From c5412bd90d5f72aec7aa3131d3097642f297e7ba Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Mon, 8 Dec 2008 20:19:37 +0000
Subject: Find key objects properly. Don't error when a certificate doesn't
 have a key object backing it.

---
 ckcapi-key.c     | 14 ++++++++++++--
 ckcapi-session.c |  6 ++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/ckcapi-key.c b/ckcapi-key.c
index 88e769e..d36a4c9 100644
--- a/ckcapi-key.c
+++ b/ckcapi-key.c
@@ -898,12 +898,18 @@ find_certificate_key(CkCapiSession* session, CK_OBJECT_CLASS cls,
 	KeyObjectData kdata;
 	CkCapiObject* obj;
 	DWORD prov_length;
-	CK_RV ret;
+	DWORD error;
+	CK_RV ret = CKR_OK;
 
 	/* Look up the key provider info and identifier */
 	if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &prov_length) ||
 	   !CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, NULL, &key_identifier.cbData))
-		return ckcapi_winerr_to_ckr(GetLastError());
+	{
+		error = GetLastError();
+		if(error == CRYPT_E_NOT_FOUND)
+			return CKR_OK;
+		return ckcapi_winerr_to_ckr(error);
+	}
 
 	/* We own the info memory */
 	prov_info = malloc(prov_length);
@@ -949,6 +955,10 @@ find_certificate_key(CkCapiSession* session, CK_OBJECT_CLASS cls,
 			}
 		}
 	}
+	else
+	{
+		ret = ckcapi_winerr_to_ckr(GetLastError());
+	}
 
 	if(key_identifier.pbData)
 		free(key_identifier.pbData);
diff --git a/ckcapi-session.c b/ckcapi-session.c
index 6142760..1fdb07e 100644
--- a/ckcapi-session.c
+++ b/ckcapi-session.c
@@ -22,6 +22,7 @@
 #include "ckcapi.h"
 #include "ckcapi-builtin.h"
 #include "ckcapi-cert.h"
+#include "ckcapi-key.h"
 #include "ckcapi-object.h"
 #include "ckcapi-rsa.h"
 #include "ckcapi-session.h"
@@ -614,6 +615,11 @@ gather_objects(CkCapiSession* sess, CK_ATTRIBUTE_PTR match,
 	if(ret != CKR_OK)
 		return ret;
 
+	/* Search through key objects */
+	ret = ckcapi_key_find(sess, ocls, match, count, arr);
+	if(ret != CKR_OK)
+		return ret;
+
 	return ret;
 }
 
-- 
cgit v1.2.3