extract: --comment option adds comments to PEM bundles

 * Placed before the certificate, simple one liner
 * No need to put comments in PEM files extracted into
   directories, as the file names are already descriptive.

https://bugs.freedesktop.org/show_bug.cgi?id=62029

diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml
index 5242b1a8403be208291fdbd40f88c7877f14b4f5..9791c2983e62c5997f74d12d6669995b4f6c113f 100644 (file)
--- a/doc/manual/p11-kit.xml
+++ b/doc/manual/p11-kit.xml
@@ -91,6 +91,11 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire
        destination file or directory.</para>
 
        <variablelist>
+               <varlistentry>
+                       <term><option>--comment</option></term>
+                       <listitem><para>Add identifying comments to PEM bundle output files
+                       before each certificate.</para></listitem>
+               </varlistentry>
                <varlistentry>
                        <term><option>--filter=&lt;what&gt;</option></term>
                        <listitem><para>Specifies what certificates to export.

diff --git a/tools/extract-info.c b/tools/extract-info.c
index 2ae9e046204825ae2d26517c97fa046b3bca0644..536d36a2ebb343eb297e6f85d506aa63371d8966 100644 (file)
--- a/tools/extract-info.c
+++ b/tools/extract-info.c
@@ -366,3 +366,23 @@ p11_extract_info_filename (p11_extract_info *extract)
 
        return label;
 }
+
+char *
+p11_extract_info_comment (p11_extract_info *ex,
+                          bool first)
+{
+       char *comment;
+       char *label;
+
+       if (!(ex->flags & P11_EXTRACT_COMMENT))
+               return NULL;
+
+       label = extract_label (ex);
+       if (!asprintf (&comment, "%s# %s\n",
+                      first ? "" : "\n",
+                      label ? label : ""))
+               return_val_if_reached (NULL);
+
+       free (label);
+       return comment;
+}

diff --git a/tools/extract-openssl.c b/tools/extract-openssl.c
index c2cdeab4d4f95d6788ca85b46a8a13ac089a3c85..13a1e059060d071c26bec62d36f68bf4d4d1c89e 100644 (file)
--- a/tools/extract-openssl.c
+++ b/tools/extract-openssl.c
@@ -314,8 +314,10 @@ p11_extract_openssl_bundle (P11KitIter *iter,
 {
        p11_save_file *file;
        p11_buffer buf;
+       char *comment;
        bool ret = true;
        size_t length;
+       bool first;
        CK_RV rv;
        char *pem;
 
@@ -323,6 +325,7 @@ p11_extract_openssl_bundle (P11KitIter *iter,
        if (!file)
                return false;
 
+       first = true;
        while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
                p11_buffer_init (&buf, 1024);
 
@@ -330,8 +333,14 @@ p11_extract_openssl_bundle (P11KitIter *iter,
                        pem = p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &length);
                        return_val_if_fail (pem != NULL, false);
 
-                       ret = p11_save_write (file, pem, length);
+                       comment = p11_extract_info_comment (ex, first);
+                       first = false;
+
+                       ret = p11_save_write (file, comment, -1) &&
+                             p11_save_write (file, pem, length);
+
                        free (pem);
+                       free (comment);
                }
 
                p11_buffer_uninit (&buf);

diff --git a/tools/extract-pem.c b/tools/extract-pem.c
index e2ff974b1f06205fb5b81faef0b79ca82aa61fe8..4d0320853469ffe47a55a054818ef8643ee33c07 100644 (file)
--- a/tools/extract-pem.c
+++ b/tools/extract-pem.c
@@ -49,8 +49,10 @@ bool
 p11_extract_pem_bundle (P11KitIter *iter,
                         p11_extract_info *ex)
 {
+       char *comment;
        p11_save_file *file;
        bool ret = true;
+       bool first = true;
        size_t length;
        CK_RV rv;
        char *pem;
@@ -63,8 +65,13 @@ p11_extract_pem_bundle (P11KitIter *iter,
                pem = p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &length);
                return_val_if_fail (pem != NULL, false);
 
-               p11_debug ("writing 'CERTIFICATE' PEM block of size %lu", (unsigned long)length);
-               ret = p11_save_write (file, pem, length);
+               comment = p11_extract_info_comment (ex, first);
+               first = false;
+
+               ret = p11_save_write (file, comment, -1) &&
+                     p11_save_write (file, pem, length);
+
+               free (comment);
                free (pem);
 
                if (!ret)

diff --git a/tools/extract.c b/tools/extract.c
index fe5ba15b0a2c41b6173dcad494a41b176a0b781c..6bdedfe0ffb394bd7563eba5427c2968ab40c974 100644 (file)
--- a/tools/extract.c
+++ b/tools/extract.c
@@ -298,6 +298,7 @@ p11_tool_extract (int argc,
                opt_filter = 1000,
                opt_purpose,
                opt_format,
+               opt_comment,
        };
 
        struct option options[] = {
@@ -305,6 +306,7 @@ p11_tool_extract (int argc,
                { "format", required_argument, NULL, opt_format },
                { "purpose", required_argument, NULL, opt_purpose },
                { "overwrite", no_argument, NULL, opt_overwrite },
+               { "comment", no_argument, NULL, opt_comment },
                { "verbose", no_argument, NULL, opt_verbose },
                { "quiet", no_argument, NULL, opt_quiet },
                { "help", no_argument, NULL, opt_help },
@@ -342,6 +344,7 @@ p11_tool_extract (int argc,
                  "usage"
                },
                { opt_overwrite, "overwrite output file or directory" },
+               { opt_comment, "add comments to bundles if possible" },
                { opt_verbose, "show verbose debug output", },
                { opt_quiet, "supress command output", },
                { 0 },
@@ -361,6 +364,9 @@ p11_tool_extract (int argc,
                case opt_overwrite:
                        ex.flags |= P11_SAVE_OVERWRITE;
                        break;
+               case opt_comment:
+                       ex.flags |= P11_EXTRACT_COMMENT;
+                       break;
                case opt_filter:
                        if (!filter_argument (optarg, &uri, &match))
                                return 2;

diff --git a/tools/extract.h b/tools/extract.h
index 32b4e35e33cc3d473fd0d6e969fc22bc7e391412..dfd3a3341a324cd7e547fa0a7e580db980d81338 100644 (file)
--- a/tools/extract.h
+++ b/tools/extract.h
@@ -43,6 +43,11 @@
 #include "iter.h"
 #include "pkcs11.h"
 
+enum {
+       /* These overlap with the flags in save.h, so start higher */
+       P11_EXTRACT_COMMENT = 1 << 10,
+};
+
 typedef struct {
        p11_dict *asn1_defs;
        p11_dict *limit_to_purposes;
@@ -83,6 +88,9 @@ void            p11_extract_info_cleanup       (p11_extract_info *ex);
 
 char *          p11_extract_info_filename      (p11_extract_info *ex);
 
+char *          p11_extract_info_comment       (p11_extract_info *ex,
+                                                bool first);
+
 typedef bool (* p11_extract_func)              (P11KitIter *iter,
                                                 p11_extract_info *ex);
 

diff --git a/tools/tests/test-extract.c b/tools/tests/test-extract.c
index 5e2f6fe72f536b8b14690ec1044c8121823de269..69ba76403418d54b5a747dc7a869ef270efdd1cb 100644 (file)
--- a/tools/tests/test-extract.c
+++ b/tools/tests/test-extract.c
@@ -91,6 +91,49 @@ test_file_name_for_class (CuTest *tc)
        p11_extract_info_cleanup (&ex);
 }
 
+static void
+test_comment_for_label (CuTest *tc)
+{
+       CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
+       p11_extract_info ex;
+       char *comment;
+
+       p11_extract_info_init (&ex);
+
+       ex.flags = P11_EXTRACT_COMMENT;
+       ex.attrs = p11_attrs_build (NULL, &label, NULL);
+
+       comment = p11_extract_info_comment (&ex, true);
+       CuAssertStrEquals (tc, "# The Label!\n", comment);
+       free (comment);
+
+       comment = p11_extract_info_comment (&ex, false);
+       CuAssertStrEquals (tc, "\n# The Label!\n", comment);
+       free (comment);
+
+       p11_extract_info_cleanup (&ex);
+}
+
+static void
+test_comment_not_enabled (CuTest *tc)
+{
+       CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
+       p11_extract_info ex;
+       char *comment;
+
+       p11_extract_info_init (&ex);
+
+       ex.attrs = p11_attrs_build (NULL, &label, NULL);
+
+       comment = p11_extract_info_comment (&ex, true);
+       CuAssertPtrEquals (tc, NULL, comment);
+
+       comment = p11_extract_info_comment (&ex, false);
+       CuAssertPtrEquals (tc, NULL, comment);
+
+       p11_extract_info_cleanup (&ex);
+}
+
 struct {
        CK_FUNCTION_LIST module;
        P11KitIter *iter;
@@ -334,6 +377,8 @@ main (void)
 
        SUITE_ADD_TEST (suite, test_file_name_for_label);
        SUITE_ADD_TEST (suite, test_file_name_for_class);
+       SUITE_ADD_TEST (suite, test_comment_for_label);
+       SUITE_ADD_TEST (suite, test_comment_not_enabled);
        SUITE_ADD_TEST (suite, test_info_simple_certificate);
        SUITE_ADD_TEST (suite, test_info_limit_purposes);
        SUITE_ADD_TEST (suite, test_info_invalid_purposes);