1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <stdio.h>
30 #include <assert.h>
31 #include <strings.h>
32
33 #include <kmfapi.h>
34 #include "kssladm.h"
35
36 /*
37 * Extract the Certificate and raw key data from a PKCS#12 file.
38 * The password needed for decrypting the PKCS#12 PDU is stored
39 * in plaintext in the given "password_file" parameter.
40 */
41 int
PKCS12_get_rsa_key_certs(KMF_HANDLE_T kmfh,const char * filename,const char * password_file,KMF_RAW_KEY_DATA ** rsa,KMF_X509_DER_CERT ** certs)42 PKCS12_get_rsa_key_certs(KMF_HANDLE_T kmfh,
43 const char *filename, const char *password_file,
44 KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
45 {
46 char password_buf[1024];
47 KMF_RETURN rv = KMF_OK;
48 KMF_CREDENTIAL pk12cred;
49 KMF_X509_DER_CERT *tcerts;
50 KMF_RAW_KEY_DATA *keys;
51 int ncerts, nkeys;
52 char *err = NULL;
53
54 tcerts = NULL;
55 keys = NULL;
56 ncerts = 0;
57 nkeys = 0;
58
59 if (get_passphrase(password_file, password_buf,
60 sizeof (password_buf)) <= 0) {
61 perror("Unable to read passphrase");
62 goto done;
63 }
64 pk12cred.cred = password_buf;
65 pk12cred.credlen = strlen(password_buf);
66
67 rv = kmf_import_objects(kmfh, (char *)filename, &pk12cred, &tcerts,
68 &ncerts, &keys, &nkeys);
69 if (rv != KMF_OK) {
70 REPORT_KMF_ERROR(rv, "Error importing PKCS12 data", err);
71 }
72
73 done:
74 if (rv != KMF_OK) {
75 int i;
76 if (tcerts != NULL) {
77 for (i = 0; i < ncerts; i++)
78 kmf_free_kmf_cert(kmfh, &tcerts[i]);
79 free(tcerts);
80 }
81 tcerts = NULL;
82 ncerts = 0;
83 if (keys != NULL) {
84 for (i = 0; i < nkeys; i++)
85 kmf_free_raw_key(&keys[i]);
86 free(keys);
87 }
88 keys = NULL;
89 }
90 *certs = tcerts;
91 *rsa = keys;
92
93 return (ncerts);
94 }
95
96 /*
97 * Parse a PEM file which should contain RSA private keys and
98 * their associated X.509v3 certificates. More than 1 may
99 * be present in the file.
100 */
101 int
PEM_get_rsa_key_certs(KMF_HANDLE_T kmfh,const char * filename,char * password_file,KMF_RAW_KEY_DATA ** rsa,KMF_X509_DER_CERT ** certs)102 PEM_get_rsa_key_certs(KMF_HANDLE_T kmfh,
103 const char *filename, char *password_file,
104 KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
105 {
106 KMF_RETURN rv = KMF_OK;
107 KMF_CREDENTIAL creds;
108 KMF_X509_DER_CERT *tcerts;
109 KMF_RAW_KEY_DATA *keys;
110 int ncerts, nkeys;
111 char *err = NULL;
112 char password_buf[1024];
113
114 tcerts = NULL;
115 keys = NULL;
116 ncerts = 0;
117 nkeys = 0;
118
119 if (get_passphrase(password_file, password_buf,
120 sizeof (password_buf)) <= 0) {
121 perror("Unable to read passphrase");
122 goto done;
123 }
124 creds.cred = password_buf;
125 creds.credlen = strlen(password_buf);
126
127 rv = kmf_import_objects(kmfh, (char *)filename, &creds, &tcerts,
128 &ncerts, &keys, &nkeys);
129 if (rv != KMF_OK) {
130 REPORT_KMF_ERROR(rv, "Error importing key data", err);
131 }
132
133 done:
134 if (rv != KMF_OK) {
135 int i;
136 if (tcerts != NULL) {
137 for (i = 0; i < ncerts; i++)
138 kmf_free_kmf_cert(kmfh, &tcerts[i]);
139 free(tcerts);
140 }
141 tcerts = NULL;
142 ncerts = 0;
143 if (keys != NULL) {
144 for (i = 0; i < nkeys; i++)
145 kmf_free_raw_key(&keys[i]);
146 free(keys);
147 }
148 keys = NULL;
149 }
150 if (certs != NULL)
151 *certs = tcerts;
152 if (rsa != NULL)
153 *rsa = keys;
154
155 return (ncerts);
156 }
157