hi all,
I tried to use pkcs11-helper api to retrieve X509 and private key from nss
softtoken, wit the 1.09 version of pkcs11-helper.
I can get X509 object, but the returned RSA object only includes public key,
rather than private key.
I paste the code as the following.
Could anyone give me some hint about how to get private key?
Thanks a lot,
Weizhong Qiang
pkcs11h_certificate_id_list_t issuers;
pkcs11h_certificate_id_list_t certs;
pkcs11h_certificate_id_t find = NULL;
CK_RV rv =
pkcs11h_certificate_enumCertificateIds(PKCS11H_ENUM_METHOD_CACHE, NULL,
PKCS11H_PROMPT_MASK_ALLOW_ALL, &issuers, &certs);
if(rv != CKR_OK || certs == NULL) {
PKCS11UtilLogger.msg(ERROR, "Cannot enumerate certificates: %s",
pkcs11h_getMessage(rv));
return false;
}
PKCS11UtilLogger.msg(INFO, "Succeed to enumerate certificate");
int i = 0;
for(pkcs11h_certificate_id_list_t cert = certs; cert != NULL; cert =
cert->next) {
std::string label=cert->certificate_id->displayName;
i++;
PKCS11UtilLogger.msg(INFO, "The name of the %d certficate is %s \n", i,
label.c_str());
if(certname == label) {
pkcs11h_certificate_duplicateCertificateId(&find, cert->certificate_id);
//TODO: probably it is need to deal with the case that multiple
certificate with the same name exists.
break;
}
}
pkcs11h_certificate_freeCertificateIdList(issuers);
pkcs11h_certificate_freeCertificateIdList(certs);
if(find == NULL) {
PKCS11UtilLogger.msg(ERROR, "Could not find certificate with the name
%s", certname.c_str());
return false;
}
pkcs11h_certificate_t certificate;
rv = pkcs11h_certificate_create(find, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL,
PKCS11H_PIN_CACHE_INFINITE, &certificate);
if(rv != CKR_OK) {
PKCS11UtilLogger.msg(ERROR, "Can not read certificate: %s",
pkcs11h_getMessage(rv));
pkcs11h_certificate_freeCertificateId(find);
return false;
}
pkcs11h_certificate_freeCertificateId(find);
pkcs11h_openssl_session_t openssl_session = NULL;
if((openssl_session = pkcs11h_openssl_createSession(certificate)) == NULL) {
PKCS11UtilLogger.msg(ERROR, "Cannot initialize openssl session to
retrieve X509 and RSA");
pkcs11h_certificate_freeCertificate(certificate);
}
certificate = NULL; // the certificate object will be released by
openssl_session
bool ret;
X509* x509_local;
RSA* rsa_local;
x509_local = pkcs11h_openssl_session_getX509(openssl_session);
if(!x509_local) { PKCS11UtilLogger.msg(ERROR, "Cannot get X509 object");
ret = false; }
rsa_local = pkcs11h_openssl_session_getRSA (openssl_session);
if(!rsa_local) { PKCS11UtilLogger.msg(ERROR, "Cannot get RSA object"); ret
= false; }
ret = true;
PKCS11UtilLogger.msg(INFO, "Succeed to get X509 and RSA");
*x509 = x509_local;
*rsa = rsa_local;
pkcs11h_openssl_freeSession (openssl_session);
return ret;
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
