summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ckcapi-trust.c49
1 files changed, 18 insertions, 31 deletions
diff --git a/ckcapi-trust.c b/ckcapi-trust.c
index 30e1200..327f385 100644
--- a/ckcapi-trust.c
+++ b/ckcapi-trust.c
@@ -54,14 +54,14 @@ typedef struct _TrustObjectData
CkCapiObjectData base;
PCCERT_CONTEXT cert;
- CTL_USAGE* usage;
+ CERT_ENHKEY_USAGE* usage;
}
TrustObjectData;
static CK_ULONG
has_usage(TrustObjectData* tdata, const char* oid)
{
- CTL_USAGE* usage = tdata->usage;
+ CERT_ENHKEY_USAGE* usage = tdata->usage;
DWORD i;
/* No usages, means anything goes */
@@ -248,17 +248,15 @@ static const CkCapiObjectDataVtable trust_objdata_vtable = {
};
static CK_RV
-parse_usage(TrustObjectData* tdata)
+parse_usage(TrustObjectData* tdata, DWORD flags)
{
- DWORD size, usize, err;
- CTL_USAGE* usage;
- void* buf;
+ DWORD size, err;
+ CERT_ENHKEY_USAGE* usage;
ASSERT(!tdata->usage);
- /* Get the size of the usage property */
- if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID,
- NULL, &size))
+ /* Get the size of the usage */
+ if(!CertGetEnhancedKeyUsage(tdata->cert, flags, NULL, &size))
{
err = GetLastError();
@@ -268,33 +266,19 @@ parse_usage(TrustObjectData* tdata)
return ckcapi_winerr_to_ckr(err);
}
+ usage = (CERT_ENHKEY_USAGE*)calloc(1, size);
+ if(!usage)
+ return CKR_HOST_MEMORY;
+
/* Now get the actual usage property */
- buf = _alloca(size);
- if(!CertGetCertificateContextProperty(tdata->cert, CERT_CTL_USAGE_PROP_ID,
- buf, &size))
+ if(!CertGetEnhancedKeyUsage(tdata->cert, flags, usage, &size))
{
err = GetLastError();
if(err == CRYPT_E_NOT_FOUND)
- return CKR_OK;
+ return CKR_OK;
return ckcapi_winerr_to_ckr(err);
}
- /* Get the decoded size of the usage property */
- if(!CryptDecodeObject(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
- buf, size, 0, NULL, &usize))
- return ckcapi_winerr_to_ckr(GetLastError());
-
- /* Allocate and decode it */
- usage = (CTL_USAGE*)calloc(1, usize);
- if(!usage)
- return CKR_HOST_MEMORY;
- if(!CryptDecodeObject(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
- buf, size, 0, buf, &usize))
- {
- free(usage);
- return ckcapi_winerr_to_ckr(GetLastError());
- }
-
tdata->usage = usage;
return CKR_OK;
}
@@ -322,8 +306,11 @@ trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData** objda
tdata->cert = ckcapi_cert_object_data_get_certificate (certdata);
ASSERT(tdata->cert);
- /* Dig up the usage data */
- ret = parse_usage(tdata);
+ /* Dig up the usage data property, and then try the extension */
+ ret = parse_usage(tdata, CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG);
+ if(ret == CKR_OK && !tdata->usage)
+ ret = parse_usage(tdata, CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG);
+
if(ret != CKR_OK)
{
free(tdata);