certamp: add support for subject key id

Read the subject key id from the certificate and make it available.

Resolves: #6403

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>

src/lib/certmap/sss_cert_content_crypto.c

@@ -778,6 +778,35 @@ static int get_serial_number(TALLOC_CTX *mem_ctx, X509 *cert,
     return ret;
 }
 
+static int get_subject_key_id(TALLOC_CTX *mem_ctx, X509 *cert,
+                              uint8_t **subject_key_id,
+                              size_t *subject_key_id_size)
+{
+    const ASN1_OCTET_STRING *ski;
+    size_t size = 0;
+    uint8_t *buf;
+
+    ski = X509_get0_subject_key_id(cert);
+    if (ski != NULL) {
+        size = ASN1_STRING_length(ski);
+    }
+    if (size == 0) {
+        *subject_key_id_size = 0;
+        *subject_key_id = NULL;
+        return 0;
+    }
+
+    buf = talloc_memdup(mem_ctx, ASN1_STRING_get0_data(ski), size);
+    if (buf == NULL) {
+        return ENOMEM;
+    }
+
+    *subject_key_id = buf;
+    *subject_key_id_size = size;
+
+    return 0;
+}
+
 int sss_cert_get_content(TALLOC_CTX *mem_ctx,
                          const uint8_t *der_blob, size_t der_size,
                          struct sss_cert_content **content)
@@ -880,6 +909,12 @@ int sss_cert_get_content(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    ret = get_subject_key_id(cont, cert, &(cont->subject_key_id),
+                             &(cont->subject_key_id_size));
+    if (ret != 0) {
+        goto done;
+    }
+
     cont->cert_der = talloc_memdup(cont, der_blob, der_size);
     if (cont->cert_der == NULL) {
         ret = ENOMEM;

src/lib/certmap/sss_certmap_int.h

@@ -203,6 +203,9 @@ struct sss_cert_content {
     uint8_t *serial_number;
     size_t serial_number_size;
     const char *serial_number_dec_str;
+
+    uint8_t *subject_key_id;
+    size_t subject_key_id_size;
 };
 
 int sss_cert_get_content(TALLOC_CTX *mem_ctx,