/usr/src/suites/security/kmf/lib/libkmf_test_util.c
C | 3916 lines | 2903 code | 439 blank | 574 comment | 784 complexity | 09c9f60ae64fecbc321af5c5a0a72e9e MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception
Large files files are truncated, but you can click here to view the full file
- /*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
- /*
- * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
- #include <stdio.h>
- #include "kmf_test_util.h"
- #include <unistd.h>
- #include <sys/stat.h>
- #include <fcntl.h>
- #include <string.h>
- #include <errno.h>
- extern int errno;
- static char *softtoken_dir = NULL;
- /*
- *
- * Name: kmf_rvtostr
- *
- * Description:
- * convert KMF API return codes to readable string
- *
- * Parameter:
- * type(input): KMF API return code
- *
- * Return:
- * readable string
- *
- */
- char *
- kmf_rvtostr(KMF_RETURN type)
- {
- static char primbuf[80];
- switch (type) {
- case KMF_OK:
- return ("KMF_OK");
- case KMF_ERR_BAD_PARAMETER:
- return ("KMF_ERR_BAD_PARAMETER");
- case KMF_ERR_BAD_KEY_FORMAT:
- return ("KMF_ERR_BAD_KEY_FORMAT");
- case KMF_ERR_BAD_ALGORITHM:
- return ("KMF_ERR_BAD_ALGORITHM");
- case KMF_ERR_MEMORY:
- return ("KMF_ERR_MEMORY");
- case KMF_ERR_ENCODING:
- return ("KMF_ERR_ENCODING");
- case KMF_ERR_PLUGIN_INIT:
- return ("KMF_ERR_PLUGIN_INIT");
- case KMF_ERR_PLUGIN_NOTFOUND:
- return ("KMF_ERR_PLUGIN_NOTFOUND");
- case KMF_ERR_INTERNAL:
- return ("KMF_ERR_INTERNAL");
- case KMF_ERR_BAD_CERT_FORMAT:
- return ("KMF_ERR_BAD_CERT_FORMAT");
- case KMF_ERR_KEYGEN_FAILED:
- return ("KMF_ERR_KEYGEN_FAILED");
- case KMF_ERR_UNINITIALIZED:
- return ("KMF_ERR_UNINITIALIZED");
- case KMF_ERR_ISSUER:
- return ("KMF_ERR_ISSUER");
- case KMF_ERR_NOT_REVOKED:
- return ("KMF_ERR_NOT_REVOKED");
- case KMF_ERR_CERT_NOT_FOUND:
- return ("KMF_ERR_CERT_NOT_FOUND");
- case KMF_ERR_CRL_NOT_FOUND:
- return ("KMF_ERR_CRL_NOT_FOUND");
- case KMF_ERR_RDN_PARSER:
- return ("KMF_ERR_RDN_PARSER");
- case KMF_ERR_RDN_ATTR:
- return ("KMF_ERR_RDN_ATTR");
- case KMF_ERR_SLOTNAME:
- return ("KMF_ERR_SLOTNAME");
- case KMF_ERR_EMPTY_CRL:
- return ("KMF_ERR_EMPTY_CRL");
- case KMF_ERR_AUTH_FAILED:
- return ("KMF_ERR_AUTH_FAILED");
- case KMF_ERR_TOKEN_SELECTED:
- return ("KMF_ERR_TOKEN_SELECTED");
- case KMF_ERR_NO_TOKEN_SELECTED:
- return ("KMF_ERR_NO_TOKEN_SELECTED");
- case KMF_ERR_TOKEN_NOT_PRESENT:
- return ("KMF_ERR_TOKEN_NOT_PRESENT");
- case KMF_ERR_EXTENSION_NOT_FOUND:
- return ("KMF_ERR_EXTENSION_NOT_FOUND");
- case KMF_ERR_POLICY_ENGINE:
- return ("KMF_ERR_POLICY_ENGINE");
- case KMF_ERR_POLICY_DB_FORMAT:
- return ("KMF_ERR_POLICY_DB_FORMAT");
- case KMF_ERR_POLICY_NOT_FOUND:
- return ("KMF_ERR_POLICY_NOT_FOUND");
- case KMF_ERR_POLICY_DB_FILE:
- return ("KMF_ERR_POLICY_DB_FILE");
- case KMF_ERR_POLICY_NAME:
- return ("KMF_ERR_POLICY_NAME");
- case KMF_ERR_OCSP_POLICY:
- return ("KMF_ERR_OCSP_POLICY");
- case KMF_ERR_TA_POLICY:
- return ("KMF_ERR_TA_POLICY");
- case KMF_ERR_KEY_NOT_FOUND:
- return ("KMF_ERR_KEY_NOT_FOUND");
- case KMF_ERR_OPEN_FILE:
- return ("KMF_ERR_OPEN_FILE");
- case KMF_ERR_OCSP_BAD_ISSUER:
- return ("KMF_ERR_OCSP_BAD_ISSUER");
- case KMF_ERR_OCSP_BAD_CERT:
- return ("KMF_ERR_OCSP_BAD_CERT");
- case KMF_ERR_OCSP_CREATE_REQUEST:
- return ("KMF_ERR_OCSP_CREATE_REQUEST");
- case KMF_ERR_CONNECT_SERVER:
- return ("KMF_ERR_CONNECT_SERVER");
- case KMF_ERR_SEND_REQUEST:
- return ("KMF_ERR_SEND_REQUEST");
- case KMF_ERR_OCSP_CERTID:
- return ("KMF_ERR_OCSP_CERTID");
- case KMF_ERR_OCSP_MALFORMED_RESPONSE:
- return ("KMF_ERR_OCSP_MALFORMED_RESPONSE");
- case KMF_ERR_OCSP_RESPONSE_STATUS:
- return ("KMF_ERR_OCSP_RESPONSE_STATUS");
- case KMF_ERR_OCSP_NO_BASIC_RESPONSE:
- return ("KMF_ERR_OCSP_NO_BASIC_RESPONSE");
- case KMF_ERR_OCSP_BAD_SIGNER:
- return ("KMF_ERR_OCSP_BAD_SIGNER");
- case KMF_ERR_OCSP_RESPONSE_SIGNATURE:
- return ("KMF_ERR_OCSP_RESPONSE_SIGNATURE");
- case KMF_ERR_OCSP_UNKNOWN_CERT:
- return ("KMF_ERR_OCSP_UNKNOWN_CERT");
- case KMF_ERR_OCSP_STATUS_TIME_INVALID:
- return ("KMF_ERR_OCSP_STATUS_TIME_INVALID");
- case KMF_ERR_BAD_HTTP_RESPONSE:
- return ("KMF_ERR_BAD_HTTP_RESPONSE");
- case KMF_ERR_RECV_RESPONSE:
- return ("KMF_ERR_RECV_RESPONSE");
- case KMF_ERR_RECV_TIMEOUT:
- return ("KMF_ERR_RECV_TIMEOUT");
- case KMF_ERR_DUPLICATE_KEYFILE:
- return ("KMF_ERR_DUPLICATE_KEYFILE");
- case KMF_ERR_AMBIGUOUS_PATHNAME:
- return ("KMF_ERR_AMBIGUOUS_PATHNAME");
- case KMF_ERR_FUNCTION_NOT_FOUND:
- return ("KMF_ERR_FUNCTION_NOT_FOUND");
- case KMF_ERR_PKCS12_FORMAT:
- return ("KMF_ERR_PKCS12_FORMAT");
- case KMF_ERR_BAD_KEY_TYPE:
- return ("KMF_ERR_BAD_KEY_TYPE");
- case KMF_ERR_BAD_KEY_CLASS:
- return ("KMF_ERR_BAD_KEY_CLASS");
- case KMF_ERR_BAD_KEY_SIZE:
- return ("KMF_ERR_BAD_KEY_SIZE");
- case KMF_ERR_BAD_HEX_STRING:
- return ("KMF_ERR_BAD_HEX_STRING");
- case KMF_ERR_KEYUSAGE:
- return ("KMF_ERR_KEYUSAGE");
- case KMF_ERR_VALIDITY_PERIOD:
- return ("KMF_ERR_VALIDITY_PERIOD");
- case KMF_ERR_OCSP_REVOKED:
- return ("KMF_ERR_OCSP_REVOKED");
- case KMF_ERR_CERT_MULTIPLE_FOUND:
- return ("KMF_ERR_CERT_MULTIPLE_FOUND");
- case KMF_ERR_WRITE_FILE:
- return ("KMF_ERR_WRITE_FILE");
- case KMF_ERR_BAD_URI:
- return ("KMF_ERR_BAD_URI");
- case KMF_ERR_BAD_CRLFILE:
- return ("KMF_ERR_BAD_CRLFILE");
- case KMF_ERR_BAD_CERTFILE:
- return ("KMF_ERR_BAD_CERTFILE");
- case KMF_ERR_GETKEYVALUE_FAILED:
- return ("KMF_ERR_GETKEYVALUE_FAILED");
- case KMF_ERR_BAD_KEYHANDLE:
- return ("KMF_ERR_BAD_KEYHANDLE");
- case KMF_ERR_UNINITIALIZED_TOKEN:
- return ("KMF_ERR_UNINITIALIZED_TOKEN");
- case KMF_ERR_BUFFER_SIZE:
- return ("KMF_ERR_BUFFER_SIZE");
- default:
- (void) snprintf(primbuf, sizeof (primbuf),
- "unknown return type %02x", type);
- return (primbuf);
- }
- }
- /*
- *
- * Name: compare_result
- *
- * Description:
- * Compare the return value with the expected one
- *
- * Parameters:
- * rv(input): return value
- * exp_rv(input): expected return value
- *
- * Returns:
- * 0: rv equals exp_rv
- * 1: rv doesn't equal exp_rv
- *
- */
- int
- compare_result(KMF_RETURN rv, KMF_RETURN exp_rv)
- {
- int ret = 0;
- if (rv != exp_rv) {
- (void) jnl_printf("Expected value: 0x%02x (%s)\n",
- exp_rv, kmf_rvtostr(exp_rv));
- (void) jnl_printf("Return value: 0x%02x (%s)\n", rv,
- kmf_rvtostr(rv));
- (void) jnl_printf("%s\n", result_tbl[STF_FAIL]);
- ret = 1;
- }
- else
- (void) jnl_printf("%s\n", result_tbl[STF_PASS]);
- return (ret);
- }
- /*
- *
- * Name: limit_heap
- *
- * Description:
- * Limit the heap size, get the original heap size
- *
- * Parameter:
- * prl_orig(output): contains the original heap size
- *
- * Returns:
- * 0: successful
- * 1: failed to get the original heap size
- * 2: failed to limit the heap size
- *
- */
- int
- limit_heap(struct rlimit *prl_orig)
- {
- struct rlimit rl_old, rl_new;
- if ((getrlimit(RLIMIT_DATA, &rl_old)) != 0) {
- (void) jnl_printf("Failed to get the original heap size");
- return (1);
- }
- rl_new.rlim_cur = KMF_HEAP_SIZE;
- rl_new.rlim_max = rl_old.rlim_max;
- if ((setrlimit(RLIMIT_DATA, &rl_new)) != 0) {
- (void) jnl_printf("Failed to limit the heap size");
- return (2);
- }
- *prl_orig = rl_old;
- return (0);
- }
- /*
- *
- * Name: restore_heap
- *
- * Description:
- * Restore the heap size
- *
- * Parameter:
- * prl_orig(input): the original heap size
- *
- */
- void
- restore_heap(struct rlimit *prl_orig)
- {
- if ((setrlimit(RLIMIT_DATA, prl_orig)) != 0)
- (void) jnl_printf("Warning: failed to restore the heap size\n");
- }
- /*
- * Name: print_test
- *
- * Description:
- * print test number, API name and the expected return value
- *
- * Parameters:
- * num(input): test number
- * str(input): API name
- * exp_ret(input): expected return value
- *
- */
- void
- print_test(int num, char *str, KMF_RETURN exp_ret)
- {
- (void) jnl_printf("\n%3d. %-20s: %-20s\n", num, str,
- kmf_rvtostr(exp_ret));
- }
- /*
- *
- * Name: use_bad_file
- *
- * Description:
- * backup the original file, create a blank one
- *
- * Parameters:
- * orig(input): original file name
- * bak(inpu): backup file name
- *
- * Returns:
- * 0: successful
- * 1: failed
- *
- */
- int
- use_bad_file(const char *orig, const char *bak)
- {
- if ((link(orig, bak)) != 0)
- (void) jnl_printf("Warning: failed to save %s to %s\n",
- orig, bak);
- if ((unlink(orig)) != 0) {
- (void) jnl_printf("Failed to remove the original file %s\n",
- orig);
- return (1);
- }
- if ((creat(orig, 755)) == -1) {
- (void) jnl_printf("Failed to create the bad file %s\n", orig);
- return (1);
- }
- return (0);
- }
- /*
- *
- * Name: restore_file
- *
- * Description:
- * resotre the original file, remove the backup
- *
- * Parameters:
- * bak(input): backup file name
- * orig(input): original file name
- *
- */
- void
- restore_file(const char *bak, const char *orig)
- {
- if ((unlink(orig)) != 0)
- (void) jnl_printf("Warning: failed to remove the bad file %s\n",
- orig);
- if ((link(bak, orig)) != 0)
- (void) jnl_printf("Warning: failed to restore %s from %s\n",
- orig, bak);
- if ((unlink(bak)) != 0)
- (void) jnl_printf("Warning: failed to remove "
- "the backup file %s\n", bak);
- }
- /*
- *
- * Name: kmf_test_initialize
- *
- * Description:
- * Invoke kmf_initialize to initialize KMF API tests
- *
- * Parameters:
- * outhandle(output): KMF handle
- * policyname(input): policy name
- *
- * Returns:
- * 0: successful
- * 1: failed
- *
- */
- int
- kmf_test_initialize(KMF_HANDLE_T *outhandle, char *policyname)
- {
- KMF_RETURN rv;
- int ret = 0;
- char envvar[1024];
- KMF_CREDENTIAL newpin, oldcred;
- KMF_ATTRIBUTE attrlist[8];
- KMF_KEYSTORE_TYPE kstype = 0;
- int numattr = 0;
- softtoken_dir = malloc(1024);
- if (softtoken_dir == NULL) {
- (void) jnl_printf("Failed to create softtoken directory - "
- "out of memory.\n");
- return (1);
- }
- /* Create a temporary softtoken directory for each test. */
- (void) snprintf(softtoken_dir, 1024, "/var/tmp/kmftest-%d", getpid());
- if (mkdir(softtoken_dir, 0755) == -1) {
- (void) jnl_printf("Failed to create softtoken directory "
- "%s: %s\n", softtoken_dir, strerror(errno));
- free(softtoken_dir);
- softtoken_dir = NULL;
- return (1);
- }
- (void) snprintf(envvar, sizeof (envvar),
- "SOFTTOKEN_DIR=%s", softtoken_dir);
- if (snprintf(softtoken_dir, 1024,
- "%s", envvar) != strlen(envvar)) {
- (void) jnl_printf("Failed to create SOFTTOKEN_DIR variable - "
- "out of memory.\n");
- return (1);
- }
- if (putenv(softtoken_dir) != 0) {
- (void) jnl_printf("Failed to create SOFTTOKEN_DIR variable - "
- "putenv error.\n");
- return (1);
- }
- if ((rv = kmf_initialize(outhandle, NULL, policyname)) != KMF_OK) {
- (void) jnl_printf("kmf_initialize failed with %s\n",
- kmf_rvtostr(rv));
- ret = 1;
- }
- kstype = KMF_KEYSTORE_PK11TOKEN;
- char *pk11_label = DEFAULT_PK11TOKEN;
- boolean_t pk11_readonly = B_FALSE;
- numattr = 0;
- kmf_set_attr_at_index(attrlist, numattr++, KMF_KEYSTORE_TYPE_ATTR,
- &kstype, sizeof (KMF_KEYSTORE_TYPE));
- kmf_set_attr_at_index(attrlist, numattr++, KMF_TOKEN_LABEL_ATTR,
- pk11_label, strlen(pk11_label));
- kmf_set_attr_at_index(attrlist, numattr++, KMF_READONLY_ATTR,
- &pk11_readonly, sizeof (boolean_t));
- /*
- * Configure handle for PKCS#11 use.
- */
- rv = kmf_configure_keystore(*outhandle, numattr, attrlist);
- numattr = 0;
- if (rv != KMF_OK && rv != KMF_ERR_TOKEN_SELECTED) {
- (void) jnl_printf("Error configure PKCS#11: %s\n",
- kmf_rvtostr(rv));
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- ret = 1;
- goto out;
- }
- /* Initialize the token pin for the PKCS#11 token */
- newpin.cred = strdup(DEFAULT_PASSWORD);
- newpin.credlen = strlen(newpin.cred);
- oldcred.cred = "changeme";
- oldcred.credlen = strlen(oldcred.cred);
- numattr = 0;
- numattr = set_setpin_params(attrlist,
- &kstype, DEFAULT_PK11TOKEN, &oldcred);
- kmf_set_attr_at_index(attrlist, numattr++, KMF_NEWPIN_ATTR,
- &newpin, sizeof (newpin));
- rv = kmf_set_token_pin(*outhandle, numattr, attrlist);
- if (rv != KMF_OK) {
- (void) jnl_printf("Error initializing PKCS#11 token pin: %s\n",
- kmf_rvtostr(rv));
- ret = 1;
- goto out;
- }
- /*
- * Initialize the NSS token pin for each test.
- */
- numattr = 0;
- kstype = KMF_KEYSTORE_NSS;
- char *nssdir = getenv("SOFTTOKEN_DIR");
- kmf_set_attr_at_index(attrlist, numattr++, KMF_KEYSTORE_TYPE_ATTR,
- &kstype, sizeof (KMF_KEYSTORE_TYPE));
- kmf_set_attr_at_index(attrlist, numattr++, KMF_DIRPATH_ATTR,
- nssdir, strlen(nssdir));
- /*
- * Configure handle for NSS use.
- */
- rv = kmf_configure_keystore(*outhandle, numattr, attrlist);
- numattr = 0;
- if (rv != KMF_OK && rv != KMF_KEYSTORE_ALREADY_INITIALIZED) {
- jnl_printf("kmf_configure_keystore (nss) failed "
- "with %s", kmf_rvtostr(rv));
- jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- ret = 1;
- goto out;
- }
- oldcred.cred = DEFAULT_PASSWORD;
- oldcred.credlen = strlen(oldcred.cred);
- kstype = KMF_KEYSTORE_NSS;
- numattr = set_setpin_params(attrlist, &kstype,
- DEFAULT_NSSLABEL, &oldcred);
- kmf_set_attr_at_index(attrlist, numattr, KMF_NEWPIN_ATTR,
- &newpin, sizeof (newpin));
- numattr++;
- rv = kmf_set_token_pin(*outhandle, numattr, attrlist);
- if (rv != KMF_OK) {
- (void) jnl_printf("Error initializing NSS token pin: %s\n",
- kmf_rvtostr(rv));
- }
- free(newpin.cred);
- out:
- return (ret);
- }
- /*
- *
- * Name: kmf_test_finalize
- *
- * Description:
- * Invoke kmf_finalize to finalize KMF API tests
- *
- * Parameter:
- * handle(input): KMF handle
- *
- */
- void
- kmf_test_finalize(KMF_HANDLE_T handle)
- {
- KMF_RETURN rv;
- char syscmd[2048];
- if ((rv = kmf_finalize(handle)) != KMF_OK) {
- (void) jnl_printf("Warning: kmf_finalize failed with %s\n",
- kmf_rvtostr(rv));
- }
- /* cleanup NSS databases so the next test is clean */
- (void) unlink("cert8.db");
- (void) unlink("key3.db");
- (void) unlink("secmod.db");
- (void) unlink("prikey.der");
- /* cleanup the temporary softtoken directory */
- if (getenv("SOFTTOKEN_DIR")) {
- (void) snprintf(syscmd, sizeof (syscmd), "/bin/rm -rf %s",
- getenv("SOFTTOKEN_DIR"));
- (void) system(syscmd);
- }
- if (softtoken_dir)
- free(softtoken_dir);
- softtoken_dir = NULL;
- }
- int
- test_malloc(const char *p)
- {
- char *tmp = NULL;
- tmp = strdup(p);
- if (tmp == NULL) {
- (void) jnl_printf("Malloc failed");
- return (0);
- } else {
- free(tmp);
- return (1);
- }
- }
- /*
- * Name: set_createkeypair_params
- *
- * Description:
- * Set KMF_CREATEKEYPAIR_PARAMS
- *
- * Parameter:
- * params: parameter to be set
- * kstype: keystore type
- * keytype: key type
- * keylength: key length
- * password: password for keystore
- *
- * Returns:
- * 1: failed
- * 0: succussful
- *
- */
- int
- set_createkeypair_params(KMF_CREATEKEYPAIR_PARAMS *params,
- KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
- char *password)
- {
- int ret = 0;
- if (params == NULL) {
- ret = 1;
- goto out;
- }
- (void) memset(params, 0, sizeof (KMF_CREATEKEYPAIR_PARAMS));
- params->kstype = kstype;
- params->keytype = keytype;
- params->keylength = keylength;
- params->keylabel = strdup(KMF_KEY_PAIR);
- if (params->keylabel == NULL) {
- ret = 1;
- goto out;
- }
- params->cred.cred = password;
- if (password)
- params->cred.credlen = strlen(password);
- else
- params->cred.credlen = 0;
- if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
- params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
- if (params->nssparms.slotlabel == NULL) {
- ret = 1;
- goto out;
- }
- } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
- params->sslparms.dirpath = strdup(SSL_DIR_PATH);
- if (params->sslparms.dirpath == NULL) {
- ret = 1;
- goto out;
- }
- params->sslparms.keyfile = strdup(SSL_KEY_FILE);
- if (params->sslparms.keyfile == NULL) {
- ret = 1;
- goto out;
- }
- params->sslparms.format = KMF_FORMAT_ASN1;
- }
- params->rsa_exponent.len = 0;
- out:
- if (ret) {
- (void) jnl_printf("set_createkeypair_params failed\n");
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- free_createkeypair_params(params);
- }
- return (ret);
- }
- /*
- * Name: free_createkeypair_params
- *
- * Description:
- * Free heap memory used by KMF_CREATEKEYPAIR_PARAMS
- *
- * Parameter:
- * params: parameter to be freed
- *
- */
- void
- free_createkeypair_params(KMF_CREATEKEYPAIR_PARAMS *params)
- {
- if (params == NULL)
- return;
- if (params->keylabel != NULL)
- free(params->keylabel);
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL)
- free(params->nssparms.slotlabel);
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL)
- free(params->sslparms.dirpath);
- if (params->sslparms.keyfile != NULL)
- free(params->sslparms.keyfile);
- }
- }
- int
- set_createkeypair_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
- KMF_CREATEKEYPAIR_PARAMS *params,
- KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey)
- {
- int ret = 0;
- int i = 0;
- if (NULL != privKey) {
- kmf_set_attr_at_index(attlist, i,
- KMF_PRIVKEY_HANDLE_ATTR,
- privKey, sizeof (KMF_KEY_HANDLE));
- i++;
- }
- if (NULL != pubKey) {
- kmf_set_attr_at_index(attlist, i, KMF_PUBKEY_HANDLE_ATTR,
- pubKey, sizeof (KMF_KEY_HANDLE));
- i++;
- }
- if (NULL != params) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, ¶ms->kstype,
- sizeof (params->kstype));
- i++;
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYALG_ATTR, ¶ms->keytype,
- sizeof (params->keytype));
- i++;
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYLENGTH_ATTR, ¶ms->keylength,
- sizeof (params->keylength));
- i++;
- if (params->keylabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYLABEL_ATTR, params->keylabel,
- strlen(params->keylabel));
- i++;
- }
- if (params->cred.credlen > 0) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CREDENTIAL_ATTR, ¶ms->cred,
- sizeof (KMF_CREDENTIAL));
- i++;
- }
- if (params->rsa_exponent.len > 0) {
- kmf_set_attr_at_index(attlist, i,
- KMF_RSAEXP_ATTR, ¶ms->rsa_exponent,
- sizeof (KMF_BIGINT));
- i++;
- }
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- if (params->sslparms.keyfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEY_FILENAME_ATTR,
- params->sslparms.keyfile,
- strlen(params->sslparms.keyfile));
- i++;
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_ENCODE_FORMAT_ATTR,
- ¶ms->sslparms.format,
- sizeof (params->sslparms.format));
- i++;
- }
- }
- *attnum = i;
- return (ret);
- }
- int
- create_keypair(KMF_HANDLE_T handle,
- KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
- KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
- char *password)
- {
- int ret = 0;
- KMF_RETURN rv;
- KMF_CREATEKEYPAIR_PARAMS params;
- KMF_ATTRIBUTE attlist[32];
- int numattr;
- if (handle == NULL || privKey == NULL || pubKey == NULL) {
- ret = 1;
- goto out;
- }
- if ((ret = set_createkeypair_params(¶ms, kstype, keytype,
- keylength, password)))
- return (ret);
- if ((ret = set_createkeypair_attrs(attlist, &numattr, ¶ms,
- privKey, pubKey)))
- goto out;
- rv = kmf_create_keypair(handle, numattr, attlist);
- if (rv != KMF_OK) {
- (void) jnl_printf("kmf_create_keypair failed with %s\n",
- kmf_rvtostr(rv));
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- ret = 2;
- goto out;
- }
- out:
- free_createkeypair_params(¶ms);
- return (ret);
- }
- int
- testcall(KMF_RETURN kmf_ret, char *func)
- {
- if (kmf_ret != KMF_OK) {
- (void) jnl_printf("%s failed with %s\n", func,
- kmf_rvtostr(kmf_ret));
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- return (1);
- }
- return (0);
- }
- static int
- build_x509_nokeyusage_cert(KMF_HANDLE_T kmfhandle,
- KMF_X509_CERTIFICATE *cert,
- uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
- {
- KMF_BIGINT SerialNumber;
- KMF_X509_NAME *issuer_name_ptr = NULL;
- KMF_X509_NAME *subject_name_ptr = NULL;
- char *subject_name_string = "C=CH, O=Sun, CN=hua.tang@sun.com";
- char *issuer_name_string = "C=CH, O=Sun, CN=hua.tang@sun.com";
- KMF_X509_NAME cert_issuer_name, cert_subject_name;
- KMF_GENERALNAMECHOICES nametype = GENNAME_RFC822NAME;
- char *namedata = "hua.tang@sun.com";
- (void) memset(cert, 0, sizeof (KMF_X509_CERTIFICATE));
- if (testcall(kmf_set_cert_version(cert, 2), "KMF_SetCertVersion"))
- goto fail_out;
- if (testcall(kmf_set_cert_validity(cert, NULL, 3650*24*60*60),
- "KMF_SetCertValidityTimes"))
- goto fail_out;
- SerialNumber.val = sernum;
- SerialNumber.len = numlen;
- if (testcall(kmf_set_cert_serial(cert, &SerialNumber),
- "KMF_SetCertSerialNumber"))
- goto fail_out;
- if (testcall(kmf_dn_parser(issuer_name_string, &cert_issuer_name),
- "KMF_DNParser"))
- goto fail_out;
- issuer_name_ptr = &cert_issuer_name;
- if (testcall(kmf_set_cert_issuer(cert, issuer_name_ptr),
- "KMF_SetCertIssuerName"))
- goto fail_out;
- if (testcall(kmf_dn_parser(subject_name_string, &cert_subject_name),
- "KMF_DNParser"))
- goto fail_out;
- subject_name_ptr = &cert_subject_name;
- if (testcall(kmf_set_cert_subject(cert, subject_name_ptr),
- "KMF_SetCertSubjectName"))
- goto fail_out;
- if (testcall(kmf_set_cert_pubkey(kmfhandle, key, cert),
- "KMF_SetCertPubKey"))
- goto fail_out;
- if (testcall(kmf_set_cert_sig_alg(cert,
- KMF_ALGID_MD5WithRSA), "KMF_SetCertSignatureAlgorithm"))
- goto fail_out;
- return (0);
- fail_out:
- return (1);
- }
- int
- build_x509_cert(KMF_HANDLE_T kmfhandle, KMF_X509_CERTIFICATE *cert,
- uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
- {
- KMF_GENERALNAMECHOICES nametype = GENNAME_RFC822NAME;
- char *namedata = "hua.tang@sun.com";
- KMF_X509EXT_BASICCONSTRAINTS bc;
- if (build_x509_nokeyusage_cert(kmfhandle, cert, sernum, numlen, key))
- goto fail_out;
- bc.cA = B_TRUE;
- bc.pathLenConstraintPresent = B_FALSE;
- if (testcall(kmf_set_cert_basic_constraint(cert, B_TRUE, &bc),
- "KMF_SetCertBasicConstraintExt"))
- goto fail_out;
- if (testcall(kmf_set_cert_subject_altname(cert, 1, nametype, namedata),
- "KMF_SetCertSubjectAltName"))
- goto fail_out;
- if (testcall(kmf_set_cert_issuer_altname(cert, 1, nametype, namedata),
- "KMF_SetCertIssuerAltName"))
- goto fail_out;
- if (testcall(kmf_add_cert_eku(cert,
- (KMF_OID *)&KMFOID_PKIX_KP_ServerAuth, 1), "KMF_AddCertEKU"))
- goto fail_out;
- if (testcall(kmf_set_cert_ku(cert, 0,
- (KMF_dataEncipherment | KMF_digitalSignature | KMF_keyCertSign)),
- "KMF_SetCertKeyUsage"))
- goto fail_out;
- return (0);
- fail_out:
- return (1);
- }
- /* no extension, no keysuage */
- int
- build_x509_base_cert(KMF_HANDLE_T kmfhandle, KMF_X509_CERTIFICATE *cert,
- uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
- {
- if (build_x509_nokeyusage_cert(kmfhandle, cert, sernum, numlen, key))
- goto fail_out;
- if (testcall(kmf_set_cert_ku(cert, 0,
- KMF_keyAgreement), "KMF_SetCertKeyUsage"))
- goto fail_out;
- return (0);
- fail_out:
- return (1);
- }
- int
- sign_cert_record(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key,
- KMF_X509_CERTIFICATE *cert, KMF_DATA *signedCertData)
- {
- int i = 0;
- KMF_ATTRIBUTE attrlist[8];
- kmf_set_attr_at_index(attrlist, i, KMF_KEYSTORE_TYPE_ATTR,
- &key->kstype, sizeof (KMF_KEYSTORE_TYPE));
- i++;
- kmf_set_attr_at_index(attrlist, i, KMF_KEY_HANDLE_ATTR,
- key, sizeof (KMF_KEY_HANDLE));
- i++;
- kmf_set_attr_at_index(attrlist, i, KMF_X509_CERTIFICATE_ATTR,
- cert, sizeof (KMF_X509_CERTIFICATE));
- i++;
- kmf_set_attr_at_index(attrlist, i, KMF_CERT_DATA_ATTR,
- signedCertData, sizeof (KMF_DATA));
- i++;
- if (testcall(kmf_sign_cert(handle, i, attrlist), "kmf_sign_cert"))
- return (1);
- return (0);
- }
- int
- sign_cert_with_key(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
- KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
- KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
- char *password, KMF_X509_CERTIFICATE *cert,
- uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
- {
- int ret = 0;
- if (create_keypair(kmfhandle, privKey, pubKey,
- kstype, keytype, keylength, password)) {
- ret = 1;
- goto out;
- }
- if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
- ret = 2;
- goto out;
- }
- if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
- ret = 3;
- }
- out:
- return (ret);
- }
- int
- create_signed_cert(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
- KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
- KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
- char *password, KMF_X509_CERTIFICATE *cert,
- uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
- {
- int ret = 0;
- if (create_keypair(kmfhandle, privKey, pubKey,
- kstype, keytype, keylength, password)) {
- ret = 1;
- goto out;
- }
- if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
- ret = 2;
- goto out;
- }
- if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
- ret = 3;
- goto out;
- }
- out:
- return (ret);
- }
- int
- encode_cert_record(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
- KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
- KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
- char *password, KMF_X509_CERTIFICATE *cert,
- uchar_t *sernum, uint32_t numlen, KMF_DATA *encodeCert)
- {
- int ret = 0;
- if (create_keypair(kmfhandle, privKey, pubKey,
- kstype, keytype, keylength, password)) {
- ret = 1;
- goto out;
- }
- if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
- ret = 2;
- goto out;
- }
- if (kmf_encode_cert_record(cert, encodeCert) != KMF_OK) {
- ret = 3;
- goto out;
- }
- out:
- return (ret);
- }
- /*
- * Name: set_cryptowithcert_params
- *
- * Description:
- * Set KMF_CRYPTOWITHCERT_PARAMS
- *
- * Parameter:
- * params: parameter to be set
- * kstype: keystore type
- * format: key format
- * password: password for keystore
- *
- * Returns:
- * 1: failed
- * 0: succussful
- *
- */
- int
- set_cryptowithcert_params(KMF_CRYPTOWITHCERT_PARAMS *params,
- KMF_KEYSTORE_TYPE kstype, KMF_ENCODE_FORMAT format, char *password)
- {
- int ret = 0;
- if (params == NULL) {
- ret = 1;
- goto out;
- }
- (void) memset(params, 0, sizeof (KMF_CRYPTOWITHCERT_PARAMS));
- params->kstype = kstype;
- params->format = format;
- params->certLabel = strdup(KMF_CERT_LABEL);
- if (params->certLabel == NULL) {
- ret = 1;
- goto out;
- }
- params->cred.cred = password;
- if (password)
- params->cred.credlen = strlen(password);
- else
- params->cred.credlen = 0;
- if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
- params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
- if (params->nssparms.slotlabel == NULL) {
- ret = 1;
- goto out;
- }
- } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
- params->sslparms.dirpath = strdup(SSL_DIR_PATH);
- if (params->sslparms.dirpath == NULL) {
- ret = 1;
- goto out;
- }
- params->sslparms.keyfile = strdup(SSL_KEY_FILE);
- if (params->sslparms.keyfile == NULL) {
- ret = 1;
- goto out;
- }
- params->sslparms.format = KMF_FORMAT_ASN1;
- }
- out:
- if (ret) {
- (void) jnl_printf("set_cryptowithcert_params failed\n");
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- free_cryptowithcert_params(params);
- }
- return (ret);
- }
- /*
- * Name: free_cryptowithcert_params
- *
- * Description:
- * Free heap memory used by KMF_CRYPTOWITHCERT_PARAMS
- *
- * Parameter:
- * params: parameter to be freed
- *
- */
- void
- free_cryptowithcert_params(KMF_CRYPTOWITHCERT_PARAMS *params)
- {
- if (params == NULL)
- return;
- if (params->certLabel != NULL)
- free(params->certLabel);
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL)
- free(params->nssparms.slotlabel);
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL)
- free(params->sslparms.dirpath);
- if (params->sslparms.keyfile != NULL)
- free(params->sslparms.keyfile);
- }
- }
- int
- set_cryptowithcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
- KMF_CRYPTOWITHCERT_PARAMS *params, KMF_DATA *cert,
- KMF_DATA *plaintext, KMF_DATA *ciphertext)
- {
- int i = 0;
- int ret = 0;
- if (cert) {
- kmf_set_attr_at_index(attlist, i, KMF_CERT_DATA_ATTR,
- cert, sizeof (KMF_DATA));
- i++;
- }
- if (plaintext) {
- kmf_set_attr_at_index(attlist, i, KMF_PLAINTEXT_DATA_ATTR,
- plaintext, sizeof (KMF_DATA));
- i++;
- }
- if (ciphertext) {
- kmf_set_attr_at_index(attlist, i, KMF_CIPHERTEXT_DATA_ATTR,
- ciphertext, sizeof (KMF_DATA));
- i++;
- }
- if (NULL == params) {
- *attnum = i;
- return (ret);
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, ¶ms->kstype,
- sizeof (params->kstype));
- i++;
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
- params->certLabel, strlen(params->certLabel));
- i++;
- }
- kmf_set_attr_at_index(attlist, i, KMF_ENCODE_FORMAT_ATTR,
- ¶ms->format, sizeof (KMF_ENCODE_FORMAT));
- i++;
- kmf_set_attr_at_index(attlist, i, KMF_CREDENTIAL_ATTR,
- ¶ms->cred, sizeof (KMF_CREDENTIAL));
- i++;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- if (params->sslparms.keyfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEY_FILENAME_ATTR,
- params->sslparms.keyfile,
- strlen(params->sslparms.keyfile));
- i++;
- }
- kmf_set_attr_at_index(attlist, i, KMF_ENCODE_FORMAT_ATTR,
- ¶ms->sslparms.format,
- sizeof (params->sslparms.format));
- i++;
- }
- *attnum = i;
- return (ret);
- }
- int
- create_base_signed_cert(KMF_HANDLE_T kmfhandle,
- KMF_CREATEKEYPAIR_PARAMS *params,
- KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
- KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
- char *password, KMF_X509_CERTIFICATE *cert,
- uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
- {
- int ret = 0;
- if (create_keypair(kmfhandle, privKey, pubKey,
- kstype, keytype, keylength, password)) {
- ret = 1;
- goto out;
- }
- if (build_x509_base_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
- ret = 2;
- goto out;
- }
- if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
- ret = 3;
- goto out;
- }
- out:
- return (ret);
- }
- /*
- * Name: set_storecert_params
- *
- * Description:
- * Set KMF_STORECERT_PARAMS
- *
- * Parameter:
- * params: parameter to be set
- * kstype: keystore type
- * certlabel: cert label
- * keyfile: ssl private key file
- * certfile: ssl cert file name
- *
- * Returns:
- * 1: failed
- * 0: succussful
- *
- */
- int
- set_storecert_params(KMF_STORECERT_PARAMS *params,
- KMF_KEYSTORE_TYPE kstype,
- char *certlabel, char *keyfile, char *certfile)
- {
- int ret = 0;
- if (params == NULL) {
- ret = 1;
- goto out;
- }
- (void) memset(params, 0, sizeof (KMF_STORECERT_PARAMS));
- params->kstype = kstype;
- params->certLabel = certlabel;
- if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
- params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
- if (params->nssparms.slotlabel == NULL) {
- ret = 1;
- goto out;
- }
- params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
- if (params->nssparms.trustflag == NULL) {
- ret = 1;
- goto out;
- }
- } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
- params->sslparms.dirpath = strdup(SSL_DIR_PATH);
- if (params->sslparms.dirpath == NULL) {
- ret = 1;
- goto out;
- }
- params->sslparms.keyfile = keyfile;
- params->sslparms.certfile = certfile;
- params->sslparms.format = KMF_FORMAT_ASN1;
- }
- out:
- if (ret) {
- (void) jnl_printf("set_storecert_params failed\n");
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- free_storecert_params(params);
- }
- return (ret);
- }
- /*
- * Name: free_storecert_params
- *
- * Description:
- * Free heap memory used by KMF_STORECERT_PARAMS
- *
- * Parameter:
- * params: parameter to be freed
- *
- */
- void
- free_storecert_params(KMF_STORECERT_PARAMS *params)
- {
- if (params == NULL)
- return;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL)
- free(params->nssparms.slotlabel);
- if (params->nssparms.trustflag != NULL)
- free(params->nssparms.trustflag);
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL)
- free(params->sslparms.dirpath);
- }
- }
- int
- set_storecert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
- KMF_STORECERT_PARAMS *params, KMF_DATA *pcert)
- {
- int i = 0;
- int ret = 0;
- if (NULL != pcert) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_DATA_ATTR, pcert, sizeof (KMF_DATA));
- i++;
- }
- if (NULL != params) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, ¶ms->kstype,
- sizeof (params->kstype));
- i++;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_LABEL_ATTR, params->certLabel,
- strlen(params->certLabel));
- i++;
- }
- if (params->nssparms.trustflag != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TRUSTFLAG_ATTR,
- params->nssparms.trustflag,
- strlen(params->nssparms.trustflag));
- i++;
- }
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- /* certfile is a required attribute for OpenSSL */
- if (params->sslparms.certfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_FILENAME_ATTR,
- params->sslparms.certfile,
- strlen(params->sslparms.certfile));
- i++;
- } else {
- return (KMF_ERR_BAD_PARAMETER);
- }
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_ENCODE_FORMAT_ATTR,
- ¶ms->sslparms.format,
- sizeof (params->sslparms.format));
- i++;
- } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_LABEL_ATTR, params->certLabel,
- strlen(params->certLabel));
- i++;
- }
- }
- }
- *attnum = i;
- return (ret);
- }
- /*
- * Name: set_importcert_params
- *
- * Description:
- * Set KMF_IMPORTCERT_PARAMS
- *
- * Parameter:
- * params: parameter to be set
- * kstype: keystore type
- * certlabel: cert label
- * certfile: cert file name to be imported
- *
- * Returns:
- * 1: failed
- * 0: succussful
- *
- */
- int
- set_importcert_params(KMF_IMPORTCERT_PARAMS *params,
- KMF_KEYSTORE_TYPE kstype, char *certlabel, char *certfile)
- {
- int ret = 0;
- if (params == NULL) {
- ret = 1;
- goto out;
- }
- (void) memset(params, 0, sizeof (KMF_IMPORTCERT_PARAMS));
- params->kstype = kstype;
- params->certLabel = certlabel;
- params->certfile = certfile;
- if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
- params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
- if (params->nssparms.slotlabel == NULL) {
- ret = 1;
- goto out;
- }
- params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
- if (params->nssparms.trustflag == NULL) {
- ret = 1;
- goto out;
- }
- }
- out:
- if (ret) {
- (void) jnl_printf("set_importcert_params failed\n");
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- free_importcert_params(params);
- }
- return (ret);
- }
- /*
- * Name: free_importcert_params
- *
- * Description:
- * Free heap memory used by KMF_IMPORTCERT_PARAMS
- *
- * Parameter:
- * params: parameter to be freed
- *
- */
- void
- free_importcert_params(KMF_IMPORTCERT_PARAMS *params)
- {
- if (params == NULL)
- return;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL)
- free(params->nssparms.slotlabel);
- if (params->nssparms.trustflag != NULL)
- free(params->nssparms.trustflag);
- }
- }
- int
- set_importcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
- KMF_IMPORTCERT_PARAMS *params)
- {
- int i = 0;
- int ret = 0;
- if (NULL == params) {
- *attnum = i;
- return (ret);
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, ¶ms->kstype, sizeof (params->kstype));
- i++;
- kmf_set_attr_at_index(attlist, i, KMF_CERT_FILENAME_ATTR,
- params->certfile, sizeof (params->certfile));
- i++;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
- params->certLabel, strlen(params->certLabel));
- i++;
- }
- if (params->nssparms.trustflag != NULL) {
- kmf_set_attr_at_index(attlist, i, KMF_TRUSTFLAG_ATTR,
- params->nssparms.trustflag,
- strlen(params->nssparms.trustflag));
- i++;
- }
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
- params->certLabel, strlen(params->certLabel));
- i++;
- }
- }
- *attnum = i;
- return (ret);
- }
- /*
- * Name: set_exportp12_params
- *
- * Description:
- * Set KMF_EXPORTP12_PARAMS
- *
- * Parameter:
- * params: parameter to be set
- * kstype: keystore type
- * certlabel: cert label
- * issuer: issuer name
- * subject: cert subject
- * idstr: id string
- * serial: serial number
- * token_password: password for keystore
- * export_password: export password for keystore
- * keyfile: ssl key file name
- * certfile: ssl cert file name
- * format: ssl cert encode format
- *
- * Returns:
- * 1: failed
- * 0: succussful
- *
- */
- int
- set_exportp12_params(KMF_EXPORTP12_PARAMS *params,
- KMF_KEYSTORE_TYPE kstype, char *certlabel, char *issuer,
- char *subject, char *idstr, KMF_BIGINT *serial,
- char *token_password, char *export_password,
- char *keyfile, char *certfile, KMF_ENCODE_FORMAT format)
- {
- int ret = 0;
- if (params == NULL) {
- ret = 1;
- goto out;
- }
- (void) memset(params, 0, sizeof (KMF_EXPORTP12_PARAMS));
- params->kstype = kstype;
- params->certLabel = certlabel;
- params->issuer = issuer;
- params->subject = subject;
- params->idstr = idstr;
- params->serial = serial;
- params->cred.cred = token_password;
- params->p12cred.cred = export_password;
- if (token_password)
- params->cred.credlen = strlen(token_password);
- else
- params->cred.credlen = 0;
- if (export_password)
- params->p12cred.credlen = strlen(export_password);
- else
- params->p12cred.credlen = 0;
- if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
- params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
- if (params->nssparms.slotlabel == NULL) {
- ret = 1;
- goto out;
- }
- params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
- if (params->nssparms.trustflag == NULL) {
- ret = 1;
- goto out;
- }
- } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
- params->sslparms.dirpath = strdup(SSL_DIR_PATH);
- if (params->sslparms.dirpath == NULL) {
- ret = 1;
- goto out;
- }
- params->sslparms.keyfile = keyfile;
- params->sslparms.certfile = certfile;
- params->sslparms.format = format;
- }
- out:
- if (ret) {
- (void) jnl_printf("set_exportp12_params failed\n");
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- free_exportp12_params(params);
- }
- return (ret);
- }
- /*
- * Name: free_exportp12_params
- *
- * Description:
- * Free heap memory used by KMF_EXPORTP12_PARAMS
- *
- * Parameter:
- * params: parameter to be freed
- *
- */
- void
- free_exportp12_params(KMF_EXPORTP12_PARAMS *params)
- {
- if (params == NULL)
- return;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL)
- free(params->nssparms.slotlabel);
- if (params->nssparms.trustflag != NULL)
- free(params->nssparms.trustflag);
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL)
- free(params->sslparms.dirpath);
- }
- }
- int
- set_exportp12_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
- KMF_EXPORTP12_PARAMS *params, char *filename)
- {
- int i = 0;
- int ret = 0;
- if (NULL != filename) {
- kmf_set_attr_at_index(attlist, i,
- KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
- i++;
- }
- if (NULL == params) {
- *attnum = i;
- return (ret);
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, ¶ms->kstype, sizeof (params->kstype));
- i++;
- kmf_set_attr_at_index(attlist, i,
- KMF_PK12CRED_ATTR, ¶ms->p12cred, sizeof (KMF_CREDENTIAL));
- i++;
- if (params->kstype == KMF_KEYSTORE_NSS ||
- params->kstype == KMF_KEYSTORE_PK11TOKEN) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_LABEL_ATTR, params->certLabel,
- strlen(params->certLabel));
- i++;
- }
- if (params->issuer != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_ISSUER_NAME_ATTR, params->issuer,
- strlen(params->issuer));
- i++;
- }
- if (params->subject != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_SUBJECT_NAME_ATTR, params->subject,
- strlen(params->subject));
- i++;
- }
- if (params->serial != NULL) {
- kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
- params->serial, sizeof (KMF_BIGINT));
- i++;
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_CREDENTIAL_ATTR, ¶ms->cred,
- sizeof (KMF_CREDENTIAL));
- i++;
- }
- if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- if (params->sslparms.certfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_FILENAME_ATTR,
- params->sslparms.certfile,
- strlen(params->sslparms.certfile));
- i++;
- }
- if (params->sslparms.keyfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEY_FILENAME_ATTR,
- params->sslparms.keyfile,
- strlen(params->sslparms.keyfile));
- i++;
- }
- }
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- }
- *attnum = i;
- return (ret);
- }
- /*
- * Name: set_findcert_params
- *
- * Description:
- * Set KMF_FINDCERT_PARAMS
- *
- * Parameter:
- * params: parameter to be set
- * kstype: keystore type
- * certlabel: cert label
- * issuer: issuer name
- * subject: cert subject
- * idstr: id string
- * serial: serial number
- * validity: cert validity method
- * keyfile: ssl key file name
- * certfile: ssl cert file name
- * format: ssl cert encode format
- *
- * Returns:
- * 1: failed
- * 0: succussful
- *
- */
- int
- set_findcert_params(KMF_FINDCERT_PARAMS *params,
- KMF_KEYSTORE_TYPE kstype, char *certlabel, char *issuer,
- char *subject, char *idstr, KMF_BIGINT *serial,
- KMF_CERT_VALIDITY validity,
- char *keyfile, char *certfile, KMF_ENCODE_FORMAT format)
- {
- int ret = 0;
- if (params == NULL) {
- ret = 1;
- goto out;
- }
- (void) memset(params, 0, sizeof (KMF_FINDCERT_PARAMS));
- params->kstype = kstype;
- params->certLabel = certlabel;
- params->issuer = issuer;
- params->subject = subject;
- params->idstr = idstr;
- params->serial = serial;
- params->find_cert_validity = validity;
- if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
- params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
- if (params->nssparms.slotlabel == NULL) {
- ret = 1;
- goto out;
- }
- params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
- if (params->nssparms.trustflag == NULL) {
- ret = 1;
- goto out;
- }
- } else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
- params->sslparms.dirpath = strdup(SSL_DIR_PATH);
- if (params->sslparms.dirpath == NULL) {
- ret = 1;
- goto out;
- }
- params->sslparms.keyfile = keyfile;
- params->sslparms.certfile = certfile;
- params->sslparms.format = format;
- } else if (kstype == KMF_KEYSTORE_PK11TOKEN) { /* pkcs11 */
- params->pkcs11parms.private = B_TRUE;
- }
- out:
- if (ret) {
- (void) jnl_printf("set_findcert_params failed\n");
- (void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
- free_findcert_params(params);
- }
- return (ret);
- }
- /*
- * Name: free_findcert_params
- *
- * Description:
- * Free heap memory used by KMF_FINDCERT_PARAMS
- *
- * Parameter:
- * params: parameter to be freed
- *
- */
- void
- free_findcert_params(KMF_FINDCERT_PARAMS *params)
- {
- if (params == NULL)
- return;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL)
- free(params->nssparms.slotlabel);
- if (params->nssparms.trustflag != NULL)
- free(params->nssparms.trustflag);
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL)
- free(params->sslparms.dirpath);
- }
- }
- int
- set_findcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
- KMF_FINDCERT_PARAMS *params, KMF_X509_DER_CERT *kmf_cert,
- uint32_t *numcerts)
- {
- int i = 0;
- int ret = 0;
- if (NULL != numcerts) {
- kmf_set_attr_at_index(attlist, i,
- KMF_COUNT_ATTR, numcerts, sizeof (uint32_t));
- i++;
- }
- if (kmf_cert != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_X509_DER_CERT_ATTR, kmf_cert,
- sizeof (KMF_X509_DER_CERT));
- i++;
- }
- if (NULL != params) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, ¶ms->kstype,
- sizeof (params->kstype));
- i++;
- /* Set the optional searching attributes for all 3 plugins */
- if (params->issuer != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_ISSUER_NAME_ATTR,
- params->issuer, strlen(params->issuer));
- i++;
- }
- if (params->subject != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_SUBJECT_NAME_ATTR,
- params->subject, strlen(params->subject));
- i++;
- }
- if (params->serial != NULL) {
- kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
- params->serial, sizeof (KMF_BIGINT));
- i++;
- }
- kmf_set_attr_at_index(attlist, i, KMF_CERT_VALIDITY_ATTR,
- ¶ms->find_cert_validity, sizeof (KMF_CERT_VALIDITY));
- i++;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_LABEL_ATTR,
- params->certLabel,
- strlen(params->certLabel));
- i++;
- }
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.certfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_FILENAME_ATTR,
- params->sslparms.certfile,
- strlen(params->sslparms.certfile));
- i++;
- }
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_LABEL_ATTR,
- params->certLabel,
- strlen(params->certLabel));
- i++;
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_PRIVATE_BOOL_ATTR,
- ¶ms->pkcs11parms.private,
- sizeof (params->pkcs11parms.private));
- i++;
- }
- }
- *attnum = i;
- return (ret);
- }
- int set_deletecert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
- KMF_DELETECERT_PARAMS *params)
- {
- int i = 0;
- int ret = 0;
- if (NULL != params) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, ¶ms->kstype,
- sizeof (params->kstype));
- i++;
- /* Set the optional searching attributes for all 3 plugins */
- if (params->issuer != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_ISSUER_NAME_ATTR,
- params->issuer, strlen(params->issuer));
- i++;
- }
- if (params->subject != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_SUBJECT_NAME_ATTR,
- params->subject, strlen(params->subject));
- i++;
- }
- if (params->serial != NULL) {
- kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
- params->serial, sizeof (KMF_BIGINT));
- i++;
- }
- kmf_set_attr_at_index(attlist, i, KMF_CERT_VALIDITY_ATTR,
- ¶ms->find_cert_validity, sizeof (KMF_CERT_VALIDITY));
- i++;
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->certLabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_LABEL_ATTR,
- params->certLabel,
- strlen(params->certLabel));
- i++;
- }
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.certfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERT_FILENAME_ATTR,
- params->sslparms.certfile,
- strlen(params->sslparms.certfile));
- i++;
- }
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- } else if (params->kstype…
Large files files are truncated, but you can click here to view the full file