Home | History | Annotate | Download | only in kssladm
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 
     22 /*
     23  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
     24  * Use is subject to license terms.
     25  */
     26 
     27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     28 
     29 #include <stdio.h>
     30 #include <assert.h>
     31 #include <strings.h>
     32 
     33 #include <kmfapi.h>
     34 #include "kssladm.h"
     35 
     36 /*
     37  * Extract the Certificate and raw key data from a PKCS#12 file.
     38  * The password needed for decrypting the PKCS#12 PDU is stored
     39  * in plaintext in the given "password_file" parameter.
     40  */
     41 int
     42 PKCS12_get_rsa_key_certs(KMF_HANDLE_T kmfh,
     43     const char *filename, const char *password_file,
     44     KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
     45 {
     46 	char password_buf[1024];
     47 	KMF_RETURN rv = KMF_OK;
     48 	KMF_CREDENTIAL pk12cred;
     49 	KMF_X509_DER_CERT *tcerts;
     50 	KMF_RAW_KEY_DATA *keys;
     51 	int ncerts, nkeys;
     52 	char *err = NULL;
     53 
     54 	tcerts = NULL;
     55 	keys = NULL;
     56 	ncerts = 0;
     57 	nkeys = 0;
     58 
     59 	if (get_passphrase(password_file, password_buf,
     60 	    sizeof (password_buf)) <= 0) {
     61 		perror("Unable to read passphrase");
     62 		goto done;
     63 	}
     64 	pk12cred.cred = password_buf;
     65 	pk12cred.credlen = strlen(password_buf);
     66 
     67 	rv = kmf_import_objects(kmfh, (char *)filename, &pk12cred, &tcerts,
     68 	    &ncerts, &keys, &nkeys);
     69 	if (rv != KMF_OK) {
     70 		REPORT_KMF_ERROR(rv, "Error importing PKCS12 data", err);
     71 	}
     72 
     73 done:
     74 	if (rv != KMF_OK) {
     75 		int i;
     76 		if (tcerts != NULL) {
     77 			for (i = 0; i < ncerts; i++)
     78 				kmf_free_kmf_cert(kmfh, &tcerts[i]);
     79 			free(tcerts);
     80 		}
     81 		tcerts = NULL;
     82 		ncerts = 0;
     83 		if (keys != NULL) {
     84 			for (i = 0; i < nkeys; i++)
     85 				kmf_free_raw_key(&keys[i]);
     86 			free(keys);
     87 		}
     88 		keys = NULL;
     89 	}
     90 	*certs = tcerts;
     91 	*rsa = keys;
     92 
     93 	return (ncerts);
     94 }
     95 
     96 /*
     97  * Parse a PEM file which should contain RSA private keys and
     98  * their associated X.509v3 certificates.  More than 1 may
     99  * be present in the file.
    100  */
    101 int
    102 PEM_get_rsa_key_certs(KMF_HANDLE_T kmfh,
    103     const char *filename, char *password_file,
    104     KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
    105 {
    106 	KMF_RETURN rv = KMF_OK;
    107 	KMF_CREDENTIAL creds;
    108 	KMF_X509_DER_CERT *tcerts;
    109 	KMF_RAW_KEY_DATA *keys;
    110 	int ncerts, nkeys;
    111 	char *err = NULL;
    112 	char password_buf[1024];
    113 
    114 	tcerts = NULL;
    115 	keys = NULL;
    116 	ncerts = 0;
    117 	nkeys = 0;
    118 
    119 	if (get_passphrase(password_file, password_buf,
    120 	    sizeof (password_buf)) <= 0) {
    121 		perror("Unable to read passphrase");
    122 		goto done;
    123 	}
    124 	creds.cred = password_buf;
    125 	creds.credlen = strlen(password_buf);
    126 
    127 	rv = kmf_import_objects(kmfh, (char *)filename, &creds, &tcerts,
    128 	    &ncerts, &keys, &nkeys);
    129 	if (rv != KMF_OK) {
    130 		REPORT_KMF_ERROR(rv, "Error importing key data", err);
    131 	}
    132 
    133 done:
    134 	if (rv != KMF_OK) {
    135 		int i;
    136 		if (tcerts != NULL) {
    137 			for (i = 0; i < ncerts; i++)
    138 				kmf_free_kmf_cert(kmfh, &tcerts[i]);
    139 			free(tcerts);
    140 		}
    141 		tcerts = NULL;
    142 		ncerts = 0;
    143 		if (keys != NULL) {
    144 			for (i = 0; i < nkeys; i++)
    145 				kmf_free_raw_key(&keys[i]);
    146 			free(keys);
    147 		}
    148 		keys = NULL;
    149 	}
    150 	if (certs != NULL)
    151 		*certs = tcerts;
    152 	if (rsa != NULL)
    153 		*rsa = keys;
    154 
    155 	return (ncerts);
    156 }
    157