From a6df1f21e42a3b57448eb6897b976ac8883908eb Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 13 Jan 2015 20:52:20 -0800
Subject: trust: Add pem-directory-hash extract format

This allows extraction of a directory of standard PEM files
with the OpenSSL hash symlinks; this is a format used by
some popular platforms (Debian's /etc/ssl/certs is in this
form, and OpenSUSE provides it for compatibility).

Initially by: Ludwig Nussel <ludwig.nussel@suse.de>

Signed-off-by: Stef Walter <stefw@redhat.com>
 * Added header, fixed compiler warnings
---
 trust/extract-pem.c | 49 +++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 41 insertions(+), 8 deletions(-)

(limited to 'trust/extract-pem.c')

diff --git a/trust/extract-pem.c b/trust/extract-pem.c
index 1e1c857..a32d032 100644
--- a/trust/extract-pem.c
+++ b/trust/extract-pem.c
@@ -40,6 +40,7 @@
 #include "debug.h"
 #include "extract.h"
 #include "message.h"
+#include "path.h"
 #include "pem.h"
 #include "save.h"
 
@@ -98,15 +99,18 @@ p11_extract_pem_bundle (p11_enumerate *ex,
 	return ret;
 }
 
-bool
-p11_extract_pem_directory (p11_enumerate *ex,
-                           const char *destination)
+static bool
+extract_pem_directory (p11_enumerate *ex,
+                       const char *destination,
+                       bool hash)
 {
 	p11_save_file *file;
 	p11_save_dir *dir;
 	p11_buffer buf;
 	bool ret = true;
 	char *filename;
+	char *path;
+	char *name;
 	CK_RV rv;
 
 	dir = p11_save_open_directory (destination, ex->flags);
@@ -121,14 +125,25 @@ p11_extract_pem_directory (p11_enumerate *ex,
 		if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
 			return_val_if_reached (false);
 
-		filename = p11_enumerate_filename (ex);
-		return_val_if_fail (filename != NULL, false);
+		name = p11_enumerate_filename (ex);
+		return_val_if_fail (name != NULL, false);
+
+		path = NULL;
+
+		file = p11_save_open_file_in (dir, name, ".pem");
+		ret = p11_save_write (file, buf.data, buf.len);
 
-		file = p11_save_open_file_in (dir, filename, ".pem");
-		free (filename);
+		if (!p11_save_finish_file (file, &path, ret))
+			ret = false;
 
-		ret = p11_save_write_and_finish (file, buf.data, buf.len);
+		if (ret && hash) {
+			filename = p11_path_base (path);
+			ret = p11_openssl_symlink(ex, dir, filename);
+			free (filename);
+		}
 
+		free (path);
+		free (name);
 		if (!ret)
 			break;
 	}
@@ -143,3 +158,21 @@ p11_extract_pem_directory (p11_enumerate *ex,
 	p11_save_finish_directory (dir, ret);
 	return ret;
 }
+
+bool
+p11_extract_pem_directory (p11_enumerate *ex,
+                           const char *destination)
+{
+	bool ret = true;
+	ret = extract_pem_directory (ex, destination, false);
+	return ret;
+}
+
+bool
+p11_extract_pem_directory_hash (p11_enumerate *ex,
+                           const char *destination)
+{
+	bool ret = true;
+	ret = extract_pem_directory (ex, destination, true);
+	return ret;
+}
-- 
cgit v1.2.3