From f1c29e0743e48da9b02f3cbd8df387ecb2e3d4c0 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 12 Dec 2024 11:33:43 +0100 Subject: [PATCH 1/2] nssdb: Add missing attrs for getting skipped attributes Fixes up the dfb480a384be9762ef01487a355a80d9e47e2b55 which started checking the certificate type on the certificates for pulling default attributes that can not be stored in the NSS DB. Signed-off-by: Jakub Jelen --- src/storage/nssdb/mod.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/storage/nssdb/mod.rs b/src/storage/nssdb/mod.rs index de27508..76ed48f 100644 --- a/src/storage/nssdb/mod.rs +++ b/src/storage/nssdb/mod.rs @@ -842,6 +842,7 @@ impl Storage for NSSStorage { * is not a key, the attribute will simply not be returned * in that case */ attrs.add_missing_ulong(CKA_KEY_TYPE, &dnm); + attrs.add_missing_ulong(CKA_CERTIFICATE_TYPE, &dnm); attrs.add_missing_ulong(CKA_EXTRACTABLE, &dnm); attrs.add_missing_ulong(CKA_SENSITIVE, &dnm); /* we can not query a DB for these */ From 06d58ff770a034f26c58e291c3fe9d0a1460fde3 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 12 Dec 2024 11:36:41 +0100 Subject: [PATCH 2/2] tests: Reproducer for reading certificate object Signed-off-by: Jakub Jelen --- src/tests/nssdb.rs | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/src/tests/nssdb.rs b/src/tests/nssdb.rs index 5defdf0..9e880e5 100644 --- a/src/tests/nssdb.rs +++ b/src/tests/nssdb.rs @@ -206,7 +206,7 @@ fn test_nssdb_init_token() { /* add a public object to ensure attributes are handled correctly * CKA_VALUE is encrypted only for private objects */ - let _ = ret_or_panic!(import_object( + let cert_handle = ret_or_panic!(import_object( session, CKO_CERTIFICATE, &[(CKA_CERTIFICATE_TYPE, CKC_X_509)], @@ -218,6 +218,28 @@ fn test_nssdb_init_token() { &[(CKA_TOKEN, true), (CKA_TRUSTED, false)], )); + /* Read the cert back */ + let mut template = + make_ptrs_template(&[(CKA_VALUE, std::ptr::null_mut(), 0)]); + let ret = fn_get_attribute_value( + session, + cert_handle, + template.as_mut_ptr(), + template.len() as CK_ULONG, + ); + assert_eq!(ret, CKR_OK); + assert_eq!(template[0].ulValueLen, 5); + let mut value = vec![0u8; 5]; + template[0].pValue = void_ptr!(value.as_mut_ptr()); + let ret = fn_get_attribute_value( + session, + cert_handle, + template.as_mut_ptr(), + template.len() as CK_ULONG, + ); + assert_eq!(ret, CKR_OK); + assert_eq!(value.as_slice(), "value".as_bytes()); + let ret = fn_logout(session); assert_eq!(ret, CKR_OK);