/*
* Certificates with a related private key are stored in the fid range CE00 - CEFF. The
* second byte in the fid matches the key id.
* Certificates without a related private key (e.g. CA certificates) are stored in the fid range
* CA00 - CAFF. The second byte is a free selected id.
*/
static int sc_hsm_emu_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object,
struct sc_pkcs15_der *data)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_cert_info *cert_info = (struct sc_pkcs15_cert_info *) object->data;
struct sc_pkcs15_object *prkey;
sc_path_t path;
u8 id[2];
int r;
r = sc_pkcs15_find_object_by_id(p15card, SC_PKCS15_TYPE_PRKEY, &cert_info->id , &prkey);
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
r = sc_hsm_determine_free_id(p15card, CA_CERTIFICATE_PREFIX);
LOG_TEST_RET(p15card->card->ctx, r, "Out of identifier to store certificate description");
id[0] = CA_CERTIFICATE_PREFIX;
id[1] = r;
} else {
LOG_TEST_RET(p15card->card->ctx, r, "Error locating matching private key");
id[0] = EE_CERTIFICATE_PREFIX;
id[1] = ((struct sc_pkcs15_prkey_info *)prkey->data)->key_reference;
}
sc_path_set(&path, SC_PATH_TYPE_FILE_ID, id, 2, 0, -1);
cert_info->path = path;
r = sc_hsm_update_ef(p15card, id[0], id[1], 1, data->value, data->len);
return r;
}
static int sc_hsm_emu_delete_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_pkcs15_object *object)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_cert_info *cert_info = (struct sc_pkcs15_cert_info *) object->data;
struct sc_pkcs15_object *prkey;
int r;
r = sc_pkcs15_find_object_by_id(p15card, SC_PKCS15_TYPE_PRKEY, &cert_info->id , &prkey);
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
r = sc_hsm_delete_ef(p15card, CA_CERTIFICATE_PREFIX, cert_info->path.value[1]);
} else {
LOG_TEST_RET(p15card->card->ctx, r, "Error locating matching private key");
r = sc_hsm_delete_ef(p15card, EE_CERTIFICATE_PREFIX, ((struct sc_pkcs15_prkey_info *)prkey->data)->key_reference);
}
return r;
}
int sc_pkcs15_find_data_object_by_id(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_id *id,
struct sc_pkcs15_object **out)
{
return sc_pkcs15_find_object_by_id(p15card, SC_PKCS15_TYPE_DATA_OBJECT, id, out);
}
int sc_pkcs15_find_pin_by_auth_id(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_id *id,
struct sc_pkcs15_object **out)
{
return sc_pkcs15_find_object_by_id(p15card, SC_PKCS15_TYPE_AUTH_PIN, id, out);
}
int sc_pkcs15_find_pubkey_by_id(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_id *id,
struct sc_pkcs15_object **out)
{
return sc_pkcs15_find_object_by_id(p15card, SC_PKCS15_TYPE_PUBKEY, id, out);
}
int sc_pkcs15_find_cert_by_id(struct sc_pkcs15_card *p15card,
const struct sc_pkcs15_id *id,
struct sc_pkcs15_object **out)
{
return sc_pkcs15_find_object_by_id(p15card, SC_PKCS15_TYPE_CERT, id, out);
}
