Add -X flag for seperate pkcs11 uri for Certificate

Ex. ldid -K'pkcs11:object=MyKey;type=private' -X'pkcs11:object=MyKey;type=cert'
ProcursusTeam · Mar 19, 2024 · 22304ec · 22304ec
1 parent 88b05b3
commit 22304ec
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/ldid.cpp b/ldid.cpp
@@ -44,6 +44,11 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
+# if SMARTCARD
+# define OPENSSL_SUPPRESS_DEPRECATED
+/* We need to use engines, which are deprecated */
+# endif
+
 #include <openssl/opensslv.h>
 # if OPENSSL_VERSION_MAJOR >= 3
 # include <openssl/provider.h>
@@ -3506,6 +3511,7 @@ int main(int argc, char *argv[]) {
  Map entitlements;
  Map requirements;
  std::string key;
+ std::string certuri;
  ldid::Signer *signer = new NoSigner();
  ldid::Slots slots;
 
@@ -3714,6 +3720,11 @@ int main(int argc, char *argv[]) {
  key = argv[argi] + 2;
  break;
 
+ case 'X':
+ if (argv[argi][2] != '\0')
+ certuri = argv[argi] + 2;
+ break;
+
  case 'T': break;
 
  case 'u': {
@@ -3741,7 +3752,7 @@ int main(int argc, char *argv[]) {
  if (!key.empty()) {
 #if SMARTCARD
  if (key.compare(0, 7, "pkcs11:") == 0) {
- signer = new P11Signer(key);
+ signer = new P11Signer(key, certuri.empty() ? key : certuri);
  } else
 #endif
  {