in kmsp11/object.cc [205:252]
absl::Status AddX509CertificateAttributes(AttributeMap* attrs,
const kms_v1::CryptoKeyVersion& ckv,
X509* cert) {
ASSIGN_OR_RETURN(absl::Time not_before,
Asn1TimeToAbsl(X509_get_notBefore(cert)));
ASSIGN_OR_RETURN(absl::Time not_after,
Asn1TimeToAbsl(X509_get_notAfter(cert)));
bssl::UniquePtr<EVP_PKEY> pub(X509_get_pubkey(cert));
ASSIGN_OR_RETURN(std::string public_key_info,
MarshalX509PublicKeyDer(pub.get()));
ASSIGN_OR_RETURN(std::string subject_der,
MarshalX509Name(X509_get_subject_name(cert)));
ASSIGN_OR_RETURN(std::string issuer_der,
MarshalX509Name(X509_get_issuer_name(cert)));
ASSIGN_OR_RETURN(std::string serial,
MarshalAsn1Integer(X509_get_serialNumber(cert)));
ASSIGN_OR_RETURN(std::string cert_der, MarshalX509CertificateDer(cert));
char cert_der_sha1[20];
SHA1(reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(),
reinterpret_cast<uint8_t*>(cert_der_sha1));
// 4.6.2 Certificate objects
attrs->PutULong(CKA_CERTIFICATE_TYPE, CKC_X_509);
attrs->PutBool(CKA_TRUSTED, false);
attrs->PutULong(CKA_CERTIFICATE_CATEGORY,
CK_CERTIFICATE_CATEGORY_UNSPECIFIED);
attrs->Put(CKA_CHECK_VALUE, std::string_view(cert_der_sha1, 3));
attrs->PutDate(CKA_START_DATE, not_before);
attrs->PutDate(CKA_END_DATE, not_after);
attrs->Put(CKA_PUBLIC_KEY_INFO, public_key_info);
// 4.6.3 X.509 public key certificate objects
attrs->Put(CKA_SUBJECT, subject_der);
attrs->Put(CKA_ID, ckv.name());
attrs->Put(CKA_ISSUER, issuer_der);
attrs->Put(CKA_SERIAL_NUMBER, serial);
attrs->Put(CKA_VALUE, cert_der);
attrs->Put(CKA_URL, "");
attrs->Put(CKA_HASH_OF_SUBJECT_PUBLIC_KEY, "");
attrs->Put(CKA_HASH_OF_ISSUER_PUBLIC_KEY, "");
attrs->PutULong(CKA_JAVA_MIDP_SECURITY_DOMAIN,
CK_SECURITY_DOMAIN_UNSPECIFIED);
return absl::OkStatus();
}