From 22304ec7cbf2091672c5a6c0aaa5efbb17a6a685 Mon Sep 17 00:00:00 2001
From: Cameron Katri <me@cameronkatri.com>
Date: Tue, 19 Mar 2024 10:28:21 -0700
Subject: [PATCH] Add -X flag for seperate pkcs11 uri for Certificate

Ex. ldid -K'pkcs11:object=MyKey;type=private' -X'pkcs11:object=MyKey;type=cert'
---
 ldid.cpp | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ldid.cpp b/ldid.cpp
index ae46ad8..3972ab8 100644
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -44,6 +44,11 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
+# if SMARTCARD
+#  define OPENSSL_SUPPRESS_DEPRECATED
+/* We need to use engines, which are deprecated */
+# endif
+
 #include <openssl/opensslv.h>
 # if OPENSSL_VERSION_MAJOR >= 3
 #  include <openssl/provider.h>
@@ -3506,6 +3511,7 @@ int main(int argc, char *argv[]) {
     Map entitlements;
     Map requirements;
     std::string key;
+    std::string certuri;
     ldid::Signer *signer = new NoSigner();
     ldid::Slots slots;
 
@@ -3714,6 +3720,11 @@ int main(int argc, char *argv[]) {
                     key = argv[argi] + 2;
             break;
 
+            case 'X':
+                if (argv[argi][2] != '\0')
+                    certuri = argv[argi] + 2;
+            break;
+
             case 'T': break;
 
             case 'u': {
@@ -3741,7 +3752,7 @@ int main(int argc, char *argv[]) {
     if (!key.empty()) {
 #if SMARTCARD
         if (key.compare(0, 7, "pkcs11:") == 0) {
-            signer = new P11Signer(key);
+            signer = new P11Signer(key, certuri.empty() ? key : certuri);
         } else
 #endif
         {