| Message ID | 20250531113252.3889951-4-johannes.schneider@leica-geosystems.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | signing.bbclass: add certificate chain handling | expand |
On Sat, 2025-05-31 at 13:32 +0200, Johannes Schneider via lists.openembedded.org wrote: > Add a helper method to retrieve the root CA certificate for a given > role, by walking the chain that has been setup with > signing_import_set_ca up to the last element - which is the root. > > Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> > --- > meta-oe/classes/signing.bbclass | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass > index 5992a75be7..ee32cc12f7 100644 > --- a/meta-oe/classes/signing.bbclass > +++ b/meta-oe/classes/signing.bbclass > @@ -180,6 +180,22 @@ signing_has_ca() { > return $? > } > > +# signing_get_root_cert <cert_name> > +# > +# return the role/name of the CA root certificate for a given > +# <cert_name>, by walking the chain setup with signing_import_set_ca > +# all the way to the last in line that doesn't have a CA set - which > +# would be the root. > +# > +# To be used with SoftHSM. > +signing_get_root_cert() { > + local cert_name="${1}" > + while signing_has_ca "${cert_name}"; do > + cert_name="$(signing_get_ca ${cert_name})" > + done > + echo "${cert_name}" > +} > + > # signing_import_cert_chain_from_pem <role> <pem> > # > # Import a certificate *chain* from a PEM file to a role. Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 5992a75be7..ee32cc12f7 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass @@ -180,6 +180,22 @@ signing_has_ca() { return $? } +# signing_get_root_cert <cert_name> +# +# return the role/name of the CA root certificate for a given +# <cert_name>, by walking the chain setup with signing_import_set_ca +# all the way to the last in line that doesn't have a CA set - which +# would be the root. +# +# To be used with SoftHSM. +signing_get_root_cert() { + local cert_name="${1}" + while signing_has_ca "${cert_name}"; do + cert_name="$(signing_get_ca ${cert_name})" + done + echo "${cert_name}" +} + # signing_import_cert_chain_from_pem <role> <pem> # # Import a certificate *chain* from a PEM file to a role.
Add a helper method to retrieve the root CA certificate for a given role, by walking the chain that has been setup with signing_import_set_ca up to the last element - which is the root. Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> --- meta-oe/classes/signing.bbclass | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)