#include "message.h"
#include "parser.h"
#include "tool.h"
+#include "pkcs11x.h"
#include "p11-kit/iter.h"
#include "p11-kit/p11-kit.h"
CK_OBJECT_HANDLE object;
char *string;
CK_RV rv;
+ CK_ULONG klass;
- CK_ATTRIBUTE basics[] = {
+ CK_ATTRIBUTE basics_certificate[] = {
{ CKA_TOKEN, &truev, sizeof (truev) },
{ CKA_TRUSTED, &truev, sizeof (truev) },
{ CKA_INVALID, },
};
+ CK_ATTRIBUTE basics_extension[] = {
+ { CKA_TOKEN, &truev, sizeof (truev) },
+ { CKA_INVALID, },
+ };
+
+ CK_ATTRIBUTE basics_empty[] = {
+ { CKA_INVALID, },
+ };
+
+ CK_ATTRIBUTE *basics = basics_empty;
+
+ if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass)) {
+ switch (klass) {
+ case CKO_CERTIFICATE:
+ basics = basics_certificate;
+ break;
+ case CKO_X_CERTIFICATE_EXTENSION:
+ basics = basics_extension;
+ break;
+ }
+ }
+
attrs = p11_attrs_merge (attrs, p11_attrs_dup (basics), true);
p11_attrs_remove (attrs, CKA_MODIFIABLE);
CK_BBOOL truev = CK_TRUE;
CK_ATTRIBUTE *changes;
CK_ATTRIBUTE *label;
+ CK_ULONG klass;
char *string;
CK_RV rv;
CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) };
label = p11_attrs_find_valid (attrs, CKA_LABEL);
- changes = p11_attrs_build (NULL, &trusted, label, NULL);
+
+ if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) &&
+ klass == CKO_CERTIFICATE)
+ changes = p11_attrs_build (NULL, &trusted, label, NULL);
+ else
+ changes = p11_attrs_build (NULL, label, NULL);
+
return_val_if_fail (attrs != NULL, FALSE);
/* Don't need the attributes anymore */
projects / p11-kit / commitdiff