xref: /titanic_51/usr/src/lib/libpkg/common/keystore.h (revision 4a8d0ea71c9a4e51c6a916a083ced6b499eb207f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _KEYSTORE_H
28 #define	_KEYSTORE_H
29 
30 
31 /*
32  * Module:	keystore.h
33  * Description:	This module contains the structure definitions for processing
34  *		package keystore files.
35  */
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 #include <openssl/evp.h>
42 #include <openssl/x509.h>
43 #include "pkgerr.h"
44 
45 /* keystore structures */
46 
47 /* this opaque type represents a keystore */
48 typedef void *keystore_handle_t;
49 
50 /* flags passed to open_keystore */
51 
52 /* opens keystore read-only.  Attempts to modify results in an error */
53 #define	KEYSTORE_ACCESS_READONLY	0x00000001L
54 
55 /* opens keystore read-write */
56 #define	KEYSTORE_ACCESS_READWRITE	0x00000002L
57 
58 /*
59  * tells open_keystore to fall back to app-generic paths in the case that
60  * the app-specific paths do not exist.
61  */
62 #define	KEYSTORE_PATH_SOFT		0x00000010L
63 
64 /*
65  * tells open_keystore to use the app-specific paths no matter what,
66  * failing if they cannot be used for any reason.
67  */
68 #define	KEYSTORE_PATH_HARD		0x00000020L
69 
70 /* masks off various types of flags */
71 #define	KEYSTORE_ACCESS_MASK		0x0000000FL
72 #define	KEYSTORE_PATH_MASK		0x000000F0L
73 
74 /* default is read-only, soft */
75 #define	KEYSTORE_DFLT_FLAGS \
76 		(KEYSTORE_ACCESS_READONLY|KEYSTORE_PATH_SOFT)
77 
78 /*
79  * possible encoding formats used by the library, used
80  * by print_cert
81  */
82 typedef enum {
83 	KEYSTORE_FORMAT_PEM,
84 	KEYSTORE_FORMAT_DER,
85 	KEYSTORE_FORMAT_TEXT
86 } keystore_encoding_format_t;
87 
88 /*
89  * structure passed back to password callback for determining how
90  * to prompt for passphrase, and where to record errors
91  */
92 typedef struct {
93 	PKG_ERR	*err;
94 } keystore_passphrase_data;
95 
96 
97 /* max length of a passphrase.  One could use a short story! */
98 #define	KEYSTORE_PASS_MAX	1024
99 
100 /* callback for collecting passphrase when open_keystore() is called */
101 typedef int keystore_passphrase_cb(char *, int, int, void *);
102 
103 /* names of the individual files within the keystore path */
104 #define	TRUSTSTORE		"truststore"
105 #define	KEYSTORE		"keystore"
106 #define	CERTSTORE		"certstore"
107 
108 /* keystore.c */
109 extern int		open_keystore(PKG_ERR *, char *, char *,
110     keystore_passphrase_cb, long flags, keystore_handle_t *);
111 
112 extern int		print_certs(PKG_ERR *, keystore_handle_t, char *,
113     keystore_encoding_format_t, FILE *);
114 
115 extern int		check_cert(PKG_ERR *, X509 *);
116 
117 extern int		check_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *);
118 
119 extern int		print_cert(PKG_ERR *, X509 *,
120     keystore_encoding_format_t, char *, boolean_t, FILE *);
121 
122 extern int		close_keystore(PKG_ERR *, keystore_handle_t,
123     keystore_passphrase_cb);
124 
125 extern int		merge_ca_cert(PKG_ERR *, X509 *, keystore_handle_t);
126 extern int		merge_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *,
127     char *, keystore_handle_t);
128 
129 extern int		delete_cert_and_keys(PKG_ERR *, keystore_handle_t,
130     char *);
131 
132 extern int		find_key_cert_pair(PKG_ERR *, keystore_handle_t,
133     char *, EVP_PKEY **, X509 **);
134 
135 extern int		find_ca_certs(PKG_ERR *, keystore_handle_t,
136     STACK_OF(X509) **);
137 
138 extern int		find_cl_certs(PKG_ERR *, keystore_handle_t,
139     STACK_OF(X509) **);
140 
141 #ifdef __cplusplus
142 }
143 #endif
144 
145 #endif /* _KEYSTORE_H */
146