From 2232b2141ea3f29d9510bb99024f173c088bae26 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Sep 29 2011 22:05:08 +0000
Subject: - add support for a challenge password


---

diff --git a/src/csrgen-o.c b/src/csrgen-o.c
index ea79343..b9a8100 100644
--- a/src/csrgen-o.c
+++ b/src/csrgen-o.c
@@ -61,8 +61,8 @@ cm_csrgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 	X509_REQ *req;
 	RSA *rsa;
 	EVP_PKEY *pkey;
-	char buf[LINE_MAX], *p, *q, *s, *nickname, *pin;
-	unsigned char *extensions, *unickname;
+	char buf[LINE_MAX], *p, *q, *s, *nickname, *pin, *password;
+	unsigned char *extensions, *unickname, *upassword;
 	const char *default_cn = CM_DEFAULT_CERT_SUBJECT_CN;
 	size_t extensions_len;
 	long error;
@@ -187,6 +187,15 @@ cm_csrgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 								  unickname,
 								  strlen(nickname));
 				}
+				password = entry->cm_challenge_password;
+				upassword = (unsigned char *) password;
+				if (password != NULL) {
+					X509_REQ_add1_attr_by_NID(req,
+								  NID_pkcs9_challengePassword,
+								  V_ASN1_PRINTABLESTRING,
+								  upassword,
+								  strlen(password));
+				}
 				X509_REQ_sign(req, pkey, cm_prefs_ossl_hash());
 				PEM_write_X509_REQ_NEW(status, req);
 			} else {
diff --git a/src/store-files.c b/src/store-files.c
index 72c8573..b5624a4 100644
--- a/src/store-files.c
+++ b/src/store-files.c
@@ -80,6 +80,8 @@ enum cm_store_file_field {
 	cm_store_entry_field_template_ku,
 	cm_store_entry_field_template_eku,
 
+	cm_store_entry_field_challenge_password,
+
 	cm_store_entry_field_csr,
 	cm_store_entry_field_state,
 
@@ -149,6 +151,8 @@ static struct cm_store_file_field_list {
 	{cm_store_entry_field_template_ku, "template_ku"},
 	{cm_store_entry_field_template_eku, "template_eku"},
 
+	{cm_store_entry_field_challenge_password, "challenge_password"},
+
 	{cm_store_entry_field_csr, "csr"},
 	{cm_store_entry_field_state, "state"},
 
@@ -540,6 +544,9 @@ cm_store_entry_read(void *parent, const char *filename, FILE *fp)
 			case cm_store_entry_field_template_eku:
 				ret->cm_template_eku = free_if_empty(p);
 				break;
+			case cm_store_entry_field_challenge_password:
+				ret->cm_challenge_password = free_if_empty(p);
+				break;
 			case cm_store_entry_field_csr:
 				ret->cm_csr = free_if_empty(p);
 				break;
@@ -644,6 +651,7 @@ cm_store_ca_read(void *parent, const char *filename, FILE *fp)
 			case cm_store_entry_field_template_principal:
 			case cm_store_entry_field_template_ku:
 			case cm_store_entry_field_template_eku:
+			case cm_store_entry_field_challenge_password:
 			case cm_store_entry_field_csr:
 			case cm_store_entry_field_state:
 			case cm_store_entry_field_autorenew:
@@ -906,6 +914,9 @@ cm_store_entry_write(FILE *fp, struct cm_store_entry *entry)
 	cm_store_file_write_str(fp, cm_store_entry_field_template_eku,
 				entry->cm_template_eku);
 
+	cm_store_file_write_str(fp, cm_store_entry_field_challenge_password,
+				entry->cm_challenge_password);
+
 	cm_store_file_write_str(fp, cm_store_entry_field_csr, entry->cm_csr);
 
 	cm_store_file_write_str(fp, cm_store_entry_field_state,
diff --git a/src/store-int.h b/src/store-int.h
index 0b0f90c..d513e32 100644
--- a/src/store-int.h
+++ b/src/store-int.h
@@ -87,6 +87,9 @@ struct cm_store_entry {
 	char **cm_template_principal;
 	char *cm_template_ku;
 	char *cm_template_eku;
+	/* A challenge password, which may be included (in cleartext form!) in
+	 * a CSR. */
+	char *cm_challenge_password;
 	/* The CSR, base64-encoded. */
 	char *cm_csr;
 	/* Our idea of the state of the cert. */