66 lines
1.8 KiB
Diff
66 lines
1.8 KiB
Diff
|
---
|
||
|
src/cms_common.c | 9 ++++++++-
|
||
|
src/cms_common.h | 1 +
|
||
|
src/pesign.c | 1 +
|
||
|
3 files changed, 10 insertions(+), 1 deletion(-)
|
||
|
|
||
|
--- a/src/cms_common.c
|
||
|
+++ b/src/cms_common.c
|
||
|
@@ -276,6 +276,7 @@ struct cbdata {
|
||
|
CERTCertificate *cert;
|
||
|
PK11SlotListElement *psle;
|
||
|
secuPWData *pwdata;
|
||
|
+ int privkey_unneeded;
|
||
|
};
|
||
|
|
||
|
static SECStatus
|
||
|
@@ -288,6 +289,11 @@ is_valid_cert(CERTCertificate *cert, voi
|
||
|
|
||
|
SECKEYPrivateKey *privkey = NULL;
|
||
|
|
||
|
+ if (cbdata->privkey_unneeded) {
|
||
|
+ cbdata->cert = cert;
|
||
|
+ return SECSuccess;
|
||
|
+ }
|
||
|
+
|
||
|
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
|
||
|
if (privkey != NULL) {
|
||
|
cbdata->cert = cert;
|
||
|
@@ -398,7 +404,7 @@ err_slots:
|
||
|
goto err_slots_errmsg;
|
||
|
|
||
|
SECStatus status;
|
||
|
- if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
|
||
|
+ if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
|
||
|
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
|
||
|
if (status != SECSuccess) {
|
||
|
cms->log(cms, LOG_ERR, "Authentication failed on "
|
||
|
@@ -425,6 +431,7 @@ err_slots:
|
||
|
.cert = NULL,
|
||
|
.psle = psle,
|
||
|
.pwdata = pwdata,
|
||
|
+ .privkey_unneeded = cms->privkey_unneeded,
|
||
|
};
|
||
|
|
||
|
status = PK11_TraverseCertsForNicknameInSlot(&nickname, psle->slot,
|
||
|
--- a/src/cms_common.h
|
||
|
+++ b/src/cms_common.h
|
||
|
@@ -37,6 +37,7 @@ typedef int (*cms_common_logger)(struct
|
||
|
typedef struct cms_context {
|
||
|
PRArenaPool *arena;
|
||
|
void *privkey;
|
||
|
+ int privkey_unneeded;
|
||
|
|
||
|
char *tokenname;
|
||
|
char *certname;
|
||
|
--- a/src/pesign.c
|
||
|
+++ b/src/pesign.c
|
||
|
@@ -650,6 +650,7 @@ main(int argc, char *argv[])
|
||
|
*/
|
||
|
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
|
||
|
check_inputs(ctxp);
|
||
|
+ ctxp->cms_ctx->privkey_unneeded = 1;
|
||
|
rc = find_certificate(ctxp->cms_ctx);
|
||
|
if (rc < 0) {
|
||
|
fprintf(stderr, "pesign: Could not find "
|