		0x00001
-#define HX509_QUERY_MATCH_SERIALNUMBER		0x00002
-#define HX509_QUERY_MATCH_ISSUER_NAME		0x00004
-#define HX509_QUERY_MATCH_SUBJECT_NAME		0x00008
-#define HX509_QUERY_MATCH_SUBJECT_KEY_ID	0x00010
-#define HX509_QUERY_MATCH_ISSUER_ID		0x00020
-#define HX509_QUERY_PRIVATE_KEY			0x00040
-#define HX509_QUERY_KU_ENCIPHERMENT		0x00080
-#define HX509_QUERY_KU_DIGITALSIGNATURE		0x00100
-#define HX509_QUERY_KU_KEYCERTSIGN		0x00200
-#define HX509_QUERY_KU_CRLSIGN			0x00400
-#define HX509_QUERY_KU_NONREPUDIATION		0x00800
-#define HX509_QUERY_KU_KEYAGREEMENT		0x01000
-#define HX509_QUERY_KU_DATAENCIPHERMENT		0x02000
-#define HX509_QUERY_ANCHOR			0x04000
-#define HX509_QUERY_MATCH_CERTIFICATE		0x08000
-#define HX509_QUERY_MATCH_LOCAL_KEY_ID		0x10000
-#define HX509_QUERY_NO_MATCH_PATH		0x20000
-#define HX509_QUERY_MATCH_FRIENDLY_NAME		0x40000
-#define HX509_QUERY_MATCH_FUNCTION		0x80000
-#define HX509_QUERY_MASK			0xfffff
+#define HX509_QUERY_FIND_ISSUER_CERT		0x000001
+#define HX509_QUERY_MATCH_SERIALNUMBER		0x000002
+#define HX509_QUERY_MATCH_ISSUER_NAME		0x000004
+#define HX509_QUERY_MATCH_SUBJECT_NAME		0x000008
+#define HX509_QUERY_MATCH_SUBJECT_KEY_ID	0x000010
+#define HX509_QUERY_MATCH_ISSUER_ID		0x000020
+#define HX509_QUERY_PRIVATE_KEY			0x000040
+#define HX509_QUERY_KU_ENCIPHERMENT		0x000080
+#define HX509_QUERY_KU_DIGITALSIGNATURE		0x000100
+#define HX509_QUERY_KU_KEYCERTSIGN		0x000200
+#define HX509_QUERY_KU_CRLSIGN			0x000400
+#define HX509_QUERY_KU_NONREPUDIATION		0x000800
+#define HX509_QUERY_KU_KEYAGREEMENT		0x001000
+#define HX509_QUERY_KU_DATAENCIPHERMENT		0x002000
+#define HX509_QUERY_ANCHOR			0x004000
+#define HX509_QUERY_MATCH_CERTIFICATE		0x008000
+#define HX509_QUERY_MATCH_LOCAL_KEY_ID		0x010000
+#define HX509_QUERY_NO_MATCH_PATH		0x020000
+#define HX509_QUERY_MATCH_FRIENDLY_NAME		0x040000
+#define HX509_QUERY_MATCH_FUNCTION		0x080000
+#define HX509_QUERY_MATCH_KEY_HASH_SHA1		0x100000
+#define HX509_QUERY_MASK			0x1fffff
     Certificate *subject;
     Certificate *certificate;
     heim_integer *serial;
@@ -118,6 +119,7 @@ struct hx509_query_data {
     hx509_path *path;
     char *friendlyname;
     int (*cmp_func)(hx509_cert);
+    heim_octet_string *keyhash_sha1;
 };
 
 struct hx509_keyset_ops {