PageRenderTime 33ms CodeModel.GetById 29ms RepoModel.GetById 0ms app.codeStats 1ms

/usr/src/suites/security/kmf/lib/libkmf_test_util.c

https://bitbucket.org/illumos/illumos-stc
C | 3916 lines | 2903 code | 439 blank | 574 comment | 784 complexity | 09c9f60ae64fecbc321af5c5a0a72e9e MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception

Large files files are truncated, but you can click here to view the full file

  1. /*
  2. * CDDL HEADER START
  3. *
  4. * The contents of this file are subject to the terms of the
  5. * Common Development and Distribution License (the "License").
  6. * You may not use this file except in compliance with the License.
  7. *
  8. * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  9. * or http://www.opensolaris.org/os/licensing.
  10. * See the License for the specific language governing permissions
  11. * and limitations under the License.
  12. *
  13. * When distributing Covered Code, include this CDDL HEADER in each
  14. * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15. * If applicable, add the following below this CDDL HEADER, with the
  16. * fields enclosed by brackets "[]" replaced with your own identifying
  17. * information: Portions Copyright [yyyy] [name of copyright owner]
  18. *
  19. * CDDL HEADER END
  20. */
  21. /*
  22. * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
  23. * Use is subject to license terms.
  24. */
  25. #include <stdio.h>
  26. #include "kmf_test_util.h"
  27. #include <unistd.h>
  28. #include <sys/stat.h>
  29. #include <fcntl.h>
  30. #include <string.h>
  31. #include <errno.h>
  32. extern int errno;
  33. static char *softtoken_dir = NULL;
  34. /*
  35. *
  36. * Name: kmf_rvtostr
  37. *
  38. * Description:
  39. * convert KMF API return codes to readable string
  40. *
  41. * Parameter:
  42. * type(input): KMF API return code
  43. *
  44. * Return:
  45. * readable string
  46. *
  47. */
  48. char *
  49. kmf_rvtostr(KMF_RETURN type)
  50. {
  51. static char primbuf[80];
  52. switch (type) {
  53. case KMF_OK:
  54. return ("KMF_OK");
  55. case KMF_ERR_BAD_PARAMETER:
  56. return ("KMF_ERR_BAD_PARAMETER");
  57. case KMF_ERR_BAD_KEY_FORMAT:
  58. return ("KMF_ERR_BAD_KEY_FORMAT");
  59. case KMF_ERR_BAD_ALGORITHM:
  60. return ("KMF_ERR_BAD_ALGORITHM");
  61. case KMF_ERR_MEMORY:
  62. return ("KMF_ERR_MEMORY");
  63. case KMF_ERR_ENCODING:
  64. return ("KMF_ERR_ENCODING");
  65. case KMF_ERR_PLUGIN_INIT:
  66. return ("KMF_ERR_PLUGIN_INIT");
  67. case KMF_ERR_PLUGIN_NOTFOUND:
  68. return ("KMF_ERR_PLUGIN_NOTFOUND");
  69. case KMF_ERR_INTERNAL:
  70. return ("KMF_ERR_INTERNAL");
  71. case KMF_ERR_BAD_CERT_FORMAT:
  72. return ("KMF_ERR_BAD_CERT_FORMAT");
  73. case KMF_ERR_KEYGEN_FAILED:
  74. return ("KMF_ERR_KEYGEN_FAILED");
  75. case KMF_ERR_UNINITIALIZED:
  76. return ("KMF_ERR_UNINITIALIZED");
  77. case KMF_ERR_ISSUER:
  78. return ("KMF_ERR_ISSUER");
  79. case KMF_ERR_NOT_REVOKED:
  80. return ("KMF_ERR_NOT_REVOKED");
  81. case KMF_ERR_CERT_NOT_FOUND:
  82. return ("KMF_ERR_CERT_NOT_FOUND");
  83. case KMF_ERR_CRL_NOT_FOUND:
  84. return ("KMF_ERR_CRL_NOT_FOUND");
  85. case KMF_ERR_RDN_PARSER:
  86. return ("KMF_ERR_RDN_PARSER");
  87. case KMF_ERR_RDN_ATTR:
  88. return ("KMF_ERR_RDN_ATTR");
  89. case KMF_ERR_SLOTNAME:
  90. return ("KMF_ERR_SLOTNAME");
  91. case KMF_ERR_EMPTY_CRL:
  92. return ("KMF_ERR_EMPTY_CRL");
  93. case KMF_ERR_AUTH_FAILED:
  94. return ("KMF_ERR_AUTH_FAILED");
  95. case KMF_ERR_TOKEN_SELECTED:
  96. return ("KMF_ERR_TOKEN_SELECTED");
  97. case KMF_ERR_NO_TOKEN_SELECTED:
  98. return ("KMF_ERR_NO_TOKEN_SELECTED");
  99. case KMF_ERR_TOKEN_NOT_PRESENT:
  100. return ("KMF_ERR_TOKEN_NOT_PRESENT");
  101. case KMF_ERR_EXTENSION_NOT_FOUND:
  102. return ("KMF_ERR_EXTENSION_NOT_FOUND");
  103. case KMF_ERR_POLICY_ENGINE:
  104. return ("KMF_ERR_POLICY_ENGINE");
  105. case KMF_ERR_POLICY_DB_FORMAT:
  106. return ("KMF_ERR_POLICY_DB_FORMAT");
  107. case KMF_ERR_POLICY_NOT_FOUND:
  108. return ("KMF_ERR_POLICY_NOT_FOUND");
  109. case KMF_ERR_POLICY_DB_FILE:
  110. return ("KMF_ERR_POLICY_DB_FILE");
  111. case KMF_ERR_POLICY_NAME:
  112. return ("KMF_ERR_POLICY_NAME");
  113. case KMF_ERR_OCSP_POLICY:
  114. return ("KMF_ERR_OCSP_POLICY");
  115. case KMF_ERR_TA_POLICY:
  116. return ("KMF_ERR_TA_POLICY");
  117. case KMF_ERR_KEY_NOT_FOUND:
  118. return ("KMF_ERR_KEY_NOT_FOUND");
  119. case KMF_ERR_OPEN_FILE:
  120. return ("KMF_ERR_OPEN_FILE");
  121. case KMF_ERR_OCSP_BAD_ISSUER:
  122. return ("KMF_ERR_OCSP_BAD_ISSUER");
  123. case KMF_ERR_OCSP_BAD_CERT:
  124. return ("KMF_ERR_OCSP_BAD_CERT");
  125. case KMF_ERR_OCSP_CREATE_REQUEST:
  126. return ("KMF_ERR_OCSP_CREATE_REQUEST");
  127. case KMF_ERR_CONNECT_SERVER:
  128. return ("KMF_ERR_CONNECT_SERVER");
  129. case KMF_ERR_SEND_REQUEST:
  130. return ("KMF_ERR_SEND_REQUEST");
  131. case KMF_ERR_OCSP_CERTID:
  132. return ("KMF_ERR_OCSP_CERTID");
  133. case KMF_ERR_OCSP_MALFORMED_RESPONSE:
  134. return ("KMF_ERR_OCSP_MALFORMED_RESPONSE");
  135. case KMF_ERR_OCSP_RESPONSE_STATUS:
  136. return ("KMF_ERR_OCSP_RESPONSE_STATUS");
  137. case KMF_ERR_OCSP_NO_BASIC_RESPONSE:
  138. return ("KMF_ERR_OCSP_NO_BASIC_RESPONSE");
  139. case KMF_ERR_OCSP_BAD_SIGNER:
  140. return ("KMF_ERR_OCSP_BAD_SIGNER");
  141. case KMF_ERR_OCSP_RESPONSE_SIGNATURE:
  142. return ("KMF_ERR_OCSP_RESPONSE_SIGNATURE");
  143. case KMF_ERR_OCSP_UNKNOWN_CERT:
  144. return ("KMF_ERR_OCSP_UNKNOWN_CERT");
  145. case KMF_ERR_OCSP_STATUS_TIME_INVALID:
  146. return ("KMF_ERR_OCSP_STATUS_TIME_INVALID");
  147. case KMF_ERR_BAD_HTTP_RESPONSE:
  148. return ("KMF_ERR_BAD_HTTP_RESPONSE");
  149. case KMF_ERR_RECV_RESPONSE:
  150. return ("KMF_ERR_RECV_RESPONSE");
  151. case KMF_ERR_RECV_TIMEOUT:
  152. return ("KMF_ERR_RECV_TIMEOUT");
  153. case KMF_ERR_DUPLICATE_KEYFILE:
  154. return ("KMF_ERR_DUPLICATE_KEYFILE");
  155. case KMF_ERR_AMBIGUOUS_PATHNAME:
  156. return ("KMF_ERR_AMBIGUOUS_PATHNAME");
  157. case KMF_ERR_FUNCTION_NOT_FOUND:
  158. return ("KMF_ERR_FUNCTION_NOT_FOUND");
  159. case KMF_ERR_PKCS12_FORMAT:
  160. return ("KMF_ERR_PKCS12_FORMAT");
  161. case KMF_ERR_BAD_KEY_TYPE:
  162. return ("KMF_ERR_BAD_KEY_TYPE");
  163. case KMF_ERR_BAD_KEY_CLASS:
  164. return ("KMF_ERR_BAD_KEY_CLASS");
  165. case KMF_ERR_BAD_KEY_SIZE:
  166. return ("KMF_ERR_BAD_KEY_SIZE");
  167. case KMF_ERR_BAD_HEX_STRING:
  168. return ("KMF_ERR_BAD_HEX_STRING");
  169. case KMF_ERR_KEYUSAGE:
  170. return ("KMF_ERR_KEYUSAGE");
  171. case KMF_ERR_VALIDITY_PERIOD:
  172. return ("KMF_ERR_VALIDITY_PERIOD");
  173. case KMF_ERR_OCSP_REVOKED:
  174. return ("KMF_ERR_OCSP_REVOKED");
  175. case KMF_ERR_CERT_MULTIPLE_FOUND:
  176. return ("KMF_ERR_CERT_MULTIPLE_FOUND");
  177. case KMF_ERR_WRITE_FILE:
  178. return ("KMF_ERR_WRITE_FILE");
  179. case KMF_ERR_BAD_URI:
  180. return ("KMF_ERR_BAD_URI");
  181. case KMF_ERR_BAD_CRLFILE:
  182. return ("KMF_ERR_BAD_CRLFILE");
  183. case KMF_ERR_BAD_CERTFILE:
  184. return ("KMF_ERR_BAD_CERTFILE");
  185. case KMF_ERR_GETKEYVALUE_FAILED:
  186. return ("KMF_ERR_GETKEYVALUE_FAILED");
  187. case KMF_ERR_BAD_KEYHANDLE:
  188. return ("KMF_ERR_BAD_KEYHANDLE");
  189. case KMF_ERR_UNINITIALIZED_TOKEN:
  190. return ("KMF_ERR_UNINITIALIZED_TOKEN");
  191. case KMF_ERR_BUFFER_SIZE:
  192. return ("KMF_ERR_BUFFER_SIZE");
  193. default:
  194. (void) snprintf(primbuf, sizeof (primbuf),
  195. "unknown return type %02x", type);
  196. return (primbuf);
  197. }
  198. }
  199. /*
  200. *
  201. * Name: compare_result
  202. *
  203. * Description:
  204. * Compare the return value with the expected one
  205. *
  206. * Parameters:
  207. * rv(input): return value
  208. * exp_rv(input): expected return value
  209. *
  210. * Returns:
  211. * 0: rv equals exp_rv
  212. * 1: rv doesn't equal exp_rv
  213. *
  214. */
  215. int
  216. compare_result(KMF_RETURN rv, KMF_RETURN exp_rv)
  217. {
  218. int ret = 0;
  219. if (rv != exp_rv) {
  220. (void) jnl_printf("Expected value: 0x%02x (%s)\n",
  221. exp_rv, kmf_rvtostr(exp_rv));
  222. (void) jnl_printf("Return value: 0x%02x (%s)\n", rv,
  223. kmf_rvtostr(rv));
  224. (void) jnl_printf("%s\n", result_tbl[STF_FAIL]);
  225. ret = 1;
  226. }
  227. else
  228. (void) jnl_printf("%s\n", result_tbl[STF_PASS]);
  229. return (ret);
  230. }
  231. /*
  232. *
  233. * Name: limit_heap
  234. *
  235. * Description:
  236. * Limit the heap size, get the original heap size
  237. *
  238. * Parameter:
  239. * prl_orig(output): contains the original heap size
  240. *
  241. * Returns:
  242. * 0: successful
  243. * 1: failed to get the original heap size
  244. * 2: failed to limit the heap size
  245. *
  246. */
  247. int
  248. limit_heap(struct rlimit *prl_orig)
  249. {
  250. struct rlimit rl_old, rl_new;
  251. if ((getrlimit(RLIMIT_DATA, &rl_old)) != 0) {
  252. (void) jnl_printf("Failed to get the original heap size");
  253. return (1);
  254. }
  255. rl_new.rlim_cur = KMF_HEAP_SIZE;
  256. rl_new.rlim_max = rl_old.rlim_max;
  257. if ((setrlimit(RLIMIT_DATA, &rl_new)) != 0) {
  258. (void) jnl_printf("Failed to limit the heap size");
  259. return (2);
  260. }
  261. *prl_orig = rl_old;
  262. return (0);
  263. }
  264. /*
  265. *
  266. * Name: restore_heap
  267. *
  268. * Description:
  269. * Restore the heap size
  270. *
  271. * Parameter:
  272. * prl_orig(input): the original heap size
  273. *
  274. */
  275. void
  276. restore_heap(struct rlimit *prl_orig)
  277. {
  278. if ((setrlimit(RLIMIT_DATA, prl_orig)) != 0)
  279. (void) jnl_printf("Warning: failed to restore the heap size\n");
  280. }
  281. /*
  282. * Name: print_test
  283. *
  284. * Description:
  285. * print test number, API name and the expected return value
  286. *
  287. * Parameters:
  288. * num(input): test number
  289. * str(input): API name
  290. * exp_ret(input): expected return value
  291. *
  292. */
  293. void
  294. print_test(int num, char *str, KMF_RETURN exp_ret)
  295. {
  296. (void) jnl_printf("\n%3d. %-20s: %-20s\n", num, str,
  297. kmf_rvtostr(exp_ret));
  298. }
  299. /*
  300. *
  301. * Name: use_bad_file
  302. *
  303. * Description:
  304. * backup the original file, create a blank one
  305. *
  306. * Parameters:
  307. * orig(input): original file name
  308. * bak(inpu): backup file name
  309. *
  310. * Returns:
  311. * 0: successful
  312. * 1: failed
  313. *
  314. */
  315. int
  316. use_bad_file(const char *orig, const char *bak)
  317. {
  318. if ((link(orig, bak)) != 0)
  319. (void) jnl_printf("Warning: failed to save %s to %s\n",
  320. orig, bak);
  321. if ((unlink(orig)) != 0) {
  322. (void) jnl_printf("Failed to remove the original file %s\n",
  323. orig);
  324. return (1);
  325. }
  326. if ((creat(orig, 755)) == -1) {
  327. (void) jnl_printf("Failed to create the bad file %s\n", orig);
  328. return (1);
  329. }
  330. return (0);
  331. }
  332. /*
  333. *
  334. * Name: restore_file
  335. *
  336. * Description:
  337. * resotre the original file, remove the backup
  338. *
  339. * Parameters:
  340. * bak(input): backup file name
  341. * orig(input): original file name
  342. *
  343. */
  344. void
  345. restore_file(const char *bak, const char *orig)
  346. {
  347. if ((unlink(orig)) != 0)
  348. (void) jnl_printf("Warning: failed to remove the bad file %s\n",
  349. orig);
  350. if ((link(bak, orig)) != 0)
  351. (void) jnl_printf("Warning: failed to restore %s from %s\n",
  352. orig, bak);
  353. if ((unlink(bak)) != 0)
  354. (void) jnl_printf("Warning: failed to remove "
  355. "the backup file %s\n", bak);
  356. }
  357. /*
  358. *
  359. * Name: kmf_test_initialize
  360. *
  361. * Description:
  362. * Invoke kmf_initialize to initialize KMF API tests
  363. *
  364. * Parameters:
  365. * outhandle(output): KMF handle
  366. * policyname(input): policy name
  367. *
  368. * Returns:
  369. * 0: successful
  370. * 1: failed
  371. *
  372. */
  373. int
  374. kmf_test_initialize(KMF_HANDLE_T *outhandle, char *policyname)
  375. {
  376. KMF_RETURN rv;
  377. int ret = 0;
  378. char envvar[1024];
  379. KMF_CREDENTIAL newpin, oldcred;
  380. KMF_ATTRIBUTE attrlist[8];
  381. KMF_KEYSTORE_TYPE kstype = 0;
  382. int numattr = 0;
  383. softtoken_dir = malloc(1024);
  384. if (softtoken_dir == NULL) {
  385. (void) jnl_printf("Failed to create softtoken directory - "
  386. "out of memory.\n");
  387. return (1);
  388. }
  389. /* Create a temporary softtoken directory for each test. */
  390. (void) snprintf(softtoken_dir, 1024, "/var/tmp/kmftest-%d", getpid());
  391. if (mkdir(softtoken_dir, 0755) == -1) {
  392. (void) jnl_printf("Failed to create softtoken directory "
  393. "%s: %s\n", softtoken_dir, strerror(errno));
  394. free(softtoken_dir);
  395. softtoken_dir = NULL;
  396. return (1);
  397. }
  398. (void) snprintf(envvar, sizeof (envvar),
  399. "SOFTTOKEN_DIR=%s", softtoken_dir);
  400. if (snprintf(softtoken_dir, 1024,
  401. "%s", envvar) != strlen(envvar)) {
  402. (void) jnl_printf("Failed to create SOFTTOKEN_DIR variable - "
  403. "out of memory.\n");
  404. return (1);
  405. }
  406. if (putenv(softtoken_dir) != 0) {
  407. (void) jnl_printf("Failed to create SOFTTOKEN_DIR variable - "
  408. "putenv error.\n");
  409. return (1);
  410. }
  411. if ((rv = kmf_initialize(outhandle, NULL, policyname)) != KMF_OK) {
  412. (void) jnl_printf("kmf_initialize failed with %s\n",
  413. kmf_rvtostr(rv));
  414. ret = 1;
  415. }
  416. kstype = KMF_KEYSTORE_PK11TOKEN;
  417. char *pk11_label = DEFAULT_PK11TOKEN;
  418. boolean_t pk11_readonly = B_FALSE;
  419. numattr = 0;
  420. kmf_set_attr_at_index(attrlist, numattr++, KMF_KEYSTORE_TYPE_ATTR,
  421. &kstype, sizeof (KMF_KEYSTORE_TYPE));
  422. kmf_set_attr_at_index(attrlist, numattr++, KMF_TOKEN_LABEL_ATTR,
  423. pk11_label, strlen(pk11_label));
  424. kmf_set_attr_at_index(attrlist, numattr++, KMF_READONLY_ATTR,
  425. &pk11_readonly, sizeof (boolean_t));
  426. /*
  427. * Configure handle for PKCS#11 use.
  428. */
  429. rv = kmf_configure_keystore(*outhandle, numattr, attrlist);
  430. numattr = 0;
  431. if (rv != KMF_OK && rv != KMF_ERR_TOKEN_SELECTED) {
  432. (void) jnl_printf("Error configure PKCS#11: %s\n",
  433. kmf_rvtostr(rv));
  434. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  435. ret = 1;
  436. goto out;
  437. }
  438. /* Initialize the token pin for the PKCS#11 token */
  439. newpin.cred = strdup(DEFAULT_PASSWORD);
  440. newpin.credlen = strlen(newpin.cred);
  441. oldcred.cred = "changeme";
  442. oldcred.credlen = strlen(oldcred.cred);
  443. numattr = 0;
  444. numattr = set_setpin_params(attrlist,
  445. &kstype, DEFAULT_PK11TOKEN, &oldcred);
  446. kmf_set_attr_at_index(attrlist, numattr++, KMF_NEWPIN_ATTR,
  447. &newpin, sizeof (newpin));
  448. rv = kmf_set_token_pin(*outhandle, numattr, attrlist);
  449. if (rv != KMF_OK) {
  450. (void) jnl_printf("Error initializing PKCS#11 token pin: %s\n",
  451. kmf_rvtostr(rv));
  452. ret = 1;
  453. goto out;
  454. }
  455. /*
  456. * Initialize the NSS token pin for each test.
  457. */
  458. numattr = 0;
  459. kstype = KMF_KEYSTORE_NSS;
  460. char *nssdir = getenv("SOFTTOKEN_DIR");
  461. kmf_set_attr_at_index(attrlist, numattr++, KMF_KEYSTORE_TYPE_ATTR,
  462. &kstype, sizeof (KMF_KEYSTORE_TYPE));
  463. kmf_set_attr_at_index(attrlist, numattr++, KMF_DIRPATH_ATTR,
  464. nssdir, strlen(nssdir));
  465. /*
  466. * Configure handle for NSS use.
  467. */
  468. rv = kmf_configure_keystore(*outhandle, numattr, attrlist);
  469. numattr = 0;
  470. if (rv != KMF_OK && rv != KMF_KEYSTORE_ALREADY_INITIALIZED) {
  471. jnl_printf("kmf_configure_keystore (nss) failed "
  472. "with %s", kmf_rvtostr(rv));
  473. jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  474. ret = 1;
  475. goto out;
  476. }
  477. oldcred.cred = DEFAULT_PASSWORD;
  478. oldcred.credlen = strlen(oldcred.cred);
  479. kstype = KMF_KEYSTORE_NSS;
  480. numattr = set_setpin_params(attrlist, &kstype,
  481. DEFAULT_NSSLABEL, &oldcred);
  482. kmf_set_attr_at_index(attrlist, numattr, KMF_NEWPIN_ATTR,
  483. &newpin, sizeof (newpin));
  484. numattr++;
  485. rv = kmf_set_token_pin(*outhandle, numattr, attrlist);
  486. if (rv != KMF_OK) {
  487. (void) jnl_printf("Error initializing NSS token pin: %s\n",
  488. kmf_rvtostr(rv));
  489. }
  490. free(newpin.cred);
  491. out:
  492. return (ret);
  493. }
  494. /*
  495. *
  496. * Name: kmf_test_finalize
  497. *
  498. * Description:
  499. * Invoke kmf_finalize to finalize KMF API tests
  500. *
  501. * Parameter:
  502. * handle(input): KMF handle
  503. *
  504. */
  505. void
  506. kmf_test_finalize(KMF_HANDLE_T handle)
  507. {
  508. KMF_RETURN rv;
  509. char syscmd[2048];
  510. if ((rv = kmf_finalize(handle)) != KMF_OK) {
  511. (void) jnl_printf("Warning: kmf_finalize failed with %s\n",
  512. kmf_rvtostr(rv));
  513. }
  514. /* cleanup NSS databases so the next test is clean */
  515. (void) unlink("cert8.db");
  516. (void) unlink("key3.db");
  517. (void) unlink("secmod.db");
  518. (void) unlink("prikey.der");
  519. /* cleanup the temporary softtoken directory */
  520. if (getenv("SOFTTOKEN_DIR")) {
  521. (void) snprintf(syscmd, sizeof (syscmd), "/bin/rm -rf %s",
  522. getenv("SOFTTOKEN_DIR"));
  523. (void) system(syscmd);
  524. }
  525. if (softtoken_dir)
  526. free(softtoken_dir);
  527. softtoken_dir = NULL;
  528. }
  529. int
  530. test_malloc(const char *p)
  531. {
  532. char *tmp = NULL;
  533. tmp = strdup(p);
  534. if (tmp == NULL) {
  535. (void) jnl_printf("Malloc failed");
  536. return (0);
  537. } else {
  538. free(tmp);
  539. return (1);
  540. }
  541. }
  542. /*
  543. * Name: set_createkeypair_params
  544. *
  545. * Description:
  546. * Set KMF_CREATEKEYPAIR_PARAMS
  547. *
  548. * Parameter:
  549. * params: parameter to be set
  550. * kstype: keystore type
  551. * keytype: key type
  552. * keylength: key length
  553. * password: password for keystore
  554. *
  555. * Returns:
  556. * 1: failed
  557. * 0: succussful
  558. *
  559. */
  560. int
  561. set_createkeypair_params(KMF_CREATEKEYPAIR_PARAMS *params,
  562. KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
  563. char *password)
  564. {
  565. int ret = 0;
  566. if (params == NULL) {
  567. ret = 1;
  568. goto out;
  569. }
  570. (void) memset(params, 0, sizeof (KMF_CREATEKEYPAIR_PARAMS));
  571. params->kstype = kstype;
  572. params->keytype = keytype;
  573. params->keylength = keylength;
  574. params->keylabel = strdup(KMF_KEY_PAIR);
  575. if (params->keylabel == NULL) {
  576. ret = 1;
  577. goto out;
  578. }
  579. params->cred.cred = password;
  580. if (password)
  581. params->cred.credlen = strlen(password);
  582. else
  583. params->cred.credlen = 0;
  584. if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
  585. params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
  586. if (params->nssparms.slotlabel == NULL) {
  587. ret = 1;
  588. goto out;
  589. }
  590. } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
  591. params->sslparms.dirpath = strdup(SSL_DIR_PATH);
  592. if (params->sslparms.dirpath == NULL) {
  593. ret = 1;
  594. goto out;
  595. }
  596. params->sslparms.keyfile = strdup(SSL_KEY_FILE);
  597. if (params->sslparms.keyfile == NULL) {
  598. ret = 1;
  599. goto out;
  600. }
  601. params->sslparms.format = KMF_FORMAT_ASN1;
  602. }
  603. params->rsa_exponent.len = 0;
  604. out:
  605. if (ret) {
  606. (void) jnl_printf("set_createkeypair_params failed\n");
  607. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  608. free_createkeypair_params(params);
  609. }
  610. return (ret);
  611. }
  612. /*
  613. * Name: free_createkeypair_params
  614. *
  615. * Description:
  616. * Free heap memory used by KMF_CREATEKEYPAIR_PARAMS
  617. *
  618. * Parameter:
  619. * params: parameter to be freed
  620. *
  621. */
  622. void
  623. free_createkeypair_params(KMF_CREATEKEYPAIR_PARAMS *params)
  624. {
  625. if (params == NULL)
  626. return;
  627. if (params->keylabel != NULL)
  628. free(params->keylabel);
  629. if (params->kstype == KMF_KEYSTORE_NSS) {
  630. if (params->nssparms.slotlabel != NULL)
  631. free(params->nssparms.slotlabel);
  632. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  633. if (params->sslparms.dirpath != NULL)
  634. free(params->sslparms.dirpath);
  635. if (params->sslparms.keyfile != NULL)
  636. free(params->sslparms.keyfile);
  637. }
  638. }
  639. int
  640. set_createkeypair_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
  641. KMF_CREATEKEYPAIR_PARAMS *params,
  642. KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey)
  643. {
  644. int ret = 0;
  645. int i = 0;
  646. if (NULL != privKey) {
  647. kmf_set_attr_at_index(attlist, i,
  648. KMF_PRIVKEY_HANDLE_ATTR,
  649. privKey, sizeof (KMF_KEY_HANDLE));
  650. i++;
  651. }
  652. if (NULL != pubKey) {
  653. kmf_set_attr_at_index(attlist, i, KMF_PUBKEY_HANDLE_ATTR,
  654. pubKey, sizeof (KMF_KEY_HANDLE));
  655. i++;
  656. }
  657. if (NULL != params) {
  658. kmf_set_attr_at_index(attlist, i,
  659. KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
  660. sizeof (params->kstype));
  661. i++;
  662. kmf_set_attr_at_index(attlist, i,
  663. KMF_KEYALG_ATTR, &params->keytype,
  664. sizeof (params->keytype));
  665. i++;
  666. kmf_set_attr_at_index(attlist, i,
  667. KMF_KEYLENGTH_ATTR, &params->keylength,
  668. sizeof (params->keylength));
  669. i++;
  670. if (params->keylabel != NULL) {
  671. kmf_set_attr_at_index(attlist, i,
  672. KMF_KEYLABEL_ATTR, params->keylabel,
  673. strlen(params->keylabel));
  674. i++;
  675. }
  676. if (params->cred.credlen > 0) {
  677. kmf_set_attr_at_index(attlist, i,
  678. KMF_CREDENTIAL_ATTR, &params->cred,
  679. sizeof (KMF_CREDENTIAL));
  680. i++;
  681. }
  682. if (params->rsa_exponent.len > 0) {
  683. kmf_set_attr_at_index(attlist, i,
  684. KMF_RSAEXP_ATTR, &params->rsa_exponent,
  685. sizeof (KMF_BIGINT));
  686. i++;
  687. }
  688. if (params->kstype == KMF_KEYSTORE_NSS) {
  689. if (params->nssparms.slotlabel != NULL) {
  690. kmf_set_attr_at_index(attlist, i,
  691. KMF_TOKEN_LABEL_ATTR,
  692. params->nssparms.slotlabel,
  693. strlen(params->nssparms.slotlabel));
  694. i++;
  695. }
  696. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  697. if (params->sslparms.dirpath != NULL) {
  698. kmf_set_attr_at_index(attlist, i,
  699. KMF_DIRPATH_ATTR,
  700. params->sslparms.dirpath,
  701. strlen(params->sslparms.dirpath));
  702. i++;
  703. }
  704. if (params->sslparms.keyfile != NULL) {
  705. kmf_set_attr_at_index(attlist, i,
  706. KMF_KEY_FILENAME_ATTR,
  707. params->sslparms.keyfile,
  708. strlen(params->sslparms.keyfile));
  709. i++;
  710. }
  711. kmf_set_attr_at_index(attlist, i,
  712. KMF_ENCODE_FORMAT_ATTR,
  713. &params->sslparms.format,
  714. sizeof (params->sslparms.format));
  715. i++;
  716. }
  717. }
  718. *attnum = i;
  719. return (ret);
  720. }
  721. int
  722. create_keypair(KMF_HANDLE_T handle,
  723. KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
  724. KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
  725. char *password)
  726. {
  727. int ret = 0;
  728. KMF_RETURN rv;
  729. KMF_CREATEKEYPAIR_PARAMS params;
  730. KMF_ATTRIBUTE attlist[32];
  731. int numattr;
  732. if (handle == NULL || privKey == NULL || pubKey == NULL) {
  733. ret = 1;
  734. goto out;
  735. }
  736. if ((ret = set_createkeypair_params(&params, kstype, keytype,
  737. keylength, password)))
  738. return (ret);
  739. if ((ret = set_createkeypair_attrs(attlist, &numattr, &params,
  740. privKey, pubKey)))
  741. goto out;
  742. rv = kmf_create_keypair(handle, numattr, attlist);
  743. if (rv != KMF_OK) {
  744. (void) jnl_printf("kmf_create_keypair failed with %s\n",
  745. kmf_rvtostr(rv));
  746. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  747. ret = 2;
  748. goto out;
  749. }
  750. out:
  751. free_createkeypair_params(&params);
  752. return (ret);
  753. }
  754. int
  755. testcall(KMF_RETURN kmf_ret, char *func)
  756. {
  757. if (kmf_ret != KMF_OK) {
  758. (void) jnl_printf("%s failed with %s\n", func,
  759. kmf_rvtostr(kmf_ret));
  760. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  761. return (1);
  762. }
  763. return (0);
  764. }
  765. static int
  766. build_x509_nokeyusage_cert(KMF_HANDLE_T kmfhandle,
  767. KMF_X509_CERTIFICATE *cert,
  768. uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
  769. {
  770. KMF_BIGINT SerialNumber;
  771. KMF_X509_NAME *issuer_name_ptr = NULL;
  772. KMF_X509_NAME *subject_name_ptr = NULL;
  773. char *subject_name_string = "C=CH, O=Sun, CN=hua.tang@sun.com";
  774. char *issuer_name_string = "C=CH, O=Sun, CN=hua.tang@sun.com";
  775. KMF_X509_NAME cert_issuer_name, cert_subject_name;
  776. KMF_GENERALNAMECHOICES nametype = GENNAME_RFC822NAME;
  777. char *namedata = "hua.tang@sun.com";
  778. (void) memset(cert, 0, sizeof (KMF_X509_CERTIFICATE));
  779. if (testcall(kmf_set_cert_version(cert, 2), "KMF_SetCertVersion"))
  780. goto fail_out;
  781. if (testcall(kmf_set_cert_validity(cert, NULL, 3650*24*60*60),
  782. "KMF_SetCertValidityTimes"))
  783. goto fail_out;
  784. SerialNumber.val = sernum;
  785. SerialNumber.len = numlen;
  786. if (testcall(kmf_set_cert_serial(cert, &SerialNumber),
  787. "KMF_SetCertSerialNumber"))
  788. goto fail_out;
  789. if (testcall(kmf_dn_parser(issuer_name_string, &cert_issuer_name),
  790. "KMF_DNParser"))
  791. goto fail_out;
  792. issuer_name_ptr = &cert_issuer_name;
  793. if (testcall(kmf_set_cert_issuer(cert, issuer_name_ptr),
  794. "KMF_SetCertIssuerName"))
  795. goto fail_out;
  796. if (testcall(kmf_dn_parser(subject_name_string, &cert_subject_name),
  797. "KMF_DNParser"))
  798. goto fail_out;
  799. subject_name_ptr = &cert_subject_name;
  800. if (testcall(kmf_set_cert_subject(cert, subject_name_ptr),
  801. "KMF_SetCertSubjectName"))
  802. goto fail_out;
  803. if (testcall(kmf_set_cert_pubkey(kmfhandle, key, cert),
  804. "KMF_SetCertPubKey"))
  805. goto fail_out;
  806. if (testcall(kmf_set_cert_sig_alg(cert,
  807. KMF_ALGID_MD5WithRSA), "KMF_SetCertSignatureAlgorithm"))
  808. goto fail_out;
  809. return (0);
  810. fail_out:
  811. return (1);
  812. }
  813. int
  814. build_x509_cert(KMF_HANDLE_T kmfhandle, KMF_X509_CERTIFICATE *cert,
  815. uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
  816. {
  817. KMF_GENERALNAMECHOICES nametype = GENNAME_RFC822NAME;
  818. char *namedata = "hua.tang@sun.com";
  819. KMF_X509EXT_BASICCONSTRAINTS bc;
  820. if (build_x509_nokeyusage_cert(kmfhandle, cert, sernum, numlen, key))
  821. goto fail_out;
  822. bc.cA = B_TRUE;
  823. bc.pathLenConstraintPresent = B_FALSE;
  824. if (testcall(kmf_set_cert_basic_constraint(cert, B_TRUE, &bc),
  825. "KMF_SetCertBasicConstraintExt"))
  826. goto fail_out;
  827. if (testcall(kmf_set_cert_subject_altname(cert, 1, nametype, namedata),
  828. "KMF_SetCertSubjectAltName"))
  829. goto fail_out;
  830. if (testcall(kmf_set_cert_issuer_altname(cert, 1, nametype, namedata),
  831. "KMF_SetCertIssuerAltName"))
  832. goto fail_out;
  833. if (testcall(kmf_add_cert_eku(cert,
  834. (KMF_OID *)&KMFOID_PKIX_KP_ServerAuth, 1), "KMF_AddCertEKU"))
  835. goto fail_out;
  836. if (testcall(kmf_set_cert_ku(cert, 0,
  837. (KMF_dataEncipherment | KMF_digitalSignature | KMF_keyCertSign)),
  838. "KMF_SetCertKeyUsage"))
  839. goto fail_out;
  840. return (0);
  841. fail_out:
  842. return (1);
  843. }
  844. /* no extension, no keysuage */
  845. int
  846. build_x509_base_cert(KMF_HANDLE_T kmfhandle, KMF_X509_CERTIFICATE *cert,
  847. uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
  848. {
  849. if (build_x509_nokeyusage_cert(kmfhandle, cert, sernum, numlen, key))
  850. goto fail_out;
  851. if (testcall(kmf_set_cert_ku(cert, 0,
  852. KMF_keyAgreement), "KMF_SetCertKeyUsage"))
  853. goto fail_out;
  854. return (0);
  855. fail_out:
  856. return (1);
  857. }
  858. int
  859. sign_cert_record(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key,
  860. KMF_X509_CERTIFICATE *cert, KMF_DATA *signedCertData)
  861. {
  862. int i = 0;
  863. KMF_ATTRIBUTE attrlist[8];
  864. kmf_set_attr_at_index(attrlist, i, KMF_KEYSTORE_TYPE_ATTR,
  865. &key->kstype, sizeof (KMF_KEYSTORE_TYPE));
  866. i++;
  867. kmf_set_attr_at_index(attrlist, i, KMF_KEY_HANDLE_ATTR,
  868. key, sizeof (KMF_KEY_HANDLE));
  869. i++;
  870. kmf_set_attr_at_index(attrlist, i, KMF_X509_CERTIFICATE_ATTR,
  871. cert, sizeof (KMF_X509_CERTIFICATE));
  872. i++;
  873. kmf_set_attr_at_index(attrlist, i, KMF_CERT_DATA_ATTR,
  874. signedCertData, sizeof (KMF_DATA));
  875. i++;
  876. if (testcall(kmf_sign_cert(handle, i, attrlist), "kmf_sign_cert"))
  877. return (1);
  878. return (0);
  879. }
  880. int
  881. sign_cert_with_key(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
  882. KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
  883. KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
  884. char *password, KMF_X509_CERTIFICATE *cert,
  885. uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
  886. {
  887. int ret = 0;
  888. if (create_keypair(kmfhandle, privKey, pubKey,
  889. kstype, keytype, keylength, password)) {
  890. ret = 1;
  891. goto out;
  892. }
  893. if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
  894. ret = 2;
  895. goto out;
  896. }
  897. if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
  898. ret = 3;
  899. }
  900. out:
  901. return (ret);
  902. }
  903. int
  904. create_signed_cert(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
  905. KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
  906. KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
  907. char *password, KMF_X509_CERTIFICATE *cert,
  908. uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
  909. {
  910. int ret = 0;
  911. if (create_keypair(kmfhandle, privKey, pubKey,
  912. kstype, keytype, keylength, password)) {
  913. ret = 1;
  914. goto out;
  915. }
  916. if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
  917. ret = 2;
  918. goto out;
  919. }
  920. if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
  921. ret = 3;
  922. goto out;
  923. }
  924. out:
  925. return (ret);
  926. }
  927. int
  928. encode_cert_record(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
  929. KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
  930. KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
  931. char *password, KMF_X509_CERTIFICATE *cert,
  932. uchar_t *sernum, uint32_t numlen, KMF_DATA *encodeCert)
  933. {
  934. int ret = 0;
  935. if (create_keypair(kmfhandle, privKey, pubKey,
  936. kstype, keytype, keylength, password)) {
  937. ret = 1;
  938. goto out;
  939. }
  940. if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
  941. ret = 2;
  942. goto out;
  943. }
  944. if (kmf_encode_cert_record(cert, encodeCert) != KMF_OK) {
  945. ret = 3;
  946. goto out;
  947. }
  948. out:
  949. return (ret);
  950. }
  951. /*
  952. * Name: set_cryptowithcert_params
  953. *
  954. * Description:
  955. * Set KMF_CRYPTOWITHCERT_PARAMS
  956. *
  957. * Parameter:
  958. * params: parameter to be set
  959. * kstype: keystore type
  960. * format: key format
  961. * password: password for keystore
  962. *
  963. * Returns:
  964. * 1: failed
  965. * 0: succussful
  966. *
  967. */
  968. int
  969. set_cryptowithcert_params(KMF_CRYPTOWITHCERT_PARAMS *params,
  970. KMF_KEYSTORE_TYPE kstype, KMF_ENCODE_FORMAT format, char *password)
  971. {
  972. int ret = 0;
  973. if (params == NULL) {
  974. ret = 1;
  975. goto out;
  976. }
  977. (void) memset(params, 0, sizeof (KMF_CRYPTOWITHCERT_PARAMS));
  978. params->kstype = kstype;
  979. params->format = format;
  980. params->certLabel = strdup(KMF_CERT_LABEL);
  981. if (params->certLabel == NULL) {
  982. ret = 1;
  983. goto out;
  984. }
  985. params->cred.cred = password;
  986. if (password)
  987. params->cred.credlen = strlen(password);
  988. else
  989. params->cred.credlen = 0;
  990. if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
  991. params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
  992. if (params->nssparms.slotlabel == NULL) {
  993. ret = 1;
  994. goto out;
  995. }
  996. } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
  997. params->sslparms.dirpath = strdup(SSL_DIR_PATH);
  998. if (params->sslparms.dirpath == NULL) {
  999. ret = 1;
  1000. goto out;
  1001. }
  1002. params->sslparms.keyfile = strdup(SSL_KEY_FILE);
  1003. if (params->sslparms.keyfile == NULL) {
  1004. ret = 1;
  1005. goto out;
  1006. }
  1007. params->sslparms.format = KMF_FORMAT_ASN1;
  1008. }
  1009. out:
  1010. if (ret) {
  1011. (void) jnl_printf("set_cryptowithcert_params failed\n");
  1012. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  1013. free_cryptowithcert_params(params);
  1014. }
  1015. return (ret);
  1016. }
  1017. /*
  1018. * Name: free_cryptowithcert_params
  1019. *
  1020. * Description:
  1021. * Free heap memory used by KMF_CRYPTOWITHCERT_PARAMS
  1022. *
  1023. * Parameter:
  1024. * params: parameter to be freed
  1025. *
  1026. */
  1027. void
  1028. free_cryptowithcert_params(KMF_CRYPTOWITHCERT_PARAMS *params)
  1029. {
  1030. if (params == NULL)
  1031. return;
  1032. if (params->certLabel != NULL)
  1033. free(params->certLabel);
  1034. if (params->kstype == KMF_KEYSTORE_NSS) {
  1035. if (params->nssparms.slotlabel != NULL)
  1036. free(params->nssparms.slotlabel);
  1037. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1038. if (params->sslparms.dirpath != NULL)
  1039. free(params->sslparms.dirpath);
  1040. if (params->sslparms.keyfile != NULL)
  1041. free(params->sslparms.keyfile);
  1042. }
  1043. }
  1044. int
  1045. set_cryptowithcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
  1046. KMF_CRYPTOWITHCERT_PARAMS *params, KMF_DATA *cert,
  1047. KMF_DATA *plaintext, KMF_DATA *ciphertext)
  1048. {
  1049. int i = 0;
  1050. int ret = 0;
  1051. if (cert) {
  1052. kmf_set_attr_at_index(attlist, i, KMF_CERT_DATA_ATTR,
  1053. cert, sizeof (KMF_DATA));
  1054. i++;
  1055. }
  1056. if (plaintext) {
  1057. kmf_set_attr_at_index(attlist, i, KMF_PLAINTEXT_DATA_ATTR,
  1058. plaintext, sizeof (KMF_DATA));
  1059. i++;
  1060. }
  1061. if (ciphertext) {
  1062. kmf_set_attr_at_index(attlist, i, KMF_CIPHERTEXT_DATA_ATTR,
  1063. ciphertext, sizeof (KMF_DATA));
  1064. i++;
  1065. }
  1066. if (NULL == params) {
  1067. *attnum = i;
  1068. return (ret);
  1069. }
  1070. kmf_set_attr_at_index(attlist, i,
  1071. KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
  1072. sizeof (params->kstype));
  1073. i++;
  1074. if (params->certLabel != NULL) {
  1075. kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
  1076. params->certLabel, strlen(params->certLabel));
  1077. i++;
  1078. }
  1079. kmf_set_attr_at_index(attlist, i, KMF_ENCODE_FORMAT_ATTR,
  1080. &params->format, sizeof (KMF_ENCODE_FORMAT));
  1081. i++;
  1082. kmf_set_attr_at_index(attlist, i, KMF_CREDENTIAL_ATTR,
  1083. &params->cred, sizeof (KMF_CREDENTIAL));
  1084. i++;
  1085. if (params->kstype == KMF_KEYSTORE_NSS) {
  1086. if (params->nssparms.slotlabel != NULL) {
  1087. kmf_set_attr_at_index(attlist, i,
  1088. KMF_TOKEN_LABEL_ATTR,
  1089. params->nssparms.slotlabel,
  1090. strlen(params->nssparms.slotlabel));
  1091. i++;
  1092. }
  1093. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1094. if (params->sslparms.dirpath != NULL) {
  1095. kmf_set_attr_at_index(attlist, i,
  1096. KMF_DIRPATH_ATTR,
  1097. params->sslparms.dirpath,
  1098. strlen(params->sslparms.dirpath));
  1099. i++;
  1100. }
  1101. if (params->sslparms.keyfile != NULL) {
  1102. kmf_set_attr_at_index(attlist, i,
  1103. KMF_KEY_FILENAME_ATTR,
  1104. params->sslparms.keyfile,
  1105. strlen(params->sslparms.keyfile));
  1106. i++;
  1107. }
  1108. kmf_set_attr_at_index(attlist, i, KMF_ENCODE_FORMAT_ATTR,
  1109. &params->sslparms.format,
  1110. sizeof (params->sslparms.format));
  1111. i++;
  1112. }
  1113. *attnum = i;
  1114. return (ret);
  1115. }
  1116. int
  1117. create_base_signed_cert(KMF_HANDLE_T kmfhandle,
  1118. KMF_CREATEKEYPAIR_PARAMS *params,
  1119. KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
  1120. KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
  1121. char *password, KMF_X509_CERTIFICATE *cert,
  1122. uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
  1123. {
  1124. int ret = 0;
  1125. if (create_keypair(kmfhandle, privKey, pubKey,
  1126. kstype, keytype, keylength, password)) {
  1127. ret = 1;
  1128. goto out;
  1129. }
  1130. if (build_x509_base_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
  1131. ret = 2;
  1132. goto out;
  1133. }
  1134. if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
  1135. ret = 3;
  1136. goto out;
  1137. }
  1138. out:
  1139. return (ret);
  1140. }
  1141. /*
  1142. * Name: set_storecert_params
  1143. *
  1144. * Description:
  1145. * Set KMF_STORECERT_PARAMS
  1146. *
  1147. * Parameter:
  1148. * params: parameter to be set
  1149. * kstype: keystore type
  1150. * certlabel: cert label
  1151. * keyfile: ssl private key file
  1152. * certfile: ssl cert file name
  1153. *
  1154. * Returns:
  1155. * 1: failed
  1156. * 0: succussful
  1157. *
  1158. */
  1159. int
  1160. set_storecert_params(KMF_STORECERT_PARAMS *params,
  1161. KMF_KEYSTORE_TYPE kstype,
  1162. char *certlabel, char *keyfile, char *certfile)
  1163. {
  1164. int ret = 0;
  1165. if (params == NULL) {
  1166. ret = 1;
  1167. goto out;
  1168. }
  1169. (void) memset(params, 0, sizeof (KMF_STORECERT_PARAMS));
  1170. params->kstype = kstype;
  1171. params->certLabel = certlabel;
  1172. if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
  1173. params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
  1174. if (params->nssparms.slotlabel == NULL) {
  1175. ret = 1;
  1176. goto out;
  1177. }
  1178. params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
  1179. if (params->nssparms.trustflag == NULL) {
  1180. ret = 1;
  1181. goto out;
  1182. }
  1183. } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
  1184. params->sslparms.dirpath = strdup(SSL_DIR_PATH);
  1185. if (params->sslparms.dirpath == NULL) {
  1186. ret = 1;
  1187. goto out;
  1188. }
  1189. params->sslparms.keyfile = keyfile;
  1190. params->sslparms.certfile = certfile;
  1191. params->sslparms.format = KMF_FORMAT_ASN1;
  1192. }
  1193. out:
  1194. if (ret) {
  1195. (void) jnl_printf("set_storecert_params failed\n");
  1196. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  1197. free_storecert_params(params);
  1198. }
  1199. return (ret);
  1200. }
  1201. /*
  1202. * Name: free_storecert_params
  1203. *
  1204. * Description:
  1205. * Free heap memory used by KMF_STORECERT_PARAMS
  1206. *
  1207. * Parameter:
  1208. * params: parameter to be freed
  1209. *
  1210. */
  1211. void
  1212. free_storecert_params(KMF_STORECERT_PARAMS *params)
  1213. {
  1214. if (params == NULL)
  1215. return;
  1216. if (params->kstype == KMF_KEYSTORE_NSS) {
  1217. if (params->nssparms.slotlabel != NULL)
  1218. free(params->nssparms.slotlabel);
  1219. if (params->nssparms.trustflag != NULL)
  1220. free(params->nssparms.trustflag);
  1221. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1222. if (params->sslparms.dirpath != NULL)
  1223. free(params->sslparms.dirpath);
  1224. }
  1225. }
  1226. int
  1227. set_storecert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
  1228. KMF_STORECERT_PARAMS *params, KMF_DATA *pcert)
  1229. {
  1230. int i = 0;
  1231. int ret = 0;
  1232. if (NULL != pcert) {
  1233. kmf_set_attr_at_index(attlist, i,
  1234. KMF_CERT_DATA_ATTR, pcert, sizeof (KMF_DATA));
  1235. i++;
  1236. }
  1237. if (NULL != params) {
  1238. kmf_set_attr_at_index(attlist, i,
  1239. KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
  1240. sizeof (params->kstype));
  1241. i++;
  1242. if (params->kstype == KMF_KEYSTORE_NSS) {
  1243. if (params->certLabel != NULL) {
  1244. kmf_set_attr_at_index(attlist, i,
  1245. KMF_CERT_LABEL_ATTR, params->certLabel,
  1246. strlen(params->certLabel));
  1247. i++;
  1248. }
  1249. if (params->nssparms.trustflag != NULL) {
  1250. kmf_set_attr_at_index(attlist, i,
  1251. KMF_TRUSTFLAG_ATTR,
  1252. params->nssparms.trustflag,
  1253. strlen(params->nssparms.trustflag));
  1254. i++;
  1255. }
  1256. if (params->nssparms.slotlabel != NULL) {
  1257. kmf_set_attr_at_index(attlist, i,
  1258. KMF_TOKEN_LABEL_ATTR,
  1259. params->nssparms.slotlabel,
  1260. strlen(params->nssparms.slotlabel));
  1261. i++;
  1262. }
  1263. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1264. /* certfile is a required attribute for OpenSSL */
  1265. if (params->sslparms.certfile != NULL) {
  1266. kmf_set_attr_at_index(attlist, i,
  1267. KMF_CERT_FILENAME_ATTR,
  1268. params->sslparms.certfile,
  1269. strlen(params->sslparms.certfile));
  1270. i++;
  1271. } else {
  1272. return (KMF_ERR_BAD_PARAMETER);
  1273. }
  1274. if (params->sslparms.dirpath != NULL) {
  1275. kmf_set_attr_at_index(attlist, i,
  1276. KMF_DIRPATH_ATTR,
  1277. params->sslparms.dirpath,
  1278. strlen(params->sslparms.dirpath));
  1279. i++;
  1280. }
  1281. kmf_set_attr_at_index(attlist, i,
  1282. KMF_ENCODE_FORMAT_ATTR,
  1283. &params->sslparms.format,
  1284. sizeof (params->sslparms.format));
  1285. i++;
  1286. } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
  1287. if (params->certLabel != NULL) {
  1288. kmf_set_attr_at_index(attlist, i,
  1289. KMF_CERT_LABEL_ATTR, params->certLabel,
  1290. strlen(params->certLabel));
  1291. i++;
  1292. }
  1293. }
  1294. }
  1295. *attnum = i;
  1296. return (ret);
  1297. }
  1298. /*
  1299. * Name: set_importcert_params
  1300. *
  1301. * Description:
  1302. * Set KMF_IMPORTCERT_PARAMS
  1303. *
  1304. * Parameter:
  1305. * params: parameter to be set
  1306. * kstype: keystore type
  1307. * certlabel: cert label
  1308. * certfile: cert file name to be imported
  1309. *
  1310. * Returns:
  1311. * 1: failed
  1312. * 0: succussful
  1313. *
  1314. */
  1315. int
  1316. set_importcert_params(KMF_IMPORTCERT_PARAMS *params,
  1317. KMF_KEYSTORE_TYPE kstype, char *certlabel, char *certfile)
  1318. {
  1319. int ret = 0;
  1320. if (params == NULL) {
  1321. ret = 1;
  1322. goto out;
  1323. }
  1324. (void) memset(params, 0, sizeof (KMF_IMPORTCERT_PARAMS));
  1325. params->kstype = kstype;
  1326. params->certLabel = certlabel;
  1327. params->certfile = certfile;
  1328. if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
  1329. params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
  1330. if (params->nssparms.slotlabel == NULL) {
  1331. ret = 1;
  1332. goto out;
  1333. }
  1334. params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
  1335. if (params->nssparms.trustflag == NULL) {
  1336. ret = 1;
  1337. goto out;
  1338. }
  1339. }
  1340. out:
  1341. if (ret) {
  1342. (void) jnl_printf("set_importcert_params failed\n");
  1343. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  1344. free_importcert_params(params);
  1345. }
  1346. return (ret);
  1347. }
  1348. /*
  1349. * Name: free_importcert_params
  1350. *
  1351. * Description:
  1352. * Free heap memory used by KMF_IMPORTCERT_PARAMS
  1353. *
  1354. * Parameter:
  1355. * params: parameter to be freed
  1356. *
  1357. */
  1358. void
  1359. free_importcert_params(KMF_IMPORTCERT_PARAMS *params)
  1360. {
  1361. if (params == NULL)
  1362. return;
  1363. if (params->kstype == KMF_KEYSTORE_NSS) {
  1364. if (params->nssparms.slotlabel != NULL)
  1365. free(params->nssparms.slotlabel);
  1366. if (params->nssparms.trustflag != NULL)
  1367. free(params->nssparms.trustflag);
  1368. }
  1369. }
  1370. int
  1371. set_importcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
  1372. KMF_IMPORTCERT_PARAMS *params)
  1373. {
  1374. int i = 0;
  1375. int ret = 0;
  1376. if (NULL == params) {
  1377. *attnum = i;
  1378. return (ret);
  1379. }
  1380. kmf_set_attr_at_index(attlist, i,
  1381. KMF_KEYSTORE_TYPE_ATTR, &params->kstype, sizeof (params->kstype));
  1382. i++;
  1383. kmf_set_attr_at_index(attlist, i, KMF_CERT_FILENAME_ATTR,
  1384. params->certfile, sizeof (params->certfile));
  1385. i++;
  1386. if (params->kstype == KMF_KEYSTORE_NSS) {
  1387. if (params->certLabel != NULL) {
  1388. kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
  1389. params->certLabel, strlen(params->certLabel));
  1390. i++;
  1391. }
  1392. if (params->nssparms.trustflag != NULL) {
  1393. kmf_set_attr_at_index(attlist, i, KMF_TRUSTFLAG_ATTR,
  1394. params->nssparms.trustflag,
  1395. strlen(params->nssparms.trustflag));
  1396. i++;
  1397. }
  1398. if (params->nssparms.slotlabel != NULL) {
  1399. kmf_set_attr_at_index(attlist, i,
  1400. KMF_TOKEN_LABEL_ATTR,
  1401. params->nssparms.slotlabel,
  1402. strlen(params->nssparms.slotlabel));
  1403. i++;
  1404. }
  1405. } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
  1406. if (params->certLabel != NULL) {
  1407. kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
  1408. params->certLabel, strlen(params->certLabel));
  1409. i++;
  1410. }
  1411. }
  1412. *attnum = i;
  1413. return (ret);
  1414. }
  1415. /*
  1416. * Name: set_exportp12_params
  1417. *
  1418. * Description:
  1419. * Set KMF_EXPORTP12_PARAMS
  1420. *
  1421. * Parameter:
  1422. * params: parameter to be set
  1423. * kstype: keystore type
  1424. * certlabel: cert label
  1425. * issuer: issuer name
  1426. * subject: cert subject
  1427. * idstr: id string
  1428. * serial: serial number
  1429. * token_password: password for keystore
  1430. * export_password: export password for keystore
  1431. * keyfile: ssl key file name
  1432. * certfile: ssl cert file name
  1433. * format: ssl cert encode format
  1434. *
  1435. * Returns:
  1436. * 1: failed
  1437. * 0: succussful
  1438. *
  1439. */
  1440. int
  1441. set_exportp12_params(KMF_EXPORTP12_PARAMS *params,
  1442. KMF_KEYSTORE_TYPE kstype, char *certlabel, char *issuer,
  1443. char *subject, char *idstr, KMF_BIGINT *serial,
  1444. char *token_password, char *export_password,
  1445. char *keyfile, char *certfile, KMF_ENCODE_FORMAT format)
  1446. {
  1447. int ret = 0;
  1448. if (params == NULL) {
  1449. ret = 1;
  1450. goto out;
  1451. }
  1452. (void) memset(params, 0, sizeof (KMF_EXPORTP12_PARAMS));
  1453. params->kstype = kstype;
  1454. params->certLabel = certlabel;
  1455. params->issuer = issuer;
  1456. params->subject = subject;
  1457. params->idstr = idstr;
  1458. params->serial = serial;
  1459. params->cred.cred = token_password;
  1460. params->p12cred.cred = export_password;
  1461. if (token_password)
  1462. params->cred.credlen = strlen(token_password);
  1463. else
  1464. params->cred.credlen = 0;
  1465. if (export_password)
  1466. params->p12cred.credlen = strlen(export_password);
  1467. else
  1468. params->p12cred.credlen = 0;
  1469. if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
  1470. params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
  1471. if (params->nssparms.slotlabel == NULL) {
  1472. ret = 1;
  1473. goto out;
  1474. }
  1475. params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
  1476. if (params->nssparms.trustflag == NULL) {
  1477. ret = 1;
  1478. goto out;
  1479. }
  1480. } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
  1481. params->sslparms.dirpath = strdup(SSL_DIR_PATH);
  1482. if (params->sslparms.dirpath == NULL) {
  1483. ret = 1;
  1484. goto out;
  1485. }
  1486. params->sslparms.keyfile = keyfile;
  1487. params->sslparms.certfile = certfile;
  1488. params->sslparms.format = format;
  1489. }
  1490. out:
  1491. if (ret) {
  1492. (void) jnl_printf("set_exportp12_params failed\n");
  1493. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  1494. free_exportp12_params(params);
  1495. }
  1496. return (ret);
  1497. }
  1498. /*
  1499. * Name: free_exportp12_params
  1500. *
  1501. * Description:
  1502. * Free heap memory used by KMF_EXPORTP12_PARAMS
  1503. *
  1504. * Parameter:
  1505. * params: parameter to be freed
  1506. *
  1507. */
  1508. void
  1509. free_exportp12_params(KMF_EXPORTP12_PARAMS *params)
  1510. {
  1511. if (params == NULL)
  1512. return;
  1513. if (params->kstype == KMF_KEYSTORE_NSS) {
  1514. if (params->nssparms.slotlabel != NULL)
  1515. free(params->nssparms.slotlabel);
  1516. if (params->nssparms.trustflag != NULL)
  1517. free(params->nssparms.trustflag);
  1518. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1519. if (params->sslparms.dirpath != NULL)
  1520. free(params->sslparms.dirpath);
  1521. }
  1522. }
  1523. int
  1524. set_exportp12_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
  1525. KMF_EXPORTP12_PARAMS *params, char *filename)
  1526. {
  1527. int i = 0;
  1528. int ret = 0;
  1529. if (NULL != filename) {
  1530. kmf_set_attr_at_index(attlist, i,
  1531. KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
  1532. i++;
  1533. }
  1534. if (NULL == params) {
  1535. *attnum = i;
  1536. return (ret);
  1537. }
  1538. kmf_set_attr_at_index(attlist, i,
  1539. KMF_KEYSTORE_TYPE_ATTR, &params->kstype, sizeof (params->kstype));
  1540. i++;
  1541. kmf_set_attr_at_index(attlist, i,
  1542. KMF_PK12CRED_ATTR, &params->p12cred, sizeof (KMF_CREDENTIAL));
  1543. i++;
  1544. if (params->kstype == KMF_KEYSTORE_NSS ||
  1545. params->kstype == KMF_KEYSTORE_PK11TOKEN) {
  1546. if (params->certLabel != NULL) {
  1547. kmf_set_attr_at_index(attlist, i,
  1548. KMF_CERT_LABEL_ATTR, params->certLabel,
  1549. strlen(params->certLabel));
  1550. i++;
  1551. }
  1552. if (params->issuer != NULL) {
  1553. kmf_set_attr_at_index(attlist, i,
  1554. KMF_ISSUER_NAME_ATTR, params->issuer,
  1555. strlen(params->issuer));
  1556. i++;
  1557. }
  1558. if (params->subject != NULL) {
  1559. kmf_set_attr_at_index(attlist, i,
  1560. KMF_SUBJECT_NAME_ATTR, params->subject,
  1561. strlen(params->subject));
  1562. i++;
  1563. }
  1564. if (params->serial != NULL) {
  1565. kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
  1566. params->serial, sizeof (KMF_BIGINT));
  1567. i++;
  1568. }
  1569. kmf_set_attr_at_index(attlist, i,
  1570. KMF_CREDENTIAL_ATTR, &params->cred,
  1571. sizeof (KMF_CREDENTIAL));
  1572. i++;
  1573. }
  1574. if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1575. if (params->sslparms.dirpath != NULL) {
  1576. kmf_set_attr_at_index(attlist, i,
  1577. KMF_DIRPATH_ATTR,
  1578. params->sslparms.dirpath,
  1579. strlen(params->sslparms.dirpath));
  1580. i++;
  1581. }
  1582. if (params->sslparms.certfile != NULL) {
  1583. kmf_set_attr_at_index(attlist, i,
  1584. KMF_CERT_FILENAME_ATTR,
  1585. params->sslparms.certfile,
  1586. strlen(params->sslparms.certfile));
  1587. i++;
  1588. }
  1589. if (params->sslparms.keyfile != NULL) {
  1590. kmf_set_attr_at_index(attlist, i,
  1591. KMF_KEY_FILENAME_ATTR,
  1592. params->sslparms.keyfile,
  1593. strlen(params->sslparms.keyfile));
  1594. i++;
  1595. }
  1596. }
  1597. if (params->kstype == KMF_KEYSTORE_NSS) {
  1598. if (params->nssparms.slotlabel != NULL) {
  1599. kmf_set_attr_at_index(attlist, i,
  1600. KMF_TOKEN_LABEL_ATTR,
  1601. params->nssparms.slotlabel,
  1602. strlen(params->nssparms.slotlabel));
  1603. i++;
  1604. }
  1605. }
  1606. *attnum = i;
  1607. return (ret);
  1608. }
  1609. /*
  1610. * Name: set_findcert_params
  1611. *
  1612. * Description:
  1613. * Set KMF_FINDCERT_PARAMS
  1614. *
  1615. * Parameter:
  1616. * params: parameter to be set
  1617. * kstype: keystore type
  1618. * certlabel: cert label
  1619. * issuer: issuer name
  1620. * subject: cert subject
  1621. * idstr: id string
  1622. * serial: serial number
  1623. * validity: cert validity method
  1624. * keyfile: ssl key file name
  1625. * certfile: ssl cert file name
  1626. * format: ssl cert encode format
  1627. *
  1628. * Returns:
  1629. * 1: failed
  1630. * 0: succussful
  1631. *
  1632. */
  1633. int
  1634. set_findcert_params(KMF_FINDCERT_PARAMS *params,
  1635. KMF_KEYSTORE_TYPE kstype, char *certlabel, char *issuer,
  1636. char *subject, char *idstr, KMF_BIGINT *serial,
  1637. KMF_CERT_VALIDITY validity,
  1638. char *keyfile, char *certfile, KMF_ENCODE_FORMAT format)
  1639. {
  1640. int ret = 0;
  1641. if (params == NULL) {
  1642. ret = 1;
  1643. goto out;
  1644. }
  1645. (void) memset(params, 0, sizeof (KMF_FINDCERT_PARAMS));
  1646. params->kstype = kstype;
  1647. params->certLabel = certlabel;
  1648. params->issuer = issuer;
  1649. params->subject = subject;
  1650. params->idstr = idstr;
  1651. params->serial = serial;
  1652. params->find_cert_validity = validity;
  1653. if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
  1654. params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
  1655. if (params->nssparms.slotlabel == NULL) {
  1656. ret = 1;
  1657. goto out;
  1658. }
  1659. params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
  1660. if (params->nssparms.trustflag == NULL) {
  1661. ret = 1;
  1662. goto out;
  1663. }
  1664. } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
  1665. params->sslparms.dirpath = strdup(SSL_DIR_PATH);
  1666. if (params->sslparms.dirpath == NULL) {
  1667. ret = 1;
  1668. goto out;
  1669. }
  1670. params->sslparms.keyfile = keyfile;
  1671. params->sslparms.certfile = certfile;
  1672. params->sslparms.format = format;
  1673. } else if (kstype == KMF_KEYSTORE_PK11TOKEN) { /* pkcs11 */
  1674. params->pkcs11parms.private = B_TRUE;
  1675. }
  1676. out:
  1677. if (ret) {
  1678. (void) jnl_printf("set_findcert_params failed\n");
  1679. (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
  1680. free_findcert_params(params);
  1681. }
  1682. return (ret);
  1683. }
  1684. /*
  1685. * Name: free_findcert_params
  1686. *
  1687. * Description:
  1688. * Free heap memory used by KMF_FINDCERT_PARAMS
  1689. *
  1690. * Parameter:
  1691. * params: parameter to be freed
  1692. *
  1693. */
  1694. void
  1695. free_findcert_params(KMF_FINDCERT_PARAMS *params)
  1696. {
  1697. if (params == NULL)
  1698. return;
  1699. if (params->kstype == KMF_KEYSTORE_NSS) {
  1700. if (params->nssparms.slotlabel != NULL)
  1701. free(params->nssparms.slotlabel);
  1702. if (params->nssparms.trustflag != NULL)
  1703. free(params->nssparms.trustflag);
  1704. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1705. if (params->sslparms.dirpath != NULL)
  1706. free(params->sslparms.dirpath);
  1707. }
  1708. }
  1709. int
  1710. set_findcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
  1711. KMF_FINDCERT_PARAMS *params, KMF_X509_DER_CERT *kmf_cert,
  1712. uint32_t *numcerts)
  1713. {
  1714. int i = 0;
  1715. int ret = 0;
  1716. if (NULL != numcerts) {
  1717. kmf_set_attr_at_index(attlist, i,
  1718. KMF_COUNT_ATTR, numcerts, sizeof (uint32_t));
  1719. i++;
  1720. }
  1721. if (kmf_cert != NULL) {
  1722. kmf_set_attr_at_index(attlist, i,
  1723. KMF_X509_DER_CERT_ATTR, kmf_cert,
  1724. sizeof (KMF_X509_DER_CERT));
  1725. i++;
  1726. }
  1727. if (NULL != params) {
  1728. kmf_set_attr_at_index(attlist, i,
  1729. KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
  1730. sizeof (params->kstype));
  1731. i++;
  1732. /* Set the optional searching attributes for all 3 plugins */
  1733. if (params->issuer != NULL) {
  1734. kmf_set_attr_at_index(attlist, i,
  1735. KMF_ISSUER_NAME_ATTR,
  1736. params->issuer, strlen(params->issuer));
  1737. i++;
  1738. }
  1739. if (params->subject != NULL) {
  1740. kmf_set_attr_at_index(attlist, i,
  1741. KMF_SUBJECT_NAME_ATTR,
  1742. params->subject, strlen(params->subject));
  1743. i++;
  1744. }
  1745. if (params->serial != NULL) {
  1746. kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
  1747. params->serial, sizeof (KMF_BIGINT));
  1748. i++;
  1749. }
  1750. kmf_set_attr_at_index(attlist, i, KMF_CERT_VALIDITY_ATTR,
  1751. &params->find_cert_validity, sizeof (KMF_CERT_VALIDITY));
  1752. i++;
  1753. if (params->kstype == KMF_KEYSTORE_NSS) {
  1754. if (params->certLabel != NULL) {
  1755. kmf_set_attr_at_index(attlist, i,
  1756. KMF_CERT_LABEL_ATTR,
  1757. params->certLabel,
  1758. strlen(params->certLabel));
  1759. i++;
  1760. }
  1761. if (params->nssparms.slotlabel != NULL) {
  1762. kmf_set_attr_at_index(attlist, i,
  1763. KMF_TOKEN_LABEL_ATTR,
  1764. params->nssparms.slotlabel,
  1765. strlen(params->nssparms.slotlabel));
  1766. i++;
  1767. }
  1768. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1769. if (params->sslparms.certfile != NULL) {
  1770. kmf_set_attr_at_index(attlist, i,
  1771. KMF_CERT_FILENAME_ATTR,
  1772. params->sslparms.certfile,
  1773. strlen(params->sslparms.certfile));
  1774. i++;
  1775. }
  1776. if (params->sslparms.dirpath != NULL) {
  1777. kmf_set_attr_at_index(attlist, i,
  1778. KMF_DIRPATH_ATTR,
  1779. params->sslparms.dirpath,
  1780. strlen(params->sslparms.dirpath));
  1781. i++;
  1782. }
  1783. } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
  1784. if (params->certLabel != NULL) {
  1785. kmf_set_attr_at_index(attlist, i,
  1786. KMF_CERT_LABEL_ATTR,
  1787. params->certLabel,
  1788. strlen(params->certLabel));
  1789. i++;
  1790. }
  1791. kmf_set_attr_at_index(attlist, i,
  1792. KMF_PRIVATE_BOOL_ATTR,
  1793. &params->pkcs11parms.private,
  1794. sizeof (params->pkcs11parms.private));
  1795. i++;
  1796. }
  1797. }
  1798. *attnum = i;
  1799. return (ret);
  1800. }
  1801. int set_deletecert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
  1802. KMF_DELETECERT_PARAMS *params)
  1803. {
  1804. int i = 0;
  1805. int ret = 0;
  1806. if (NULL != params) {
  1807. kmf_set_attr_at_index(attlist, i,
  1808. KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
  1809. sizeof (params->kstype));
  1810. i++;
  1811. /* Set the optional searching attributes for all 3 plugins */
  1812. if (params->issuer != NULL) {
  1813. kmf_set_attr_at_index(attlist, i,
  1814. KMF_ISSUER_NAME_ATTR,
  1815. params->issuer, strlen(params->issuer));
  1816. i++;
  1817. }
  1818. if (params->subject != NULL) {
  1819. kmf_set_attr_at_index(attlist, i,
  1820. KMF_SUBJECT_NAME_ATTR,
  1821. params->subject, strlen(params->subject));
  1822. i++;
  1823. }
  1824. if (params->serial != NULL) {
  1825. kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
  1826. params->serial, sizeof (KMF_BIGINT));
  1827. i++;
  1828. }
  1829. kmf_set_attr_at_index(attlist, i, KMF_CERT_VALIDITY_ATTR,
  1830. &params->find_cert_validity, sizeof (KMF_CERT_VALIDITY));
  1831. i++;
  1832. if (params->kstype == KMF_KEYSTORE_NSS) {
  1833. if (params->certLabel != NULL) {
  1834. kmf_set_attr_at_index(attlist, i,
  1835. KMF_CERT_LABEL_ATTR,
  1836. params->certLabel,
  1837. strlen(params->certLabel));
  1838. i++;
  1839. }
  1840. if (params->nssparms.slotlabel != NULL) {
  1841. kmf_set_attr_at_index(attlist, i,
  1842. KMF_TOKEN_LABEL_ATTR,
  1843. params->nssparms.slotlabel,
  1844. strlen(params->nssparms.slotlabel));
  1845. i++;
  1846. }
  1847. } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
  1848. if (params->sslparms.certfile != NULL) {
  1849. kmf_set_attr_at_index(attlist, i,
  1850. KMF_CERT_FILENAME_ATTR,
  1851. params->sslparms.certfile,
  1852. strlen(params->sslparms.certfile));
  1853. i++;
  1854. }
  1855. if (params->sslparms.dirpath != NULL) {
  1856. kmf_set_attr_at_index(attlist, i,
  1857. KMF_DIRPATH_ATTR,
  1858. params->sslparms.dirpath,
  1859. strlen(params->sslparms.dirpath));
  1860. i++;
  1861. }
  1862. } else if (params->kstype

Large files files are truncated, but you can click here to view the full file