diff options
| -rw-r--r-- | meta-oe/classes/signing.bbclass | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 70c3807a6d..a9f657feb6 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass | |||
| @@ -463,6 +463,40 @@ signing_extract_cert_pem() { | |||
| 463 | rm "${output}.tmp-der" | 463 | rm "${output}.tmp-der" |
| 464 | } | 464 | } |
| 465 | 465 | ||
| 466 | # signing_create_uri_pem <role> <pem> | ||
| 467 | # | ||
| 468 | # Wrap the role's pkcs11: URI in a PEM file. | ||
| 469 | # The resulting file can be used instead of the URI returned by | ||
| 470 | # 'signing_get_uri $role' with applications which do not yet support the | ||
| 471 | # OSSL_STORE for native access to the PKCS#11 provider. | ||
| 472 | signing_create_uri_pem() { | ||
| 473 | local role="${1}" | ||
| 474 | local output="${2}" | ||
| 475 | local conf="${output}.cnf" | ||
| 476 | local der="${output}.der" | ||
| 477 | |||
| 478 | local uri="$(signing_get_uri $role)" | ||
| 479 | |||
| 480 | echo "Wrapping PKCS#11 URI for role '$role' as '${output}'" | ||
| 481 | |||
| 482 | # The \# escape prevents OpenSSL's config parser treating # as a comment. | ||
| 483 | cat > "${conf}" <<EOF | ||
| 484 | asn1=SEQUENCE:pkcs11_uri_seq | ||
| 485 | |||
| 486 | [pkcs11_uri_seq] | ||
| 487 | version=VISIBLESTRING:PKCS\#11 Provider URI v1.0 | ||
| 488 | uri=UTF8:${uri} | ||
| 489 | EOF | ||
| 490 | |||
| 491 | openssl asn1parse -genconf "${conf}" -noout -out "${der}" | ||
| 492 | |||
| 493 | { | ||
| 494 | echo "-----BEGIN PKCS#11 PROVIDER URI-----" | ||
| 495 | openssl base64 -in "${der}" | ||
| 496 | echo "-----END PKCS#11 PROVIDER URI-----" | ||
| 497 | } > "${output}" | ||
| 498 | } | ||
| 499 | |||
| 466 | python () { | 500 | python () { |
| 467 | signing_class_prepare(d) | 501 | signing_class_prepare(d) |
| 468 | } | 502 | } |