diff options
| -rw-r--r-- | meta-oe/classes/signing.bbclass | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 8af7bbf8e0..c768371151 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass | |||
| @@ -123,15 +123,26 @@ signing_import_define_role() { | |||
| 123 | echo "_SIGNING_PKCS11_MODULE_${role}_=\"softhsm\"" >> $_SIGNING_ENV_FILE_ | 123 | echo "_SIGNING_PKCS11_MODULE_${role}_=\"softhsm\"" >> $_SIGNING_ENV_FILE_ |
| 124 | } | 124 | } |
| 125 | 125 | ||
| 126 | # signing_import_cert_from_der <role> <der> | 126 | # signing_import_cert_from_der <cert_name> <der> |
| 127 | # | 127 | # |
| 128 | # Import a certificate from DER file to a role. To be used | 128 | # Import a certificate from DER file to a cert_name. |
| 129 | # with SoftHSM. | 129 | # Where the <cert_name> can either be a previously setup |
| 130 | # signing_import_define_role linking the certificate to a signing key, | ||
| 131 | # or a new identifier when dealing with a standalone certificate. | ||
| 132 | # | ||
| 133 | # To be used with SoftHSM. | ||
| 130 | signing_import_cert_from_der() { | 134 | signing_import_cert_from_der() { |
| 131 | local role="${1}" | 135 | local cert_name="${1}" |
| 132 | local der="${2}" | 136 | local der="${2}" |
| 133 | 137 | ||
| 134 | signing_pkcs11_tool --type cert --write-object "${der}" --label "${role}" | 138 | # check wether the cert_name/role needs to be defined first, |
| 139 | # or do so otherwise | ||
| 140 | local uri=$(siging_get_uri $cert_name) | ||
| 141 | if [ -z "$uri" ]; then | ||
| 142 | signing_import_define_role "$cert_name" | ||
| 143 | fi | ||
| 144 | |||
| 145 | signing_pkcs11_tool --type cert --write-object "${der}" --label "${cert_name}" | ||
| 135 | } | 146 | } |
| 136 | 147 | ||
| 137 | # signing_import_cert_chain_from_pem <role> <pem> | 148 | # signing_import_cert_chain_from_pem <role> <pem> |
| @@ -164,17 +175,28 @@ signing_import_cert_chain_from_pem() { | |||
| 164 | done | 175 | done |
| 165 | } | 176 | } |
| 166 | 177 | ||
| 167 | # signing_import_cert_from_pem <role> <pem> | 178 | # signing_import_cert_from_pem <cert_name> <pem> |
| 168 | # | 179 | # |
| 169 | # Import a certificate from PEM file to a role. To be used | 180 | # Import a certificate from PEM file to a cert_name. |
| 170 | # with SoftHSM. | 181 | # Where the <cert_name> can either be a previously setup |
| 182 | # signing_import_define_role linking the certificate to a signing key, | ||
| 183 | # or a new identifier when dealing with a standalone certificate. | ||
| 184 | # | ||
| 185 | # To be used with SoftHSM. | ||
| 171 | signing_import_cert_from_pem() { | 186 | signing_import_cert_from_pem() { |
| 172 | local role="${1}" | 187 | local cert_name="${1}" |
| 173 | local pem="${2}" | 188 | local pem="${2}" |
| 174 | 189 | ||
| 190 | # check wether the cert_name/role needs to be defined first, | ||
| 191 | # or do so otherwise | ||
| 192 | local uri=$(siging_get_uri $cert_name) | ||
| 193 | if [ -z "$uri" ]; then | ||
| 194 | signing_import_define_role "$cert_name" | ||
| 195 | fi | ||
| 196 | |||
| 175 | openssl x509 \ | 197 | openssl x509 \ |
| 176 | -in "${pem}" -inform pem -outform der | | 198 | -in "${pem}" -inform pem -outform der | |
| 177 | signing_pkcs11_tool --type cert --write-object /proc/self/fd/0 --label "${role}" | 199 | signing_pkcs11_tool --type cert --write-object /proc/self/fd/0 --label "${cert_name}" |
| 178 | } | 200 | } |
| 179 | 201 | ||
| 180 | # signing_import_pubkey_from_der <role> <der> | 202 | # signing_import_pubkey_from_der <role> <der> |