xref: /titanic_44/usr/src/lib/libpkg/common/keystore.c (revision f05d7fc81533be643136e12ce92516d1d4292921)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * Module:	keystore.c
29  * Description:	This module contains the structure definitions for processing
30  *		package keystore files.
31  */
32 
33 #include <errno.h>
34 #include <fcntl.h>
35 #include <unistd.h>
36 #include <strings.h>
37 #include <libintl.h>
38 #include <time.h>
39 #include <ctype.h>
40 #include <sys/types.h>
41 #include <sys/stat.h>
42 #include <openssl/evp.h>
43 #include <openssl/x509.h>
44 #include <openssl/pkcs12.h>
45 #include <openssl/asn1.h>
46 #include <openssl/pem.h>
47 #include <openssl/err.h>
48 #include <openssl/safestack.h>
49 #include <openssl/stack.h>
50 #include "p12lib.h"
51 #include "pkgerr.h"
52 #include "keystore.h"
53 #include "pkglib.h"
54 #include "pkglibmsgs.h"
55 
56 typedef struct keystore_t {
57 	boolean_t		dirty;
58 	boolean_t		new;
59 	char			*path;
60 	char			*passphrase;
61 	/* truststore handles */
62 	int			cafd;
63 	STACK_OF(X509)		*cacerts;
64 	char			*capath;
65 
66 	/* user certificate handles */
67 	STACK_OF(X509)		*clcerts;
68 	char			*clpath;
69 
70 	/* private key handles */
71 	STACK_OF(EVP_PKEY)	*pkeys;
72 	char			*keypath;
73 } keystore_t;
74 
75 /* local routines */
76 static keystore_t	*new_keystore(void);
77 static void		free_keystore(keystore_t *);
78 static boolean_t	verify_keystore_integrity(PKG_ERR *, keystore_t *);
79 static boolean_t	check_password(PKCS12 *, char *);
80 static boolean_t	resolve_paths(PKG_ERR *, char *, char *,
81     long, keystore_t *);
82 static boolean_t	lock_keystore(PKG_ERR *, long, keystore_t *);
83 
84 static boolean_t	unlock_keystore(PKG_ERR *, keystore_t *);
85 static boolean_t	read_keystore(PKG_ERR *, keystore_t *,
86     keystore_passphrase_cb);
87 static boolean_t	write_keystore(PKG_ERR *, keystore_t *,
88     keystore_passphrase_cb);
89 static boolean_t	write_keystore_file(PKG_ERR *, char *, PKCS12 *);
90 static boolean_t	clear_keystore_file(PKG_ERR *, char *);
91 static PKCS12		*read_keystore_file(PKG_ERR *, char *);
92 static char		*get_time_string(ASN1_TIME *);
93 
94 /* locking routines */
95 static boolean_t	restore_keystore_file(PKG_ERR *, char *);
96 static int		file_lock(int, int, int);
97 static int		file_unlock(int);
98 static boolean_t	file_lock_test(int, int);
99 static boolean_t	file_empty(char *);
100 static boolean_t	get_keystore_passwd(PKG_ERR *err, PKCS12 *p12,
101     keystore_passphrase_cb cb, keystore_t *keystore);
102 static boolean_t	wait_restore(int, char *, char *, char *);
103 
104 #define	KEYSTORE_PERMS	(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)
105 
106 /* wait on other keystore access for 1 minute before giving up */
107 #define	LOCK_TIMEOUT	60
108 
109 /*
110  * print_certs  - prints certificates out of a keystore, to a file.
111  *
112  * Arguments:
113  * err - Error object to append errors to
114  * keystore - Keystore on which to operate
115  * alias - Name of certificate to print, NULL means print all
116  * format - Format in which to print certificates
117  * outfile - Where to print certificates
118  *
119  * Returns:
120  *   0 - Success
121  *   non-zero - Failure, errors added to err
122  */
123 int
124 print_certs(PKG_ERR *err, keystore_handle_t keystore_h, char *alias,
125     keystore_encoding_format_t format, FILE *outfile)
126 {
127 	int		i;
128 	X509		*cert;
129 	char		*fname = NULL;
130 	boolean_t	found = B_FALSE;
131 	keystore_t	*keystore = keystore_h;
132 
133 	if (keystore->clcerts != NULL) {
134 		/* print out each client cert */
135 		for (i = 0; i < sk_X509_num(keystore->clcerts); i++) {
136 			cert = sk_X509_value(keystore->clcerts, i);
137 			(void) sunw_get_cert_fname(GETDO_COPY, cert,
138 			    &fname);
139 
140 			if (fname == NULL) {
141 				/* no name recorded, keystore is corrupt */
142 				pkgerr_add(err, PKGERR_CORRUPT,
143 				    gettext(ERR_KEYSTORE_NO_ALIAS),
144 				    get_subject_display_name(cert));
145 				return (1);
146 			}
147 
148 			if ((alias != NULL) && (!streq(alias, fname))) {
149 				/* name does not match, skip it */
150 				(void) OPENSSL_free(fname);
151 				fname = NULL;
152 				continue;
153 			} else {
154 				found = B_TRUE;
155 				(void) print_cert(err, cert, format,
156 				    fname, B_FALSE, outfile);
157 				(void) OPENSSL_free(fname);
158 				fname = NULL;
159 			}
160 		}
161 	}
162 
163 	if (fname != NULL) {
164 	    (void) OPENSSL_free(fname);
165 	    fname = NULL;
166 	}
167 
168 	if (keystore->cacerts != NULL) {
169 		/* print out each trusted cert */
170 		for (i = 0; i < sk_X509_num(keystore->cacerts); i++) {
171 			cert = sk_X509_value(keystore->cacerts, i);
172 			(void) sunw_get_cert_fname(GETDO_COPY,
173 			    cert, &fname);
174 
175 			if (fname == NULL) {
176 				/* no name recorded, keystore is corrupt */
177 				pkgerr_add(err, PKGERR_CORRUPT,
178 				    gettext(ERR_KEYSTORE_NO_ALIAS),
179 				    get_subject_display_name(cert));
180 				return (1);
181 			}
182 
183 			if ((alias != NULL) && (!streq(alias, fname))) {
184 				/* name does not match, skip it */
185 				(void) OPENSSL_free(fname);
186 				fname = NULL;
187 				continue;
188 			} else {
189 				found = B_TRUE;
190 				(void) print_cert(err, cert, format,
191 				    fname, B_TRUE, outfile);
192 				(void) OPENSSL_free(fname);
193 				fname = NULL;
194 			}
195 		}
196 	}
197 
198 	if (fname != NULL) {
199 	    (void) OPENSSL_free(fname);
200 	    fname = NULL;
201 	}
202 
203 	if (found) {
204 		return (0);
205 	} else {
206 		/* no certs printed */
207 		if (alias != NULL) {
208 			pkgerr_add(err, PKGERR_NOALIASMATCH,
209 			    gettext(ERR_KEYSTORE_NOCERT),
210 			    alias, keystore->path);
211 		} else {
212 			pkgerr_add(err, PKGERR_NOPUBKEY,
213 			    gettext(ERR_KEYSTORE_NOPUBCERTS),
214 			    keystore->path);
215 			pkgerr_add(err, PKGERR_NOCACERT,
216 			    gettext(ERR_KEYSTORE_NOCACERTS),
217 			    keystore->path);
218 		}
219 		return (1);
220 	}
221 }
222 
223 /*
224  * print_cert  - prints a single certificate, to a file
225  *
226  * Arguments:
227  * err - Error object to append errors to
228  * x - The certificate to print
229  * alias - Name of certificate to print
230  * format - Format in which to print certificate
231  * outfile - Where to print certificate
232  *
233  * Returns:
234  *   0 - Success
235  *   non-zero - Failure, errors added to err
236  */
237 int print_cert(PKG_ERR *err, X509 *x,
238     keystore_encoding_format_t format, char *alias, boolean_t is_trusted,
239     FILE *outfile)
240 {
241 
242 	char *vdb_str;
243 	char *vda_str;
244 	char vd_str[ATTR_MAX];
245 	int ret = 0;
246 	char *cn_str, *icn_str, *typ_str;
247 	char *tmp;
248 	char *md5_fp;
249 	char *sha1_fp;
250 	int len;
251 
252 	/* need to localize the word "Fingerprint", hence these pointers */
253 	char md5_label[ATTR_MAX];
254 	char sha1_label[ATTR_MAX];
255 
256 	if (is_trusted) {
257 		typ_str = gettext(MSG_KEYSTORE_TRUSTED);
258 	} else {
259 		typ_str = gettext(MSG_KEYSTORE_UNTRUSTED);
260 	}
261 
262 	if ((cn_str = get_subject_display_name(x)) == NULL) {
263 		cn_str = gettext(MSG_KEYSTORE_UNKNOWN);
264 	}
265 
266 	if ((icn_str = get_issuer_display_name(x)) == NULL) {
267 		icn_str = gettext(MSG_KEYSTORE_UNKNOWN);
268 	}
269 
270 	vdb_str = xstrdup(get_time_string(X509_get_notBefore(x)));
271 	vda_str = xstrdup(get_time_string(X509_get_notAfter(x)));
272 	if (((len = snprintf(vd_str, ATTR_MAX, "<%s> - <%s>",
273 	    vdb_str, vda_str)) < 0) || (len >= ATTR_MAX)) {
274 		pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN), vdb_str);
275 		ret = 1;
276 		goto cleanup;
277 	}
278 
279 	if ((tmp = get_fingerprint(x, EVP_md5())) == NULL) {
280 		md5_fp = gettext(MSG_KEYSTORE_UNKNOWN);
281 	} else {
282 		/*
283 		 * make a copy, otherwise the next call to get_fingerprint
284 		 * will overwrite this one
285 		 */
286 		md5_fp = xstrdup(tmp);
287 	}
288 
289 	if ((tmp = get_fingerprint(x, EVP_sha1())) == NULL) {
290 		sha1_fp = gettext(MSG_KEYSTORE_UNKNOWN);
291 	} else {
292 		sha1_fp = xstrdup(tmp);
293 	}
294 
295 	(void) snprintf(md5_label, ATTR_MAX, "%s %s",
296 	    OBJ_nid2sn(EVP_MD_type(EVP_md5())),
297 	    /* i18n: 14 characters max */
298 	    gettext(MSG_KEYSTORE_FP));
299 
300 	(void) snprintf(sha1_label, ATTR_MAX, "%s %s",
301 	    OBJ_nid2sn(EVP_MD_type(EVP_sha1())),
302 	    /* i18n: 14 characters max */
303 	    gettext(MSG_KEYSTORE_FP));
304 
305 	switch (format) {
306 	case KEYSTORE_FORMAT_PEM:
307 		(void) PEM_write_X509(outfile, x);
308 		break;
309 	case KEYSTORE_FORMAT_DER:
310 		(void) i2d_X509_fp(outfile, x);
311 		break;
312 	case KEYSTORE_FORMAT_TEXT:
313 		(void) fprintf(outfile, "%18s: %s\n",
314 		    /* i18n: 18 characters max */
315 		    gettext(MSG_KEYSTORE_AL), alias);
316 		(void) fprintf(outfile, "%18s: %s\n",
317 		    /* i18n: 18 characters max */
318 		    gettext(MSG_KEYSTORE_CN), cn_str);
319 		(void) fprintf(outfile, "%18s: %s\n",
320 		    /* i18n: 18 characters max */
321 		    gettext(MSG_KEYSTORE_TY), typ_str);
322 		(void) fprintf(outfile, "%18s: %s\n",
323 		    /* i18n: 18 characters max */
324 		    gettext(MSG_KEYSTORE_IN), icn_str);
325 		(void) fprintf(outfile, "%18s: %s\n",
326 		    /* i18n: 18 characters max */
327 		    gettext(MSG_KEYSTORE_VD), vd_str);
328 		(void) fprintf(outfile, "%18s: %s\n", md5_label, md5_fp);
329 		(void) fprintf(outfile, "%18s: %s\n", sha1_label, sha1_fp);
330 		(void) fprintf(outfile, "\n");
331 		break;
332 	default:
333 		pkgerr_add(err, PKGERR_INTERNAL,
334 		    gettext(ERR_KEYSTORE_INTERNAL),
335 		    __FILE__, __LINE__);
336 		ret = 1;
337 		goto cleanup;
338 	}
339 
340 cleanup:
341 	if (md5_fp != NULL)
342 		free(md5_fp);
343 	if (sha1_fp != NULL)
344 		free(sha1_fp);
345 	if (vda_str != NULL)
346 		free(vda_str);
347 	if (vdb_str != NULL)
348 		free(vdb_str);
349 	return (ret);
350 }
351 
352 /*
353  * open_keystore - Initialize new keystore object for
354  * impending access.
355  *
356  * Arguments:
357  * err - Error object to append errors to
358  * keystore_file - Base filename or directory of keystore
359  * app - Application making request
360  * passwd - Password used to decrypt keystore
361  * flags - Control flags used to control access mode and behavior
362  * result - Resulting keystore object stored here on success
363  *
364  * Returns:
365  *   0 - Success - result contains a pointer to the opened keystore
366  *   non-zero - Failure, errors added to err
367  */
368 int
369 open_keystore(PKG_ERR *err, char *keystore_file, char *app,
370     keystore_passphrase_cb cb, long flags, keystore_handle_t *result)
371 {
372 	int ret = 0;
373 	keystore_t	*tmpstore;
374 
375 	tmpstore = new_keystore();
376 
377 	tmpstore->dirty = B_FALSE;
378 	tmpstore->new = B_FALSE;
379 	tmpstore->path = xstrdup(keystore_file);
380 
381 	if (!resolve_paths(err, keystore_file, app, flags, tmpstore)) {
382 		/* unable to determine keystore paths */
383 		pkgerr_add(err, PKGERR_CORRUPT, gettext(ERR_KEYSTORE_REPAIR),
384 		    keystore_file);
385 		ret = 1;
386 		goto cleanup;
387 	}
388 
389 	if (!verify_keystore_integrity(err, tmpstore)) {
390 		/* unable to repair keystore */
391 		pkgerr_add(err, PKGERR_CORRUPT, gettext(ERR_KEYSTORE_REPAIR),
392 		    keystore_file);
393 		ret = 1;
394 		goto cleanup;
395 	}
396 
397 	if (!lock_keystore(err, flags, tmpstore)) {
398 		pkgerr_add(err, PKGERR_LOCKED, gettext(ERR_KEYSTORE_LOCKED),
399 		    keystore_file);
400 		ret = 1;
401 		goto cleanup;
402 	}
403 
404 	/* now that we have locked the keystore, go ahead and read it */
405 	if (!read_keystore(err, tmpstore, cb)) {
406 		pkgerr_add(err, PKGERR_READ, gettext(ERR_PARSE),
407 		    keystore_file);
408 		ret = 1;
409 		goto cleanup;
410 	}
411 
412 	*result = tmpstore;
413 	tmpstore = NULL;
414 
415 cleanup:
416 	if (tmpstore != NULL)
417 		free_keystore(tmpstore);
418 	return (ret);
419 }
420 
421 /*
422  * new_keystore - Allocates and initializes a Keystore object
423  *
424  * Arguments:
425  * NONE
426  *
427  * Returns:
428  *   NULL - out of memory
429  *   otherwise, returns a pointer to the newly allocated object,
430  *   which should be freed with free_keystore() when no longer
431  *   needed.
432  */
433 static keystore_t
434 *new_keystore(void)
435 {
436 	keystore_t *tmpstore;
437 
438 	if ((tmpstore = (keystore_t *)malloc(sizeof (keystore_t))) == NULL) {
439 		return (NULL);
440 	}
441 	tmpstore->dirty = B_FALSE;
442 	tmpstore->new = B_FALSE;
443 	tmpstore->path = NULL;
444 	tmpstore->passphrase = NULL;
445 	tmpstore->cafd = -1;
446 	tmpstore->cacerts = NULL;
447 	tmpstore->capath = NULL;
448 	tmpstore->clcerts = NULL;
449 	tmpstore->clpath = NULL;
450 	tmpstore->pkeys = NULL;
451 	tmpstore->keypath = NULL;
452 
453 	return (tmpstore);
454 }
455 
456 /*
457  * free_keystore - Deallocates a Keystore object
458  *
459  * Arguments:
460  * keystore - The keystore to deallocate
461  *
462  * Returns:
463  *   NONE
464  */
465 static void
466 free_keystore(keystore_t *keystore)
467 {
468 	if (keystore->path != NULL)
469 		free(keystore->path);
470 	if (keystore->capath != NULL)
471 		free(keystore->capath);
472 	if (keystore->passphrase != NULL)
473 		free(keystore->passphrase);
474 	if (keystore->clpath != NULL)
475 		free(keystore->clpath);
476 	if (keystore->keypath != NULL)
477 		free(keystore->keypath);
478 
479 	if (keystore->pkeys != NULL) {
480 		sk_EVP_PKEY_pop_free(keystore->pkeys,
481 		    sunw_evp_pkey_free);
482 	}
483 	if (keystore->clcerts != NULL)
484 		sk_X509_free(keystore->clcerts);
485 	if (keystore->cacerts != NULL)
486 		sk_X509_free(keystore->cacerts);
487 	free(keystore);
488 }
489 
490 /*
491  * close_keystore - Writes keystore to disk if needed, then
492  * unlocks and closes keystore.
493  *
494  * Arguments:
495  * err - Error object to append errors to
496  * keystore - Keystore which should be closed
497  * passwd - Password used to encrypt keystore
498  *
499  * Returns:
500  *   0 - Success - keystore is committed to disk, and unlocked
501  *   non-zero - Failure, errors added to err
502  */
503 int
504 close_keystore(PKG_ERR *err, keystore_handle_t keystore_h,
505     keystore_passphrase_cb cb)
506 {
507 	int ret = 0;
508 	keystore_t *keystore = keystore_h;
509 
510 	if (keystore->dirty) {
511 		/* write out the keystore first */
512 		if (!write_keystore(err, keystore, cb)) {
513 			pkgerr_add(err, PKGERR_WRITE,
514 			    gettext(ERR_KEYSTORE_WRITE),
515 			    keystore->path);
516 			ret = 1;
517 			goto cleanup;
518 		}
519 	}
520 
521 	if (!unlock_keystore(err, keystore)) {
522 		pkgerr_add(err, PKGERR_UNLOCK, gettext(ERR_KEYSTORE_UNLOCK),
523 		    keystore->path);
524 		ret = 1;
525 		goto cleanup;
526 	}
527 
528 	free_keystore(keystore);
529 cleanup:
530 	return (ret);
531 }
532 
533 /*
534  * merge_ca_cert - Adds a trusted certificate (trust anchor) to a keystore.
535  * certificate checked for validity dates and non-duplicity.
536  *
537  * Arguments:
538  * err - Error object to add errors to
539  * cacert - Certificate which to merge into keystore
540  * keystore - The keystore into which the certificate is merged
541  *
542  * Returns:
543  *   0 - Success - Certificate passes validity, and
544  *		is merged into keystore
545  * non-zero - Failure, errors recorded in err
546  */
547 int
548 merge_ca_cert(PKG_ERR *err, X509 *cacert, keystore_handle_t keystore_h)
549 {
550 
551 	int		ret = 0;
552 	X509		*existing = NULL;
553 	char		*fname;
554 	keystore_t	*keystore = keystore_h;
555 
556 	/* check validity dates */
557 	if (check_cert(err, cacert) != 0) {
558 		ret = 1;
559 		goto cleanup;
560 	}
561 
562 	/* create the certificate's friendlyName */
563 	fname = get_subject_display_name(cacert);
564 
565 	if (sunw_set_fname(fname, NULL, cacert) != 0) {
566 		pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
567 		ret = 1;
568 		goto cleanup;
569 	}
570 
571 	/* merge certificate into the keystore */
572 	if (keystore->cacerts == NULL) {
573 		/* no existing truststore, so make a new one */
574 		if ((keystore->cacerts = sk_X509_new_null()) == NULL) {
575 			pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
576 			ret = 1;
577 			goto cleanup;
578 		}
579 	} else {
580 		/* existing truststore, make sure there's no duplicate */
581 		if (sunw_find_fname(fname, NULL, keystore->cacerts,
582 		    NULL, &existing) < 0) {
583 			pkgerr_add(err, PKGERR_INTERNAL,
584 			    gettext(ERR_KEYSTORE_INTERNAL),
585 			    __FILE__, __LINE__);
586 			ERR_print_errors_fp(stderr);
587 			ret = 1;
588 			goto cleanup;
589 			/* could not search properly! */
590 		}
591 		if (existing != NULL) {
592 			/* whoops, found one already */
593 			pkgerr_add(err, PKGERR_DUPLICATE,
594 			    gettext(ERR_KEYSTORE_DUPLICATECERT), fname);
595 			ret = 1;
596 			goto cleanup;
597 		}
598 	}
599 
600 	(void) sk_X509_push(keystore->cacerts, cacert);
601 	keystore->dirty = B_TRUE;
602 cleanup:
603 	if (existing != NULL)
604 		X509_free(existing);
605 	return (ret);
606 }
607 
608 /*
609  * find_key_cert_pair - Searches a keystore for a matching
610  * public key certificate and private key, given an alias.
611  *
612  * Arguments:
613  * err - Error object to add errors to
614  * ks - Keystore to search
615  * alias - Name to used to match certificate's alias
616  * key - Resulting key is placed here
617  * cert - Resulting cert is placed here
618  *
619  * Returns:
620  *   0 - Success - Matching cert/key pair placed in key and cert.
621  * non-zero - Failure, errors recorded in err
622  */
623 int
624 find_key_cert_pair(PKG_ERR *err, keystore_handle_t ks_h, char *alias,
625     EVP_PKEY **key, X509 **cert)
626 {
627 	X509		*tmpcert = NULL;
628 	EVP_PKEY	*tmpkey = NULL;
629 	int		ret = 0;
630 	int		items_found;
631 	keystore_t	*ks = ks_h;
632 
633 	if (key == NULL || cert == NULL) {
634 		pkgerr_add(err, PKGERR_NOPUBKEY,
635 		    gettext(ERR_KEYSTORE_NOPUBCERTS), ks->path);
636 		ret = 1;
637 		goto cleanup;
638 	}
639 
640 	if (ks->clcerts == NULL) {
641 		/* no public certs */
642 		pkgerr_add(err, PKGERR_NOPUBKEY,
643 		    gettext(ERR_KEYSTORE_NOCERTS), ks->path);
644 		ret = 1;
645 		goto cleanup;
646 	}
647 	if (ks->pkeys == NULL) {
648 		/* no private keys */
649 		pkgerr_add(err, PKGERR_NOPRIVKEY,
650 		    gettext(ERR_KEYSTORE_NOKEYS), ks->path);
651 		ret = 1;
652 		goto cleanup;
653 	}
654 
655 	/* try the easy case first */
656 	if ((sk_EVP_PKEY_num(ks->pkeys) == 1) &&
657 	    (sk_X509_num(ks->clcerts) == 1)) {
658 		tmpkey = sk_EVP_PKEY_value(ks->pkeys, 0);
659 		tmpcert = sk_X509_value(ks->clcerts, 0);
660 		if (sunw_check_keys(tmpcert, tmpkey)) {
661 			/*
662 			 * only one private key and public key cert, and they
663 			 * match, so use them
664 			 */
665 			*key = tmpkey;
666 			tmpkey = NULL;
667 			*cert = tmpcert;
668 			tmpcert = NULL;
669 			goto cleanup;
670 		}
671 	}
672 
673 	/* Attempt to find the right pair given the alias */
674 	items_found = sunw_find_fname(alias, ks->pkeys, ks->clcerts,
675 	    &tmpkey, &tmpcert);
676 
677 	if ((items_found < 0) ||
678 	    (items_found & (FOUND_PKEY | FOUND_CERT)) == 0) {
679 		/* no key/cert pair found. bail. */
680 		pkgerr_add(err, PKGERR_BADALIAS,
681 		    gettext(ERR_KEYSTORE_NOMATCH), alias);
682 		ret = 1;
683 		goto cleanup;
684 	}
685 
686 	/* success */
687 	*key = tmpkey;
688 	tmpkey = NULL;
689 	*cert = tmpcert;
690 	tmpcert = NULL;
691 
692 cleanup:
693 
694 	if (tmpcert != NULL)
695 		(void) X509_free(tmpcert);
696 
697 	if (tmpkey != NULL)
698 		sunw_evp_pkey_free(tmpkey);
699 
700 	return (ret);
701 }
702 
703 /*
704  * find_ca_certs - Searches a keystore for trusted certificates
705  *
706  * Arguments:
707  * err - Error object to add errors to
708  * ks - Keystore to search
709  * cacerts - resulting set of trusted certs are placed here
710  *
711  * Returns:
712  *   0 - Success - trusted cert list returned in cacerts
713  * non-zero - Failure, errors recorded in err
714  */
715 int
716 find_ca_certs(PKG_ERR *err, keystore_handle_t ks_h, STACK_OF(X509) **cacerts)
717 {
718 
719 	keystore_t	*ks = ks_h;
720 
721 	/* easy */
722 	if (cacerts == NULL) {
723 		pkgerr_add(err, PKGERR_INTERNAL,
724 		    gettext(ERR_KEYSTORE_INTERNAL), __FILE__, __LINE__);
725 		return (1);
726 	}
727 
728 	*cacerts = ks->cacerts;
729 	return (0);
730 }
731 
732 /*
733  * find_cl_certs - Searches a keystore for user certificates
734  *
735  * Arguments:
736  * err - Error object to add errors to
737  * ks - Keystore to search
738  * cacerts - resulting set of user certs are placed here
739  *
740  * No matching of any kind is performed.
741  * Returns:
742  *   0 - Success - trusted cert list returned in cacerts
743  * non-zero - Failure, errors recorded in err
744  */
745 /* ARGSUSED */
746 int
747 find_cl_certs(PKG_ERR *err, keystore_handle_t ks_h, STACK_OF(X509) **clcerts)
748 {
749 	keystore_t	*ks = ks_h;
750 
751 	/* easy */
752 	*clcerts = ks->clcerts;
753 	return (0);
754 }
755 
756 
757 /*
758  * merge_cert_and_key - Adds a user certificate and matching
759  * private key to a keystore.
760  * certificate checked for validity dates and non-duplicity.
761  *
762  * Arguments:
763  * err - Error object to add errors to
764  * cert - Certificate which to merge into keystore
765  * key - matching private key to 'cert'
766  * alias - Name which to store the cert and key under
767  * keystore - The keystore into which the certificate is merged
768  *
769  * Returns:
770  *   0 - Success - Certificate passes validity, and
771  *		is merged into keystore, along with key
772  * non-zero - Failure, errors recorded in err
773  */
774 int
775 merge_cert_and_key(PKG_ERR *err, X509 *cert, EVP_PKEY *key, char *alias,
776     keystore_handle_t keystore_h)
777 {
778 	X509		*existingcert = NULL;
779 	EVP_PKEY	*existingkey = NULL;
780 	int		ret = 0;
781 	keystore_t	*keystore = keystore_h;
782 
783 	/* check validity dates */
784 	if (check_cert(err, cert) != 0) {
785 		ret = 1;
786 		goto cleanup;
787 	}
788 
789 	/* set the friendlyName of the key and cert to the supplied alias */
790 	if (sunw_set_fname(alias, key, cert) != 0) {
791 		pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
792 		ret = 1;
793 		goto cleanup;
794 	}
795 
796 	/* merge certificate and key into the keystore */
797 	if (keystore->clcerts == NULL) {
798 		/* no existing truststore, so make a new one */
799 		if ((keystore->clcerts = sk_X509_new_null()) == NULL) {
800 			pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
801 			ret = 1;
802 			goto cleanup;
803 		}
804 	} else {
805 		/* existing certstore, make sure there's no duplicate */
806 		if (sunw_find_fname(alias, NULL, keystore->clcerts,
807 		    NULL, &existingcert) < 0) {
808 			pkgerr_add(err, PKGERR_INTERNAL,
809 			    gettext(ERR_KEYSTORE_INTERNAL),
810 			    __FILE__, __LINE__);
811 			ERR_print_errors_fp(stderr);
812 			ret = 1;
813 			goto cleanup;
814 			/* could not search properly! */
815 		}
816 		if (existingcert != NULL) {
817 			/* whoops, found one already */
818 			pkgerr_add(err, PKGERR_DUPLICATE,
819 			    gettext(ERR_KEYSTORE_DUPLICATECERT), alias);
820 			ret = 1;
821 			goto cleanup;
822 		}
823 	}
824 
825 	if (keystore->pkeys == NULL) {
826 		/* no existing keystore, so make a new one */
827 		if ((keystore->pkeys = sk_EVP_PKEY_new_null()) == NULL) {
828 			pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
829 			ret = 1;
830 			goto cleanup;
831 		}
832 	} else {
833 		/* existing keystore, so make sure there's no duplicate entry */
834 		if (sunw_find_fname(alias, keystore->pkeys, NULL,
835 		    &existingkey, NULL) < 0) {
836 			pkgerr_add(err, PKGERR_INTERNAL,
837 			    gettext(ERR_KEYSTORE_INTERNAL),
838 			    __FILE__, __LINE__);
839 			ERR_print_errors_fp(stderr);
840 			ret = 1;
841 			goto cleanup;
842 			/* could not search properly! */
843 		}
844 		if (existingkey != NULL) {
845 			/* whoops, found one already */
846 			pkgerr_add(err, PKGERR_DUPLICATE,
847 			    gettext(ERR_KEYSTORE_DUPLICATEKEY), alias);
848 			ret = 1;
849 			goto cleanup;
850 		}
851 	}
852 
853 	(void) sk_X509_push(keystore->clcerts, cert);
854 	(void) sk_EVP_PKEY_push(keystore->pkeys, key);
855 	keystore->dirty = B_TRUE;
856 cleanup:
857 	if (existingcert != NULL)
858 		(void) X509_free(existingcert);
859 	if (existingkey != NULL)
860 		(void) sunw_evp_pkey_free(existingkey);
861 	return (ret);
862 }
863 
864 /*
865  * delete_cert_and_keys - Deletes one or more certificates
866  *  and matching private keys from a keystore.
867  *
868  * Arguments:
869  * err - Error object to add errors to
870  * ks - The keystore from which certs and keys are deleted
871  * alias - Name which to search for certificates and keys
872  *	to delete
873  *
874  * Returns:
875  *   0 - Success - All trusted certs which match 'alias'
876  *		are deleted.  All user certificates
877  *		which match 'alias' are deleted, along
878  *		with the matching private key.
879  * non-zero - Failure, errors recorded in err
880  */
881 int
882 delete_cert_and_keys(PKG_ERR *err, keystore_handle_t ks_h, char *alias)
883 {
884 	X509		*existingcert;
885 	EVP_PKEY	*existingkey;
886 	int		i;
887 	char		*fname = NULL;
888 	boolean_t	found = B_FALSE;
889 	keystore_t	*ks = ks_h;
890 
891 	/* delete any and all client certs with the supplied name */
892 	if (ks->clcerts != NULL) {
893 		for (i = 0; i < sk_X509_num(ks->clcerts); i++) {
894 			existingcert = sk_X509_value(ks->clcerts, i);
895 			if (sunw_get_cert_fname(GETDO_COPY,
896 			    existingcert, &fname) >= 0) {
897 				if (streq(fname, alias)) {
898 					/* match, so nuke it */
899 					existingcert =
900 					    sk_X509_delete(ks->clcerts, i);
901 					X509_free(existingcert);
902 					existingcert = NULL;
903 					found = B_TRUE;
904 				}
905 				(void) OPENSSL_free(fname);
906 				fname = NULL;
907 			}
908 		}
909 		if (sk_X509_num(ks->clcerts) <= 0) {
910 			/* we deleted all the client certs */
911 			sk_X509_free(ks->clcerts);
912 			ks->clcerts = NULL;
913 		}
914 	}
915 
916 	/* and now the private keys */
917 	if (ks->pkeys != NULL) {
918 		for (i = 0; i < sk_EVP_PKEY_num(ks->pkeys); i++) {
919 			existingkey = sk_EVP_PKEY_value(ks->pkeys, i);
920 			if (sunw_get_pkey_fname(GETDO_COPY,
921 			    existingkey, &fname) >= 0) {
922 				if (streq(fname, alias)) {
923 					/* match, so nuke it */
924 					existingkey =
925 					    sk_EVP_PKEY_delete(ks->pkeys, i);
926 					sunw_evp_pkey_free(existingkey);
927 					existingkey = NULL;
928 					found = B_TRUE;
929 				}
930 				(void) OPENSSL_free(fname);
931 				fname = NULL;
932 			}
933 		}
934 		if (sk_EVP_PKEY_num(ks->pkeys) <= 0) {
935 			/* we deleted all the private keys */
936 			sk_EVP_PKEY_free(ks->pkeys);
937 			ks->pkeys = NULL;
938 		}
939 	}
940 
941 	/* finally, remove any trust anchors that match */
942 
943 	if (ks->cacerts != NULL) {
944 		for (i = 0; i < sk_X509_num(ks->cacerts); i++) {
945 			existingcert = sk_X509_value(ks->cacerts, i);
946 			if (sunw_get_cert_fname(GETDO_COPY,
947 			    existingcert, &fname) >= 0) {
948 				if (streq(fname, alias)) {
949 					/* match, so nuke it */
950 					existingcert =
951 					    sk_X509_delete(ks->cacerts, i);
952 					X509_free(existingcert);
953 					existingcert = NULL;
954 					found = B_TRUE;
955 				}
956 				(void) OPENSSL_free(fname);
957 				fname = NULL;
958 			}
959 		}
960 		if (sk_X509_num(ks->cacerts) <= 0) {
961 			/* we deleted all the CA certs */
962 			sk_X509_free(ks->cacerts);
963 			ks->cacerts = NULL;
964 		}
965 	}
966 
967 	if (found) {
968 		ks->dirty = B_TRUE;
969 		return (0);
970 	} else {
971 		/* no certs or keys deleted */
972 		pkgerr_add(err, PKGERR_NOALIASMATCH,
973 		    gettext(ERR_KEYSTORE_NOCERTKEY),
974 		    alias, ks->path);
975 		return (1);
976 	}
977 }
978 
979 /*
980  * check_cert - Checks certificate validity.  This routine
981  * checks that the current time falls within the period
982  * of validity for the cert.
983  *
984  * Arguments:
985  * err - Error object to add errors to
986  * cert - The certificate to check
987  *
988  * Returns:
989  *   0 - Success - Certificate checks out
990  * non-zero - Failure, errors and reasons recorded in err
991  */
992 int
993 check_cert(PKG_ERR *err, X509 *cert)
994 {
995 	char			currtimestr[ATTR_MAX];
996 	time_t			currtime;
997 	char			*r;
998 	/* get current time */
999 	if ((currtime = time(NULL)) == (time_t)-1) {
1000 		pkgerr_add(err, PKGERR_TIME, gettext(ERR_CURR_TIME));
1001 		return (1);
1002 	}
1003 
1004 	(void) strlcpy(currtimestr, ctime(&currtime), ATTR_MAX);
1005 
1006 	/* trim whitespace from end of time string */
1007 	for (r = (currtimestr + strlen(currtimestr) - 1); isspace(*r); r--) {
1008 		*r = '\0';
1009 	}
1010 	/* check  validity of cert */
1011 	switch (sunw_check_cert_times(CHK_BOTH, cert)) {
1012 	case CHKERR_TIME_OK:
1013 		/* Current time meets requested checks */
1014 		break;
1015 	case CHKERR_TIME_BEFORE_BAD:
1016 		/* 'not before' field is invalid */
1017 	case CHKERR_TIME_AFTER_BAD:
1018 		/* 'not after' field is invalid */
1019 		pkgerr_add(err, PKGERR_TIME, gettext(ERR_CERT_TIME_BAD));
1020 		return (1);
1021 	case CHKERR_TIME_IS_BEFORE:
1022 		/* Current time is before 'not before' */
1023 	case CHKERR_TIME_HAS_EXPIRED:
1024 		/*
1025 		 * Ignore expiration time since the trust cert used to
1026 		 * verify the certs used to sign Sun patches is already
1027 		 * expired. Once the patches get resigned with the new
1028 		 * cert we will check expiration against the time the
1029 		 * patch was signed and not the time it is installed.
1030 		 */
1031 		return (0);
1032 	default:
1033 		pkgerr_add(err, PKGERR_INTERNAL,
1034 		    gettext(ERR_KEYSTORE_INTERNAL),
1035 		    __FILE__, __LINE__);
1036 		return (1);
1037 	}
1038 
1039 	/* all checks ok */
1040 	return (0);
1041 }
1042 
1043 /*
1044  * check_cert - Checks certificate validity.  This routine
1045  * checks everything that check_cert checks, and additionally
1046  * verifies that the private key and corresponding public
1047  * key are indeed a pair.
1048  *
1049  * Arguments:
1050  * err - Error object to add errors to
1051  * cert - The certificate to check
1052  * key - the key to check
1053  * Returns:
1054  *   0 - Success - Certificate checks out
1055  * non-zero - Failure, errors and reasons recorded in err
1056  */
1057 int
1058 check_cert_and_key(PKG_ERR *err, X509 *cert, EVP_PKEY *key)
1059 {
1060 
1061 	/* check validity dates */
1062 	if (check_cert(err, cert) != 0) {
1063 		return (1);
1064 	}
1065 
1066 	/* check key pair match */
1067 	if (sunw_check_keys(cert, key) == 0) {
1068 		pkgerr_add(err, PKGERR_VERIFY, gettext(ERR_MISMATCHED_KEYS),
1069 		    get_subject_display_name(cert));
1070 		return (1);
1071 	}
1072 
1073 	/* all checks OK */
1074 	return (0);
1075 }
1076 
1077 /* ------------------ private functions ---------------------- */
1078 
1079 /*
1080  * verify_keystore_integrity - Searches for the remnants
1081  * of a failed or aborted keystore modification, and
1082  * cleans up the files, retstores the keystore to a known
1083  * state.
1084  *
1085  * Arguments:
1086  * err - Error object to add errors to
1087  * keystore_file - Base directory or filename of keystore
1088  * app - Application making request
1089  *
1090  * Returns:
1091  *   0 - Success - Keystore is restored, or untouched in the
1092  *		case that cleanup was unnecessary
1093  * non-zero - Failure, errors and reasons recorded in err
1094  */
1095 static boolean_t
1096 verify_keystore_integrity(PKG_ERR *err, keystore_t *keystore)
1097 {
1098 	if (keystore->capath != NULL) {
1099 		if (!restore_keystore_file(err, keystore->capath)) {
1100 			return (B_FALSE);
1101 		}
1102 	}
1103 	if (keystore->clpath != NULL) {
1104 		if (!restore_keystore_file(err, keystore->clpath)) {
1105 			return (B_FALSE);
1106 		}
1107 	}
1108 	if (keystore->keypath != NULL) {
1109 		if (!restore_keystore_file(err, keystore->keypath)) {
1110 			return (B_FALSE);
1111 		}
1112 	}
1113 	return (B_TRUE);
1114 }
1115 
1116 /*
1117  * restore_keystore_file - restores a keystore file to
1118  * a known state.
1119  *
1120  * Keystore files can possibly be corrupted by a variety
1121  * of error conditions during reading/writing.  This
1122  * routine, along with write_keystore_file, tries to
1123  * maintain keystore integrity by writing the files
1124  * out in a particular order, minimizing the time period
1125  * that the keystore is in an indeterminate state.
1126  *
1127  * With the current implementation, there are some failures
1128  * that are wholly unrecoverable, such as disk corruption.
1129  * These routines attempt to minimize the risk, but not
1130  * eliminate it.  When better, atomic operations are available
1131  * (such as a trued atabase with commit, rollback, and
1132  * guaranteed atomicity), this implementation should use that.
1133  *
1134  * Arguments:
1135  * err - Error object to add errors to
1136  * keystore_file - keystore file path to restore.
1137  *
1138  * Returns:
1139  *   0 - Success - Keystore file is restored, or untouched in the
1140  *		case that cleanup was unnecessary
1141  * non-zero - Failure, errors and reasons recorded in err
1142  */
1143 /* ARGSUSED */
1144 static boolean_t
1145 restore_keystore_file(PKG_ERR *err, char *keystore_file)
1146 {
1147 	char	newpath[MAXPATHLEN];
1148 	char	backuppath[MAXPATHLEN];
1149 	int	newfd;
1150 	struct stat buf;
1151 	int len;
1152 
1153 	if (((len = snprintf(newpath, MAXPATHLEN, "%s.new",
1154 	    keystore_file)) < 0) ||
1155 	    (len >= ATTR_MAX)) {
1156 		pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN), keystore_file);
1157 		return (B_FALSE);
1158 	}
1159 
1160 	if (((len = snprintf(backuppath, MAXPATHLEN, "%s.bak",
1161 	    keystore_file)) < 0) ||
1162 	    (len >= ATTR_MAX)) {
1163 		pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN), keystore_file);
1164 		return (B_FALSE);
1165 	}
1166 
1167 	if ((newfd = open(newpath, O_RDWR|O_NONBLOCK, 0)) != -1) {
1168 		if (fstat(newfd, &buf) != -1) {
1169 			if (S_ISREG(buf.st_mode)) {
1170 				/*
1171 				 * restore the file, waiting on it
1172 				 * to be free for locking, or for
1173 				 * it to disappear
1174 				 */
1175 				if (!wait_restore(newfd, keystore_file,
1176 				    newpath, backuppath)) {
1177 					pkgerr_add(err, PKGERR_WRITE,
1178 					    gettext(ERR_WRITE),
1179 					    newpath, strerror(errno));
1180 					(void) close(newfd);
1181 					return (B_FALSE);
1182 				} else {
1183 					return (B_TRUE);
1184 				}
1185 			} else {
1186 				/* "new" file is not a regular file */
1187 				pkgerr_add(err, PKGERR_WRITE,
1188 				    gettext(ERR_NOT_REG), newpath);
1189 				(void) close(newfd);
1190 				return (B_FALSE);
1191 			}
1192 		} else {
1193 			/* couldn't stat "new" file */
1194 			pkgerr_add(err, PKGERR_WRITE,
1195 			    gettext(ERR_WRITE), newpath,
1196 			    strerror(errno));
1197 			(void) close(newfd);
1198 			return (B_FALSE);
1199 		}
1200 	} else {
1201 		/* "new" file doesn't exist */
1202 		return (B_TRUE);
1203 	}
1204 }
1205 
1206 static boolean_t
1207 wait_restore(int newfd, char *keystore_file,
1208     char *origpath, char *backuppath)
1209 {
1210 	struct stat buf;
1211 	FILE *newstream;
1212 	PKCS12 *p12;
1213 
1214 	(void) alarm(LOCK_TIMEOUT);
1215 	if (file_lock(newfd, F_WRLCK, 1) == -1) {
1216 		/* could not lock file */
1217 		(void) alarm(0);
1218 		return (B_FALSE);
1219 	}
1220 	(void) alarm(0);
1221 
1222 	if (fstat(newfd, &buf) != -1) {
1223 		if (S_ISREG(buf.st_mode)) {
1224 			/*
1225 			 * The new file still
1226 			 * exists, with no
1227 			 * owner.  It must be
1228 			 * the result of an
1229 			 * aborted update.
1230 			 */
1231 			newstream = fdopen(newfd, "r");
1232 			if ((p12 =
1233 			    d2i_PKCS12_fp(newstream,
1234 				NULL)) != NULL) {
1235 				/*
1236 				 * The file
1237 				 * appears
1238 				 * complete.
1239 				 * Replace the
1240 				 * exsisting
1241 				 * keystore
1242 				 * file with
1243 				 * this one
1244 				 */
1245 				(void) rename(keystore_file, backuppath);
1246 				(void) rename(origpath, keystore_file);
1247 				PKCS12_free(p12);
1248 			} else {
1249 				/* The file is not complete.  Remove it */
1250 				(void) remove(origpath);
1251 			}
1252 			/* remove backup file */
1253 			(void) remove(backuppath);
1254 			(void) fclose(newstream);
1255 			(void) close(newfd);
1256 			return (B_TRUE);
1257 		} else {
1258 			/*
1259 			 * new file exists, but is not a
1260 			 * regular file
1261 			 */
1262 			(void) close(newfd);
1263 			return (B_FALSE);
1264 		}
1265 	} else {
1266 		/*
1267 		 * could not stat file.  Unless
1268 		 * the reason was that the file
1269 		 * is now gone, this is an error
1270 		 */
1271 		if (errno != ENOENT) {
1272 			(void) close(newfd);
1273 			return (B_FALSE);
1274 		}
1275 		/*
1276 		 * otherwise, file is gone.  The process
1277 		 * that held the lock must have
1278 		 * successfully cleaned up and
1279 		 * exited with a valid keystore
1280 		 * state
1281 		 */
1282 		(void) close(newfd);
1283 		return (B_TRUE);
1284 	}
1285 }
1286 
1287 /*
1288  * resolve_paths - figure out if we are dealing with a single-file
1289  * or multi-file keystore
1290  *
1291  * The flags tell resolve_paths how to behave:
1292  *
1293  * KEYSTORE_PATH_SOFT
1294  * If the keystore file does not exist at <base>/<app> then
1295  * use <base> as the path to the keystore.  This can be used,
1296  * for example, to access an app-specific keystore iff it
1297  * exists, otherwise revert back to an app-generic keystore.
1298  *
1299  * KEYSTORE_PATH_HARD
1300  * Always use the keystore located at <keystore_path>/<app>.
1301  * In read/write mode, if the files do not exist, then
1302  * they will be created.  This is used to avoid falling
1303  * back to an app-generic keystore path when the app-specific
1304  * one does not exist.
1305  *
1306  * Arguments:
1307  * err - Error object to add errors to
1308  * keystore_file - base keystore file path to lock
1309  * app - Application making requests
1310  * flags - Control flags (see above description)
1311  * keystore - object which is being locked
1312  *
1313  * Returns:
1314  *   B_TRUE - Success - Keystore file is locked, paths to
1315  *		appropriate files placed in keystore.
1316  *   B_FALSE - Failure, errors and reasons recorded in err
1317  */
1318 static boolean_t
1319 resolve_paths(PKG_ERR *err, char *keystore_file, char *app,
1320     long flags, keystore_t *keystore)
1321 {
1322 	char			storepath[PATH_MAX];
1323 	struct stat		buf;
1324 	boolean_t		multi = B_FALSE;
1325 	int			fd1, fd2, len;
1326 
1327 	/*
1328 	 * figure out whether we are dealing with a single-file keystore
1329 	 * or a multi-file keystore
1330 	 */
1331 	if (app != NULL) {
1332 		if (((len = snprintf(storepath, PATH_MAX, "%s/%s",
1333 		    keystore_file, app)) < 0) ||
1334 		    (len >= ATTR_MAX)) {
1335 			pkgerr_add(err, PKGERR_WEB, gettext(ERR_LEN),
1336 			    keystore_file);
1337 			return (B_FALSE);
1338 		}
1339 
1340 		if (((fd1 = open(storepath, O_NONBLOCK|O_RDONLY)) == -1) ||
1341 		    (fstat(fd1, &buf) == -1) ||
1342 		    !S_ISDIR(buf.st_mode)) {
1343 			/*
1344 			 * app-specific does not exist
1345 			 * fallback to app-generic, if flags say we can
1346 			 */
1347 			if ((flags & KEYSTORE_PATH_MASK) ==
1348 			    KEYSTORE_PATH_SOFT) {
1349 
1350 				if (((fd2 = open(keystore_file,
1351 				    O_NONBLOCK|O_RDONLY)) != -1) &&
1352 				    (fstat(fd2, &buf) != -1)) {
1353 					if (S_ISDIR(buf.st_mode)) {
1354 						/*
1355 						 * app-generic dir
1356 						 * exists, so use it
1357 						 * as a multi-file
1358 						 * keystore
1359 						 */
1360 						multi = B_TRUE;
1361 						app = NULL;
1362 					} else if (S_ISREG(buf.st_mode)) {
1363 						/*
1364 						 * app-generic file exists, so
1365 						 * use it as a single file ks
1366 						 */
1367 						multi = B_FALSE;
1368 						app = NULL;
1369 					}
1370 				}
1371 			}
1372 		}
1373 		if (fd1 != -1)
1374 			(void) close(fd1);
1375 		if (fd2 != -1)
1376 			(void) close(fd2);
1377 	} else {
1378 		if (((fd1 = open(keystore_file,
1379 		    O_NONBLOCK|O_RDONLY)) != -1) &&
1380 		    (fstat(fd1, &buf) != -1) &&
1381 		    S_ISDIR(buf.st_mode)) {
1382 			/*
1383 			 * app-generic dir exists, so use
1384 			 * it as a multi-file keystore
1385 			 */
1386 			multi = B_TRUE;
1387 		}
1388 		if (fd1 != -1)
1389 			(void) close(fd1);
1390 	}
1391 
1392 	if (app != NULL) {
1393 		/* app-specific keystore */
1394 		(void) snprintf(storepath, PATH_MAX, "%s/%s/%s",
1395 		    keystore_file, app, TRUSTSTORE);
1396 		keystore->capath = xstrdup(storepath);
1397 		(void) snprintf(storepath, PATH_MAX, "%s/%s/%s",
1398 		    keystore_file, app, CERTSTORE);
1399 		keystore->clpath = xstrdup(storepath);
1400 		(void) snprintf(storepath, PATH_MAX, "%s/%s/%s",
1401 		    keystore_file, app, KEYSTORE);
1402 		keystore->keypath = xstrdup(storepath);
1403 	} else {
1404 		/* app-generic keystore */
1405 		if (!multi) {
1406 			/* single-file app-generic keystore */
1407 			keystore->capath = xstrdup(keystore_file);
1408 			keystore->keypath = NULL;
1409 			keystore->clpath = NULL;
1410 		} else {
1411 			/* multi-file app-generic keystore */
1412 			(void) snprintf(storepath, PATH_MAX, "%s/%s",
1413 			    keystore_file, TRUSTSTORE);
1414 			keystore->capath = xstrdup(storepath);
1415 			(void) snprintf(storepath, PATH_MAX, "%s/%s",
1416 			    keystore_file, CERTSTORE);
1417 			keystore->clpath = xstrdup(storepath);
1418 			(void) snprintf(storepath, PATH_MAX, "%s/%s",
1419 			    keystore_file, KEYSTORE);
1420 			keystore->keypath = xstrdup(storepath);
1421 		}
1422 	}
1423 
1424 	return (B_TRUE);
1425 }
1426 
1427 /*
1428  * lock_keystore - Locks a keystore for shared (read-only)
1429  * or exclusive (read-write) access.
1430  *
1431  * The flags tell lock_keystore how to behave:
1432  *
1433  * KEYSTORE_ACCESS_READONLY
1434  * opens keystore read-only.  Attempts to modify results in an error
1435  *
1436  * KEYSTORE_ACCESS_READWRITE
1437  * opens keystore read-write
1438  *
1439  * KEYSTORE_PATH_SOFT
1440  * If the keystore file does not exist at <base>/<app> then
1441  * use <base> as the path to the keystore.  This can be used,
1442  * for example, to access an app-specific keystore iff it
1443  * exists, otherwise revert back to an app-generic keystore.
1444  *
1445  * KEYSTORE_PATH_HARD
1446  * Always use the keystore located at <keystore_path>/<app>.
1447  * In read/write mode, if the files do not exist, then
1448  * they will be created.  This is used to avoid falling
1449  * back to an app-generic keystore path when the app-specific
1450  * one does not exist.
1451  *
1452  * Arguments:
1453  * err - Error object to add errors to
1454  * flags - Control flags (see above description)
1455  * keystore - object which is being locked
1456  *
1457  * Returns:
1458  *   0 - Success - Keystore file is locked, paths to
1459  *		appropriate files placed in keystore.
1460  * non-zero - Failure, errors and reasons recorded in err
1461  */
1462 static boolean_t
1463 lock_keystore(PKG_ERR *err, long flags, keystore_t *keystore)
1464 {
1465 	boolean_t		ret = B_TRUE;
1466 	struct stat		buf;
1467 
1468 	switch (flags & KEYSTORE_ACCESS_MASK) {
1469 	case KEYSTORE_ACCESS_READONLY:
1470 		if ((keystore->cafd =
1471 		    open(keystore->capath, O_NONBLOCK|O_RDONLY)) == -1) {
1472 			if (errno == ENOENT) {
1473 				/*
1474 				 * no keystore.  try to create an
1475 				 * empty one so we can lock on it and
1476 				 * prevent others from gaining
1477 				 * exclusive access.  It will be
1478 				 * deleted when the keystore is closed.
1479 				 */
1480 				if ((keystore->cafd =
1481 				    open(keystore->capath,
1482 					O_NONBLOCK|O_RDWR|O_CREAT|O_EXCL,
1483 					S_IRUSR|S_IWUSR)) == -1) {
1484 					pkgerr_add(err, PKGERR_READ,
1485 					    gettext(ERR_NO_KEYSTORE),
1486 					    keystore->capath);
1487 					ret = B_FALSE;
1488 					goto cleanup;
1489 				}
1490 			} else {
1491 				pkgerr_add(err, PKGERR_READ,
1492 				    gettext(ERR_KEYSTORE_OPEN),
1493 				    keystore->capath, strerror(errno));
1494 				ret = B_FALSE;
1495 				goto cleanup;
1496 			}
1497 		}
1498 		if (fstat(keystore->cafd, &buf) != -1) {
1499 			if (S_ISREG(buf.st_mode)) {
1500 				if (file_lock(keystore->cafd, F_RDLCK,
1501 				    0) == -1) {
1502 					pkgerr_add(err, PKGERR_LOCKED,
1503 					    gettext(ERR_KEYSTORE_LOCKED_READ),
1504 					    keystore->capath);
1505 					ret = B_FALSE;
1506 					goto cleanup;
1507 				}
1508 			} else {
1509 				/* ca file not a regular file! */
1510 				pkgerr_add(err, PKGERR_READ,
1511 				    gettext(ERR_NOT_REG),
1512 				    keystore->capath);
1513 				ret = B_FALSE;
1514 				goto cleanup;
1515 			}
1516 		} else {
1517 			pkgerr_add(err, PKGERR_READ,
1518 			    gettext(ERR_KEYSTORE_OPEN),
1519 			    keystore->capath, strerror(errno));
1520 			ret = B_FALSE;
1521 			goto cleanup;
1522 		}
1523 		break;
1524 	case KEYSTORE_ACCESS_READWRITE:
1525 
1526 		if ((keystore->cafd = open(keystore->capath,
1527 		    O_RDWR|O_NONBLOCK)) == -1) {
1528 			/* does not exist.  try to create an empty one */
1529 			if (errno == ENOENT) {
1530 				if ((keystore->cafd =
1531 				    open(keystore->capath,
1532 					O_NONBLOCK|O_RDWR|O_CREAT|O_EXCL,
1533 					S_IRUSR|S_IWUSR)) == -1) {
1534 					pkgerr_add(err, PKGERR_READ,
1535 					    gettext(ERR_KEYSTORE_WRITE),
1536 					    keystore->capath);
1537 					ret = B_FALSE;
1538 					goto cleanup;
1539 				}
1540 			} else {
1541 				pkgerr_add(err, PKGERR_READ,
1542 				    gettext(ERR_KEYSTORE_OPEN),
1543 				    keystore->capath, strerror(errno));
1544 				ret = B_FALSE;
1545 				goto cleanup;
1546 			}
1547 		}
1548 		if (fstat(keystore->cafd, &buf) != -1) {
1549 			if (S_ISREG(buf.st_mode)) {
1550 				if (file_lock(keystore->cafd, F_WRLCK,
1551 				    0) == -1) {
1552 					pkgerr_add(err, PKGERR_LOCKED,
1553 					    gettext(ERR_KEYSTORE_LOCKED),
1554 					    keystore->capath);
1555 					ret = B_FALSE;
1556 					goto cleanup;
1557 				}
1558 			} else {
1559 				/* ca file not a regular file! */
1560 				pkgerr_add(err, PKGERR_READ,
1561 				    gettext(ERR_NOT_REG),
1562 				    keystore->capath);
1563 				ret = B_FALSE;
1564 				goto cleanup;
1565 			}
1566 		} else {
1567 			pkgerr_add(err, PKGERR_READ,
1568 			    gettext(ERR_KEYSTORE_OPEN),
1569 			    keystore->capath, strerror(errno));
1570 			ret = B_FALSE;
1571 			goto cleanup;
1572 		}
1573 
1574 		break;
1575 	default:
1576 		pkgerr_add(err, PKGERR_INTERNAL,
1577 		    gettext(ERR_KEYSTORE_INTERNAL),
1578 		    __FILE__, __LINE__);
1579 		ret = B_FALSE;
1580 		goto cleanup;
1581 	}
1582 
1583 cleanup:
1584 	if (!ret) {
1585 		if (keystore->cafd > 0) {
1586 			(void) file_unlock(keystore->cafd);
1587 			(void) close(keystore->cafd);
1588 			keystore->cafd = -1;
1589 		}
1590 
1591 		if (keystore->capath != NULL)
1592 			free(keystore->capath);
1593 		if (keystore->clpath != NULL)
1594 			free(keystore->clpath);
1595 		if (keystore->keypath != NULL)
1596 			free(keystore->keypath);
1597 		keystore->capath = NULL;
1598 		keystore->clpath = NULL;
1599 		keystore->keypath = NULL;
1600 	}
1601 
1602 	return (ret);
1603 }
1604 
1605 /*
1606  * unlock_keystore - Unocks a keystore
1607  *
1608  * Arguments:
1609  * err - Error object to add errors to
1610  * keystore - keystore object to unlock
1611  * Returns:
1612  *   0 - Success - Keystore files are unlocked, files are closed,
1613  * non-zero - Failure, errors and reasons recorded in err
1614  */
1615 /* ARGSUSED */
1616 static boolean_t
1617 unlock_keystore(PKG_ERR *err, keystore_t *keystore)
1618 {
1619 
1620 	/*
1621 	 * Release lock on the CA file.
1622 	 * Delete file if it is empty
1623 	 */
1624 	if (file_empty(keystore->capath)) {
1625 		(void) remove(keystore->capath);
1626 	}
1627 
1628 	(void) file_unlock(keystore->cafd);
1629 	(void) close(keystore->cafd);
1630 	return (B_TRUE);
1631 }
1632 
1633 /*
1634  * read_keystore - Reads keystore files of disk, parses
1635  * into internal structures.
1636  *
1637  * Arguments:
1638  * err - Error object to add errors to
1639  * keystore - keystore object to read into
1640  * cb - callback to get password, if required
1641  * Returns:
1642  *   0 - Success - Keystore files are read, and placed
1643  * into keystore structure.
1644  * non-zero - Failure, errors and reasons recorded in err
1645  */
1646 static boolean_t
1647 read_keystore(PKG_ERR *err, keystore_t *keystore, keystore_passphrase_cb cb)
1648 {
1649 	boolean_t	ret = B_TRUE;
1650 	PKCS12		*p12 = NULL;
1651 	boolean_t	ca_empty;
1652 	boolean_t	have_passwd = B_FALSE;
1653 	boolean_t	cl_empty = B_TRUE;
1654 	boolean_t	key_empty = B_TRUE;
1655 
1656 	ca_empty = file_empty(keystore->capath);
1657 
1658 	if (keystore->clpath != NULL)
1659 		cl_empty = file_empty(keystore->clpath);
1660 	if (keystore->keypath != NULL)
1661 		key_empty = file_empty(keystore->keypath);
1662 
1663 	if (ca_empty && cl_empty && key_empty) {
1664 	    keystore->new = B_TRUE;
1665 	}
1666 
1667 	if (!ca_empty) {
1668 		/* first read the ca file */
1669 		if ((p12 = read_keystore_file(err,
1670 		    keystore->capath)) == NULL) {
1671 			pkgerr_add(err, PKGERR_CORRUPT,
1672 			    gettext(ERR_KEYSTORE_CORRUPT), keystore->capath);
1673 			ret = B_FALSE;
1674 			goto cleanup;
1675 		}
1676 
1677 		/* Get password, using callback if necessary */
1678 		if (!have_passwd) {
1679 			if (!get_keystore_passwd(err, p12, cb, keystore)) {
1680 				ret = B_FALSE;
1681 				goto cleanup;
1682 			}
1683 			have_passwd = B_TRUE;
1684 		}
1685 
1686 		/* decrypt and parse keystore file */
1687 		if (sunw_PKCS12_contents(p12, keystore->passphrase,
1688 		    &keystore->pkeys, &keystore->cacerts) < 0) {
1689 			/* could not parse the contents */
1690 			pkgerr_add(err, PKGERR_CORRUPT,
1691 			    gettext(ERR_KEYSTORE_CORRUPT), keystore->capath);
1692 			ret = B_FALSE;
1693 			goto cleanup;
1694 		}
1695 
1696 		PKCS12_free(p12);
1697 		p12 = NULL;
1698 	} else {
1699 
1700 		/*
1701 		 * truststore is empty, so we don't have any trusted
1702 		 * certs
1703 		 */
1704 		keystore->cacerts = NULL;
1705 	}
1706 
1707 	/*
1708 	 * if there is no cl file or key file, use the cl's and key's found
1709 	 * in the ca file
1710 	 */
1711 	if (keystore->clpath == NULL && !ca_empty) {
1712 		if (sunw_split_certs(keystore->pkeys, keystore->cacerts,
1713 		    &keystore->clcerts, NULL) < 0) {
1714 			pkgerr_add(err, PKGERR_CORRUPT,
1715 			    gettext(ERR_KEYSTORE_CORRUPT), keystore->capath);
1716 			ret = B_FALSE;
1717 			goto cleanup;
1718 		}
1719 	} else {
1720 		/*
1721 		 * files are in separate files.  read keys out of the keystore
1722 		 * certs out of the certstore, if they are not empty
1723 		 */
1724 		if (!cl_empty) {
1725 			if ((p12 = read_keystore_file(err,
1726 			    keystore->clpath)) == NULL) {
1727 				pkgerr_add(err, PKGERR_CORRUPT,
1728 				    gettext(ERR_KEYSTORE_CORRUPT),
1729 				    keystore->clpath);
1730 				ret = B_FALSE;
1731 				goto cleanup;
1732 			}
1733 
1734 			/* Get password, using callback if necessary */
1735 			if (!have_passwd) {
1736 				if (!get_keystore_passwd(err, p12, cb,
1737 				    keystore)) {
1738 					ret = B_FALSE;
1739 					goto cleanup;
1740 				}
1741 				have_passwd = B_TRUE;
1742 			}
1743 
1744 			if (check_password(p12,
1745 			    keystore->passphrase) == B_FALSE) {
1746 				/*
1747 				 * password in client cert file
1748 				 * is different than
1749 				 * the one in the other files!
1750 				 */
1751 				pkgerr_add(err, PKGERR_BADPASS,
1752 				    gettext(ERR_MISMATCHPASS),
1753 				    keystore->clpath,
1754 				    keystore->capath, keystore->path);
1755 				ret = B_FALSE;
1756 				goto cleanup;
1757 			}
1758 
1759 			if (sunw_PKCS12_contents(p12, keystore->passphrase,
1760 			    NULL, &keystore->clcerts) < 0) {
1761 				/* could not parse the contents */
1762 				pkgerr_add(err, PKGERR_CORRUPT,
1763 				    gettext(ERR_KEYSTORE_CORRUPT),
1764 				    keystore->clpath);
1765 				ret = B_FALSE;
1766 				goto cleanup;
1767 			}
1768 
1769 			PKCS12_free(p12);
1770 			p12 = NULL;
1771 		} else {
1772 			keystore->clcerts = NULL;
1773 		}
1774 
1775 		if (!key_empty) {
1776 			if ((p12 = read_keystore_file(err,
1777 			    keystore->keypath)) == NULL) {
1778 				pkgerr_add(err, PKGERR_CORRUPT,
1779 				    gettext(ERR_KEYSTORE_CORRUPT),
1780 				    keystore->keypath);
1781 				ret = B_FALSE;
1782 				goto cleanup;
1783 			}
1784 
1785 			/* Get password, using callback if necessary */
1786 			if (!have_passwd) {
1787 				if (!get_keystore_passwd(err, p12, cb,
1788 				    keystore)) {
1789 					ret = B_FALSE;
1790 					goto cleanup;
1791 				}
1792 				have_passwd = B_TRUE;
1793 			}
1794 
1795 			if (check_password(p12,
1796 			    keystore->passphrase) == B_FALSE) {
1797 				pkgerr_add(err, PKGERR_BADPASS,
1798 				    gettext(ERR_MISMATCHPASS),
1799 				    keystore->keypath,
1800 				    keystore->capath, keystore->path);
1801 				ret = B_FALSE;
1802 				goto cleanup;
1803 			}
1804 
1805 			if (sunw_PKCS12_contents(p12, keystore->passphrase,
1806 			    &keystore->pkeys, NULL) < 0) {
1807 				/* could not parse the contents */
1808 				pkgerr_add(err, PKGERR_CORRUPT,
1809 				    gettext(ERR_KEYSTORE_CORRUPT),
1810 				    keystore->keypath);
1811 				ret = B_FALSE;
1812 				goto cleanup;
1813 			}
1814 
1815 			PKCS12_free(p12);
1816 			p12 = NULL;
1817 		} else {
1818 			keystore->pkeys = NULL;
1819 		}
1820 	}
1821 
1822 cleanup:
1823 	if (p12 != NULL)
1824 		PKCS12_free(p12);
1825 	return (ret);
1826 }
1827 
1828 /*
1829  * get_keystore_password - retrieves pasword used to
1830  * decrypt PKCS12 structure.
1831  *
1832  * Arguments:
1833  * err - Error object to add errors to
1834  * p12 - PKCS12 structure which returned password should
1835  * decrypt
1836  * cb - callback to collect password.
1837  * keystore - The keystore in which the PKCS12 structure
1838  * will eventually populate.
1839  * Returns:
1840  *   B_TRUE - success.
1841  *     keystore password is set in keystore->passphrase.
1842  *   B_FALSE - failure, errors logged
1843  */
1844 static boolean_t
1845 get_keystore_passwd(PKG_ERR *err, PKCS12 *p12, keystore_passphrase_cb cb,
1846     keystore_t *keystore)
1847 {
1848 	char				*passwd;
1849 	char				passbuf[KEYSTORE_PASS_MAX + 1];
1850 	keystore_passphrase_data	data;
1851 
1852 	/* see if no password is the right password */
1853 	if (check_password(p12, "") == B_TRUE) {
1854 		passwd = "";
1855 	} else if (check_password(p12, NULL) == B_TRUE) {
1856 		passwd = NULL;
1857 	} else {
1858 		/* oops, it's encrypted.  get password */
1859 		data.err = err;
1860 		if (cb(passbuf, KEYSTORE_PASS_MAX, 0,
1861 		    &data) == -1) {
1862 			/* could not get password */
1863 			return (B_FALSE);
1864 		}
1865 
1866 		if (check_password(p12, passbuf) == B_FALSE) {
1867 				/* wrong password */
1868 			pkgerr_add(err, PKGERR_BADPASS,
1869 			    gettext(ERR_BADPASS));
1870 			return (B_FALSE);
1871 		}
1872 
1873 		/*
1874 		 * make copy of password buffer, since it
1875 		 * goes away upon return
1876 		 */
1877 		passwd = xstrdup(passbuf);
1878 	}
1879 	keystore->passphrase = passwd;
1880 	return (B_TRUE);
1881 }
1882 
1883 /*
1884  * write_keystore - Writes keystore files to disk
1885  *
1886  * Arguments:
1887  * err - Error object to add errors to
1888  * keystore - keystore object to write from
1889  * passwd - password used to encrypt keystore
1890  * Returns:
1891  *   0 - Success - Keystore contents are written out to
1892  *   the same locations as read from
1893  * non-zero - Failure, errors and reasons recorded in err
1894  */
1895 static boolean_t
1896 write_keystore(PKG_ERR *err, keystore_t *keystore,
1897     keystore_passphrase_cb cb)
1898 {
1899 	PKCS12	*p12 = NULL;
1900 	boolean_t ret = B_TRUE;
1901 	keystore_passphrase_data data;
1902 	char		passbuf[KEYSTORE_PASS_MAX + 1];
1903 
1904 	if (keystore->capath != NULL && keystore->clpath == NULL &&
1905 	    keystore->keypath == NULL) {
1906 
1907 		/*
1908 		 * keystore is a file.
1909 		 * just write out a single file
1910 		 */
1911 		if ((keystore->pkeys == NULL) &&
1912 		    (keystore->clcerts == NULL) &&
1913 		    (keystore->cacerts == NULL)) {
1914 			if (!clear_keystore_file(err, keystore->capath)) {
1915 				/*
1916 				 * no keys or certs to write out, so
1917 				 * blank the ca file.  we do not
1918 				 * delete it since it is used as a
1919 				 * lock by lock_keystore() in
1920 				 * subsequent invocations
1921 				 */
1922 				pkgerr_add(err, PKGERR_WRITE,
1923 				    gettext(ERR_KEYSTORE_WRITE),
1924 				    keystore->capath);
1925 				ret = B_FALSE;
1926 				goto cleanup;
1927 			}
1928 		} else {
1929 			/*
1930 			 * if the keystore is being created for the first time,
1931 			 * prompt for a passphrase for encryption
1932 			 */
1933 			if (keystore->new) {
1934 				data.err = err;
1935 				if (cb(passbuf, KEYSTORE_PASS_MAX,
1936 				    1, &data) == -1) {
1937 					ret = B_FALSE;
1938 					goto cleanup;
1939 				}
1940 			} else {
1941 				/*
1942 				 * use the one used when the keystore
1943 				 * was read
1944 				 */
1945 				(void) strlcpy(passbuf, keystore->passphrase,
1946 				    KEYSTORE_PASS_MAX);
1947 			}
1948 
1949 			p12 = sunw_PKCS12_create(passbuf, keystore->pkeys,
1950 			    keystore->clcerts, keystore->cacerts);
1951 
1952 			if (p12 == NULL) {
1953 				pkgerr_add(err, PKGERR_WRITE,
1954 				    gettext(ERR_KEYSTORE_FORM),
1955 				    keystore->capath);
1956 				ret = B_FALSE;
1957 				goto cleanup;
1958 			}
1959 
1960 			if (!write_keystore_file(err, keystore->capath, p12)) {
1961 				pkgerr_add(err, PKGERR_WRITE,
1962 				    gettext(ERR_KEYSTORE_WRITE),
1963 				    keystore->capath);
1964 				ret = B_FALSE;
1965 				goto cleanup;
1966 			}
1967 		}
1968 
1969 	} else {
1970 		/* files are seprate. Do one at a time */
1971 
1972 		/*
1973 		 * if the keystore is being created for the first time,
1974 		 * prompt for a passphrase for encryption
1975 		 */
1976 		if (keystore->new && ((keystore->pkeys != NULL) ||
1977 		    (keystore->clcerts != NULL) ||
1978 		    (keystore->cacerts != NULL))) {
1979 			data.err = err;
1980 			if (cb(passbuf, KEYSTORE_PASS_MAX,
1981 			    1, &data) == -1) {
1982 				ret = B_FALSE;
1983 				goto cleanup;
1984 			}
1985 		} else {
1986 			/* use the one used when the keystore was read */
1987 			(void) strlcpy(passbuf, keystore->passphrase,
1988 			    KEYSTORE_PASS_MAX);
1989 		}
1990 
1991 		/* do private keys first */
1992 		if (keystore->pkeys != NULL) {
1993 			p12 = sunw_PKCS12_create(passbuf, keystore->pkeys,
1994 			    NULL, NULL);
1995 
1996 			if (p12 == NULL) {
1997 				pkgerr_add(err, PKGERR_WRITE,
1998 				    gettext(ERR_KEYSTORE_FORM),
1999 				    keystore->keypath);
2000 				ret = B_FALSE;
2001 				goto cleanup;
2002 			}
2003 
2004 			if (!write_keystore_file(err, keystore->keypath,
2005 			    p12)) {
2006 				pkgerr_add(err, PKGERR_WRITE,
2007 				    gettext(ERR_KEYSTORE_WRITE),
2008 				    keystore->keypath);
2009 				ret = B_FALSE;
2010 				goto cleanup;
2011 			}
2012 
2013 			PKCS12_free(p12);
2014 		} else {
2015 			if ((remove(keystore->keypath) != 0) &&
2016 			    (errno != ENOENT)) {
2017 				pkgerr_add(err, PKGERR_WRITE,
2018 				    gettext(ERR_KEYSTORE_REMOVE),
2019 				    keystore->keypath);
2020 				ret = B_FALSE;
2021 				goto cleanup;
2022 			}
2023 		}
2024 
2025 		/* do user certs next */
2026 		if (keystore->clcerts != NULL) {
2027 			p12 = sunw_PKCS12_create(passbuf, NULL,
2028 			    keystore->clcerts, NULL);
2029 
2030 			if (p12 == NULL) {
2031 				pkgerr_add(err, PKGERR_WRITE,
2032 				    gettext(ERR_KEYSTORE_FORM),
2033 				    keystore->clpath);
2034 				ret = B_FALSE;
2035 				goto cleanup;
2036 			}
2037 
2038 			if (!write_keystore_file(err, keystore->clpath, p12)) {
2039 				pkgerr_add(err, PKGERR_WRITE,
2040 				    gettext(ERR_KEYSTORE_WRITE),
2041 				    keystore->clpath);
2042 				ret = B_FALSE;
2043 				goto cleanup;
2044 			}
2045 
2046 			PKCS12_free(p12);
2047 		} else {
2048 			if ((remove(keystore->clpath) != 0) &&
2049 			    (errno != ENOENT)) {
2050 				pkgerr_add(err, PKGERR_WRITE,
2051 				    gettext(ERR_KEYSTORE_REMOVE),
2052 				    keystore->clpath);
2053 				ret = B_FALSE;
2054 				goto cleanup;
2055 			}
2056 		}
2057 
2058 
2059 		/* finally do CA cert file */
2060 		if (keystore->cacerts != NULL) {
2061 			p12 = sunw_PKCS12_create(passbuf, NULL,
2062 			    NULL, keystore->cacerts);
2063 
2064 			if (p12 == NULL) {
2065 				pkgerr_add(err, PKGERR_WRITE,
2066 				    gettext(ERR_KEYSTORE_FORM),
2067 				    keystore->capath);
2068 				ret = B_FALSE;
2069 				goto cleanup;
2070 			}
2071 
2072 			if (!write_keystore_file(err, keystore->capath, p12)) {
2073 				pkgerr_add(err, PKGERR_WRITE,
2074 				    gettext(ERR_KEYSTORE_WRITE),
2075 				    keystore->capath);
2076 				ret = B_FALSE;
2077 				goto cleanup;
2078 			}
2079 
2080 			PKCS12_free(p12);
2081 			p12 = NULL;
2082 		} else {
2083 			/*
2084 			 * nothing to write out, so truncate the file
2085 			 * (it will be deleted during close_keystore)
2086 			 */
2087 			if (!clear_keystore_file(err, keystore->capath)) {
2088 				pkgerr_add(err, PKGERR_WRITE,
2089 				    gettext(ERR_KEYSTORE_WRITE),
2090 				    keystore->capath);
2091 				ret = B_FALSE;
2092 				goto cleanup;
2093 			}
2094 		}
2095 	}
2096 
2097 cleanup:
2098 	if (p12 != NULL)
2099 		PKCS12_free(p12);
2100 
2101 	return (ret);
2102 }
2103 
2104 /*
2105  * clear_keystore_file - Clears (zeros out) a keystore file.
2106  *
2107  * Arguments:
2108  * err - Error object to add errors to
2109  * dest - Path of keystore file to zero out.
2110  * Returns:
2111  *   0 - Success - Keystore file is truncated to zero length
2112  * non-zero - Failure, errors and reasons recorded in err
2113  */
2114 static boolean_t
2115 clear_keystore_file(PKG_ERR *err, char *dest)
2116 {
2117 	int fd;
2118 	struct stat buf;
2119 
2120 	fd = open(dest, O_RDWR|O_NONBLOCK);
2121 	if (fd == -1) {
2122 		/* can't open for writing */
2123 		pkgerr_add(err, PKGERR_WRITE, gettext(MSG_OPEN),
2124 		    errno);
2125 		return (B_FALSE);
2126 	}
2127 
2128 	if ((fstat(fd, &buf) == -1) || !S_ISREG(buf.st_mode)) {
2129 		/* not a regular file */
2130 		(void) close(fd);
2131 		pkgerr_add(err, PKGERR_WRITE, gettext(ERR_NOT_REG),
2132 		    dest);
2133 		return (B_FALSE);
2134 	}
2135 
2136 	if (ftruncate(fd, 0) == -1) {
2137 		(void) close(fd);
2138 		pkgerr_add(err, PKGERR_WRITE, gettext(ERR_WRITE),
2139 		    dest, strerror(errno));
2140 		return (B_FALSE);
2141 	}
2142 
2143 	(void) close(fd);
2144 	return (B_TRUE);
2145 }
2146 
2147 /*
2148  * write_keystore_file - Writes keystore file to disk.
2149  *
2150  * Keystore files can possibly be corrupted by a variety
2151  * of error conditions during reading/writing.  This
2152  * routine, along with restore_keystore_file, tries to
2153  * maintain keystore integity by writing the files
2154  * out in a particular order, minimizing the time period
2155  * that the keystore is in an indeterminate state.
2156  *
2157  * With the current implementation, there are some failures
2158  * that are wholly unrecoverable, such as disk corruption.
2159  * These routines attempt to minimize the risk, but not
2160  * eliminate it.  When better, atomic operations are available
2161  * (such as a true database with commit, rollback, and
2162  * guaranteed atomicity), this implementation should use that.
2163  *
2164  *
2165  * Arguments:
2166  * err - Error object to add errors to
2167  * dest - Destination filename
2168  * contents - Contents to write to the file
2169  * Returns:
2170  *   0 - Success - Keystore contents are written out to
2171  *   the destination.
2172  * non-zero - Failure, errors and reasons recorded in err
2173  */
2174 static boolean_t
2175 write_keystore_file(PKG_ERR *err, char *dest, PKCS12 *contents)
2176 {
2177 	FILE	*newfile = NULL;
2178 	boolean_t	ret = B_TRUE;
2179 	char	newpath[MAXPATHLEN];
2180 	char	backuppath[MAXPATHLEN];
2181 	struct stat buf;
2182 	int fd;
2183 
2184 	(void) snprintf(newpath, MAXPATHLEN, "%s.new", dest);
2185 	(void) snprintf(backuppath, MAXPATHLEN, "%s.bak", dest);
2186 
2187 	if ((fd = open(newpath, O_CREAT|O_EXCL|O_WRONLY|O_NONBLOCK,
2188 	    S_IRUSR|S_IWUSR)) == -1) {
2189 		pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN),
2190 		    newpath, strerror(errno));
2191 		ret = B_FALSE;
2192 		goto cleanup;
2193 	}
2194 
2195 	if (fstat(fd, &buf) == -1) {
2196 		pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN),
2197 		    newpath, strerror(errno));
2198 		ret = B_FALSE;
2199 		goto cleanup;
2200 	}
2201 
2202 	if (!S_ISREG(buf.st_mode)) {
2203 		pkgerr_add(err, PKGERR_READ, gettext(ERR_NOT_REG),
2204 		    newpath);
2205 		ret = B_FALSE;
2206 		goto cleanup;
2207 	}
2208 
2209 	if ((newfile = fdopen(fd, "w")) == NULL) {
2210 		pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN),
2211 		    newpath, strerror(errno));
2212 		ret = B_FALSE;
2213 		goto cleanup;
2214 	}
2215 
2216 	if (i2d_PKCS12_fp(newfile, contents) == 0) {
2217 		pkgerr_add(err, PKGERR_WRITE, gettext(ERR_KEYSTORE_WRITE),
2218 		    newpath);
2219 		ret = B_FALSE;
2220 		goto cleanup;
2221 	}
2222 
2223 	/* flush, then close */
2224 	(void) fflush(newfile);
2225 	(void) fclose(newfile);
2226 	newfile = NULL;
2227 
2228 	/* now back up the original file */
2229 	(void) rename(dest, backuppath);
2230 
2231 	/* put new one in its place */
2232 	(void) rename(newpath, dest);
2233 
2234 	/* remove backup */
2235 	(void) remove(backuppath);
2236 
2237 cleanup:
2238 	if (newfile != NULL)
2239 		(void) fclose(newfile);
2240 	if (fd != -1)
2241 		(void) close(fd);
2242 
2243 	return (ret);
2244 }
2245 
2246 /*
2247  * read_keystore_file - Reads single keystore file
2248  * off disk in PKCS12 format.
2249  *
2250  * Arguments:
2251  * err - Error object to add errors to
2252  * file - File path to read
2253  * Returns:
2254  *   PKCS12 contents of file, or NULL if an error occurred.
2255  *   errors recorded in 'err'.
2256  */
2257 static PKCS12
2258 *read_keystore_file(PKG_ERR *err, char *file)
2259 {
2260 	int fd;
2261 	struct stat buf;
2262 	FILE *newfile;
2263 	PKCS12 *p12 = NULL;
2264 
2265 	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
2266 		pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN),
2267 		    file, strerror(errno));
2268 		goto cleanup;
2269 	}
2270 
2271 	if (fstat(fd, &buf) == -1) {
2272 		pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN),
2273 		    file, strerror(errno));
2274 		goto cleanup;
2275 	}
2276 
2277 	if (!S_ISREG(buf.st_mode)) {
2278 		pkgerr_add(err, PKGERR_READ, gettext(ERR_NOT_REG),
2279 		    file);
2280 		goto cleanup;
2281 	}
2282 
2283 	if ((newfile = fdopen(fd, "r")) == NULL) {
2284 		pkgerr_add(err, PKGERR_READ, gettext(ERR_KEYSTORE_OPEN),
2285 		    file, strerror(errno));
2286 		goto cleanup;
2287 	}
2288 
2289 	if ((p12 = d2i_PKCS12_fp(newfile, NULL)) == NULL) {
2290 		pkgerr_add(err, PKGERR_CORRUPT,
2291 		    gettext(ERR_KEYSTORE_CORRUPT), file);
2292 		goto cleanup;
2293 	}
2294 
2295 cleanup:
2296 	if (newfile != NULL)
2297 		(void) fclose(newfile);
2298 	if (fd != -1)
2299 		(void) close(fd);
2300 
2301 	return (p12);
2302 }
2303 
2304 
2305 /*
2306  * Locks the specified file.
2307  */
2308 static int
2309 file_lock(int fd, int type, int wait)
2310 {
2311 	struct flock lock;
2312 
2313 	lock.l_type = type;
2314 	lock.l_start = 0;
2315 	lock.l_whence = SEEK_SET;
2316 	lock.l_len = 0;
2317 
2318 	if (!wait) {
2319 		if (file_lock_test(fd, type)) {
2320 			/*
2321 			 * The caller would have to wait to get the
2322 			 * lock on this file.
2323 			 */
2324 			return (-1);
2325 		}
2326 	}
2327 
2328 	return (fcntl(fd, F_SETLKW, &lock));
2329 }
2330 
2331 /*
2332  * Returns FALSE if the file is not locked; TRUE
2333  * otherwise.
2334  */
2335 static boolean_t
2336 file_lock_test(int fd, int type)
2337 {
2338 	struct flock lock;
2339 
2340 	lock.l_type = type;
2341 	lock.l_start = 0;
2342 	lock.l_whence = SEEK_SET;
2343 	lock.l_len = 0;
2344 
2345 	if (fcntl(fd, F_GETLK, &lock) != -1) {
2346 		if (lock.l_type != F_UNLCK) {
2347 			/*
2348 			 * The caller would have to wait to get the
2349 			 * lock on this file.
2350 			 */
2351 			return (B_TRUE);
2352 		}
2353 	}
2354 
2355 	/*
2356 	 * The file is not locked.
2357 	 */
2358 	return (B_FALSE);
2359 }
2360 
2361 /*
2362  * Unlocks the specified file.
2363  */
2364 static int
2365 file_unlock(int fd)
2366 {
2367 	struct flock lock;
2368 
2369 	lock.l_type = F_UNLCK;
2370 	lock.l_start = 0;
2371 	lock.l_whence = SEEK_SET;
2372 	lock.l_len = 0;
2373 
2374 	return (fcntl(fd, F_SETLK, &lock));
2375 }
2376 
2377 /*
2378  * Determines if file has a length of 0 or not
2379  */
2380 static boolean_t
2381 file_empty(char *path)
2382 {
2383 	struct stat	buf;
2384 
2385 	/* file is empty if size = 0 or it doesn't exist */
2386 	if (lstat(path, &buf) == 0) {
2387 		if (buf.st_size == 0) {
2388 			return (B_TRUE);
2389 		}
2390 	} else {
2391 		if (errno == ENOENT) {
2392 			return (B_TRUE);
2393 		}
2394 	}
2395 
2396 	return (B_FALSE);
2397 }
2398 
2399 /*
2400  * Name:		get_time_string
2401  * Description:	Generates a human-readable string from an ASN1_TIME
2402  *
2403  * Arguments:	intime - The time to convert
2404  *
2405  * Returns :	A pointer to a static string representing the passed-in time.
2406  */
2407 static char
2408 *get_time_string(ASN1_TIME *intime)
2409 {
2410 
2411 	static char	time[ATTR_MAX];
2412 	BIO		*mem;
2413 	char	*p;
2414 
2415 	if (intime == NULL) {
2416 		return (NULL);
2417 	}
2418 	if ((mem = BIO_new(BIO_s_mem())) == NULL) {
2419 		return (NULL);
2420 	}
2421 
2422 	if (ASN1_TIME_print(mem, intime) == 0) {
2423 		(void) BIO_free(mem);
2424 		return (NULL);
2425 	}
2426 
2427 	if (BIO_gets(mem, time, ATTR_MAX) <= 0) {
2428 		(void) BIO_free(mem);
2429 		return (NULL);
2430 	}
2431 
2432 	(void) BIO_free(mem);
2433 
2434 	/* trim the end of the string */
2435 	for (p = time + strlen(time) - 1; isspace(*p); p--) {
2436 		*p = '\0';
2437 	}
2438 
2439 	return (time);
2440 }
2441 
2442 /*
2443  * check_password - do various password checks to see if the current password
2444  *                  will work or we need to prompt for a new one.
2445  *
2446  * Arguments:
2447  *   pass   - password to check
2448  *
2449  * Returns:
2450  *   B_TRUE  - Password is OK.
2451  *   B_FALSE - Password not valid.
2452  */
2453 static boolean_t
2454 check_password(PKCS12 *p12, char *pass)
2455 {
2456 	boolean_t ret = B_TRUE;
2457 
2458 	/*
2459 	 * If password is zero length or NULL then try verifying both cases
2460 	 * to determine which password is correct. The reason for this is that
2461 	 * under PKCS#12 password based encryption no password and a zero
2462 	 * length password are two different things...
2463 	 */
2464 
2465 	/* Check the mac */
2466 	if (pass == NULL || *pass == '\0') {
2467 		if (PKCS12_verify_mac(p12, NULL, 0) == 0 &&
2468 		    PKCS12_verify_mac(p12, "", 0) == 0)
2469 			ret = B_FALSE;
2470 	} else if (PKCS12_verify_mac(p12, pass, -1) == 0) {
2471 		ret = B_FALSE;
2472 	}
2473 	return (ret);
2474 }
2475