signing.bbclass: add signing_get_intermediate_certs

Add a method that returns a list of intermediary CA roles. When using a complex PKI structure with for example "openssl cms", these roles can then be iterated over adding in turn a '-certificate'. Pseudo-code example: for intermediate in $(signing_get_intermediate_certs 'FooBaa'); do signing_extract_cert_pem $intermediate $intermediate.pem CMD+=" --certificate=$intermediate.pem" done Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Johannes Schneider <johannes.schneider@leica-geosystems.com> 2025-05-31 13:32:50 +0200
committer: Khem Raj <raj.khem@gmail.com> 2025-06-11 16:11:58 -0700
commit: 540f57123bd75e881b3bde2a447345e99c8717a7 (patch)
tree: 4389c8c6e7c904cd7435096f97e49e7bf61e60ac
parent: 977f2a308b3df27b5bf789ef08bc47a38a27ea7a (diff)
download: meta-openembedded-540f57123bd75e881b3bde2a447345e99c8717a7.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index ee32cc12f7..7bc3e7cb12 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -180,6 +180,27 @@ signing_has_ca() {
    return $?
 }
+# signing_get_intermediate_certs <cert_name>
+#
+# return a list of role/name intermediary CA certificates for a given
+# <cert_name> by walking the chain setup with signing_import_set_ca.
+#
+# The returned list will not include the the root CA, and can
+# potentially be empty.
+#
+# To be used with SoftHSM.
+signing_get_intermediate_certs() {
+    local cert_name="${1}"
+    local intermediary=""
+    while signing_has_ca "${cert_name}"; do
+        cert_name="$(signing_get_ca ${cert_name})"
+        if signing_has_ca "${cert_name}"; then
+            intermediary="${intermediary} ${cert_name}"
+        fi
+    done
+    echo "${intermediary}"
+}
 # signing_get_root_cert <cert_name>
 #
 # return the role/name of the CA root certificate for a given
author	Johannes Schneider <johannes.schneider@leica-geosystems.com>	2025-05-31 13:32:50 +0200
committer	Khem Raj <raj.khem@gmail.com>	2025-06-11 16:11:58 -0700
commit	540f57123bd75e881b3bde2a447345e99c8717a7 (patch)
tree	4389c8c6e7c904cd7435096f97e49e7bf61e60ac
parent	977f2a308b3df27b5bf789ef08bc47a38a27ea7a (diff)
download	meta-openembedded-540f57123bd75e881b3bde2a447345e99c8717a7.tar.gz

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index ee32cc12f7..7bc3e7cb12 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass
@@ -180,6 +180,27 @@ signing_has_ca() {
180	return $?	180	return $?
181	}	181	}
182		182
		183	# signing_get_intermediate_certs <cert_name>
		184	#
		185	# return a list of role/name intermediary CA certificates for a given
		186	# <cert_name> by walking the chain setup with signing_import_set_ca.
		187	#
		188	# The returned list will not include the the root CA, and can
		189	# potentially be empty.
		190	#
		191	# To be used with SoftHSM.
		192	signing_get_intermediate_certs() {
		193	local cert_name="${1}"
		194	local intermediary=""
		195	while signing_has_ca "${cert_name}"; do
		196	cert_name="$(signing_get_ca ${cert_name})"
		197	if signing_has_ca "${cert_name}"; then
		198	intermediary="${intermediary} ${cert_name}"
		199	fi
		200	done
		201	echo "${intermediary}"
		202	}
		203
183	# signing_get_root_cert <cert_name>	204	# signing_get_root_cert <cert_name>
184	#	205	#
185	# return the role/name of the CA root certificate for a given	206	# return the role/name of the CA root certificate for a given