pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate

That allows NSS to read and use the written certificate.
Relates #43

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 7b949530c54e7eb90259bf0e00d7b5accf3fb236..cd63101891650b367666c99c825a9364ce9316b9 100644 (file)
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -31,7 +31,7 @@
 static const ck_bool_t tval = 1;
 static const ck_bool_t fval = 0;
 
-#define MAX_ASIZE 16
+#define MAX_ASIZE 24
 
 static void mark_flags(unsigned flags, struct ck_attribute *a, unsigned *a_val)
 {
@@ -96,8 +96,9 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url,
        int ret;
        struct p11_kit_uri *info = NULL;
        ck_rv_t rv;
-       size_t der_size, id_size;
+       size_t der_size, id_size, serial_size;
        uint8_t *der = NULL;
+       uint8_t serial[128];
        uint8_t id[20];
        struct ck_attribute a[MAX_ASIZE];
        ck_object_class_t class = CKO_CERTIFICATE;
@@ -193,6 +194,19 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url,
        a[a_val].value_len = crt->raw_dn.size;
        a_val++;
 
+       a[a_val].type = CKA_ISSUER;
+       a[a_val].value = crt->raw_issuer_dn.data;
+       a[a_val].value_len = crt->raw_issuer_dn.size;
+       a_val++;
+
+       serial_size = sizeof(serial);
+       if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) {
+               a[a_val].type = CKA_SERIAL_NUMBER;
+               a[a_val].value = (void *) serial;
+               a[a_val].value_len = serial_size;
+               a_val++;
+       }
+
        if (label) {
                a[a_val].type = CKA_LABEL;
                a[a_val].value = (void *) label;