signing.bbclass: add signing_extract_cert helpers

Add extract-cert wrapping helper functions, to easily extract certificates again that had been previously imported into the softhsm. Reviewed-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-01 13:58:06 +00:00 · 2025-06-27 14:18:21 +02:00 · 2025-06-27 14:18:21 +02:00 · d1b6f528a5
commit d1b6f528a5
parent b6915f6399
1 changed files with 25 additions and 1 deletions
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@ -54,7 +54,7 @@
 SIGNING_PKCS11_URI ?= ""
 SIGNING_PKCS11_MODULE ?= ""

-DEPENDS += "softhsm-native libp11-native opensc-native openssl-native"
+DEPENDS += "softhsm-native libp11-native opensc-native openssl-native extract-cert-native"

 def signing_class_prepare(d):
    import os.path
@ -453,6 +453,30 @@ signing_get_module() {
    fi
 }

+# signing_extract_cert_der <role> <der>
+#
+# Export a certificate attached to a role into a DER file.
+# To be used with SoftHSM.
+signing_extract_cert_der() {
+    local role="${1}"
+    local output="${2}"
+
+    extract-cert "$(signing_get_uri $role)" "${output}"
+}
+
+# signing_extract_cert_pem <role> <pem>
+#
+# Export a certificate attached to a role into a PEM file.
+# To be used with SoftHSM.
+signing_extract_cert_pem() {
+    local role="${1}"
+    local output="${2}"
+
+    extract-cert "$(signing_get_uri $role)" "${output}.tmp-der"
+    openssl x509 -inform der -in "${output}.tmp-der" -out "${output}"
+    rm "${output}.tmp-der"
+}
+
 python () {
    signing_class_prepare(d)
 }