1 files changed, 30 insertions, 0 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index f52d861b76..7fd167d937 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -129,6 +129,36 @@ signing_import_cert_from_der() {
    signing_pkcs11_tool --type cert --write-object "${der}" --label "${role}"
 }
+# signing_import_cert_chain_from_pem <role> <pem>
+#
+# Import a certificate *chain* from a PEM file to a role.
+# (e.g. multiple ones concatenated in one file)
+#
+# Due to limitations in the toolchain:
+#   signing class -> softhsm -> 'extract-cert'
+# the input certificate is split into a sequentially numbered list of roles,
+# starting at <role>_1
+#
+# (The limitations are the conversion step from x509 to a plain .der, and
+# extract-cert expecting a x509 and then producing only plain .der again)
+signing_import_cert_chain_from_pem() {
+    local role="${1}"
+    local pem="${2}"
+    local i=1
+    cat "${pem}" | \
+        while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do
+            signing_import_define_role "${role}_${i}"
+            signing_pkcs11_tool --type cert \
+                                --write-object  ${B}/temp_${i}.der \
+                                --label "${role}_${i}"
+            rm ${B}/temp_${i}.der
+            echo "imported ${pem} under role: ${role}_${i}"
+            i=$(awk "BEGIN {print $i+1}")
+        done
+}
 # signing_import_cert_from_pem <role> <pem>
 #
 # Import a certificate from PEM file to a role. To be used

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index f52d861b76..7fd167d937 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass
@@ -129,6 +129,36 @@ signing_import_cert_from_der() {
129	signing_pkcs11_tool --type cert --write-object "${der}" --label "${role}"	129	signing_pkcs11_tool --type cert --write-object "${der}" --label "${role}"
130	}	130	}
131		131
		132	# signing_import_cert_chain_from_pem <role> <pem>
		133	#
		134
		135	# Import a certificate chain from a PEM file to a role.
		136	# (e.g. multiple ones concatenated in one file)
		137	#
		138	# Due to limitations in the toolchain:
		139	# signing class -> softhsm -> 'extract-cert'
		140	# the input certificate is split into a sequentially numbered list of roles,
		141	# starting at <role>_1
		142	#
		143	# (The limitations are the conversion step from x509 to a plain .der, and
		144	# extract-cert expecting a x509 and then producing only plain .der again)
		145	signing_import_cert_chain_from_pem() {
		146	local role="${1}"
		147	local pem="${2}"
		148	local i=1
		149
		150	cat "${pem}" \| \
		151	while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do
		152	signing_import_define_role "${role}_${i}"
		153	signing_pkcs11_tool --type cert \
		154	--write-object ${B}/temp_${i}.der \
		155	--label "${role}_${i}"
		156	rm ${B}/temp_${i}.der
		157	echo "imported ${pem} under role: ${role}_${i}"
		158	i=$(awk "BEGIN {print $i+1}")
		159	done
		160	}
		161
132	# signing_import_cert_from_pem <role> <pem>	162	# signing_import_cert_from_pem <role> <pem>
133	#	163	#
134	# Import a certificate from PEM file to a role. To be used	164	# Import a certificate from PEM file to a role. To be used