PageRenderTime 68ms CodeModel.GetById 23ms RepoModel.GetById 1ms app.codeStats 0ms

/usr/src/suites/security/kmf/lib/libkmf_test_util.c

https://bitbucket.org/illumos/illumos-stc
C | 3916 lines | 2903 code | 439 blank | 574 comment | 784 complexity | 09c9f60ae64fecbc321af5c5a0a72e9e MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception 
    

  1. /*
    2. 

  2.  * CDDL HEADER START
    3. 

  3.  *
    4. 

  4.  * The contents of this file are subject to the terms of the
    5. 

  5.  * Common Development and Distribution License (the "License").
    6. 

  6.  * You may not use this file except in compliance with the License.
    7. 

  7.  *
    8. 

  8.  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
    9. 

  9.  * or http://www.opensolaris.org/os/licensing.
    10. 

  10.  * See the License for the specific language governing permissions
    11. 

  11.  * and limitations under the License.
    12. 

  12.  *
    13. 

  13.  * When distributing Covered Code, include this CDDL HEADER in each
    14. 

  14.  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
    15. 

  15.  * If applicable, add the following below this CDDL HEADER, with the
    16. 

  16.  * fields enclosed by brackets "[]" replaced with your own identifying
    17. 

  17.  * information: Portions Copyright [yyyy] [name of copyright owner]
    18. 

  18.  *
    19. 

  19.  * CDDL HEADER END
    20. 

  20.  */
    21. 

  21. 

  22. /*
    23. 

  23.  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
    24. 

  24.  * Use is subject to license terms.
    25. 

  25.  */
    26. 

  26. 

  27. #include <stdio.h>
    28. 

  28. #include "kmf_test_util.h"
    29. 

  29. #include <unistd.h>
    30. 

  30. #include <sys/stat.h>
    31. 

  31. #include <fcntl.h>
    32. 

  32. #include <string.h>
    33. 

  33. #include <errno.h>
    34. 

  34. 

  35. extern int errno;
    36. 

  36. 

  37. static char *softtoken_dir = NULL;
    38. 

  38. 

  39. /*
    40. 

  40.  *
    41. 

  41.  * Name: kmf_rvtostr
    42. 

  42.  *
    43. 

  43.  * Description:
    44. 

  44.  * 	convert KMF API return codes to readable string
    45. 

  45.  *
    46. 

  46.  * Parameter:
    47. 

  47.  * 	type(input): KMF API return code
    48. 

  48.  *
    49. 

  49.  * Return:
    50. 

  50.  * 	readable string
    51. 

  51.  *
    52. 

  52.  */
    53. 

  53. char *
    54. 

  54. kmf_rvtostr(KMF_RETURN type)
    55. 

  55. {
    56. 

  56. 	static char primbuf[80];
    57. 

  57. 

  58. 	switch (type) {
    59. 

  59. 	case KMF_OK:
    60. 

  60. 		return ("KMF_OK");
    61. 

  61. 	case KMF_ERR_BAD_PARAMETER:
    62. 

  62. 		return ("KMF_ERR_BAD_PARAMETER");
    63. 

  63. 	case KMF_ERR_BAD_KEY_FORMAT:
    64. 

  64. 		return ("KMF_ERR_BAD_KEY_FORMAT");
    65. 

  65. 	case KMF_ERR_BAD_ALGORITHM:
    66. 

  66. 		return ("KMF_ERR_BAD_ALGORITHM");
    67. 

  67. 	case KMF_ERR_MEMORY:
    68. 

  68. 		return ("KMF_ERR_MEMORY");
    69. 

  69. 	case KMF_ERR_ENCODING:
    70. 

  70. 		return ("KMF_ERR_ENCODING");
    71. 

  71. 	case KMF_ERR_PLUGIN_INIT:
    72. 

  72. 		return ("KMF_ERR_PLUGIN_INIT");
    73. 

  73. 	case KMF_ERR_PLUGIN_NOTFOUND:
    74. 

  74. 		return ("KMF_ERR_PLUGIN_NOTFOUND");
    75. 

  75. 	case KMF_ERR_INTERNAL:
    76. 

  76. 		return ("KMF_ERR_INTERNAL");
    77. 

  77. 	case KMF_ERR_BAD_CERT_FORMAT:
    78. 

  78. 		return ("KMF_ERR_BAD_CERT_FORMAT");
    79. 

  79. 	case KMF_ERR_KEYGEN_FAILED:
    80. 

  80. 		return ("KMF_ERR_KEYGEN_FAILED");
    81. 

  81. 	case KMF_ERR_UNINITIALIZED:
    82. 

  82. 		return ("KMF_ERR_UNINITIALIZED");
    83. 

  83. 	case KMF_ERR_ISSUER:
    84. 

  84. 		return ("KMF_ERR_ISSUER");
    85. 

  85. 	case KMF_ERR_NOT_REVOKED:
    86. 

  86. 		return ("KMF_ERR_NOT_REVOKED");
    87. 

  87. 	case KMF_ERR_CERT_NOT_FOUND:
    88. 

  88. 		return ("KMF_ERR_CERT_NOT_FOUND");
    89. 

  89. 	case KMF_ERR_CRL_NOT_FOUND:
    90. 

  90. 		return ("KMF_ERR_CRL_NOT_FOUND");
    91. 

  91. 	case KMF_ERR_RDN_PARSER:
    92. 

  92. 		return ("KMF_ERR_RDN_PARSER");
    93. 

  93. 	case KMF_ERR_RDN_ATTR:
    94. 

  94. 		return ("KMF_ERR_RDN_ATTR");
    95. 

  95. 	case KMF_ERR_SLOTNAME:
    96. 

  96. 		return ("KMF_ERR_SLOTNAME");
    97. 

  97. 	case KMF_ERR_EMPTY_CRL:
    98. 

  98. 		return ("KMF_ERR_EMPTY_CRL");
    99. 

  99. 	case KMF_ERR_AUTH_FAILED:
    100. 

  100. 		return ("KMF_ERR_AUTH_FAILED");
    101. 

  101. 	case KMF_ERR_TOKEN_SELECTED:
    102. 

  102. 		return ("KMF_ERR_TOKEN_SELECTED");
    103. 

  103. 	case KMF_ERR_NO_TOKEN_SELECTED:
    104. 

  104. 		return ("KMF_ERR_NO_TOKEN_SELECTED");
    105. 

  105. 	case KMF_ERR_TOKEN_NOT_PRESENT:
    106. 

  106. 		return ("KMF_ERR_TOKEN_NOT_PRESENT");
    107. 

  107. 	case KMF_ERR_EXTENSION_NOT_FOUND:
    108. 

  108. 		return ("KMF_ERR_EXTENSION_NOT_FOUND");
    109. 

  109. 	case KMF_ERR_POLICY_ENGINE:
    110. 

  110. 		return ("KMF_ERR_POLICY_ENGINE");
    111. 

  111. 	case KMF_ERR_POLICY_DB_FORMAT:
    112. 

  112. 		return ("KMF_ERR_POLICY_DB_FORMAT");
    113. 

  113. 	case KMF_ERR_POLICY_NOT_FOUND:
    114. 

  114. 		return ("KMF_ERR_POLICY_NOT_FOUND");
    115. 

  115. 	case KMF_ERR_POLICY_DB_FILE:
    116. 

  116. 		return ("KMF_ERR_POLICY_DB_FILE");
    117. 

  117. 	case KMF_ERR_POLICY_NAME:
    118. 

  118. 		return ("KMF_ERR_POLICY_NAME");
    119. 

  119. 	case KMF_ERR_OCSP_POLICY:
    120. 

  120. 		return ("KMF_ERR_OCSP_POLICY");
    121. 

  121. 	case KMF_ERR_TA_POLICY:
    122. 

  122. 		return ("KMF_ERR_TA_POLICY");
    123. 

  123. 	case KMF_ERR_KEY_NOT_FOUND:
    124. 

  124. 		return ("KMF_ERR_KEY_NOT_FOUND");
    125. 

  125. 	case KMF_ERR_OPEN_FILE:
    126. 

  126. 		return ("KMF_ERR_OPEN_FILE");
    127. 

  127. 	case KMF_ERR_OCSP_BAD_ISSUER:
    128. 

  128. 		return ("KMF_ERR_OCSP_BAD_ISSUER");
    129. 

  129. 	case KMF_ERR_OCSP_BAD_CERT:
    130. 

  130. 		return ("KMF_ERR_OCSP_BAD_CERT");
    131. 

  131. 	case KMF_ERR_OCSP_CREATE_REQUEST:
    132. 

  132. 		return ("KMF_ERR_OCSP_CREATE_REQUEST");
    133. 

  133. 	case KMF_ERR_CONNECT_SERVER:
    134. 

  134. 		return ("KMF_ERR_CONNECT_SERVER");
    135. 

  135. 	case KMF_ERR_SEND_REQUEST:
    136. 

  136. 		return ("KMF_ERR_SEND_REQUEST");
    137. 

  137. 	case KMF_ERR_OCSP_CERTID:
    138. 

  138. 		return ("KMF_ERR_OCSP_CERTID");
    139. 

  139. 	case KMF_ERR_OCSP_MALFORMED_RESPONSE:
    140. 

  140. 		return ("KMF_ERR_OCSP_MALFORMED_RESPONSE");
    141. 

  141. 	case KMF_ERR_OCSP_RESPONSE_STATUS:
    142. 

  142. 		return ("KMF_ERR_OCSP_RESPONSE_STATUS");
    143. 

  143. 	case KMF_ERR_OCSP_NO_BASIC_RESPONSE:
    144. 

  144. 		return ("KMF_ERR_OCSP_NO_BASIC_RESPONSE");
    145. 

  145. 	case KMF_ERR_OCSP_BAD_SIGNER:
    146. 

  146. 		return ("KMF_ERR_OCSP_BAD_SIGNER");
    147. 

  147. 	case KMF_ERR_OCSP_RESPONSE_SIGNATURE:
    148. 

  148. 		return ("KMF_ERR_OCSP_RESPONSE_SIGNATURE");
    149. 

  149. 	case KMF_ERR_OCSP_UNKNOWN_CERT:
    150. 

  150. 		return ("KMF_ERR_OCSP_UNKNOWN_CERT");
    151. 

  151. 	case KMF_ERR_OCSP_STATUS_TIME_INVALID:
    152. 

  152. 		return ("KMF_ERR_OCSP_STATUS_TIME_INVALID");
    153. 

  153. 	case KMF_ERR_BAD_HTTP_RESPONSE:
    154. 

  154. 		return ("KMF_ERR_BAD_HTTP_RESPONSE");
    155. 

  155. 	case KMF_ERR_RECV_RESPONSE:
    156. 

  156. 		return ("KMF_ERR_RECV_RESPONSE");
    157. 

  157. 	case KMF_ERR_RECV_TIMEOUT:
    158. 

  158. 		return ("KMF_ERR_RECV_TIMEOUT");
    159. 

  159. 	case KMF_ERR_DUPLICATE_KEYFILE:
    160. 

  160. 		return ("KMF_ERR_DUPLICATE_KEYFILE");
    161. 

  161. 	case KMF_ERR_AMBIGUOUS_PATHNAME:
    162. 

  162. 		return ("KMF_ERR_AMBIGUOUS_PATHNAME");
    163. 

  163. 	case KMF_ERR_FUNCTION_NOT_FOUND:
    164. 

  164. 		return ("KMF_ERR_FUNCTION_NOT_FOUND");
    165. 

  165. 	case KMF_ERR_PKCS12_FORMAT:
    166. 

  166. 		return ("KMF_ERR_PKCS12_FORMAT");
    167. 

  167. 	case KMF_ERR_BAD_KEY_TYPE:
    168. 

  168. 		return ("KMF_ERR_BAD_KEY_TYPE");
    169. 

  169. 	case KMF_ERR_BAD_KEY_CLASS:
    170. 

  170. 		return ("KMF_ERR_BAD_KEY_CLASS");
    171. 

  171. 	case KMF_ERR_BAD_KEY_SIZE:
    172. 

  172. 		return ("KMF_ERR_BAD_KEY_SIZE");
    173. 

  173. 	case KMF_ERR_BAD_HEX_STRING:
    174. 

  174. 		return ("KMF_ERR_BAD_HEX_STRING");
    175. 

  175. 	case KMF_ERR_KEYUSAGE:
    176. 

  176. 		return ("KMF_ERR_KEYUSAGE");
    177. 

  177. 	case KMF_ERR_VALIDITY_PERIOD:
    178. 

  178. 		return ("KMF_ERR_VALIDITY_PERIOD");
    179. 

  179. 	case KMF_ERR_OCSP_REVOKED:
    180. 

  180. 		return ("KMF_ERR_OCSP_REVOKED");
    181. 

  181. 	case KMF_ERR_CERT_MULTIPLE_FOUND:
    182. 

  182. 		return ("KMF_ERR_CERT_MULTIPLE_FOUND");
    183. 

  183. 	case KMF_ERR_WRITE_FILE:
    184. 

  184. 		return ("KMF_ERR_WRITE_FILE");
    185. 

  185. 	case KMF_ERR_BAD_URI:
    186. 

  186. 		return ("KMF_ERR_BAD_URI");
    187. 

  187. 	case KMF_ERR_BAD_CRLFILE:
    188. 

  188. 		return ("KMF_ERR_BAD_CRLFILE");
    189. 

  189. 	case KMF_ERR_BAD_CERTFILE:
    190. 

  190. 		return ("KMF_ERR_BAD_CERTFILE");
    191. 

  191. 	case KMF_ERR_GETKEYVALUE_FAILED:
    192. 

  192. 		return ("KMF_ERR_GETKEYVALUE_FAILED");
    193. 

  193. 	case KMF_ERR_BAD_KEYHANDLE:
    194. 

  194. 		return ("KMF_ERR_BAD_KEYHANDLE");
    195. 

  195. 	case KMF_ERR_UNINITIALIZED_TOKEN:
    196. 

  196. 		return ("KMF_ERR_UNINITIALIZED_TOKEN");
    197. 

  197. 	case KMF_ERR_BUFFER_SIZE:
    198. 

  198. 		return ("KMF_ERR_BUFFER_SIZE");
    199. 

  199. 	default:
    200. 

  200. 		(void) snprintf(primbuf, sizeof (primbuf),
    201. 

  201. 		    "unknown return type %02x", type);
    202. 

  202. 		return (primbuf);
    203. 

  203. 	}
    204. 

  204. }
    205. 

  205. 

  206. /*
    207. 

  207.  *
    208. 

  208.  * Name: compare_result
    209. 

  209.  *
    210. 

  210.  * Description:
    211. 

  211.  * 	Compare the return value with the expected one
    212. 

  212.  *
    213. 

  213.  * Parameters:
    214. 

  214.  * 	rv(input): return value
    215. 

  215.  *	exp_rv(input): expected return value
    216. 

  216.  *
    217. 

  217.  * Returns:
    218. 

  218.  *	0: rv equals exp_rv
    219. 

  219.  *	1: rv doesn't equal exp_rv
    220. 

  220.  *
    221. 

  221.  */
    222. 

  222. int
    223. 

  223. compare_result(KMF_RETURN rv, KMF_RETURN exp_rv)
    224. 

  224. {
    225. 

  225. 	int ret = 0;
    226. 

  226. 

  227. 	if (rv != exp_rv) {
    228. 

  228. 		(void) jnl_printf("Expected value: 0x%02x (%s)\n",
    229. 

  229. 		    exp_rv, kmf_rvtostr(exp_rv));
    230. 

  230. 		(void) jnl_printf("Return value: 0x%02x (%s)\n", rv,
    231. 

  231. 		    kmf_rvtostr(rv));
    232. 

  232. 		(void) jnl_printf("%s\n", result_tbl[STF_FAIL]);
    233. 

  233. 		ret = 1;
    234. 

  234. 	}
    235. 

  235. 	else
    236. 

  236. 		(void) jnl_printf("%s\n", result_tbl[STF_PASS]);
    237. 

  237. 

  238. 	return (ret);
    239. 

  239. }
    240. 

  240. 

  241. /*
    242. 

  242.  *
    243. 

  243.  * Name: limit_heap
    244. 

  244.  *
    245. 

  245.  * Description:
    246. 

  246.  * 	Limit the heap size, get the original heap size
    247. 

  247.  *
    248. 

  248.  * Parameter:
    249. 

  249.  * 	prl_orig(output): contains the original heap size
    250. 

  250.  *
    251. 

  251.  * Returns:
    252. 

  252.  * 	0: successful
    253. 

  253.  * 	1: failed to get the original heap size
    254. 

  254.  * 	2: failed to limit the heap size
    255. 

  255.  *
    256. 

  256.  */
    257. 

  257. int
    258. 

  258. limit_heap(struct rlimit *prl_orig)
    259. 

  259. {
    260. 

  260. 	struct rlimit rl_old, rl_new;
    261. 

  261. 

  262. 	if ((getrlimit(RLIMIT_DATA, &rl_old)) != 0) {
    263. 

  263. 		(void) jnl_printf("Failed to get the original heap size");
    264. 

  264. 		return (1);
    265. 

  265. 	}
    266. 

  266. 

  267. 	rl_new.rlim_cur = KMF_HEAP_SIZE;
    268. 

  268. 	rl_new.rlim_max = rl_old.rlim_max;
    269. 

  269. 	if ((setrlimit(RLIMIT_DATA, &rl_new)) != 0) {
    270. 

  270. 		(void) jnl_printf("Failed to limit the heap size");
    271. 

  271. 		return (2);
    272. 

  272. 	}
    273. 

  273. 

  274. 	*prl_orig = rl_old;
    275. 

  275. 	return (0);
    276. 

  276. }
    277. 

  277. 

  278. /*
    279. 

  279.  *
    280. 

  280.  * Name: restore_heap
    281. 

  281.  *
    282. 

  282.  * Description:
    283. 

  283.  * 	Restore the heap size
    284. 

  284.  *
    285. 

  285.  * Parameter:
    286. 

  286.  * 	prl_orig(input): the original heap size
    287. 

  287.  *
    288. 

  288.  */
    289. 

  289. void
    290. 

  290. restore_heap(struct rlimit *prl_orig)
    291. 

  291. {
    292. 

  292. 	if ((setrlimit(RLIMIT_DATA, prl_orig)) != 0)
    293. 

  293. 		(void) jnl_printf("Warning: failed to restore the heap size\n");
    294. 

  294. }
    295. 

  295. 

  296. /*
    297. 

  297.  * Name: print_test
    298. 

  298.  *
    299. 

  299.  * Description:
    300. 

  300.  *	print test number, API name and the expected return value
    301. 

  301.  *
    302. 

  302.  * Parameters:
    303. 

  303.  * 	num(input): test number
    304. 

  304.  *	str(input): API name
    305. 

  305.  *	exp_ret(input): expected return value
    306. 

  306.  *
    307. 

  307.  */
    308. 

  308. void
    309. 

  309. print_test(int num, char *str, KMF_RETURN exp_ret)
    310. 

  310. {
    311. 

  311. 	(void) jnl_printf("\n%3d. %-20s: %-20s\n", num, str,
    312. 

  312. 	    kmf_rvtostr(exp_ret));
    313. 

  313. }
    314. 

  314. 

  315. /*
    316. 

  316.  *
    317. 

  317.  * Name: use_bad_file
    318. 

  318.  *
    319. 

  319.  * Description:
    320. 

  320.  * 	backup the original file, create a blank one
    321. 

  321.  *
    322. 

  322.  * Parameters:
    323. 

  323.  * 	orig(input): original file name
    324. 

  324.  * 	bak(inpu): backup file name
    325. 

  325.  *
    326. 

  326.  * Returns:
    327. 

  327.  * 	0: successful
    328. 

  328.  * 	1: failed
    329. 

  329.  *
    330. 

  330.  */
    331. 

  331. int
    332. 

  332. use_bad_file(const char *orig, const char *bak)
    333. 

  333. {
    334. 

  334. 	if ((link(orig, bak)) != 0)
    335. 

  335. 		(void) jnl_printf("Warning: failed to save %s to %s\n",
    336. 

  336. 		    orig, bak);
    337. 

  337. 

  338. 	if ((unlink(orig)) != 0) {
    339. 

  339. 		(void) jnl_printf("Failed to remove the original file %s\n",
    340. 

  340. 		    orig);
    341. 

  341. 		return (1);
    342. 

  342. 	}
    343. 

  343. 

  344. 	if ((creat(orig, 755)) == -1) {
    345. 

  345. 		(void) jnl_printf("Failed to create the bad file %s\n", orig);
    346. 

  346. 		return (1);
    347. 

  347. 	}
    348. 

  348. 

  349. 	return (0);
    350. 

  350. }
    351. 

  351. 

  352. /*
    353. 

  353.  *
    354. 

  354.  * Name: restore_file
    355. 

  355.  *
    356. 

  356.  * Description:
    357. 

  357.  * 	resotre the original file, remove the backup
    358. 

  358.  *
    359. 

  359.  * Parameters:
    360. 

  360.  * 	bak(input): backup file name
    361. 

  361.  * 	orig(input): original file name
    362. 

  362.  *
    363. 

  363.  */
    364. 

  364. void
    365. 

  365. restore_file(const char *bak, const char *orig)
    366. 

  366. {
    367. 

  367. 	if ((unlink(orig)) != 0)
    368. 

  368. 		(void) jnl_printf("Warning: failed to remove the bad file %s\n",
    369. 

  369. 		    orig);
    370. 

  370. 

  371. 	if ((link(bak, orig)) != 0)
    372. 

  372. 		(void) jnl_printf("Warning: failed to restore %s from %s\n",
    373. 

  373. 		    orig, bak);
    374. 

  374. 

  375. 	if ((unlink(bak)) != 0)
    376. 

  376. 		(void) jnl_printf("Warning: failed to remove "
    377. 

  377. 		    "the backup file %s\n", bak);
    378. 

  378. }
    379. 

  379. 

  380. /*
    381. 

  381.  *
    382. 

  382.  * Name: kmf_test_initialize
    383. 

  383.  *
    384. 

  384.  * Description:
    385. 

  385.  * 	Invoke kmf_initialize to initialize KMF API tests
    386. 

  386.  *
    387. 

  387.  * Parameters:
    388. 

  388.  * 	outhandle(output): KMF handle
    389. 

  389.  * 	policyname(input): policy name
    390. 

  390.  *
    391. 

  391.  * Returns:
    392. 

  392.  * 	0: successful
    393. 

  393.  * 	1: failed
    394. 

  394.  *
    395. 

  395.  */
    396. 

  396. int
    397. 

  397. kmf_test_initialize(KMF_HANDLE_T *outhandle, char *policyname)
    398. 

  398. {
    399. 

  399. 	KMF_RETURN rv;
    400. 

  400. 	int ret = 0;
    401. 

  401. 	char envvar[1024];
    402. 

  402. 	KMF_CREDENTIAL newpin, oldcred;
    403. 

  403. 	KMF_ATTRIBUTE attrlist[8];
    404. 

  404. 	KMF_KEYSTORE_TYPE kstype = 0;
    405. 

  405. 	int numattr = 0;
    406. 

  406. 

  407. 	softtoken_dir = malloc(1024);
    408. 

  408. 	if (softtoken_dir == NULL) {
    409. 

  409. 		(void) jnl_printf("Failed to create softtoken directory - "
    410. 

  410. 		    "out of memory.\n");
    411. 

  411. 		return (1);
    412. 

  412. 	}
    413. 

  413. 

  414. 	/* Create a temporary softtoken directory for each test. */
    415. 

  415. 	(void) snprintf(softtoken_dir, 1024, "/var/tmp/kmftest-%d", getpid());
    416. 

  416. 	if (mkdir(softtoken_dir, 0755) == -1) {
    417. 

  417. 		(void) jnl_printf("Failed to create softtoken directory "
    418. 

  418. 		    "%s: %s\n", softtoken_dir, strerror(errno));
    419. 

  419. 		free(softtoken_dir);
    420. 

  420. 		softtoken_dir = NULL;
    421. 

  421. 		return (1);
    422. 

  422. 	}
    423. 

  423. 	(void) snprintf(envvar, sizeof (envvar),
    424. 

  424. 	    "SOFTTOKEN_DIR=%s", softtoken_dir);
    425. 

  425. 	if (snprintf(softtoken_dir, 1024,
    426. 

  426. 	    "%s", envvar) != strlen(envvar)) {
    427. 

  427. 		(void) jnl_printf("Failed to create SOFTTOKEN_DIR variable - "
    428. 

  428. 		    "out of memory.\n");
    429. 

  429. 		return (1);
    430. 

  430. 	}
    431. 

  431. 	if (putenv(softtoken_dir) != 0) {
    432. 

  432. 		(void) jnl_printf("Failed to create SOFTTOKEN_DIR variable - "
    433. 

  433. 		    "putenv error.\n");
    434. 

  434. 		return (1);
    435. 

  435. 	}
    436. 

  436. 

  437. 	if ((rv = kmf_initialize(outhandle, NULL, policyname)) != KMF_OK) {
    438. 

  438. 		(void) jnl_printf("kmf_initialize failed with %s\n",
    439. 

  439. 		    kmf_rvtostr(rv));
    440. 

  440. 		ret = 1;
    441. 

  441. 	}
    442. 

  442. 

  443. 	kstype = KMF_KEYSTORE_PK11TOKEN;
    444. 

  444. 	char *pk11_label = DEFAULT_PK11TOKEN;
    445. 

  445. 	boolean_t pk11_readonly = B_FALSE;
    446. 

  446. 	numattr = 0;
    447. 

  447. 	kmf_set_attr_at_index(attrlist, numattr++, KMF_KEYSTORE_TYPE_ATTR,
    448. 

  448. 	    &kstype, sizeof (KMF_KEYSTORE_TYPE));
    449. 

  449. 	kmf_set_attr_at_index(attrlist, numattr++, KMF_TOKEN_LABEL_ATTR,
    450. 

  450. 	    pk11_label, strlen(pk11_label));
    451. 

  451. 	kmf_set_attr_at_index(attrlist, numattr++, KMF_READONLY_ATTR,
    452. 

  452. 	    &pk11_readonly, sizeof (boolean_t));
    453. 

  453. 	/*
    454. 

  454. 	 * Configure handle for PKCS#11 use.
    455. 

  455. 	 */
    456. 

  456. 	rv = kmf_configure_keystore(*outhandle, numattr, attrlist);
    457. 

  457. 	numattr = 0;
    458. 

  458. 	if (rv != KMF_OK && rv != KMF_ERR_TOKEN_SELECTED) {
    459. 

  459. 		(void) jnl_printf("Error configure PKCS#11: %s\n",
    460. 

  460. 		    kmf_rvtostr(rv));
    461. 

  461. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    462. 

  462. 		ret = 1;
    463. 

  463. 		goto out;
    464. 

  464. 	}
    465. 

  465. 

  466. 

  467. 	/* Initialize the token pin for the PKCS#11 token */
    468. 

  468. 	newpin.cred = strdup(DEFAULT_PASSWORD);
    469. 

  469. 	newpin.credlen = strlen(newpin.cred);
    470. 

  470. 

  471. 	oldcred.cred = "changeme";
    472. 

  472. 	oldcred.credlen = strlen(oldcred.cred);
    473. 

  473. 

  474. 	numattr = 0;
    475. 

  475. 	numattr = set_setpin_params(attrlist,
    476. 

  476. 	    &kstype, DEFAULT_PK11TOKEN, &oldcred);
    477. 

  477. 	kmf_set_attr_at_index(attrlist, numattr++, KMF_NEWPIN_ATTR,
    478. 

  478. 	    &newpin, sizeof (newpin));
    479. 

  479. 

  480. 	rv = kmf_set_token_pin(*outhandle, numattr, attrlist);
    481. 

  481. 	if (rv != KMF_OK) {
    482. 

  482. 		(void) jnl_printf("Error initializing PKCS#11 token pin: %s\n",
    483. 

  483. 		    kmf_rvtostr(rv));
    484. 

  484. 		ret = 1;
    485. 

  485. 		goto out;
    486. 

  486. 	}
    487. 

  487. 

  488. 	/*
    489. 

  489. 	 * Initialize the NSS token pin for each test.
    490. 

  490. 	 */
    491. 

  491. 	numattr = 0;
    492. 

  492. 	kstype = KMF_KEYSTORE_NSS;
    493. 

  493. 	char *nssdir = getenv("SOFTTOKEN_DIR");
    494. 

  494. 	kmf_set_attr_at_index(attrlist, numattr++, KMF_KEYSTORE_TYPE_ATTR,
    495. 

  495. 	    &kstype, sizeof (KMF_KEYSTORE_TYPE));
    496. 

  496. 	kmf_set_attr_at_index(attrlist, numattr++, KMF_DIRPATH_ATTR,
    497. 

  497. 	    nssdir, strlen(nssdir));
    498. 

  498. 

  499. 	/*
    500. 

  500. 	 * Configure handle for NSS use.
    501. 

  501. 	 */
    502. 

  502. 	rv = kmf_configure_keystore(*outhandle, numattr, attrlist);
    503. 

  503. 	numattr = 0;
    504. 

  504. 	if (rv != KMF_OK && rv != KMF_KEYSTORE_ALREADY_INITIALIZED) {
    505. 

  505. 		jnl_printf("kmf_configure_keystore (nss) failed "
    506. 

  506. 		    "with %s", kmf_rvtostr(rv));
    507. 

  507. 		jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    508. 

  508. 		ret = 1;
    509. 

  509. 		goto out;
    510. 

  510. 	}
    511. 

  511. 

  512. 	oldcred.cred = DEFAULT_PASSWORD;
    513. 

  513. 	oldcred.credlen = strlen(oldcred.cred);
    514. 

  514. 

  515. 	kstype = KMF_KEYSTORE_NSS;
    516. 

  516. 	numattr = set_setpin_params(attrlist, &kstype,
    517. 

  517. 	    DEFAULT_NSSLABEL, &oldcred);
    518. 

  518. 	kmf_set_attr_at_index(attrlist, numattr, KMF_NEWPIN_ATTR,
    519. 

  519. 	    &newpin, sizeof (newpin));
    520. 

  520. 	numattr++;
    521. 

  521. 	rv = kmf_set_token_pin(*outhandle, numattr, attrlist);
    522. 

  522. 	if (rv != KMF_OK) {
    523. 

  523. 		(void) jnl_printf("Error initializing NSS token pin: %s\n",
    524. 

  524. 		    kmf_rvtostr(rv));
    525. 

  525. 	}
    526. 

  526. 

  527. 	free(newpin.cred);
    528. 

  528. out:
    529. 

  529. 	return (ret);
    530. 

  530. }
    531. 

  531. 

  532. /*
    533. 

  533.  *
    534. 

  534.  * Name: kmf_test_finalize
    535. 

  535.  *
    536. 

  536.  * Description:
    537. 

  537.  * 	Invoke kmf_finalize to finalize KMF API tests
    538. 

  538.  *
    539. 

  539.  * Parameter:
    540. 

  540.  * 	handle(input): KMF handle
    541. 

  541.  *
    542. 

  542.  */
    543. 

  543. void
    544. 

  544. kmf_test_finalize(KMF_HANDLE_T handle)
    545. 

  545. {
    546. 

  546. 	KMF_RETURN rv;
    547. 

  547. 	char syscmd[2048];
    548. 

  548. 

  549. 	if ((rv = kmf_finalize(handle)) != KMF_OK) {
    550. 

  550. 		(void) jnl_printf("Warning: kmf_finalize failed with %s\n",
    551. 

  551. 		    kmf_rvtostr(rv));
    552. 

  552. 	}
    553. 

  553. 	/* cleanup NSS databases so the next test is clean */
    554. 

  554. 	(void) unlink("cert8.db");
    555. 

  555. 	(void) unlink("key3.db");
    556. 

  556. 	(void) unlink("secmod.db");
    557. 

  557. 	(void) unlink("prikey.der");
    558. 

  558. 

  559. 	/* cleanup the temporary softtoken directory */
    560. 

  560. 	if (getenv("SOFTTOKEN_DIR")) {
    561. 

  561. 		(void) snprintf(syscmd, sizeof (syscmd), "/bin/rm -rf %s",
    562. 

  562. 		    getenv("SOFTTOKEN_DIR"));
    563. 

  563. 		(void) system(syscmd);
    564. 

  564. 	}
    565. 

  565. 	if (softtoken_dir)
    566. 

  566. 		free(softtoken_dir);
    567. 

  567. 	softtoken_dir = NULL;
    568. 

  568. }
    569. 

  569. 

  570. int
    571. 

  571. test_malloc(const char *p)
    572. 

  572. {
    573. 

  573. 	char *tmp = NULL;
    574. 

  574. 

  575. 	tmp = strdup(p);
    576. 

  576. 	if (tmp == NULL) {
    577. 

  577. 		(void) jnl_printf("Malloc failed");
    578. 

  578. 		return (0);
    579. 

  579. 	} else {
    580. 

  580. 		free(tmp);
    581. 

  581. 		return (1);
    582. 

  582. 	}
    583. 

  583. }
    584. 

  584. 

  585. /*
    586. 

  586.  * Name: set_createkeypair_params
    587. 

  587.  *
    588. 

  588.  * Description:
    589. 

  589.  *	Set KMF_CREATEKEYPAIR_PARAMS
    590. 

  590.  *
    591. 

  591.  * Parameter:
    592. 

  592.  *	params: parameter to be set
    593. 

  593.  *	kstype: keystore type
    594. 

  594.  *	keytype: key type
    595. 

  595.  *	keylength: key length
    596. 

  596.  *	password: password for keystore
    597. 

  597.  *
    598. 

  598.  * Returns:
    599. 

  599.  *      1: failed
    600. 

  600.  *      0: succussful
    601. 

  601.  *
    602. 

  602.  */
    603. 

  603. int
    604. 

  604. set_createkeypair_params(KMF_CREATEKEYPAIR_PARAMS *params,
    605. 

  605.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
    606. 

  606.     char *password)
    607. 

  607. {
    608. 

  608. 	int ret = 0;
    609. 

  609. 

  610. 	if (params == NULL) {
    611. 

  611. 		ret = 1;
    612. 

  612. 		goto out;
    613. 

  613. 	}
    614. 

  614. 

  615. 	(void) memset(params, 0, sizeof (KMF_CREATEKEYPAIR_PARAMS));
    616. 

  616. 	params->kstype = kstype;
    617. 

  617. 	params->keytype = keytype;
    618. 

  618. 	params->keylength = keylength;
    619. 

  619. 	params->keylabel = strdup(KMF_KEY_PAIR);
    620. 

  620. 	if (params->keylabel == NULL) {
    621. 

  621. 		ret = 1;
    622. 

  622. 		goto out;
    623. 

  623. 	}
    624. 

  624. 	params->cred.cred = password;
    625. 

  625. 	if (password)
    626. 

  626. 		params->cred.credlen = strlen(password);
    627. 

  627. 	else
    628. 

  628. 		params->cred.credlen = 0;
    629. 

  629. 

  630. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    631. 

  631. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    632. 

  632. 		if (params->nssparms.slotlabel == NULL) {
    633. 

  633. 			ret = 1;
    634. 

  634. 			goto out;
    635. 

  635. 		}
    636. 

  636. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    637. 

  637. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    638. 

  638. 		if (params->sslparms.dirpath == NULL) {
    639. 

  639. 			ret = 1;
    640. 

  640. 			goto out;
    641. 

  641. 		}
    642. 

  642. 		params->sslparms.keyfile = strdup(SSL_KEY_FILE);
    643. 

  643. 		if (params->sslparms.keyfile == NULL) {
    644. 

  644. 			ret = 1;
    645. 

  645. 			goto out;
    646. 

  646. 		}
    647. 

  647. 		params->sslparms.format = KMF_FORMAT_ASN1;
    648. 

  648. 	}
    649. 

  649. 

  650. 	params->rsa_exponent.len = 0;
    651. 

  651. out:
    652. 

  652. 	if (ret) {
    653. 

  653. 		(void) jnl_printf("set_createkeypair_params failed\n");
    654. 

  654. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    655. 

  655. 		free_createkeypair_params(params);
    656. 

  656. 	}
    657. 

  657. 

  658. 	return (ret);
    659. 

  659. }
    660. 

  660. 

  661. /*
    662. 

  662.  * Name: free_createkeypair_params
    663. 

  663.  *
    664. 

  664.  * Description:
    665. 

  665.  *      Free heap memory used by KMF_CREATEKEYPAIR_PARAMS
    666. 

  666.  *
    667. 

  667.  * Parameter:
    668. 

  668.  *      params: parameter to be freed
    669. 

  669.  *
    670. 

  670.  */
    671. 

  671. void
    672. 

  672. free_createkeypair_params(KMF_CREATEKEYPAIR_PARAMS *params)
    673. 

  673. {
    674. 

  674. 	if (params == NULL)
    675. 

  675. 		return;
    676. 

  676. 

  677. 	if (params->keylabel != NULL)
    678. 

  678. 		free(params->keylabel);
    679. 

  679. 

  680. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    681. 

  681. 		if (params->nssparms.slotlabel != NULL)
    682. 

  682. 			free(params->nssparms.slotlabel);
    683. 

  683. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    684. 

  684. 		if (params->sslparms.dirpath != NULL)
    685. 

  685. 			free(params->sslparms.dirpath);
    686. 

  686. 		if (params->sslparms.keyfile != NULL)
    687. 

  687. 			free(params->sslparms.keyfile);
    688. 

  688. 	}
    689. 

  689. }
    690. 

  690. 

  691. int
    692. 

  692. set_createkeypair_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    693. 

  693. 	KMF_CREATEKEYPAIR_PARAMS *params,
    694. 

  694. 	KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey)
    695. 

  695. {
    696. 

  696. 	int ret = 0;
    697. 

  697. 	int i = 0;
    698. 

  698. 

  699. 	if (NULL != privKey) {
    700. 

  700. 			kmf_set_attr_at_index(attlist, i,
    701. 

  701. 			    KMF_PRIVKEY_HANDLE_ATTR,
    702. 

  702. 			    privKey, sizeof (KMF_KEY_HANDLE));
    703. 

  703. 		i++;
    704. 

  704. 	}
    705. 

  705. 	if (NULL != pubKey) {
    706. 

  706. 		kmf_set_attr_at_index(attlist, i, KMF_PUBKEY_HANDLE_ATTR,
    707. 

  707. 		    pubKey, sizeof (KMF_KEY_HANDLE));
    708. 

  708. 		i++;
    709. 

  709. 	}
    710. 

  710. 

  711. 	if (NULL != params) {
    712. 

  712. 		kmf_set_attr_at_index(attlist, i,
    713. 

  713. 		    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    714. 

  714. 		    sizeof (params->kstype));
    715. 

  715. 		i++;
    716. 

  716. 		kmf_set_attr_at_index(attlist, i,
    717. 

  717. 		    KMF_KEYALG_ATTR, &params->keytype,
    718. 

  718. 		    sizeof (params->keytype));
    719. 

  719. 		i++;
    720. 

  720. 		kmf_set_attr_at_index(attlist, i,
    721. 

  721. 		    KMF_KEYLENGTH_ATTR, &params->keylength,
    722. 

  722. 		    sizeof (params->keylength));
    723. 

  723. 		i++;
    724. 

  724. 		if (params->keylabel != NULL) {
    725. 

  725. 			kmf_set_attr_at_index(attlist, i,
    726. 

  726. 			    KMF_KEYLABEL_ATTR, params->keylabel,
    727. 

  727. 			    strlen(params->keylabel));
    728. 

  728. 			i++;
    729. 

  729. 		}
    730. 

  730. 		if (params->cred.credlen > 0) {
    731. 

  731. 			kmf_set_attr_at_index(attlist, i,
    732. 

  732. 			    KMF_CREDENTIAL_ATTR, &params->cred,
    733. 

  733. 			    sizeof (KMF_CREDENTIAL));
    734. 

  734. 			i++;
    735. 

  735. 		}
    736. 

  736. 

  737. 		if (params->rsa_exponent.len > 0) {
    738. 

  738. 			kmf_set_attr_at_index(attlist, i,
    739. 

  739. 			    KMF_RSAEXP_ATTR, &params->rsa_exponent,
    740. 

  740. 			    sizeof (KMF_BIGINT));
    741. 

  741. 			i++;
    742. 

  742. 		}
    743. 

  743. 

  744. 		if (params->kstype == KMF_KEYSTORE_NSS) {
    745. 

  745. 			if (params->nssparms.slotlabel != NULL) {
    746. 

  746. 				kmf_set_attr_at_index(attlist, i,
    747. 

  747. 				    KMF_TOKEN_LABEL_ATTR,
    748. 

  748. 				    params->nssparms.slotlabel,
    749. 

  749. 				    strlen(params->nssparms.slotlabel));
    750. 

  750. 				i++;
    751. 

  751. 			}
    752. 

  752. 		} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    753. 

  753. 				if (params->sslparms.dirpath != NULL) {
    754. 

  754. 					kmf_set_attr_at_index(attlist, i,
    755. 

  755. 					    KMF_DIRPATH_ATTR,
    756. 

  756. 					    params->sslparms.dirpath,
    757. 

  757. 					    strlen(params->sslparms.dirpath));
    758. 

  758. 				i++;
    759. 

  759. 			}
    760. 

  760. 			if (params->sslparms.keyfile != NULL) {
    761. 

  761. 				kmf_set_attr_at_index(attlist, i,
    762. 

  762. 				    KMF_KEY_FILENAME_ATTR,
    763. 

  763. 				    params->sslparms.keyfile,
    764. 

  764. 				    strlen(params->sslparms.keyfile));
    765. 

  765. 				i++;
    766. 

  766. 			}
    767. 

  767. 			kmf_set_attr_at_index(attlist, i,
    768. 

  768. 			    KMF_ENCODE_FORMAT_ATTR,
    769. 

  769. 			    &params->sslparms.format,
    770. 

  770. 			    sizeof (params->sslparms.format));
    771. 

  771. 			i++;
    772. 

  772. 		}
    773. 

  773. 	}
    774. 

  774. 

  775. 	*attnum = i;
    776. 

  776. 

  777. 	return (ret);
    778. 

  778. }
    779. 

  779. 

  780. int
    781. 

  781. create_keypair(KMF_HANDLE_T handle,
    782. 

  782.     KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
    783. 

  783.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
    784. 

  784.     char *password)
    785. 

  785. {
    786. 

  786. 	int ret = 0;
    787. 

  787. 	KMF_RETURN rv;
    788. 

  788. 	KMF_CREATEKEYPAIR_PARAMS params;
    789. 

  789. 	KMF_ATTRIBUTE attlist[32];
    790. 

  790. 	int numattr;
    791. 

  791. 

  792. 	if (handle == NULL || privKey == NULL || pubKey == NULL) {
    793. 

  793. 		ret = 1;
    794. 

  794. 		goto out;
    795. 

  795. 	}
    796. 

  796. 

  797. 	if ((ret = set_createkeypair_params(&params, kstype, keytype,
    798. 

  798. 	    keylength, password)))
    799. 

  799. 		return (ret);
    800. 

  800. 

  801. 	if ((ret = set_createkeypair_attrs(attlist, &numattr, &params,
    802. 

  802. 	    privKey, pubKey)))
    803. 

  803. 		goto out;
    804. 

  804. 

  805. 	rv = kmf_create_keypair(handle, numattr, attlist);
    806. 

  806. 	if (rv != KMF_OK) {
    807. 

  807. 		(void) jnl_printf("kmf_create_keypair failed with %s\n",
    808. 

  808. 		    kmf_rvtostr(rv));
    809. 

  809. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    810. 

  810. 		ret = 2;
    811. 

  811. 		goto out;
    812. 

  812. 	}
    813. 

  813. 

  814. out:
    815. 

  815. 	free_createkeypair_params(&params);
    816. 

  816. 	return (ret);
    817. 

  817. }
    818. 

  818. 

  819. int
    820. 

  820. testcall(KMF_RETURN kmf_ret, char *func)
    821. 

  821. {
    822. 

  822. 	if (kmf_ret != KMF_OK) {
    823. 

  823. 		(void) jnl_printf("%s failed with %s\n", func,
    824. 

  824. 		    kmf_rvtostr(kmf_ret));
    825. 

  825. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    826. 

  826. 		return (1);
    827. 

  827. 	}
    828. 

  828. 	return (0);
    829. 

  829. }
    830. 

  830. 

  831. static int
    832. 

  832. build_x509_nokeyusage_cert(KMF_HANDLE_T kmfhandle,
    833. 

  833.     KMF_X509_CERTIFICATE *cert,
    834. 

  834.     uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
    835. 

  835. {
    836. 

  836. 	KMF_BIGINT SerialNumber;
    837. 

  837. 	KMF_X509_NAME *issuer_name_ptr = NULL;
    838. 

  838. 	KMF_X509_NAME *subject_name_ptr = NULL;
    839. 

  839. 	char *subject_name_string = "C=CH, O=Sun, CN=hua.tang@sun.com";
    840. 

  840. 	char *issuer_name_string = "C=CH, O=Sun, CN=hua.tang@sun.com";
    841. 

  841. 	KMF_X509_NAME cert_issuer_name, cert_subject_name;
    842. 

  842. 	KMF_GENERALNAMECHOICES nametype = GENNAME_RFC822NAME;
    843. 

  843. 	char *namedata = "hua.tang@sun.com";
    844. 

  844. 

  845. 	(void) memset(cert, 0, sizeof (KMF_X509_CERTIFICATE));
    846. 

  846. 

  847. 	if (testcall(kmf_set_cert_version(cert, 2), "KMF_SetCertVersion"))
    848. 

  848. 		goto fail_out;
    849. 

  849. 

  850. 	if (testcall(kmf_set_cert_validity(cert, NULL, 3650*24*60*60),
    851. 

  851. 	    "KMF_SetCertValidityTimes"))
    852. 

  852. 		goto fail_out;
    853. 

  853. 

  854. 	SerialNumber.val = sernum;
    855. 

  855. 	SerialNumber.len = numlen;
    856. 

  856. 	if (testcall(kmf_set_cert_serial(cert, &SerialNumber),
    857. 

  857. 	    "KMF_SetCertSerialNumber"))
    858. 

  858. 		goto fail_out;
    859. 

  859. 

  860. 	if (testcall(kmf_dn_parser(issuer_name_string, &cert_issuer_name),
    861. 

  861. 	    "KMF_DNParser"))
    862. 

  862. 		goto fail_out;
    863. 

  863. 	issuer_name_ptr = &cert_issuer_name;
    864. 

  864. 

  865. 	if (testcall(kmf_set_cert_issuer(cert, issuer_name_ptr),
    866. 

  866. 	    "KMF_SetCertIssuerName"))
    867. 

  867. 		goto fail_out;
    868. 

  868. 

  869. 	if (testcall(kmf_dn_parser(subject_name_string, &cert_subject_name),
    870. 

  870. 	    "KMF_DNParser"))
    871. 

  871. 		goto fail_out;
    872. 

  872. 	subject_name_ptr = &cert_subject_name;
    873. 

  873. 

  874. 	if (testcall(kmf_set_cert_subject(cert, subject_name_ptr),
    875. 

  875. 	    "KMF_SetCertSubjectName"))
    876. 

  876. 		goto fail_out;
    877. 

  877. 

  878. 	if (testcall(kmf_set_cert_pubkey(kmfhandle, key, cert),
    879. 

  879. 	    "KMF_SetCertPubKey"))
    880. 

  880. 		goto fail_out;
    881. 

  881. 

  882. 	if (testcall(kmf_set_cert_sig_alg(cert,
    883. 

  883. 	    KMF_ALGID_MD5WithRSA), "KMF_SetCertSignatureAlgorithm"))
    884. 

  884. 		goto fail_out;
    885. 

  885. 

  886. 	return (0);
    887. 

  887. 

  888. fail_out:
    889. 

  889. 	return (1);
    890. 

  890. }
    891. 

  891. 

  892. int
    893. 

  893. build_x509_cert(KMF_HANDLE_T kmfhandle, KMF_X509_CERTIFICATE *cert,
    894. 

  894.     uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
    895. 

  895. {
    896. 

  896. 	KMF_GENERALNAMECHOICES nametype = GENNAME_RFC822NAME;
    897. 

  897. 	char *namedata = "hua.tang@sun.com";
    898. 

  898. 	KMF_X509EXT_BASICCONSTRAINTS bc;
    899. 

  899. 

  900. 	if (build_x509_nokeyusage_cert(kmfhandle, cert, sernum, numlen, key))
    901. 

  901. 		goto fail_out;
    902. 

  902. 

  903. 	bc.cA = B_TRUE;
    904. 

  904. 	bc.pathLenConstraintPresent = B_FALSE;
    905. 

  905. 	if (testcall(kmf_set_cert_basic_constraint(cert, B_TRUE, &bc),
    906. 

  906. 	    "KMF_SetCertBasicConstraintExt"))
    907. 

  907. 		goto fail_out;
    908. 

  908. 

  909. 	if (testcall(kmf_set_cert_subject_altname(cert, 1, nametype, namedata),
    910. 

  910. 	    "KMF_SetCertSubjectAltName"))
    911. 

  911. 		goto fail_out;
    912. 

  912. 

  913. 	if (testcall(kmf_set_cert_issuer_altname(cert, 1, nametype, namedata),
    914. 

  914. 	    "KMF_SetCertIssuerAltName"))
    915. 

  915. 		goto fail_out;
    916. 

  916. 

  917. 	if (testcall(kmf_add_cert_eku(cert,
    918. 

  918. 	    (KMF_OID *)&KMFOID_PKIX_KP_ServerAuth, 1), "KMF_AddCertEKU"))
    919. 

  919. 		goto fail_out;
    920. 

  920. 

  921. 	if (testcall(kmf_set_cert_ku(cert, 0,
    922. 

  922. 	    (KMF_dataEncipherment | KMF_digitalSignature | KMF_keyCertSign)),
    923. 

  923. 	    "KMF_SetCertKeyUsage"))
    924. 

  924. 		goto fail_out;
    925. 

  925. 

  926. 	return (0);
    927. 

  927. 

  928. fail_out:
    929. 

  929. 	return (1);
    930. 

  930. }
    931. 

  931. 

  932. /* no extension, no keysuage */
    933. 

  933. int
    934. 

  934. build_x509_base_cert(KMF_HANDLE_T kmfhandle, KMF_X509_CERTIFICATE *cert,
    935. 

  935.     uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
    936. 

  936. {
    937. 

  937. 	if (build_x509_nokeyusage_cert(kmfhandle, cert, sernum, numlen, key))
    938. 

  938. 		goto fail_out;
    939. 

  939. 

  940. 	if (testcall(kmf_set_cert_ku(cert, 0,
    941. 

  941. 	    KMF_keyAgreement), "KMF_SetCertKeyUsage"))
    942. 

  942. 		goto fail_out;
    943. 

  943. 

  944. 	return (0);
    945. 

  945. 

  946. fail_out:
    947. 

  947. 	return (1);
    948. 

  948. }
    949. 

  949. 

  950. int
    951. 

  951. sign_cert_record(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key,
    952. 

  952.     KMF_X509_CERTIFICATE *cert, KMF_DATA *signedCertData)
    953. 

  953. {
    954. 

  954. 	int i = 0;
    955. 

  955. 	KMF_ATTRIBUTE attrlist[8];
    956. 

  956. 

  957. 	kmf_set_attr_at_index(attrlist, i, KMF_KEYSTORE_TYPE_ATTR,
    958. 

  958. 	    &key->kstype, sizeof (KMF_KEYSTORE_TYPE));
    959. 

  959. 	i++;
    960. 

  960. 	kmf_set_attr_at_index(attrlist, i, KMF_KEY_HANDLE_ATTR,
    961. 

  961. 	    key, sizeof (KMF_KEY_HANDLE));
    962. 

  962. 	i++;
    963. 

  963. 	kmf_set_attr_at_index(attrlist, i, KMF_X509_CERTIFICATE_ATTR,
    964. 

  964. 	    cert, sizeof (KMF_X509_CERTIFICATE));
    965. 

  965. 	i++;
    966. 

  966. 	kmf_set_attr_at_index(attrlist, i, KMF_CERT_DATA_ATTR,
    967. 

  967. 	    signedCertData, sizeof (KMF_DATA));
    968. 

  968. 	i++;
    969. 

  969. 

  970. 	if (testcall(kmf_sign_cert(handle, i, attrlist), "kmf_sign_cert"))
    971. 

  971. 		return (1);
    972. 

  972. 

  973. 	return (0);
    974. 

  974. }
    975. 

  975. 

  976. int
    977. 

  977. sign_cert_with_key(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
    978. 

  978.     KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
    979. 

  979.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
    980. 

  980.     char *password, KMF_X509_CERTIFICATE *cert,
    981. 

  981.     uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
    982. 

  982. {
    983. 

  983. 	int ret = 0;
    984. 

  984. 

  985. 	if (create_keypair(kmfhandle, privKey, pubKey,
    986. 

  986. 	    kstype, keytype, keylength, password)) {
    987. 

  987. 		ret = 1;
    988. 

  988. 		goto out;
    989. 

  989. 	}
    990. 

  990. 

  991. 	if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
    992. 

  992. 		ret = 2;
    993. 

  993. 		goto out;
    994. 

  994. 	}
    995. 

  995. 

  996. 	if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
    997. 

  997. 		ret = 3;
    998. 

  998. 	}
    999. 

  999. out:
    1000. 

  1000. 	return (ret);
    1001. 

  1001. }
    1002. 

  1002. 

  1003. int
    1004. 

  1004. create_signed_cert(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
    1005. 

  1005.     KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
    1006. 

  1006.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
    1007. 

  1007.     char *password, KMF_X509_CERTIFICATE *cert,
    1008. 

  1008.     uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
    1009. 

  1009. {
    1010. 

  1010. 	int ret = 0;
    1011. 

  1011. 

  1012. 	if (create_keypair(kmfhandle, privKey, pubKey,
    1013. 

  1013. 	    kstype, keytype, keylength, password)) {
    1014. 

  1014. 		ret = 1;
    1015. 

  1015. 		goto out;
    1016. 

  1016. 	}
    1017. 

  1017. 

  1018. 	if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
    1019. 

  1019. 		ret = 2;
    1020. 

  1020. 		goto out;
    1021. 

  1021. 	}
    1022. 

  1022. 

  1023. 	if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
    1024. 

  1024. 		ret = 3;
    1025. 

  1025. 		goto out;
    1026. 

  1026. 	}
    1027. 

  1027. 

  1028. out:
    1029. 

  1029. 	return (ret);
    1030. 

  1030. }
    1031. 

  1031. 

  1032. int
    1033. 

  1033. encode_cert_record(KMF_HANDLE_T kmfhandle, KMF_CREATEKEYPAIR_PARAMS *params,
    1034. 

  1034.     KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
    1035. 

  1035.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
    1036. 

  1036.     char *password, KMF_X509_CERTIFICATE *cert,
    1037. 

  1037.     uchar_t *sernum, uint32_t numlen, KMF_DATA *encodeCert)
    1038. 

  1038. {
    1039. 

  1039. 	int ret = 0;
    1040. 

  1040. 

  1041. 	if (create_keypair(kmfhandle, privKey, pubKey,
    1042. 

  1042. 	    kstype, keytype, keylength, password)) {
    1043. 

  1043. 		ret = 1;
    1044. 

  1044. 		goto out;
    1045. 

  1045. 	}
    1046. 

  1046. 

  1047. 	if (build_x509_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
    1048. 

  1048. 		ret = 2;
    1049. 

  1049. 		goto out;
    1050. 

  1050. 	}
    1051. 

  1051. 

  1052. 	if (kmf_encode_cert_record(cert, encodeCert) != KMF_OK) {
    1053. 

  1053. 		ret = 3;
    1054. 

  1054. 		goto out;
    1055. 

  1055. 	}
    1056. 

  1056. 

  1057. out:
    1058. 

  1058. 	return (ret);
    1059. 

  1059. }
    1060. 

  1060. 

  1061. /*
    1062. 

  1062.  * Name: set_cryptowithcert_params
    1063. 

  1063.  *
    1064. 

  1064.  * Description:
    1065. 

  1065.  *      Set KMF_CRYPTOWITHCERT_PARAMS
    1066. 

  1066.  *
    1067. 

  1067.  * Parameter:
    1068. 

  1068.  *      params: parameter to be set
    1069. 

  1069.  *      kstype: keystore type
    1070. 

  1070.  *      format: key format
    1071. 

  1071.  *	password: password for keystore
    1072. 

  1072.  *
    1073. 

  1073.  * Returns:
    1074. 

  1074.  *      1: failed
    1075. 

  1075.  *      0: succussful
    1076. 

  1076.  *
    1077. 

  1077.  */
    1078. 

  1078. int
    1079. 

  1079. set_cryptowithcert_params(KMF_CRYPTOWITHCERT_PARAMS *params,
    1080. 

  1080.     KMF_KEYSTORE_TYPE kstype, KMF_ENCODE_FORMAT format, char *password)
    1081. 

  1081. {
    1082. 

  1082. 	int ret = 0;
    1083. 

  1083. 

  1084. 	if (params == NULL) {
    1085. 

  1085. 		ret = 1;
    1086. 

  1086. 		goto out;
    1087. 

  1087. 	}
    1088. 

  1088. 

  1089. 	(void) memset(params, 0, sizeof (KMF_CRYPTOWITHCERT_PARAMS));
    1090. 

  1090. 	params->kstype = kstype;
    1091. 

  1091. 	params->format = format;
    1092. 

  1092. 	params->certLabel = strdup(KMF_CERT_LABEL);
    1093. 

  1093. 	if (params->certLabel == NULL) {
    1094. 

  1094. 		ret = 1;
    1095. 

  1095. 		goto out;
    1096. 

  1096. 	}
    1097. 

  1097. 	params->cred.cred = password;
    1098. 

  1098. 	if (password)
    1099. 

  1099. 		params->cred.credlen = strlen(password);
    1100. 

  1100. 	else
    1101. 

  1101. 		params->cred.credlen = 0;
    1102. 

  1102. 

  1103. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    1104. 

  1104. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    1105. 

  1105. 		if (params->nssparms.slotlabel == NULL) {
    1106. 

  1106. 			ret = 1;
    1107. 

  1107. 			goto out;
    1108. 

  1108. 		}
    1109. 

  1109. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    1110. 

  1110. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    1111. 

  1111. 		if (params->sslparms.dirpath == NULL) {
    1112. 

  1112. 			ret = 1;
    1113. 

  1113. 			goto out;
    1114. 

  1114. 		}
    1115. 

  1115. 		params->sslparms.keyfile = strdup(SSL_KEY_FILE);
    1116. 

  1116. 		if (params->sslparms.keyfile == NULL) {
    1117. 

  1117. 			ret = 1;
    1118. 

  1118. 			goto out;
    1119. 

  1119. 		}
    1120. 

  1120. 		params->sslparms.format = KMF_FORMAT_ASN1;
    1121. 

  1121. 	}
    1122. 

  1122. 

  1123. out:
    1124. 

  1124. 	if (ret) {
    1125. 

  1125. 		(void) jnl_printf("set_cryptowithcert_params failed\n");
    1126. 

  1126. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    1127. 

  1127. 		free_cryptowithcert_params(params);
    1128. 

  1128. 	}
    1129. 

  1129. 

  1130. 	return (ret);
    1131. 

  1131. }
    1132. 

  1132. 

  1133. /*
    1134. 

  1134.  * Name: free_cryptowithcert_params
    1135. 

  1135.  *
    1136. 

  1136.  * Description:
    1137. 

  1137.  *      Free heap memory used by KMF_CRYPTOWITHCERT_PARAMS
    1138. 

  1138.  *
    1139. 

  1139.  * Parameter:
    1140. 

  1140.  *      params: parameter to be freed
    1141. 

  1141.  *
    1142. 

  1142.  */
    1143. 

  1143. void
    1144. 

  1144. free_cryptowithcert_params(KMF_CRYPTOWITHCERT_PARAMS *params)
    1145. 

  1145. {
    1146. 

  1146. 	if (params == NULL)
    1147. 

  1147. 		return;
    1148. 

  1148. 

  1149. 	if (params->certLabel != NULL)
    1150. 

  1150. 		free(params->certLabel);
    1151. 

  1151. 

  1152. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1153. 

  1153. 		if (params->nssparms.slotlabel != NULL)
    1154. 

  1154. 			free(params->nssparms.slotlabel);
    1155. 

  1155. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1156. 

  1156. 		if (params->sslparms.dirpath != NULL)
    1157. 

  1157. 			free(params->sslparms.dirpath);
    1158. 

  1158. 		if (params->sslparms.keyfile != NULL)
    1159. 

  1159. 			free(params->sslparms.keyfile);
    1160. 

  1160. 	}
    1161. 

  1161. }
    1162. 

  1162. 

  1163. 

  1164. int
    1165. 

  1165. set_cryptowithcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    1166. 

  1166.     KMF_CRYPTOWITHCERT_PARAMS *params, KMF_DATA *cert,
    1167. 

  1167.     KMF_DATA *plaintext, KMF_DATA *ciphertext)
    1168. 

  1168. {
    1169. 

  1169. 	int i = 0;
    1170. 

  1170. 	int ret = 0;
    1171. 

  1171. 

  1172. 	if (cert) {
    1173. 

  1173. 		kmf_set_attr_at_index(attlist, i, KMF_CERT_DATA_ATTR,
    1174. 

  1174. 		    cert, sizeof (KMF_DATA));
    1175. 

  1175. 		i++;
    1176. 

  1176. 	}
    1177. 

  1177. 

  1178. 	if (plaintext) {
    1179. 

  1179. 		kmf_set_attr_at_index(attlist, i, KMF_PLAINTEXT_DATA_ATTR,
    1180. 

  1180. 		    plaintext, sizeof (KMF_DATA));
    1181. 

  1181. 		i++;
    1182. 

  1182. 	}
    1183. 

  1183. 

  1184. 	if (ciphertext) {
    1185. 

  1185. 		kmf_set_attr_at_index(attlist, i, KMF_CIPHERTEXT_DATA_ATTR,
    1186. 

  1186. 		    ciphertext, sizeof (KMF_DATA));
    1187. 

  1187. 		i++;
    1188. 

  1188. 	}
    1189. 

  1189. 

  1190. 	if (NULL == params) {
    1191. 

  1191. 		*attnum = i;
    1192. 

  1192. 		return (ret);
    1193. 

  1193. 	}
    1194. 

  1194. 

  1195. 	kmf_set_attr_at_index(attlist, i,
    1196. 

  1196. 	    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    1197. 

  1197. 	    sizeof (params->kstype));
    1198. 

  1198. 	i++;
    1199. 

  1199. 

  1200. 	if (params->certLabel != NULL) {
    1201. 

  1201. 		kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
    1202. 

  1202. 		    params->certLabel, strlen(params->certLabel));
    1203. 

  1203. 		i++;
    1204. 

  1204. 	}
    1205. 

  1205. 

  1206. 	kmf_set_attr_at_index(attlist, i, KMF_ENCODE_FORMAT_ATTR,
    1207. 

  1207. 	    &params->format, sizeof (KMF_ENCODE_FORMAT));
    1208. 

  1208. 	i++;
    1209. 

  1209. 

  1210. 	kmf_set_attr_at_index(attlist, i, KMF_CREDENTIAL_ATTR,
    1211. 

  1211. 	    &params->cred, sizeof (KMF_CREDENTIAL));
    1212. 

  1212. 	i++;
    1213. 

  1213. 

  1214. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1215. 

  1215. 		if (params->nssparms.slotlabel != NULL) {
    1216. 

  1216. 			kmf_set_attr_at_index(attlist, i,
    1217. 

  1217. 			    KMF_TOKEN_LABEL_ATTR,
    1218. 

  1218. 			    params->nssparms.slotlabel,
    1219. 

  1219. 			    strlen(params->nssparms.slotlabel));
    1220. 

  1220. 			i++;
    1221. 

  1221. 		}
    1222. 

  1222. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1223. 

  1223. 		if (params->sslparms.dirpath != NULL) {
    1224. 

  1224. 			kmf_set_attr_at_index(attlist, i,
    1225. 

  1225. 			    KMF_DIRPATH_ATTR,
    1226. 

  1226. 			    params->sslparms.dirpath,
    1227. 

  1227. 			    strlen(params->sslparms.dirpath));
    1228. 

  1228. 			i++;
    1229. 

  1229. 		}
    1230. 

  1230. 		if (params->sslparms.keyfile != NULL) {
    1231. 

  1231. 			kmf_set_attr_at_index(attlist, i,
    1232. 

  1232. 			    KMF_KEY_FILENAME_ATTR,
    1233. 

  1233. 			    params->sslparms.keyfile,
    1234. 

  1234. 			    strlen(params->sslparms.keyfile));
    1235. 

  1235. 			i++;
    1236. 

  1236. 		}
    1237. 

  1237. 

  1238. 		kmf_set_attr_at_index(attlist, i, KMF_ENCODE_FORMAT_ATTR,
    1239. 

  1239. 		    &params->sslparms.format,
    1240. 

  1240. 		    sizeof (params->sslparms.format));
    1241. 

  1241. 		i++;
    1242. 

  1242. 	}
    1243. 

  1243. 

  1244. 	*attnum = i;
    1245. 

  1245. 	return (ret);
    1246. 

  1246. }
    1247. 

  1247. 

  1248. int
    1249. 

  1249. create_base_signed_cert(KMF_HANDLE_T kmfhandle,
    1250. 

  1250.     KMF_CREATEKEYPAIR_PARAMS *params,
    1251. 

  1251.     KMF_KEY_HANDLE *privKey, KMF_KEY_HANDLE *pubKey,
    1252. 

  1252.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype, uint32_t keylength,
    1253. 

  1253.     char *password, KMF_X509_CERTIFICATE *cert,
    1254. 

  1254.     uchar_t *sernum, uint32_t numlen, KMF_DATA *x509Cert)
    1255. 

  1255. {
    1256. 

  1256. 	int ret = 0;
    1257. 

  1257. 

  1258. 	if (create_keypair(kmfhandle, privKey, pubKey,
    1259. 

  1259. 	    kstype, keytype, keylength, password)) {
    1260. 

  1260. 		ret = 1;
    1261. 

  1261. 		goto out;
    1262. 

  1262. 	}
    1263. 

  1263. 

  1264. 	if (build_x509_base_cert(kmfhandle, cert, sernum, numlen, pubKey)) {
    1265. 

  1265. 		ret = 2;
    1266. 

  1266. 		goto out;
    1267. 

  1267. 	}
    1268. 

  1268. 

  1269. 	if (sign_cert_record(kmfhandle, privKey, cert, x509Cert)) {
    1270. 

  1270. 		ret = 3;
    1271. 

  1271. 		goto out;
    1272. 

  1272. 	}
    1273. 

  1273. 

  1274. out:
    1275. 

  1275. 	return (ret);
    1276. 

  1276. }
    1277. 

  1277. 

  1278. /*
    1279. 

  1279.  * Name: set_storecert_params
    1280. 

  1280.  *
    1281. 

  1281.  * Description:
    1282. 

  1282.  *      Set KMF_STORECERT_PARAMS
    1283. 

  1283.  *
    1284. 

  1284.  * Parameter:
    1285. 

  1285.  *      params: parameter to be set
    1286. 

  1286.  *      kstype: keystore type
    1287. 

  1287.  *	certlabel: cert label
    1288. 

  1288.  *	keyfile: ssl private key file
    1289. 

  1289.  *	certfile: ssl cert file name
    1290. 

  1290.  *
    1291. 

  1291.  * Returns:
    1292. 

  1292.  *      1: failed
    1293. 

  1293.  *      0: succussful
    1294. 

  1294.  *
    1295. 

  1295.  */
    1296. 

  1296. int
    1297. 

  1297. set_storecert_params(KMF_STORECERT_PARAMS *params,
    1298. 

  1298.     KMF_KEYSTORE_TYPE kstype,
    1299. 

  1299.     char *certlabel, char *keyfile, char *certfile)
    1300. 

  1300. {
    1301. 

  1301. 	int ret = 0;
    1302. 

  1302. 

  1303. 	if (params == NULL) {
    1304. 

  1304. 		ret = 1;
    1305. 

  1305. 		goto out;
    1306. 

  1306. 	}
    1307. 

  1307. 

  1308. 	(void) memset(params, 0, sizeof (KMF_STORECERT_PARAMS));
    1309. 

  1309. 	params->kstype = kstype;
    1310. 

  1310. 	params->certLabel = certlabel;
    1311. 

  1311. 

  1312. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    1313. 

  1313. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    1314. 

  1314. 		if (params->nssparms.slotlabel == NULL) {
    1315. 

  1315. 			ret = 1;
    1316. 

  1316. 			goto out;
    1317. 

  1317. 		}
    1318. 

  1318. 		params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
    1319. 

  1319. 		if (params->nssparms.trustflag == NULL) {
    1320. 

  1320. 			ret = 1;
    1321. 

  1321. 			goto out;
    1322. 

  1322. 		}
    1323. 

  1323. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    1324. 

  1324. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    1325. 

  1325. 		if (params->sslparms.dirpath == NULL) {
    1326. 

  1326. 			ret = 1;
    1327. 

  1327. 			goto out;
    1328. 

  1328. 		}
    1329. 

  1329. 		params->sslparms.keyfile = keyfile;
    1330. 

  1330. 		params->sslparms.certfile = certfile;
    1331. 

  1331. 		params->sslparms.format = KMF_FORMAT_ASN1;
    1332. 

  1332. 	}
    1333. 

  1333. 

  1334. out:
    1335. 

  1335. 	if (ret) {
    1336. 

  1336. 		(void) jnl_printf("set_storecert_params failed\n");
    1337. 

  1337. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    1338. 

  1338. 		free_storecert_params(params);
    1339. 

  1339. 	}
    1340. 

  1340. 

  1341. 	return (ret);
    1342. 

  1342. }
    1343. 

  1343. 

  1344. /*
    1345. 

  1345.  * Name: free_storecert_params
    1346. 

  1346.  *
    1347. 

  1347.  * Description:
    1348. 

  1348.  *      Free heap memory used by KMF_STORECERT_PARAMS
    1349. 

  1349.  *
    1350. 

  1350.  * Parameter:
    1351. 

  1351.  *      params: parameter to be freed
    1352. 

  1352.  *
    1353. 

  1353.  */
    1354. 

  1354. void
    1355. 

  1355. free_storecert_params(KMF_STORECERT_PARAMS *params)
    1356. 

  1356. {
    1357. 

  1357. 	if (params == NULL)
    1358. 

  1358. 		return;
    1359. 

  1359. 

  1360. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1361. 

  1361. 		if (params->nssparms.slotlabel != NULL)
    1362. 

  1362. 			free(params->nssparms.slotlabel);
    1363. 

  1363. 		if (params->nssparms.trustflag != NULL)
    1364. 

  1364. 			free(params->nssparms.trustflag);
    1365. 

  1365. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1366. 

  1366. 		if (params->sslparms.dirpath != NULL)
    1367. 

  1367. 			free(params->sslparms.dirpath);
    1368. 

  1368. 	}
    1369. 

  1369. }
    1370. 

  1370. 

  1371. int
    1372. 

  1372. set_storecert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    1373. 

  1373. 	KMF_STORECERT_PARAMS *params, KMF_DATA *pcert)
    1374. 

  1374. {
    1375. 

  1375. 	int i = 0;
    1376. 

  1376. 	int ret = 0;
    1377. 

  1377. 

  1378. 	if (NULL != pcert) {
    1379. 

  1379. 		kmf_set_attr_at_index(attlist, i,
    1380. 

  1380. 		    KMF_CERT_DATA_ATTR, pcert, sizeof (KMF_DATA));
    1381. 

  1381. 		i++;
    1382. 

  1382. 	}
    1383. 

  1383. 

  1384. 	if (NULL != params) {
    1385. 

  1385. 		kmf_set_attr_at_index(attlist, i,
    1386. 

  1386. 		    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    1387. 

  1387. 		    sizeof (params->kstype));
    1388. 

  1388. 		i++;
    1389. 

  1389. 

  1390. 		if (params->kstype == KMF_KEYSTORE_NSS) {
    1391. 

  1391. 			if (params->certLabel != NULL) {
    1392. 

  1392. 				kmf_set_attr_at_index(attlist, i,
    1393. 

  1393. 				    KMF_CERT_LABEL_ATTR, params->certLabel,
    1394. 

  1394. 				    strlen(params->certLabel));
    1395. 

  1395. 				i++;
    1396. 

  1396. 			}
    1397. 

  1397. 

  1398. 			if (params->nssparms.trustflag != NULL) {
    1399. 

  1399. 				kmf_set_attr_at_index(attlist, i,
    1400. 

  1400. 				    KMF_TRUSTFLAG_ATTR,
    1401. 

  1401. 				    params->nssparms.trustflag,
    1402. 

  1402. 				    strlen(params->nssparms.trustflag));
    1403. 

  1403. 				i++;
    1404. 

  1404. 			}
    1405. 

  1405. 

  1406. 			if (params->nssparms.slotlabel != NULL) {
    1407. 

  1407. 				kmf_set_attr_at_index(attlist, i,
    1408. 

  1408. 				    KMF_TOKEN_LABEL_ATTR,
    1409. 

  1409. 				    params->nssparms.slotlabel,
    1410. 

  1410. 				    strlen(params->nssparms.slotlabel));
    1411. 

  1411. 					i++;
    1412. 

  1412. 			}
    1413. 

  1413. 

  1414. 		} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1415. 

  1415. 

  1416. 			/* certfile is a required attribute for OpenSSL */
    1417. 

  1417. 			if (params->sslparms.certfile != NULL) {
    1418. 

  1418. 				kmf_set_attr_at_index(attlist, i,
    1419. 

  1419. 				    KMF_CERT_FILENAME_ATTR,
    1420. 

  1420. 				    params->sslparms.certfile,
    1421. 

  1421. 				    strlen(params->sslparms.certfile));
    1422. 

  1422. 				i++;
    1423. 

  1423. 			} else {
    1424. 

  1424. 				return (KMF_ERR_BAD_PARAMETER);
    1425. 

  1425. 			}
    1426. 

  1426. 

  1427. 			if (params->sslparms.dirpath != NULL) {
    1428. 

  1428. 				kmf_set_attr_at_index(attlist, i,
    1429. 

  1429. 				    KMF_DIRPATH_ATTR,
    1430. 

  1430. 				    params->sslparms.dirpath,
    1431. 

  1431. 				    strlen(params->sslparms.dirpath));
    1432. 

  1432. 				i++;
    1433. 

  1433. 			}
    1434. 

  1434. 

  1435. 			kmf_set_attr_at_index(attlist, i,
    1436. 

  1436. 			    KMF_ENCODE_FORMAT_ATTR,
    1437. 

  1437. 			    &params->sslparms.format,
    1438. 

  1438. 			    sizeof (params->sslparms.format));
    1439. 

  1439. 			i++;
    1440. 

  1440. 

  1441. 		} else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
    1442. 

  1442. 

  1443. 			if (params->certLabel != NULL) {
    1444. 

  1444. 				kmf_set_attr_at_index(attlist, i,
    1445. 

  1445. 				    KMF_CERT_LABEL_ATTR, params->certLabel,
    1446. 

  1446. 				    strlen(params->certLabel));
    1447. 

  1447. 				i++;
    1448. 

  1448. 			}
    1449. 

  1449. 		}
    1450. 

  1450. 	}
    1451. 

  1451. 

  1452. 	*attnum = i;
    1453. 

  1453. 

  1454. 	return (ret);
    1455. 

  1455. }
    1456. 

  1456. 

  1457. /*
    1458. 

  1458.  * Name: set_importcert_params
    1459. 

  1459.  *
    1460. 

  1460.  * Description:
    1461. 

  1461.  *      Set KMF_IMPORTCERT_PARAMS
    1462. 

  1462.  *
    1463. 

  1463.  * Parameter:
    1464. 

  1464.  *      params: parameter to be set
    1465. 

  1465.  *      kstype: keystore type
    1466. 

  1466.  *	certlabel: cert label
    1467. 

  1467.  *	certfile: cert file name to be imported
    1468. 

  1468.  *
    1469. 

  1469.  * Returns:
    1470. 

  1470.  *      1: failed
    1471. 

  1471.  *      0: succussful
    1472. 

  1472.  *
    1473. 

  1473.  */
    1474. 

  1474. int
    1475. 

  1475. set_importcert_params(KMF_IMPORTCERT_PARAMS *params,
    1476. 

  1476.     KMF_KEYSTORE_TYPE kstype, char *certlabel, char *certfile)
    1477. 

  1477. {
    1478. 

  1478. 	int ret = 0;
    1479. 

  1479. 

  1480. 	if (params == NULL) {
    1481. 

  1481. 		ret = 1;
    1482. 

  1482. 		goto out;
    1483. 

  1483. 	}
    1484. 

  1484. 

  1485. 	(void) memset(params, 0, sizeof (KMF_IMPORTCERT_PARAMS));
    1486. 

  1486. 	params->kstype = kstype;
    1487. 

  1487. 	params->certLabel = certlabel;
    1488. 

  1488. 	params->certfile = certfile;
    1489. 

  1489. 

  1490. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    1491. 

  1491. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    1492. 

  1492. 		if (params->nssparms.slotlabel == NULL) {
    1493. 

  1493. 			ret = 1;
    1494. 

  1494. 			goto out;
    1495. 

  1495. 		}
    1496. 

  1496. 		params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
    1497. 

  1497. 		if (params->nssparms.trustflag == NULL) {
    1498. 

  1498. 			ret = 1;
    1499. 

  1499. 			goto out;
    1500. 

  1500. 		}
    1501. 

  1501. 	}
    1502. 

  1502. 

  1503. out:
    1504. 

  1504. 	if (ret) {
    1505. 

  1505. 		(void) jnl_printf("set_importcert_params failed\n");
    1506. 

  1506. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    1507. 

  1507. 		free_importcert_params(params);
    1508. 

  1508. 	}
    1509. 

  1509. 

  1510. 	return (ret);
    1511. 

  1511. }
    1512. 

  1512. 

  1513. /*
    1514. 

  1514.  * Name: free_importcert_params
    1515. 

  1515.  *
    1516. 

  1516.  * Description:
    1517. 

  1517.  *      Free heap memory used by KMF_IMPORTCERT_PARAMS
    1518. 

  1518.  *
    1519. 

  1519.  * Parameter:
    1520. 

  1520.  *      params: parameter to be freed
    1521. 

  1521.  *
    1522. 

  1522.  */
    1523. 

  1523. void
    1524. 

  1524. free_importcert_params(KMF_IMPORTCERT_PARAMS *params)
    1525. 

  1525. {
    1526. 

  1526. 	if (params == NULL)
    1527. 

  1527. 		return;
    1528. 

  1528. 

  1529. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1530. 

  1530. 		if (params->nssparms.slotlabel != NULL)
    1531. 

  1531. 			free(params->nssparms.slotlabel);
    1532. 

  1532. 		if (params->nssparms.trustflag != NULL)
    1533. 

  1533. 			free(params->nssparms.trustflag);
    1534. 

  1534. 	}
    1535. 

  1535. }
    1536. 

  1536. 

  1537. int
    1538. 

  1538. set_importcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    1539. 

  1539. 	KMF_IMPORTCERT_PARAMS *params)
    1540. 

  1540. {
    1541. 

  1541. 	int i = 0;
    1542. 

  1542. 	int ret = 0;
    1543. 

  1543. 

  1544. 	if (NULL == params) {
    1545. 

  1545. 		*attnum = i;
    1546. 

  1546. 		return (ret);
    1547. 

  1547. 	}
    1548. 

  1548. 

  1549. 	kmf_set_attr_at_index(attlist, i,
    1550. 

  1550. 	    KMF_KEYSTORE_TYPE_ATTR, &params->kstype, sizeof (params->kstype));
    1551. 

  1551. 	i++;
    1552. 

  1552. 

  1553. 	kmf_set_attr_at_index(attlist, i, KMF_CERT_FILENAME_ATTR,
    1554. 

  1554. 	    params->certfile, sizeof (params->certfile));
    1555. 

  1555. 	i++;
    1556. 

  1556. 

  1557. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1558. 

  1558. 		if (params->certLabel != NULL) {
    1559. 

  1559. 			kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
    1560. 

  1560. 			    params->certLabel, strlen(params->certLabel));
    1561. 

  1561. 			i++;
    1562. 

  1562. 		}
    1563. 

  1563. 

  1564. 		if (params->nssparms.trustflag != NULL) {
    1565. 

  1565. 			kmf_set_attr_at_index(attlist, i, KMF_TRUSTFLAG_ATTR,
    1566. 

  1566. 			    params->nssparms.trustflag,
    1567. 

  1567. 			    strlen(params->nssparms.trustflag));
    1568. 

  1568. 			i++;
    1569. 

  1569. 		}
    1570. 

  1570. 

  1571. 		if (params->nssparms.slotlabel != NULL) {
    1572. 

  1572. 			kmf_set_attr_at_index(attlist, i,
    1573. 

  1573. 			    KMF_TOKEN_LABEL_ATTR,
    1574. 

  1574. 			    params->nssparms.slotlabel,
    1575. 

  1575. 			    strlen(params->nssparms.slotlabel));
    1576. 

  1576. 			i++;
    1577. 

  1577. 		}
    1578. 

  1578. 

  1579. 	} else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
    1580. 

  1580. 		if (params->certLabel != NULL) {
    1581. 

  1581. 			kmf_set_attr_at_index(attlist, i, KMF_CERT_LABEL_ATTR,
    1582. 

  1582. 			    params->certLabel, strlen(params->certLabel));
    1583. 

  1583. 			i++;
    1584. 

  1584. 		}
    1585. 

  1585. 	}
    1586. 

  1586. 

  1587. 	*attnum = i;
    1588. 

  1588. 

  1589. 	return (ret);
    1590. 

  1590. }
    1591. 

  1591. 

  1592. /*
    1593. 

  1593.  * Name: set_exportp12_params
    1594. 

  1594.  *
    1595. 

  1595.  * Description:
    1596. 

  1596.  *      Set KMF_EXPORTP12_PARAMS
    1597. 

  1597.  *
    1598. 

  1598.  * Parameter:
    1599. 

  1599.  *      params: parameter to be set
    1600. 

  1600.  *      kstype: keystore type
    1601. 

  1601.  *	certlabel: cert label
    1602. 

  1602.  *	issuer: issuer name
    1603. 

  1603.  *	subject: cert subject
    1604. 

  1604.  *	idstr: id string
    1605. 

  1605.  *	serial: serial number
    1606. 

  1606.  *	token_password: password for keystore
    1607. 

  1607.  *	export_password: export password for keystore
    1608. 

  1608.  *	keyfile: ssl key file name
    1609. 

  1609.  *	certfile: ssl cert file name
    1610. 

  1610.  *      format: ssl cert encode format
    1611. 

  1611.  *
    1612. 

  1612.  * Returns:
    1613. 

  1613.  *      1: failed
    1614. 

  1614.  *      0: succussful
    1615. 

  1615.  *
    1616. 

  1616.  */
    1617. 

  1617. int
    1618. 

  1618. set_exportp12_params(KMF_EXPORTP12_PARAMS *params,
    1619. 

  1619.     KMF_KEYSTORE_TYPE kstype, char *certlabel, char *issuer,
    1620. 

  1620.     char *subject, char *idstr, KMF_BIGINT *serial,
    1621. 

  1621.     char *token_password, char *export_password,
    1622. 

  1622.     char *keyfile, char *certfile, KMF_ENCODE_FORMAT format)
    1623. 

  1623. {
    1624. 

  1624. 	int ret = 0;
    1625. 

  1625. 

  1626. 	if (params == NULL) {
    1627. 

  1627. 		ret = 1;
    1628. 

  1628. 		goto out;
    1629. 

  1629. 	}
    1630. 

  1630. 

  1631. 	(void) memset(params, 0, sizeof (KMF_EXPORTP12_PARAMS));
    1632. 

  1632. 	params->kstype = kstype;
    1633. 

  1633. 	params->certLabel = certlabel;
    1634. 

  1634. 	params->issuer = issuer;
    1635. 

  1635. 	params->subject = subject;
    1636. 

  1636. 	params->idstr = idstr;
    1637. 

  1637. 	params->serial = serial;
    1638. 

  1638. 	params->cred.cred = token_password;
    1639. 

  1639. 	params->p12cred.cred = export_password;
    1640. 

  1640. 	if (token_password)
    1641. 

  1641. 		params->cred.credlen = strlen(token_password);
    1642. 

  1642. 	else
    1643. 

  1643. 		params->cred.credlen = 0;
    1644. 

  1644. 

  1645. 	if (export_password)
    1646. 

  1646. 		params->p12cred.credlen = strlen(export_password);
    1647. 

  1647. 	else
    1648. 

  1648. 		params->p12cred.credlen = 0;
    1649. 

  1649. 

  1650. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    1651. 

  1651. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    1652. 

  1652. 		if (params->nssparms.slotlabel == NULL) {
    1653. 

  1653. 			ret = 1;
    1654. 

  1654. 			goto out;
    1655. 

  1655. 		}
    1656. 

  1656. 		params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
    1657. 

  1657. 		if (params->nssparms.trustflag == NULL) {
    1658. 

  1658. 			ret = 1;
    1659. 

  1659. 			goto out;
    1660. 

  1660. 		}
    1661. 

  1661. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    1662. 

  1662. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    1663. 

  1663. 		if (params->sslparms.dirpath == NULL) {
    1664. 

  1664. 			ret = 1;
    1665. 

  1665. 			goto out;
    1666. 

  1666. 		}
    1667. 

  1667. 		params->sslparms.keyfile = keyfile;
    1668. 

  1668. 		params->sslparms.certfile = certfile;
    1669. 

  1669. 		params->sslparms.format = format;
    1670. 

  1670. 	}
    1671. 

  1671. 

  1672. out:
    1673. 

  1673. 	if (ret) {
    1674. 

  1674. 		(void) jnl_printf("set_exportp12_params failed\n");
    1675. 

  1675. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    1676. 

  1676. 		free_exportp12_params(params);
    1677. 

  1677. 	}
    1678. 

  1678. 

  1679. 	return (ret);
    1680. 

  1680. }
    1681. 

  1681. 

  1682. /*
    1683. 

  1683.  * Name: free_exportp12_params
    1684. 

  1684.  *
    1685. 

  1685.  * Description:
    1686. 

  1686.  *      Free heap memory used by KMF_EXPORTP12_PARAMS
    1687. 

  1687.  *
    1688. 

  1688.  * Parameter:
    1689. 

  1689.  *      params: parameter to be freed
    1690. 

  1690.  *
    1691. 

  1691.  */
    1692. 

  1692. void
    1693. 

  1693. free_exportp12_params(KMF_EXPORTP12_PARAMS *params)
    1694. 

  1694. {
    1695. 

  1695. 	if (params == NULL)
    1696. 

  1696. 		return;
    1697. 

  1697. 

  1698. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1699. 

  1699. 		if (params->nssparms.slotlabel != NULL)
    1700. 

  1700. 			free(params->nssparms.slotlabel);
    1701. 

  1701. 		if (params->nssparms.trustflag != NULL)
    1702. 

  1702. 			free(params->nssparms.trustflag);
    1703. 

  1703. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1704. 

  1704. 		if (params->sslparms.dirpath != NULL)
    1705. 

  1705. 			free(params->sslparms.dirpath);
    1706. 

  1706. 	}
    1707. 

  1707. }
    1708. 

  1708. 

  1709. int
    1710. 

  1710. set_exportp12_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    1711. 

  1711. 	KMF_EXPORTP12_PARAMS *params, char *filename)
    1712. 

  1712. {
    1713. 

  1713. 	int i = 0;
    1714. 

  1714. 	int ret = 0;
    1715. 

  1715. 

  1716. 	if (NULL != filename) {
    1717. 

  1717. 		kmf_set_attr_at_index(attlist, i,
    1718. 

  1718. 		    KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
    1719. 

  1719. 		i++;
    1720. 

  1720. 	}
    1721. 

  1721. 

  1722. 	if (NULL == params) {
    1723. 

  1723. 		*attnum = i;
    1724. 

  1724. 

  1725. 		return (ret);
    1726. 

  1726. 	}
    1727. 

  1727. 

  1728. 	kmf_set_attr_at_index(attlist, i,
    1729. 

  1729. 	    KMF_KEYSTORE_TYPE_ATTR, &params->kstype, sizeof (params->kstype));
    1730. 

  1730. 	i++;
    1731. 

  1731. 

  1732. 	kmf_set_attr_at_index(attlist, i,
    1733. 

  1733. 	    KMF_PK12CRED_ATTR, &params->p12cred, sizeof (KMF_CREDENTIAL));
    1734. 

  1734. 	i++;
    1735. 

  1735. 

  1736. 	if (params->kstype == KMF_KEYSTORE_NSS ||
    1737. 

  1737. 	    params->kstype == KMF_KEYSTORE_PK11TOKEN) {
    1738. 

  1738. 

  1739. 		if (params->certLabel != NULL) {
    1740. 

  1740. 			kmf_set_attr_at_index(attlist, i,
    1741. 

  1741. 			    KMF_CERT_LABEL_ATTR, params->certLabel,
    1742. 

  1742. 			    strlen(params->certLabel));
    1743. 

  1743. 			i++;
    1744. 

  1744. 		}
    1745. 

  1745. 		if (params->issuer != NULL) {
    1746. 

  1746. 			kmf_set_attr_at_index(attlist, i,
    1747. 

  1747. 			    KMF_ISSUER_NAME_ATTR, params->issuer,
    1748. 

  1748. 			    strlen(params->issuer));
    1749. 

  1749. 			i++;
    1750. 

  1750. 		}
    1751. 

  1751. 		if (params->subject != NULL) {
    1752. 

  1752. 			kmf_set_attr_at_index(attlist, i,
    1753. 

  1753. 			    KMF_SUBJECT_NAME_ATTR, params->subject,
    1754. 

  1754. 			    strlen(params->subject));
    1755. 

  1755. 			i++;
    1756. 

  1756. 		}
    1757. 

  1757. 		if (params->serial != NULL) {
    1758. 

  1758. 			kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
    1759. 

  1759. 			    params->serial, sizeof (KMF_BIGINT));
    1760. 

  1760. 			i++;
    1761. 

  1761. 		}
    1762. 

  1762. 

  1763. 		kmf_set_attr_at_index(attlist, i,
    1764. 

  1764. 		    KMF_CREDENTIAL_ATTR, &params->cred,
    1765. 

  1765. 		    sizeof (KMF_CREDENTIAL));
    1766. 

  1766. 		i++;
    1767. 

  1767. 	}
    1768. 

  1768. 

  1769. 	if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1770. 

  1770. 		if (params->sslparms.dirpath != NULL) {
    1771. 

  1771. 			kmf_set_attr_at_index(attlist, i,
    1772. 

  1772. 			    KMF_DIRPATH_ATTR,
    1773. 

  1773. 			    params->sslparms.dirpath,
    1774. 

  1774. 			    strlen(params->sslparms.dirpath));
    1775. 

  1775. 			i++;
    1776. 

  1776. 		}
    1777. 

  1777. 		if (params->sslparms.certfile != NULL) {
    1778. 

  1778. 			kmf_set_attr_at_index(attlist, i,
    1779. 

  1779. 			    KMF_CERT_FILENAME_ATTR,
    1780. 

  1780. 			    params->sslparms.certfile,
    1781. 

  1781. 			    strlen(params->sslparms.certfile));
    1782. 

  1782. 			i++;
    1783. 

  1783. 		}
    1784. 

  1784. 		if (params->sslparms.keyfile != NULL) {
    1785. 

  1785. 			kmf_set_attr_at_index(attlist, i,
    1786. 

  1786. 			    KMF_KEY_FILENAME_ATTR,
    1787. 

  1787. 			    params->sslparms.keyfile,
    1788. 

  1788. 			    strlen(params->sslparms.keyfile));
    1789. 

  1789. 			i++;
    1790. 

  1790. 		}
    1791. 

  1791. 	}
    1792. 

  1792. 

  1793. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1794. 

  1794. 		if (params->nssparms.slotlabel != NULL) {
    1795. 

  1795. 			kmf_set_attr_at_index(attlist, i,
    1796. 

  1796. 			    KMF_TOKEN_LABEL_ATTR,
    1797. 

  1797. 			    params->nssparms.slotlabel,
    1798. 

  1798. 			    strlen(params->nssparms.slotlabel));
    1799. 

  1799. 			i++;
    1800. 

  1800. 		}
    1801. 

  1801. 	}
    1802. 

  1802. 

  1803. 	*attnum = i;
    1804. 

  1804. 

  1805. 	return (ret);
    1806. 

  1806. }
    1807. 

  1807. 

  1808. /*
    1809. 

  1809.  * Name: set_findcert_params
    1810. 

  1810.  *
    1811. 

  1811.  * Description:
    1812. 

  1812.  *      Set KMF_FINDCERT_PARAMS
    1813. 

  1813.  *
    1814. 

  1814.  * Parameter:
    1815. 

  1815.  *      params: parameter to be set
    1816. 

  1816.  *      kstype: keystore type
    1817. 

  1817.  *      certlabel: cert label
    1818. 

  1818.  *      issuer: issuer name
    1819. 

  1819.  *      subject: cert subject
    1820. 

  1820.  *      idstr: id string
    1821. 

  1821.  *      serial: serial number
    1822. 

  1822.  *	validity: cert validity method
    1823. 

  1823.  *      keyfile: ssl key file name
    1824. 

  1824.  *      certfile: ssl cert file name
    1825. 

  1825.  *      format: ssl cert encode format
    1826. 

  1826.  *
    1827. 

  1827.  * Returns:
    1828. 

  1828.  *      1: failed
    1829. 

  1829.  *      0: succussful
    1830. 

  1830.  *
    1831. 

  1831.  */
    1832. 

  1832. int
    1833. 

  1833. set_findcert_params(KMF_FINDCERT_PARAMS *params,
    1834. 

  1834.     KMF_KEYSTORE_TYPE kstype, char *certlabel, char *issuer,
    1835. 

  1835.     char *subject, char *idstr, KMF_BIGINT *serial,
    1836. 

  1836.     KMF_CERT_VALIDITY validity,
    1837. 

  1837.     char *keyfile, char *certfile, KMF_ENCODE_FORMAT format)
    1838. 

  1838. {
    1839. 

  1839. 	int ret = 0;
    1840. 

  1840. 

  1841. 	if (params == NULL) {
    1842. 

  1842. 		ret = 1;
    1843. 

  1843. 		goto out;
    1844. 

  1844. 	}
    1845. 

  1845. 

  1846. 	(void) memset(params, 0, sizeof (KMF_FINDCERT_PARAMS));
    1847. 

  1847. 	params->kstype = kstype;
    1848. 

  1848. 	params->certLabel = certlabel;
    1849. 

  1849. 	params->issuer = issuer;
    1850. 

  1850. 	params->subject = subject;
    1851. 

  1851. 	params->idstr = idstr;
    1852. 

  1852. 	params->serial = serial;
    1853. 

  1853. 	params->find_cert_validity = validity;
    1854. 

  1854. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    1855. 

  1855. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    1856. 

  1856. 		if (params->nssparms.slotlabel == NULL) {
    1857. 

  1857. 			ret = 1;
    1858. 

  1858. 			goto out;
    1859. 

  1859. 		}
    1860. 

  1860. 		params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
    1861. 

  1861. 		if (params->nssparms.trustflag == NULL) {
    1862. 

  1862. 			ret = 1;
    1863. 

  1863. 			goto out;
    1864. 

  1864. 		}
    1865. 

  1865. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    1866. 

  1866. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    1867. 

  1867. 		if (params->sslparms.dirpath == NULL) {
    1868. 

  1868. 			ret = 1;
    1869. 

  1869. 			goto out;
    1870. 

  1870. 		}
    1871. 

  1871. 		params->sslparms.keyfile = keyfile;
    1872. 

  1872. 		params->sslparms.certfile = certfile;
    1873. 

  1873. 		params->sslparms.format = format;
    1874. 

  1874. 	} else if (kstype == KMF_KEYSTORE_PK11TOKEN) { /* pkcs11 */
    1875. 

  1875. 		params->pkcs11parms.private = B_TRUE;
    1876. 

  1876. 	}
    1877. 

  1877. 

  1878. out:
    1879. 

  1879. 	if (ret) {
    1880. 

  1880. 		(void) jnl_printf("set_findcert_params failed\n");
    1881. 

  1881. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    1882. 

  1882. 		free_findcert_params(params);
    1883. 

  1883. 	}
    1884. 

  1884. 

  1885. 	return (ret);
    1886. 

  1886. }
    1887. 

  1887. 

  1888. /*
    1889. 

  1889.  * Name: free_findcert_params
    1890. 

  1890.  *
    1891. 

  1891.  * Description:
    1892. 

  1892.  *      Free heap memory used by KMF_FINDCERT_PARAMS
    1893. 

  1893.  *
    1894. 

  1894.  * Parameter:
    1895. 

  1895.  *      params: parameter to be freed
    1896. 

  1896.  *
    1897. 

  1897.  */
    1898. 

  1898. void
    1899. 

  1899. free_findcert_params(KMF_FINDCERT_PARAMS *params)
    1900. 

  1900. {
    1901. 

  1901. 	if (params == NULL)
    1902. 

  1902. 		return;
    1903. 

  1903. 

  1904. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    1905. 

  1905. 		if (params->nssparms.slotlabel != NULL)
    1906. 

  1906. 			free(params->nssparms.slotlabel);
    1907. 

  1907. 		if (params->nssparms.trustflag != NULL)
    1908. 

  1908. 			free(params->nssparms.trustflag);
    1909. 

  1909. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1910. 

  1910. 		if (params->sslparms.dirpath != NULL)
    1911. 

  1911. 			free(params->sslparms.dirpath);
    1912. 

  1912. 	}
    1913. 

  1913. 

  1914. }
    1915. 

  1915. 

  1916. int
    1917. 

  1917. set_findcert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    1918. 

  1918. 	KMF_FINDCERT_PARAMS *params, KMF_X509_DER_CERT *kmf_cert,
    1919. 

  1919. 	uint32_t *numcerts)
    1920. 

  1920. {
    1921. 

  1921. 	int i = 0;
    1922. 

  1922. 	int ret = 0;
    1923. 

  1923. 

  1924. 	if (NULL != numcerts) {
    1925. 

  1925. 		kmf_set_attr_at_index(attlist, i,
    1926. 

  1926. 		    KMF_COUNT_ATTR, numcerts, sizeof (uint32_t));
    1927. 

  1927. 		i++;
    1928. 

  1928. 	}
    1929. 

  1929. 

  1930. 	if (kmf_cert != NULL) {
    1931. 

  1931. 		kmf_set_attr_at_index(attlist, i,
    1932. 

  1932. 		    KMF_X509_DER_CERT_ATTR, kmf_cert,
    1933. 

  1933. 		    sizeof (KMF_X509_DER_CERT));
    1934. 

  1934. 		i++;
    1935. 

  1935. 	}
    1936. 

  1936. 

  1937. 	if (NULL != params) {
    1938. 

  1938. 		kmf_set_attr_at_index(attlist, i,
    1939. 

  1939. 		    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    1940. 

  1940. 		    sizeof (params->kstype));
    1941. 

  1941. 		i++;
    1942. 

  1942. 

  1943. 		/* Set the optional searching attributes for all 3 plugins */
    1944. 

  1944. 		if (params->issuer != NULL) {
    1945. 

  1945. 			kmf_set_attr_at_index(attlist, i,
    1946. 

  1946. 			    KMF_ISSUER_NAME_ATTR,
    1947. 

  1947. 			    params->issuer, strlen(params->issuer));
    1948. 

  1948. 			i++;
    1949. 

  1949. 		}
    1950. 

  1950. 		if (params->subject != NULL) {
    1951. 

  1951. 			kmf_set_attr_at_index(attlist, i,
    1952. 

  1952. 			    KMF_SUBJECT_NAME_ATTR,
    1953. 

  1953. 			    params->subject, strlen(params->subject));
    1954. 

  1954. 			i++;
    1955. 

  1955. 		}
    1956. 

  1956. 		if (params->serial != NULL) {
    1957. 

  1957. 			kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
    1958. 

  1958. 			    params->serial, sizeof (KMF_BIGINT));
    1959. 

  1959. 			i++;
    1960. 

  1960. 		}
    1961. 

  1961. 

  1962. 		kmf_set_attr_at_index(attlist, i, KMF_CERT_VALIDITY_ATTR,
    1963. 

  1963. 		    &params->find_cert_validity, sizeof (KMF_CERT_VALIDITY));
    1964. 

  1964. 		i++;
    1965. 

  1965. 

  1966. 		if (params->kstype == KMF_KEYSTORE_NSS) {
    1967. 

  1967. 			if (params->certLabel != NULL) {
    1968. 

  1968. 				kmf_set_attr_at_index(attlist, i,
    1969. 

  1969. 				    KMF_CERT_LABEL_ATTR,
    1970. 

  1970. 				    params->certLabel,
    1971. 

  1971. 				    strlen(params->certLabel));
    1972. 

  1972. 				i++;
    1973. 

  1973. 			}
    1974. 

  1974. 

  1975. 			if (params->nssparms.slotlabel != NULL) {
    1976. 

  1976. 				kmf_set_attr_at_index(attlist, i,
    1977. 

  1977. 				    KMF_TOKEN_LABEL_ATTR,
    1978. 

  1978. 				    params->nssparms.slotlabel,
    1979. 

  1979. 				    strlen(params->nssparms.slotlabel));
    1980. 

  1980. 				i++;
    1981. 

  1981. 			}
    1982. 

  1982. 		} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    1983. 

  1983. 			if (params->sslparms.certfile != NULL) {
    1984. 

  1984. 				kmf_set_attr_at_index(attlist, i,
    1985. 

  1985. 				    KMF_CERT_FILENAME_ATTR,
    1986. 

  1986. 				    params->sslparms.certfile,
    1987. 

  1987. 				    strlen(params->sslparms.certfile));
    1988. 

  1988. 				i++;
    1989. 

  1989. 			}
    1990. 

  1990. 

  1991. 			if (params->sslparms.dirpath != NULL) {
    1992. 

  1992. 				kmf_set_attr_at_index(attlist, i,
    1993. 

  1993. 				    KMF_DIRPATH_ATTR,
    1994. 

  1994. 				    params->sslparms.dirpath,
    1995. 

  1995. 				    strlen(params->sslparms.dirpath));
    1996. 

  1996. 				i++;
    1997. 

  1997. 			}
    1998. 

  1998. 

  1999. 		} else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
    2000. 

  2000. 			if (params->certLabel != NULL) {
    2001. 

  2001. 				kmf_set_attr_at_index(attlist, i,
    2002. 

  2002. 				    KMF_CERT_LABEL_ATTR,
    2003. 

  2003. 				    params->certLabel,
    2004. 

  2004. 				    strlen(params->certLabel));
    2005. 

  2005. 				i++;
    2006. 

  2006. 			}
    2007. 

  2007. 

  2008. 			kmf_set_attr_at_index(attlist, i,
    2009. 

  2009. 			    KMF_PRIVATE_BOOL_ATTR,
    2010. 

  2010. 			    &params->pkcs11parms.private,
    2011. 

  2011. 			    sizeof (params->pkcs11parms.private));
    2012. 

  2012. 			i++;
    2013. 

  2013. 		}
    2014. 

  2014. 	}
    2015. 

  2015. 

  2016. 	*attnum = i;
    2017. 

  2017. 	return (ret);
    2018. 

  2018. }
    2019. 

  2019. 

  2020. int set_deletecert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    2021. 

  2021. 	KMF_DELETECERT_PARAMS *params)
    2022. 

  2022. {
    2023. 

  2023. 	int i = 0;
    2024. 

  2024. 	int ret = 0;
    2025. 

  2025. 

  2026. 	if (NULL != params) {
    2027. 

  2027. 		kmf_set_attr_at_index(attlist, i,
    2028. 

  2028. 		    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    2029. 

  2029. 		    sizeof (params->kstype));
    2030. 

  2030. 		i++;
    2031. 

  2031. 

  2032. 		/* Set the optional searching attributes for all 3 plugins */
    2033. 

  2033. 		if (params->issuer != NULL) {
    2034. 

  2034. 			kmf_set_attr_at_index(attlist, i,
    2035. 

  2035. 			    KMF_ISSUER_NAME_ATTR,
    2036. 

  2036. 			    params->issuer, strlen(params->issuer));
    2037. 

  2037. 			i++;
    2038. 

  2038. 		}
    2039. 

  2039. 		if (params->subject != NULL) {
    2040. 

  2040. 			kmf_set_attr_at_index(attlist, i,
    2041. 

  2041. 			    KMF_SUBJECT_NAME_ATTR,
    2042. 

  2042. 			    params->subject, strlen(params->subject));
    2043. 

  2043. 			i++;
    2044. 

  2044. 		}
    2045. 

  2045. 		if (params->serial != NULL) {
    2046. 

  2046. 			kmf_set_attr_at_index(attlist, i, KMF_BIGINT_ATTR,
    2047. 

  2047. 			    params->serial, sizeof (KMF_BIGINT));
    2048. 

  2048. 			i++;
    2049. 

  2049. 		}
    2050. 

  2050. 

  2051. 		kmf_set_attr_at_index(attlist, i, KMF_CERT_VALIDITY_ATTR,
    2052. 

  2052. 		    &params->find_cert_validity, sizeof (KMF_CERT_VALIDITY));
    2053. 

  2053. 		i++;
    2054. 

  2054. 

  2055. 		if (params->kstype == KMF_KEYSTORE_NSS) {
    2056. 

  2056. 			if (params->certLabel != NULL) {
    2057. 

  2057. 				kmf_set_attr_at_index(attlist, i,
    2058. 

  2058. 				    KMF_CERT_LABEL_ATTR,
    2059. 

  2059. 				    params->certLabel,
    2060. 

  2060. 				    strlen(params->certLabel));
    2061. 

  2061. 				i++;
    2062. 

  2062. 			}
    2063. 

  2063. 

  2064. 			if (params->nssparms.slotlabel != NULL) {
    2065. 

  2065. 				kmf_set_attr_at_index(attlist, i,
    2066. 

  2066. 				    KMF_TOKEN_LABEL_ATTR,
    2067. 

  2067. 				    params->nssparms.slotlabel,
    2068. 

  2068. 				    strlen(params->nssparms.slotlabel));
    2069. 

  2069. 				i++;
    2070. 

  2070. 			}
    2071. 

  2071. 		} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    2072. 

  2072. 			if (params->sslparms.certfile != NULL) {
    2073. 

  2073. 				kmf_set_attr_at_index(attlist, i,
    2074. 

  2074. 				    KMF_CERT_FILENAME_ATTR,
    2075. 

  2075. 				    params->sslparms.certfile,
    2076. 

  2076. 				    strlen(params->sslparms.certfile));
    2077. 

  2077. 				i++;
    2078. 

  2078. 			}
    2079. 

  2079. 

  2080. 			if (params->sslparms.dirpath != NULL) {
    2081. 

  2081. 				kmf_set_attr_at_index(attlist, i,
    2082. 

  2082. 				    KMF_DIRPATH_ATTR,
    2083. 

  2083. 				    params->sslparms.dirpath,
    2084. 

  2084. 				    strlen(params->sslparms.dirpath));
    2085. 

  2085. 				i++;
    2086. 

  2086. 			}
    2087. 

  2087. 

  2088. 		} else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
    2089. 

  2089. 			if (params->certLabel != NULL) {
    2090. 

  2090. 				kmf_set_attr_at_index(attlist, i,
    2091. 

  2091. 				    KMF_CERT_LABEL_ATTR,
    2092. 

  2092. 				    params->certLabel,
    2093. 

  2093. 				    strlen(params->certLabel));
    2094. 

  2094. 				i++;
    2095. 

  2095. 			}
    2096. 

  2096. 

  2097. 			kmf_set_attr_at_index(attlist, i,
    2098. 

  2098. 			    KMF_PRIVATE_BOOL_ATTR,
    2099. 

  2099. 			    &params->pkcs11parms.private,
    2100. 

  2100. 			    sizeof (params->pkcs11parms.private));
    2101. 

  2101. 			i++;
    2102. 

  2102. 		}
    2103. 

  2103. 	}
    2104. 

  2104. 

  2105. 	*attnum = i;
    2106. 

  2106. 	return (ret);
    2107. 

  2107. }
    2108. 

  2108. 

  2109. int
    2110. 

  2110. build_csr_data(KMF_HANDLE_T kmfhandle, KMF_CSR_DATA *csr,
    2111. 

  2111.     KMF_KEY_HANDLE *key)
    2112. 

  2112. {
    2113. 

  2113. 	KMF_X509_NAME *subject_name_ptr = NULL;
    2114. 

  2114. 	char *subject_name_string = "C=CH, O=Sun, CN=hua.tang@sun.com";
    2115. 

  2115. 	KMF_X509_NAME csr_subject_name;
    2116. 

  2116. 	KMF_GENERALNAMECHOICES nametype = GENNAME_RFC822NAME;
    2117. 

  2117. 	char *namedata = "hua.tang@sun.com";
    2118. 

  2118. 

  2119. 	(void) memset(csr, 0, sizeof (KMF_CSR_DATA));
    2120. 

  2120. 

  2121. 	if (testcall(kmf_set_csr_version(csr, 2),
    2122. 

  2122. 	    "kmf_set_csr_version"))
    2123. 

  2123. 		goto fail_out;
    2124. 

  2124. 

  2125. 	if (testcall(kmf_dn_parser(subject_name_string, &csr_subject_name),
    2126. 

  2126. 	    "kmf_dn_parser"))
    2127. 

  2127. 		goto fail_out;
    2128. 

  2128. 

  2129. 	subject_name_ptr = &csr_subject_name;
    2130. 

  2130. 

  2131. 	if (testcall(kmf_set_csr_subject(csr, subject_name_ptr),
    2132. 

  2132. 	    "kmf_set_csr_subject"))
    2133. 

  2133. 		goto fail_out;
    2134. 

  2134. 

  2135. 	if (testcall(kmf_set_csr_subject_altname(csr, namedata, 1, nametype),
    2136. 

  2136. 	    "kmf_set_csr_subj_altname"))
    2137. 

  2137. 		goto fail_out;
    2138. 

  2138. 

  2139. 	if (testcall(kmf_set_csr_pubkey(kmfhandle, key, csr),
    2140. 

  2140. 	    "kmf_set_csr_pubkey"))
    2141. 

  2141. 		goto fail_out;
    2142. 

  2142. 

  2143. 	if (testcall(kmf_set_csr_sig_alg(csr, KMF_ALGID_MD5WithRSA),
    2144. 

  2144. 	    "kmf_set_csr_sigalg"))
    2145. 

  2145. 		goto fail_out;
    2146. 

  2146. 

  2147. 	if (testcall(kmf_set_csr_ku(csr, 0,
    2148. 

  2148. 	    (KMF_dataEncipherment | KMF_digitalSignature | KMF_keyCertSign)),
    2149. 

  2149. 	    "kmf_set_csr_keyusage"))
    2150. 

  2150. 		goto fail_out;
    2151. 

  2151. 

  2152. 	return (0);
    2153. 

  2153. 

  2154. fail_out:
    2155. 

  2155. 	return (1);
    2156. 

  2156. }
    2157. 

  2157. 

  2158. /*
    2159. 

  2159.  * Name: set_importcrl_params
    2160. 

  2160.  *
    2161. 

  2161.  * Description:
    2162. 

  2162.  *      Set kmf_import_crl attributes
    2163. 

  2163.  *
    2164. 

  2164.  * Parameter:
    2165. 

  2165.  *      attributes: attributes to be set
    2166. 

  2166.  *      kstype: keystore type
    2167. 

  2167.  *	format: ssl crl encode format
    2168. 

  2168.  *	incrlfile: input crl file name
    2169. 

  2169.  *	incertfile: ssl input cert file name
    2170. 

  2170.  *	outcrlfile: ssl output crl file name
    2171. 

  2171.  *
    2172. 

  2172.  * Returns:
    2173. 

  2173.  *      1: failed
    2174. 

  2174.  *      0: succussful
    2175. 

  2175.  *
    2176. 

  2176.  */
    2177. 

  2177. int
    2178. 

  2178. set_importcrl_params(KMF_ATTRIBUTE *attrlist,
    2179. 

  2179.     KMF_KEYSTORE_TYPE *kstype, KMF_ENCODE_FORMAT *format,
    2180. 

  2180.     char *incrlfile, char *incertfile, char *outcrlfile)
    2181. 

  2181. {
    2182. 

  2182. 	int ret = 0;
    2183. 

  2183. 	int numattr = 0;
    2184. 

  2184. 	static boolean_t check = B_TRUE;
    2185. 

  2185. 

  2186. 	kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
    2187. 

  2187. 	    kstype, sizeof (KMF_KEYSTORE_TYPE));
    2188. 

  2188. 	numattr++;
    2189. 

  2189. 

  2190. 	if (*kstype == KMF_KEYSTORE_NSS) { /* NSS */
    2191. 

  2191. 		char *slotlabel = strdup(DEFAULT_NSSLABEL);
    2192. 

  2192. 		char *trustflag = strdup(NSS_TRUST_FLAG);
    2193. 

  2193. 

  2194. 		if (slotlabel == NULL) {
    2195. 

  2195. 			ret = -1;
    2196. 

  2196. 			goto out;
    2197. 

  2197. 		}
    2198. 

  2198. 		kmf_set_attr_at_index(attrlist, numattr,
    2199. 

  2199. 		    KMF_TOKEN_LABEL_ATTR, slotlabel,
    2200. 

  2200. 		    strlen(slotlabel));
    2201. 

  2201. 		numattr++;
    2202. 

  2202. 

  2203. 		if (trustflag == NULL) {
    2204. 

  2204. 			ret = -1;
    2205. 

  2205. 			goto out;
    2206. 

  2206. 		}
    2207. 

  2207. 		kmf_set_attr_at_index(attrlist, numattr,
    2208. 

  2208. 		    KMF_TRUSTFLAG_ATTR, trustflag,
    2209. 

  2209. 		    strlen(trustflag));
    2210. 

  2210. 		numattr++;
    2211. 

  2211. 

  2212. 		if (incrlfile != NULL) {
    2213. 

  2213. 

  2214. 			kmf_set_attr_at_index(attrlist, numattr,
    2215. 

  2215. 			    KMF_CRL_FILENAME_ATTR, incrlfile,
    2216. 

  2216. 			    strlen(incrlfile));
    2217. 

  2217. 			numattr++;
    2218. 

  2218. 		}
    2219. 

  2219. 	} else if (*kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    2220. 

  2220. 		char *dirpath = strdup(SSL_DIR_PATH);
    2221. 

  2221. 

  2222. 		if (dirpath == NULL) {
    2223. 

  2223. 			ret = -1;
    2224. 

  2224. 			goto out;
    2225. 

  2225. 		}
    2226. 

  2226. 		if (incertfile) {
    2227. 

  2227. 			kmf_set_attr_at_index(attrlist, numattr,
    2228. 

  2228. 			    KMF_CERT_FILENAME_ATTR, incertfile,
    2229. 

  2229. 			    strlen(incertfile));
    2230. 

  2230. 			numattr++;
    2231. 

  2231. 		}
    2232. 

  2232. 		if (incrlfile) {
    2233. 

  2233. 			kmf_set_attr_at_index(attrlist, numattr,
    2234. 

  2234. 			    KMF_CRL_FILENAME_ATTR, incrlfile,
    2235. 

  2235. 			    strlen(incrlfile));
    2236. 

  2236. 			numattr++;
    2237. 

  2237. 		}
    2238. 

  2238. 		if (outcrlfile) {
    2239. 

  2239. 			kmf_set_attr_at_index(attrlist, numattr,
    2240. 

  2240. 			    KMF_CRL_OUTFILE_ATTR, outcrlfile,
    2241. 

  2241. 			    strlen(outcrlfile));
    2242. 

  2242. 			numattr++;
    2243. 

  2243. 		}
    2244. 

  2244. 		kmf_set_attr_at_index(attrlist, numattr,
    2245. 

  2245. 		    KMF_CRL_CHECK_ATTR, &check, sizeof (check));
    2246. 

  2246. 		numattr++;
    2247. 

  2247. 

  2248. 		kmf_set_attr_at_index(attrlist, numattr,
    2249. 

  2249. 		    KMF_ENCODE_FORMAT_ATTR, format,
    2250. 

  2250. 		    sizeof (KMF_ENCODE_FORMAT));
    2251. 

  2251. 		numattr++;
    2252. 

  2252. 	}
    2253. 

  2253. 

  2254. out:
    2255. 

  2255. 	if (ret) {
    2256. 

  2256. 		(void) jnl_printf("set_importcrl_params failed\n");
    2257. 

  2257. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    2258. 

  2258. 		return (-1);
    2259. 

  2259. 	}
    2260. 

  2260. 

  2261. 	return (numattr);
    2262. 

  2262. }
    2263. 

  2263. 

  2264. void
    2265. 

  2265. free_importcrl_params(KMF_ATTRIBUTE *attrlist, int numattr)
    2266. 

  2266. {
    2267. 

  2267. 	char *p;
    2268. 

  2268. 	if (attrlist == NULL || numattr == 0)
    2269. 

  2269. 		return;
    2270. 

  2270. 

  2271. 	p = kmf_get_attr_ptr(KMF_TOKEN_LABEL_ATTR,
    2272. 

  2272. 	    attrlist, numattr);
    2273. 

  2273. 	if (p)
    2274. 

  2274. 		free(p);
    2275. 

  2275. 

  2276. 	p = kmf_get_attr_ptr(KMF_TRUSTFLAG_ATTR,
    2277. 

  2277. 	    attrlist, numattr);
    2278. 

  2278. 	if (p)
    2279. 

  2279. 		free(p);
    2280. 

  2280. 

  2281. 	p = kmf_get_attr_ptr(KMF_DIRPATH_ATTR,
    2282. 

  2282. 	    attrlist, numattr);
    2283. 

  2283. 	if (p)
    2284. 

  2284. 		free(p);
    2285. 

  2285. }
    2286. 

  2286. 

  2287. /*
    2288. 

  2288.  * Name: set_deletecrl_params
    2289. 

  2289.  *
    2290. 

  2290.  * Description:
    2291. 

  2291.  *      Set KMF_DELETECRL_PARAMS
    2292. 

  2292.  *
    2293. 

  2293.  * Parameter:
    2294. 

  2294.  *      attrlist: attribute list to be set
    2295. 

  2295.  *      kstype: keystore type
    2296. 

  2296.  *      format: ssl crl encode format
    2297. 

  2297.  *	crl_subjName: crl subject name
    2298. 

  2298.  *	crl_issuerName: crl issuer name
    2299. 

  2299.  *	crlfile: crl file name
    2300. 

  2300.  *	dirpath: directory path
    2301. 

  2301.  *
    2302. 

  2302.  * Returns:
    2303. 

  2303.  *      1: failed
    2304. 

  2304.  *      0: succussful
    2305. 

  2305.  *
    2306. 

  2306.  */
    2307. 

  2307. int
    2308. 

  2308. set_deletecrl_params(KMF_ATTRIBUTE *attrlist,
    2309. 

  2309.     KMF_KEYSTORE_TYPE *kstype, KMF_ENCODE_FORMAT *format,
    2310. 

  2310.     char *crl_subjName, char *crl_issuerName, char *crlfile, char *dirpath)
    2311. 

  2311. {
    2312. 

  2312. 	int ret = 0;
    2313. 

  2313. 	int numattr = 0;
    2314. 

  2314. 	char *slotlabel = NULL;
    2315. 

  2315. 	char *trustflag = NULL;
    2316. 

  2316. 

  2317. 	if (attrlist == NULL) {
    2318. 

  2318. 		ret = -1;
    2319. 

  2319. 		goto out;
    2320. 

  2320. 	}
    2321. 

  2321. 

  2322. 	kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
    2323. 

  2323. 	    kstype, sizeof (KMF_KEYSTORE_TYPE));
    2324. 

  2324. 	numattr++;
    2325. 

  2325. 

  2326. 	if (*kstype == KMF_KEYSTORE_NSS) { /* NSS */
    2327. 

  2327. 		slotlabel = strdup(DEFAULT_NSSLABEL);
    2328. 

  2328. 		if (slotlabel == NULL) {
    2329. 

  2329. 			ret = -1;
    2330. 

  2330. 			goto out;
    2331. 

  2331. 		}
    2332. 

  2332. 		kmf_set_attr_at_index(attrlist, numattr,
    2333. 

  2333. 		    KMF_TOKEN_LABEL_ATTR, slotlabel,
    2334. 

  2334. 		    strlen(slotlabel));
    2335. 

  2335. 		numattr++;
    2336. 

  2336. 

  2337. 		trustflag = strdup(NSS_TRUST_FLAG);
    2338. 

  2338. 		if (trustflag == NULL) {
    2339. 

  2339. 			ret = -1;
    2340. 

  2340. 			goto out;
    2341. 

  2341. 		}
    2342. 

  2342. 		kmf_set_attr_at_index(attrlist, numattr,
    2343. 

  2343. 		    KMF_TRUSTFLAG_ATTR, trustflag,
    2344. 

  2344. 		    strlen(trustflag));
    2345. 

  2345. 		numattr++;
    2346. 

  2346. 		if (crl_subjName != NULL) {
    2347. 

  2347. 			kmf_set_attr_at_index(attrlist, numattr,
    2348. 

  2348. 			    KMF_SUBJECT_NAME_ATTR, crl_subjName,
    2349. 

  2349. 			    strlen(crl_subjName));
    2350. 

  2350. 			numattr++;
    2351. 

  2351. 		}
    2352. 

  2352. 		if (crl_issuerName != NULL) {
    2353. 

  2353. 			kmf_set_attr_at_index(attrlist, numattr,
    2354. 

  2354. 			    KMF_ISSUER_NAME_ATTR, crl_issuerName,
    2355. 

  2355. 			    strlen(crl_issuerName));
    2356. 

  2356. 			numattr++;
    2357. 

  2357. 		}
    2358. 

  2358. 	} else { /* OpenSSL and PKCS#11 use the same parameters */
    2359. 

  2359. 		if (dirpath != NULL) {
    2360. 

  2360. 			kmf_set_attr_at_index(attrlist, numattr,
    2361. 

  2361. 			    KMF_DIRPATH_ATTR, dirpath,
    2362. 

  2362. 			    strlen(dirpath));
    2363. 

  2363. 			numattr++;
    2364. 

  2364. 		}
    2365. 

  2365. 		if (crlfile != NULL) {
    2366. 

  2366. 			kmf_set_attr_at_index(attrlist, numattr,
    2367. 

  2367. 			    KMF_CRL_FILENAME_ATTR, crlfile,
    2368. 

  2368. 			    strlen(crlfile));
    2369. 

  2369. 			numattr++;
    2370. 

  2370. 		}
    2371. 

  2371. 		kmf_set_attr_at_index(attrlist, numattr,
    2372. 

  2372. 		    KMF_ENCODE_FORMAT_ATTR, format,
    2373. 

  2373. 		    sizeof (KMF_ENCODE_FORMAT));
    2374. 

  2374. 		numattr++;
    2375. 

  2375. 	}
    2376. 

  2376. 

  2377. out:
    2378. 

  2378. 	if (ret) {
    2379. 

  2379. 		(void) jnl_printf("set_deletecrl_params failed\n");
    2380. 

  2380. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    2381. 

  2381. 		free_deletecrl_params(attrlist, numattr);
    2382. 

  2382. 		return (-1);
    2383. 

  2383. 	}
    2384. 

  2384. 

  2385. 	return (numattr);
    2386. 

  2386. }
    2387. 

  2387. 

  2388. /*
    2389. 

  2389.  * Name: free_deletecrl_params
    2390. 

  2390.  *
    2391. 

  2391.  * Description:
    2392. 

  2392.  *      Free heap memory used by the delete_crl tests.
    2393. 

  2393.  *
    2394. 

  2394.  * Parameter:
    2395. 

  2395.  *      params: parameter to be freed
    2396. 

  2396.  *
    2397. 

  2397.  */
    2398. 

  2398. void
    2399. 

  2399. free_deletecrl_params(KMF_ATTRIBUTE *attrlist, int numattr)
    2400. 

  2400. {
    2401. 

  2401. 	char *p;
    2402. 

  2402. 	if (attrlist == NULL || numattr == 0)
    2403. 

  2403. 		return;
    2404. 

  2404. 

  2405. 	p = kmf_get_attr_ptr(KMF_TOKEN_LABEL_ATTR,
    2406. 

  2406. 	    attrlist, numattr);
    2407. 

  2407. 	if (p)
    2408. 

  2408. 		free(p);
    2409. 

  2409. 

  2410. 	p = kmf_get_attr_ptr(KMF_TRUSTFLAG_ATTR,
    2411. 

  2411. 	    attrlist, numattr);
    2412. 

  2412. 	if (p)
    2413. 

  2413. 		free(p);
    2414. 

  2414. }
    2415. 

  2415. 

  2416. /*
    2417. 

  2417.  * Name: set_listcrl_params
    2418. 

  2418.  *
    2419. 

  2419.  * Description:
    2420. 

  2420.  *      Set parameters for kmf_list_crl
    2421. 

  2421.  *
    2422. 

  2422.  * Parameter:
    2423. 

  2423.  *      attrlist: attribute list to be set
    2424. 

  2424.  *      kstype: keystore type
    2425. 

  2425.  *      format: ssl crl encode format
    2426. 

  2426.  *      crl_subjName: crl subject name
    2427. 

  2427.  *      crl_issuerName: crl issuer name
    2428. 

  2428.  *      crlfile: crl file name
    2429. 

  2429.  *      dirpath: directory path
    2430. 

  2430.  *
    2431. 

  2431.  * Returns:
    2432. 

  2432.  *      1: failed
    2433. 

  2433.  *      0: succussful
    2434. 

  2434.  *
    2435. 

  2435.  */
    2436. 

  2436. int
    2437. 

  2437. set_listcrl_params(KMF_ATTRIBUTE *attrlist,
    2438. 

  2438.     KMF_KEYSTORE_TYPE *kstype, KMF_ENCODE_FORMAT *format,
    2439. 

  2439.     char *crl_subjName, char *crl_issuerName, char *crlfile,
    2440. 

  2440.     char *dirpath, char **crldata)
    2441. 

  2441. {
    2442. 

  2442. 	int ret = 0;
    2443. 

  2443. 	int numattr = 0;
    2444. 

  2444. 	char *slotlabel = NULL;
    2445. 

  2445. 	char *trustflag = NULL;
    2446. 

  2446. 

  2447. 	if (attrlist == NULL) {
    2448. 

  2448. 		ret =  1;
    2449. 

  2449. 		goto out;
    2450. 

  2450. 	}
    2451. 

  2451. 

  2452. 	kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
    2453. 

  2453. 	    kstype, sizeof (KMF_KEYSTORE_TYPE));
    2454. 

  2454. 	numattr++;
    2455. 

  2455. 

  2456. 	if (*kstype == KMF_KEYSTORE_NSS) { /* NSS */
    2457. 

  2457. 		slotlabel = strdup(DEFAULT_NSSLABEL);
    2458. 

  2458. 		if (slotlabel == NULL) {
    2459. 

  2459. 			ret = -1;
    2460. 

  2460. 			goto out;
    2461. 

  2461. 		}
    2462. 

  2462. 		kmf_set_attr_at_index(attrlist, numattr,
    2463. 

  2463. 		    KMF_TOKEN_LABEL_ATTR, slotlabel,
    2464. 

  2464. 		    strlen(slotlabel));
    2465. 

  2465. 		numattr++;
    2466. 

  2466. 

  2467. 		trustflag = strdup(NSS_TRUST_FLAG);
    2468. 

  2468. 		if (trustflag == NULL) {
    2469. 

  2469. 			ret = -1;
    2470. 

  2470. 			goto out;
    2471. 

  2471. 		}
    2472. 

  2472. 		kmf_set_attr_at_index(attrlist, numattr,
    2473. 

  2473. 		    KMF_TRUSTFLAG_ATTR, trustflag,
    2474. 

  2474. 		    strlen(trustflag));
    2475. 

  2475. 		numattr++;
    2476. 

  2476. 		if (crl_subjName != NULL) {
    2477. 

  2477. 			kmf_set_attr_at_index(attrlist, numattr,
    2478. 

  2478. 			    KMF_SUBJECT_NAME_ATTR, crl_subjName,
    2479. 

  2479. 			    strlen(crl_subjName));
    2480. 

  2480. 			numattr++;
    2481. 

  2481. 		}
    2482. 

  2482. 		if (crl_issuerName != NULL) {
    2483. 

  2483. 			kmf_set_attr_at_index(attrlist, numattr,
    2484. 

  2484. 			    KMF_ISSUER_NAME_ATTR, crl_issuerName,
    2485. 

  2485. 			    strlen(crl_issuerName));
    2486. 

  2486. 			numattr++;
    2487. 

  2487. 		}
    2488. 

  2488. 	} else { /* OpenSSL and PKCS#11 use the same parameters */
    2489. 

  2489. 		if (dirpath != NULL) {
    2490. 

  2490. 			kmf_set_attr_at_index(attrlist, numattr,
    2491. 

  2491. 			    KMF_DIRPATH_ATTR, dirpath,
    2492. 

  2492. 			    strlen(dirpath));
    2493. 

  2493. 			numattr++;
    2494. 

  2494. 		}
    2495. 

  2495. 		if (crlfile != NULL) {
    2496. 

  2496. 			kmf_set_attr_at_index(attrlist, numattr,
    2497. 

  2497. 			    KMF_CRL_FILENAME_ATTR, crlfile,
    2498. 

  2498. 			    strlen(crlfile));
    2499. 

  2499. 			numattr++;
    2500. 

  2500. 		}
    2501. 

  2501. 		kmf_set_attr_at_index(attrlist, numattr,
    2502. 

  2502. 		    KMF_ENCODE_FORMAT_ATTR, format,
    2503. 

  2503. 		    sizeof (KMF_ENCODE_FORMAT));
    2504. 

  2504. 		numattr++;
    2505. 

  2505. 	}
    2506. 

  2506. 

  2507. 	if (crldata != NULL) {
    2508. 

  2508. 		kmf_set_attr_at_index(attrlist, numattr,
    2509. 

  2509. 		    KMF_CRL_DATA_ATTR, crldata, sizeof (char *));
    2510. 

  2510. 		numattr++;
    2511. 

  2511. 	}
    2512. 

  2512. 

  2513. out:
    2514. 

  2514. 	if (ret) {
    2515. 

  2515. 		(void) jnl_printf("set_listcrl_params failed\n");
    2516. 

  2516. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    2517. 

  2517. 		free_listcrl_params(attrlist, numattr);
    2518. 

  2518. 		return (-1);
    2519. 

  2519. 	}
    2520. 

  2520. 

  2521. 	return (numattr);
    2522. 

  2522. }
    2523. 

  2523. 

  2524. /*
    2525. 

  2525.  * Name: free_listcrl_params
    2526. 

  2526.  *
    2527. 

  2527.  * Description:
    2528. 

  2528.  *      Free heap memory used by KMF_LISTCRL_PARAMS
    2529. 

  2529.  *
    2530. 

  2530.  * Parameter:
    2531. 

  2531.  *      params: parameter to be freed
    2532. 

  2532.  *
    2533. 

  2533.  */
    2534. 

  2534. void
    2535. 

  2535. free_listcrl_params(KMF_ATTRIBUTE *attrlist, int numattr)
    2536. 

  2536. {
    2537. 

  2537. 	char *p;
    2538. 

  2538. 	if (attrlist == NULL || numattr == 0)
    2539. 

  2539. 		return;
    2540. 

  2540. 

  2541. 	p = kmf_get_attr_ptr(KMF_TOKEN_LABEL_ATTR,
    2542. 

  2542. 	    attrlist, numattr);
    2543. 

  2543. 	if (p)
    2544. 

  2544. 		free(p);
    2545. 

  2545. 

  2546. 	p = kmf_get_attr_ptr(KMF_TRUSTFLAG_ATTR,
    2547. 

  2547. 	    attrlist, numattr);
    2548. 

  2548. 	if (p)
    2549. 

  2549. 		free(p);
    2550. 

  2550. }
    2551. 

  2551. 

  2552. int
    2553. 

  2553. set_setpin_params(KMF_ATTRIBUTE *attrlist,
    2554. 

  2554.     KMF_KEYSTORE_TYPE *kstype, char *tokenname,
    2555. 

  2555.     KMF_CREDENTIAL *oldcred)
    2556. 

  2556. {
    2557. 

  2557. 	int i = 0;
    2558. 

  2558. 	if (attrlist == NULL)
    2559. 

  2559. 		return (0);
    2560. 

  2560. 

  2561. 	kmf_set_attr_at_index(attrlist, i, KMF_KEYSTORE_TYPE_ATTR,
    2562. 

  2562. 	    kstype, sizeof (KMF_KEYSTORE_TYPE));
    2563. 

  2563. 	i++;
    2564. 

  2564. 	if (tokenname != NULL) {
    2565. 

  2565. 		kmf_set_attr_at_index(attrlist, i, KMF_TOKEN_LABEL_ATTR,
    2566. 

  2566. 		    tokenname, strlen(tokenname));
    2567. 

  2567. 		i++;
    2568. 

  2568. 	}
    2569. 

  2569. 	if (oldcred != NULL) {
    2570. 

  2570. 		kmf_set_attr_at_index(attrlist, i, KMF_CREDENTIAL_ATTR,
    2571. 

  2571. 		    oldcred, sizeof (KMF_CREDENTIAL));
    2572. 

  2572. 		i++;
    2573. 

  2573. 	}
    2574. 

  2574. 	return (i);
    2575. 

  2575. }
    2576. 

  2576. 

  2577. /*
    2578. 

  2578.  * Name: set_createsymkey_params
    2579. 

  2579.  *
    2580. 

  2580.  * Description:
    2581. 

  2581.  *      Set KMF_CREATESYMKEY_PARAMS
    2582. 

  2582.  *
    2583. 

  2583.  * Parameter:
    2584. 

  2584.  *      params: parameter to be set
    2585. 

  2585.  *      kstype: keystore type
    2586. 

  2586.  *      keytype: key type
    2587. 

  2587.  *      keylength: key length
    2588. 

  2588.  *	keylabel: key label
    2589. 

  2589.  *      token_password: password for keystore
    2590. 

  2590.  *	keyfile: OpenSSL key file name
    2591. 

  2591.  *	format: OpenSSL key format
    2592. 

  2592.  *
    2593. 

  2593.  * Returns:
    2594. 

  2594.  *      1: failed
    2595. 

  2595.  *      0: succussful
    2596. 

  2596.  *
    2597. 

  2597.  */
    2598. 

  2598. int
    2599. 

  2599. set_createsymkey_params(KMF_CREATESYMKEY_PARAMS *params,
    2600. 

  2600.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype,
    2601. 

  2601.     uint32_t keylength, char *keylabel,
    2602. 

  2602.     char *token_password, char *keyfile, KMF_ENCODE_FORMAT format)
    2603. 

  2603. {
    2604. 

  2604. 	int ret = 0;
    2605. 

  2605. 

  2606. 	if (params == NULL) {
    2607. 

  2607. 		ret = 1;
    2608. 

  2608. 		goto out;
    2609. 

  2609. 	}
    2610. 

  2610. 

  2611. 	(void) memset(params, 0, sizeof (KMF_CREATESYMKEY_PARAMS));
    2612. 

  2612. 	params->kstype = kstype;
    2613. 

  2613. 	params->keytype = keytype;
    2614. 

  2614. 	params->keylength = keylength;
    2615. 

  2615. 	params->keylabel = keylabel;
    2616. 

  2616. 	params->cred.cred = token_password;
    2617. 

  2617. 	if (token_password)
    2618. 

  2618. 		params->cred.credlen = strlen(token_password);
    2619. 

  2619. 	else
    2620. 

  2620. 		params->cred.credlen = 0;
    2621. 

  2621. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    2622. 

  2622. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    2623. 

  2623. 		if (params->nssparms.slotlabel == NULL) {
    2624. 

  2624. 			ret = 1;
    2625. 

  2625. 			goto out;
    2626. 

  2626. 		}
    2627. 

  2627. 

  2628. 		params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
    2629. 

  2629. 		if (params->nssparms.trustflag == NULL) {
    2630. 

  2630. 			ret = 1;
    2631. 

  2631. 			goto out;
    2632. 

  2632. 		}
    2633. 

  2633. 

  2634. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    2635. 

  2635. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    2636. 

  2636. 		if (params->sslparms.dirpath == NULL) {
    2637. 

  2637. 			ret = 1;
    2638. 

  2638. 			goto out;
    2639. 

  2639. 		}
    2640. 

  2640. 		params->sslparms.keyfile = keyfile;
    2641. 

  2641. 		params->sslparms.format = format;
    2642. 

  2642. 	} else if (kstype == KMF_KEYSTORE_PK11TOKEN) {
    2643. 

  2643. 		params->pkcs11parms.sensitive = B_FALSE;
    2644. 

  2644. 		params->pkcs11parms.not_extractable = B_FALSE;
    2645. 

  2645. 	}
    2646. 

  2646. 

  2647. out:
    2648. 

  2648. 	if (ret) {
    2649. 

  2649. 		(void) jnl_printf("set_createsymkey_params failed\n");
    2650. 

  2650. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    2651. 

  2651. 		free_createsymkey_params(params);
    2652. 

  2652. 	}
    2653. 

  2653. 

  2654. 	return (ret);
    2655. 

  2655. }
    2656. 

  2656. 

  2657. /*
    2658. 

  2658.  * Name: free_createsymkey_params
    2659. 

  2659.  *
    2660. 

  2660.  * Description:
    2661. 

  2661.  *      Free heap memory used by KMF_CREATESYMKEY_PARAMS
    2662. 

  2662.  *
    2663. 

  2663.  * Parameter:
    2664. 

  2664.  *      params: parameter to be freed
    2665. 

  2665.  *
    2666. 

  2666.  */
    2667. 

  2667. void
    2668. 

  2668. free_createsymkey_params(KMF_CREATESYMKEY_PARAMS *params)
    2669. 

  2669. {
    2670. 

  2670. 	if (params == NULL)
    2671. 

  2671. 		return;
    2672. 

  2672. 

  2673. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    2674. 

  2674. 		if (params->nssparms.slotlabel != NULL)
    2675. 

  2675. 			free(params->nssparms.slotlabel);
    2676. 

  2676. 		if (params->nssparms.trustflag != NULL)
    2677. 

  2677. 			free(params->nssparms.trustflag);
    2678. 

  2678. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    2679. 

  2679. 		if (params->sslparms.dirpath != NULL)
    2680. 

  2680. 			free(params->sslparms.dirpath);
    2681. 

  2681. 	}
    2682. 

  2682. }
    2683. 

  2683. 

  2684. int
    2685. 

  2685. set_createsymkey_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    2686. 

  2686. 	KMF_CREATESYMKEY_PARAMS *params,
    2687. 

  2687. 	KMF_KEY_HANDLE *symKey)
    2688. 

  2688. {
    2689. 

  2689. 	int ret = 0;
    2690. 

  2690. 	int i = 0;
    2691. 

  2691. 

  2692. 	if (NULL != symKey) {
    2693. 

  2693. 		kmf_set_attr_at_index(attlist, i,
    2694. 

  2694. 		    KMF_KEY_HANDLE_ATTR, symKey, sizeof (KMF_KEY_HANDLE));
    2695. 

  2695. 		i++;
    2696. 

  2696. 	}
    2697. 

  2697. 

  2698. 	if (NULL != params) {
    2699. 

  2699. 		kmf_set_attr_at_index(attlist, i,
    2700. 

  2700. 		    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    2701. 

  2701. 		    sizeof (params->kstype));
    2702. 

  2702. 		i++;
    2703. 

  2703. 

  2704. 		kmf_set_attr_at_index(attlist, i,
    2705. 

  2705. 		    KMF_KEYALG_ATTR, &params->keytype,
    2706. 

  2706. 		    sizeof (params->keytype));
    2707. 

  2707. 		i++;
    2708. 

  2708. 

  2709. 		kmf_set_attr_at_index(attlist, i,
    2710. 

  2710. 		    KMF_KEYLENGTH_ATTR, &params->keylength,
    2711. 

  2711. 		    sizeof (params->keylength));
    2712. 

  2712. 		i++;
    2713. 

  2713. 

  2714. 		if (params->keylabel != NULL) {
    2715. 

  2715. 			kmf_set_attr_at_index(attlist, i,
    2716. 

  2716. 			    KMF_KEYLABEL_ATTR, params->keylabel,
    2717. 

  2717. 			    strlen(params->keylabel));
    2718. 

  2718. 			i++;
    2719. 

  2719. 		}
    2720. 

  2720. 		if (params->cred.credlen > 0) {
    2721. 

  2721. 			kmf_set_attr_at_index(attlist, i,
    2722. 

  2722. 			    KMF_CREDENTIAL_ATTR, &params->cred,
    2723. 

  2723. 			    sizeof (KMF_CREDENTIAL));
    2724. 

  2724. 			i++;
    2725. 

  2725. 		}
    2726. 

  2726. 

  2727. 		if (params->kstype == KMF_KEYSTORE_NSS) {
    2728. 

  2728. 			if (params->nssparms.slotlabel != NULL) {
    2729. 

  2729. 				kmf_set_attr_at_index(attlist, i,
    2730. 

  2730. 				    KMF_TOKEN_LABEL_ATTR,
    2731. 

  2731. 				    params->nssparms.slotlabel,
    2732. 

  2732. 				    strlen(params->nssparms.slotlabel));
    2733. 

  2733. 				i++;
    2734. 

  2734. 			}
    2735. 

  2735. 		} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    2736. 

  2736. 			if (params->sslparms.dirpath != NULL) {
    2737. 

  2737. 				kmf_set_attr_at_index(attlist, i,
    2738. 

  2738. 				    KMF_DIRPATH_ATTR,
    2739. 

  2739. 				    params->sslparms.dirpath,
    2740. 

  2740. 				    strlen(params->sslparms.dirpath));
    2741. 

  2741. 				i++;
    2742. 

  2742. 			}
    2743. 

  2743. 			if (params->sslparms.keyfile != NULL) {
    2744. 

  2744. 				kmf_set_attr_at_index(attlist, i,
    2745. 

  2745. 				    KMF_KEY_FILENAME_ATTR,
    2746. 

  2746. 				    params->sslparms.keyfile,
    2747. 

  2747. 				    strlen(params->sslparms.keyfile));
    2748. 

  2748. 				i++;
    2749. 

  2749. 			}
    2750. 

  2750. 			kmf_set_attr_at_index(attlist, i,
    2751. 

  2751. 			    KMF_ENCODE_FORMAT_ATTR,
    2752. 

  2752. 			    &params->sslparms.format,
    2753. 

  2753. 			    sizeof (params->sslparms.format));
    2754. 

  2754. 			i++;
    2755. 

  2755. 		} else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
    2756. 

  2756. 			kmf_set_attr_at_index(attlist, i,
    2757. 

  2757. 			    KMF_SENSITIVE_BOOL_ATTR,
    2758. 

  2758. 			    &params->pkcs11parms.sensitive,
    2759. 

  2759. 			    sizeof (params->pkcs11parms.sensitive));
    2760. 

  2760. 			i++;
    2761. 

  2761. 			kmf_set_attr_at_index(attlist, i,
    2762. 

  2762. 			    KMF_NON_EXTRACTABLE_BOOL_ATTR,
    2763. 

  2763. 			    &params->pkcs11parms.not_extractable,
    2764. 

  2764. 			    sizeof (params->pkcs11parms.not_extractable));
    2765. 

  2765. 			i++;
    2766. 

  2766. 		}
    2767. 

  2767. 	} /* end of "if (NULL != params)" */
    2768. 

  2768. 

  2769. 	*attnum = i;
    2770. 

  2770. 	return (ret);
    2771. 

  2771. }
    2772. 

  2772. 

  2773. /*
    2774. 

  2774.  * Name: set_findkey_params
    2775. 

  2775.  *
    2776. 

  2776.  * Description:
    2777. 

  2777.  *      Set KMF_FINDKEY_PARAMS
    2778. 

  2778.  *
    2779. 

  2779.  * Parameter:
    2780. 

  2780.  *      params: parameter to be set
    2781. 

  2781.  *      kstype: keystore type
    2782. 

  2782.  *      keytype: key type
    2783. 

  2783.  *	keyclass: key class
    2784. 

  2784.  *      token_password: password for keystore
    2785. 

  2785.  *	findLabel: key label to be found
    2786. 

  2786.  *      format: key format
    2787. 

  2787.  *	idstr: id string
    2788. 

  2788.  *	keyfile: OpenSSL key file name
    2789. 

  2789.  *
    2790. 

  2790.  * Returns:
    2791. 

  2791.  *      1: failed
    2792. 

  2792.  *      0: succussful
    2793. 

  2793.  *
    2794. 

  2794.  */
    2795. 

  2795. int
    2796. 

  2796. set_findkey_params(KMF_FINDKEY_PARAMS *params,
    2797. 

  2797.     KMF_KEYSTORE_TYPE kstype, KMF_KEY_ALG keytype,
    2798. 

  2798.     KMF_KEY_CLASS keyclass, char *token_password,
    2799. 

  2799.     char *findLabel, KMF_ENCODE_FORMAT format,
    2800. 

  2800.     char *idstr, char *keyfile)
    2801. 

  2801. {
    2802. 

  2802. 	int ret = 0;
    2803. 

  2803. 

  2804. 	if (params == NULL) {
    2805. 

  2805. 		ret = 1;
    2806. 

  2806. 		goto out;
    2807. 

  2807. 	}
    2808. 

  2808. 

  2809. 	(void) memset(params, 0, sizeof (KMF_FINDKEY_PARAMS));
    2810. 

  2810. 	params->kstype = kstype;
    2811. 

  2811. 	params->keytype = keytype;
    2812. 

  2812. 	params->keyclass = keyclass;
    2813. 

  2813. 	params->cred.cred = token_password;
    2814. 

  2814. 	if (token_password)
    2815. 

  2815. 		params->cred.credlen = strlen(token_password);
    2816. 

  2816. 	else
    2817. 

  2817. 		params->cred.credlen = 0;
    2818. 

  2818. 	params->findLabel = findLabel;
    2819. 

  2819. 	params->format = format;
    2820. 

  2820. 	params->idstr = idstr;
    2821. 

  2821. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    2822. 

  2822. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    2823. 

  2823. 		if (params->nssparms.slotlabel == NULL) {
    2824. 

  2824. 			ret = 1;
    2825. 

  2825. 			goto out;
    2826. 

  2826. 		}
    2827. 

  2827. 		params->nssparms.trustflag = strdup(NSS_TRUST_FLAG);
    2828. 

  2828. 		if (params->nssparms.trustflag == NULL) {
    2829. 

  2829. 			ret = 1;
    2830. 

  2830. 			goto out;
    2831. 

  2831. 		}
    2832. 

  2832. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    2833. 

  2833. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    2834. 

  2834. 		if (params->sslparms.dirpath == NULL) {
    2835. 

  2835. 			ret = 1;
    2836. 

  2836. 			goto out;
    2837. 

  2837. 		}
    2838. 

  2838. 		params->sslparms.keyfile = keyfile;
    2839. 

  2839. 		params->sslparms.format = format;
    2840. 

  2840. 	} else if (kstype == KMF_KEYSTORE_PK11TOKEN) {
    2841. 

  2841. 		params->pkcs11parms.token = B_TRUE;
    2842. 

  2842. 		params->pkcs11parms.private = B_TRUE;
    2843. 

  2843. 	}
    2844. 

  2844. 

  2845. out:
    2846. 

  2846. 	if (ret) {
    2847. 

  2847. 		(void) jnl_printf("set_findkey_params failed\n");
    2848. 

  2848. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    2849. 

  2849. 		free_findkey_params(params);
    2850. 

  2850. 	}
    2851. 

  2851. 

  2852. 	return (ret);
    2853. 

  2853. }
    2854. 

  2854. 

  2855. /*
    2856. 

  2856.  * Name: free_findkey_params
    2857. 

  2857.  *
    2858. 

  2858.  * Description:
    2859. 

  2859.  *      Free heap memory used by KMF_FINDKEY_PARAMS
    2860. 

  2860.  *
    2861. 

  2861.  * Parameter:
    2862. 

  2862.  *      params: parameter to be freed
    2863. 

  2863.  *
    2864. 

  2864.  */
    2865. 

  2865. void
    2866. 

  2866. free_findkey_params(KMF_FINDKEY_PARAMS *params)
    2867. 

  2867. {
    2868. 

  2868. 	if (params == NULL)
    2869. 

  2869. 		return;
    2870. 

  2870. 

  2871. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    2872. 

  2872. 		if (params->nssparms.slotlabel != NULL)
    2873. 

  2873. 			free(params->nssparms.slotlabel);
    2874. 

  2874. 		if (params->nssparms.trustflag != NULL)
    2875. 

  2875. 			free(params->nssparms.trustflag);
    2876. 

  2876. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    2877. 

  2877. 		if (params->sslparms.dirpath != NULL)
    2878. 

  2878. 			free(params->sslparms.dirpath);
    2879. 

  2879. 	}
    2880. 

  2880. }
    2881. 

  2881. 

  2882. int
    2883. 

  2883. set_findkey_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    2884. 

  2884. 		KMF_FINDKEY_PARAMS *params, KMF_KEY_HANDLE *keylist,
    2885. 

  2885. 		uint32_t *numkeys)
    2886. 

  2886. {
    2887. 

  2887. 	int ret = 0;
    2888. 

  2888. 	int i = 0;
    2889. 

  2889. 

  2890. 	if (NULL != keylist) {
    2891. 

  2891. 		kmf_set_attr_at_index(attlist, i,
    2892. 

  2892. 		    KMF_KEY_HANDLE_ATTR, keylist, sizeof (KMF_KEY_HANDLE));
    2893. 

  2893. 		i++;
    2894. 

  2894. 	}
    2895. 

  2895. 

  2896. 	if (NULL != numkeys) {
    2897. 

  2897. 		kmf_set_attr_at_index(attlist, i,
    2898. 

  2898. 		    KMF_COUNT_ATTR, numkeys, sizeof (uint32_t));
    2899. 

  2899. 		i++;
    2900. 

  2900. 	}
    2901. 

  2901. 

  2902. 	if (NULL != params) {
    2903. 

  2903. 		kmf_set_attr_at_index(attlist, i,
    2904. 

  2904. 		    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    2905. 

  2905. 		    sizeof (params->kstype));
    2906. 

  2906. 		i++;
    2907. 

  2907. 

  2908. 		kmf_set_attr_at_index(attlist, i,
    2909. 

  2909. 		    KMF_KEYALG_ATTR, &params->keytype,
    2910. 

  2910. 		    sizeof (params->keytype));
    2911. 

  2911. 		i++;
    2912. 

  2912. 

  2913. 		kmf_set_attr_at_index(attlist, i,
    2914. 

  2914. 		    KMF_KEYCLASS_ATTR, &params->keyclass,
    2915. 

  2915. 		    sizeof (params->keyclass));
    2916. 

  2916. 		i++;
    2917. 

  2917. 

  2918. 		kmf_set_attr_at_index(attlist, i,
    2919. 

  2919. 		    KMF_ENCODE_FORMAT_ATTR, &params->format,
    2920. 

  2920. 		    sizeof (params->format));
    2921. 

  2921. 		i++;
    2922. 

  2922. 

  2923. 		if (params->findLabel != NULL) {
    2924. 

  2924. 			kmf_set_attr_at_index(attlist, i,
    2925. 

  2925. 			    KMF_KEYLABEL_ATTR, params->findLabel,
    2926. 

  2926. 			    strlen(params->findLabel));
    2927. 

  2927. 			i++;
    2928. 

  2928. 		}
    2929. 

  2929. 

  2930. 		if (params->idstr != NULL) {
    2931. 

  2931. 			kmf_set_attr_at_index(attlist, i,
    2932. 

  2932. 			    KMF_IDSTR_ATTR, params->idstr,
    2933. 

  2933. 			    strlen(params->idstr));
    2934. 

  2934. 			i++;
    2935. 

  2935. 		}
    2936. 

  2936. 

  2937. 		if (params->cred.credlen > 0) {
    2938. 

  2938. 			kmf_set_attr_at_index(attlist, i,
    2939. 

  2939. 			    KMF_CREDENTIAL_ATTR, &params->cred,
    2940. 

  2940. 			    sizeof (KMF_CREDENTIAL));
    2941. 

  2941. 			i++;
    2942. 

  2942. 		}
    2943. 

  2943. 

  2944. 		if (params->kstype == KMF_KEYSTORE_NSS) {
    2945. 

  2945. 			if (params->nssparms.slotlabel != NULL) {
    2946. 

  2946. 				kmf_set_attr_at_index(attlist, i,
    2947. 

  2947. 				    KMF_TOKEN_LABEL_ATTR,
    2948. 

  2948. 				    params->nssparms.slotlabel,
    2949. 

  2949. 				    strlen(params->nssparms.slotlabel));
    2950. 

  2950. 				i++;
    2951. 

  2951. 			}
    2952. 

  2952. 		} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    2953. 

  2953. 			if (params->sslparms.dirpath != NULL) {
    2954. 

  2954. 				kmf_set_attr_at_index(attlist, i,
    2955. 

  2955. 				    KMF_DIRPATH_ATTR,
    2956. 

  2956. 				    params->sslparms.dirpath,
    2957. 

  2957. 				    strlen(params->sslparms.dirpath));
    2958. 

  2958. 				i++;
    2959. 

  2959. 			}
    2960. 

  2960. 			if (params->sslparms.keyfile != NULL) {
    2961. 

  2961. 				kmf_set_attr_at_index(attlist, i,
    2962. 

  2962. 				    KMF_KEY_FILENAME_ATTR,
    2963. 

  2963. 				    params->sslparms.keyfile,
    2964. 

  2964. 				    strlen(params->sslparms.keyfile));
    2965. 

  2965. 				i++;
    2966. 

  2966. 			}
    2967. 

  2967. 			kmf_set_attr_at_index(attlist, i,
    2968. 

  2968. 			    KMF_ENCODE_FORMAT_ATTR,
    2969. 

  2969. 			    &params->sslparms.format,
    2970. 

  2970. 			    sizeof (params->sslparms.format));
    2971. 

  2971. 			i++;
    2972. 

  2972. 		} else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
    2973. 

  2973. 			kmf_set_attr_at_index(attlist, i,
    2974. 

  2974. 			    KMF_TOKEN_BOOL_ATTR,
    2975. 

  2975. 			    &params->pkcs11parms.token,
    2976. 

  2976. 			    sizeof (params->pkcs11parms.token));
    2977. 

  2977. 			i++;
    2978. 

  2978. 			kmf_set_attr_at_index(attlist, i,
    2979. 

  2979. 			    KMF_PRIVATE_BOOL_ATTR,
    2980. 

  2980. 			    &params->pkcs11parms.private,
    2981. 

  2981. 			    sizeof (params->pkcs11parms.private));
    2982. 

  2982. 			i++;
    2983. 

  2983. 		}
    2984. 

  2984. 	}
    2985. 

  2985. 

  2986. 	*attnum = i;
    2987. 

  2987. 

  2988. 	return (i);
    2989. 

  2989. }
    2990. 

  2990. 

  2991. /*
    2992. 

  2992.  * Name: set_storekey_params
    2993. 

  2993.  *
    2994. 

  2994.  * Description:
    2995. 

  2995.  *      Set KMF_STOREKEY_PARAMS
    2996. 

  2996.  *
    2997. 

  2997.  * Parameter:
    2998. 

  2998.  *      params: parameter to be set
    2999. 

  2999.  *      kstype: keystore type
    3000. 

  3000.  *      token_password: password for keystore
    3001. 

  3001.  *	certificate: cert data
    3002. 

  3002.  *	label: key label
    3003. 

  3003.  *	keyfiel: ssl keyfile
    3004. 

  3004.  *	format: ssl key encode format
    3005. 

  3005.  *
    3006. 

  3006.  * Returns:
    3007. 

  3007.  *      1: failed
    3008. 

  3008.  *      0: succussful
    3009. 

  3009.  *
    3010. 

  3010.  */
    3011. 

  3011. int
    3012. 

  3012. set_storekey_params(KMF_STOREKEY_PARAMS *params,
    3013. 

  3013.     KMF_KEYSTORE_TYPE kstype, char *token_password,
    3014. 

  3014.     KMF_DATA *certificate, char *label,
    3015. 

  3015.     char *keyfile, KMF_ENCODE_FORMAT format)
    3016. 

  3016. {
    3017. 

  3017. 	int ret = 0;
    3018. 

  3018. 

  3019. 	if (params == NULL) {
    3020. 

  3020. 		ret = 1;
    3021. 

  3021. 		goto out;
    3022. 

  3022. 	}
    3023. 

  3023. 

  3024. 	(void) memset(params, 0, sizeof (KMF_STOREKEY_PARAMS));
    3025. 

  3025. 	params->kstype = kstype;
    3026. 

  3026. 	params->cred.cred = token_password;
    3027. 

  3027. 	if (token_password)
    3028. 

  3028. 		params->cred.credlen = strlen(token_password);
    3029. 

  3029. 	else
    3030. 

  3030. 		params->cred.credlen = 0;
    3031. 

  3031. 	params->certificate = certificate;
    3032. 

  3032. 	params->label = label;
    3033. 

  3033. 	if (kstype == KMF_KEYSTORE_NSS) { /* NSS */
    3034. 

  3034. 		params->nssparms.slotlabel = strdup(DEFAULT_NSSLABEL);
    3035. 

  3035. 		if (params->nssparms.slotlabel == NULL) {
    3036. 

  3036. 			ret = 1;
    3037. 

  3037. 			goto out;
    3038. 

  3038. 		}
    3039. 

  3039. 	} else if (kstype == KMF_KEYSTORE_OPENSSL) { /* OpenSSL */
    3040. 

  3040. 		params->sslparms.dirpath = strdup(SSL_DIR_PATH);
    3041. 

  3041. 		if (params->sslparms.dirpath == NULL) {
    3042. 

  3042. 			ret = 1;
    3043. 

  3043. 			goto out;
    3044. 

  3044. 		}
    3045. 

  3045. 		params->sslparms.keyfile = keyfile;
    3046. 

  3046. 		params->sslparms.format = format;
    3047. 

  3047. 	}
    3048. 

  3048. 

  3049. out:
    3050. 

  3050. 	if (ret) {
    3051. 

  3051. 		(void) jnl_printf("set_storekey_params failed\n");
    3052. 

  3052. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    3053. 

  3053. 		free_storekey_params(params);
    3054. 

  3054. 	}
    3055. 

  3055. 

  3056. 	return (ret);
    3057. 

  3057. }
    3058. 

  3058. 

  3059. /*
    3060. 

  3060.  * Name: free_storekey_params
    3061. 

  3061.  *
    3062. 

  3062.  * Description:
    3063. 

  3063.  *      Free heap memory used by KMF_STOREKEY_PARAMS
    3064. 

  3064.  *
    3065. 

  3065.  * Parameter:
    3066. 

  3066.  *      params: parameter to be freed
    3067. 

  3067.  *
    3068. 

  3068.  */
    3069. 

  3069. void
    3070. 

  3070. free_storekey_params(KMF_STOREKEY_PARAMS *params)
    3071. 

  3071. {
    3072. 

  3072. 	if (params == NULL)
    3073. 

  3073. 		return;
    3074. 

  3074. 

  3075. 	if (params->kstype == KMF_KEYSTORE_NSS) {
    3076. 

  3076. 		if (params->nssparms.slotlabel != NULL)
    3077. 

  3077. 			free(params->nssparms.slotlabel);
    3078. 

  3078. 	} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    3079. 

  3079. 		if (params->sslparms.dirpath != NULL)
    3080. 

  3080. 			free(params->sslparms.dirpath);
    3081. 

  3081. 	}
    3082. 

  3082. }
    3083. 

  3083. 

  3084. int
    3085. 

  3085. set_storekey_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    3086. 

  3086. 	KMF_STOREKEY_PARAMS *params,
    3087. 

  3087. 	KMF_RAW_KEY_DATA *rawKey)
    3088. 

  3088. {
    3089. 

  3089. 	int ret = 0;
    3090. 

  3090. 	int i = 0;
    3091. 

  3091. 

  3092. 	if (NULL != rawKey) {
    3093. 

  3093. 		kmf_set_attr_at_index(attlist, i, KMF_RAW_KEY_ATTR,
    3094. 

  3094. 		    rawKey, sizeof (KMF_RAW_KEY_DATA));
    3095. 

  3095. 		i++;
    3096. 

  3096. 	}
    3097. 

  3097. 

  3098. 	if (NULL != params) {
    3099. 

  3099. 		kmf_set_attr_at_index(attlist, i, KMF_KEYSTORE_TYPE_ATTR,
    3100. 

  3100. 		    &params->kstype, sizeof (params->kstype));
    3101. 

  3101. 		i++;
    3102. 

  3102. 

  3103. 		if (params->cred.credlen > 0) {
    3104. 

  3104. 			kmf_set_attr_at_index(attlist, i,
    3105. 

  3105. 			    KMF_CREDENTIAL_ATTR,
    3106. 

  3106. 			    &params->cred, sizeof (KMF_CREDENTIAL));
    3107. 

  3107. 			i++;
    3108. 

  3108. 		}
    3109. 

  3109. 		if (params->label != NULL) {
    3110. 

  3110. 			kmf_set_attr_at_index(attlist, i,
    3111. 

  3111. 			    KMF_KEYLABEL_ATTR,
    3112. 

  3112. 			    params->label, strlen(params->label));
    3113. 

  3113. 			i++;
    3114. 

  3114. 		}
    3115. 

  3115. 		if (params->certificate != NULL) {
    3116. 

  3116. 			kmf_set_attr_at_index(attlist, i,
    3117. 

  3117. 			    KMF_CERT_DATA_ATTR,
    3118. 

  3118. 			    params->certificate, sizeof (KMF_DATA));
    3119. 

  3119. 			i++;
    3120. 

  3120. 		}
    3121. 

  3121. 		if (params->kstype == KMF_KEYSTORE_NSS) {
    3122. 

  3122. 			if (params->nssparms.slotlabel != NULL) {
    3123. 

  3123. 				kmf_set_attr_at_index(attlist, i,
    3124. 

  3124. 				    KMF_TOKEN_LABEL_ATTR,
    3125. 

  3125. 				    params->nssparms.slotlabel,
    3126. 

  3126. 				    strlen(params->nssparms.slotlabel));
    3127. 

  3127. 				i++;
    3128. 

  3128. 			}
    3129. 

  3129. 		} else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    3130. 

  3130. 			if (params->sslparms.dirpath != NULL) {
    3131. 

  3131. 				kmf_set_attr_at_index(attlist, i,
    3132. 

  3132. 				    KMF_DIRPATH_ATTR,
    3133. 

  3133. 				    params->sslparms.dirpath,
    3134. 

  3134. 				    strlen(params->sslparms.dirpath));
    3135. 

  3135. 				i++;
    3136. 

  3136. 			}
    3137. 

  3137. 			if (params->sslparms.keyfile != NULL) {
    3138. 

  3138. 				kmf_set_attr_at_index(attlist, i,
    3139. 

  3139. 				    KMF_KEY_FILENAME_ATTR,
    3140. 

  3140. 				    params->sslparms.keyfile,
    3141. 

  3141. 				    strlen(params->sslparms.keyfile));
    3142. 

  3142. 				i++;
    3143. 

  3143. 			}
    3144. 

  3144. 			kmf_set_attr_at_index(attlist, i,
    3145. 

  3145. 			    KMF_ENCODE_FORMAT_ATTR,
    3146. 

  3146. 			    &params->sslparms.format,
    3147. 

  3147. 			    sizeof (params->sslparms.format));
    3148. 

  3148. 			i++;
    3149. 

  3149. 		}
    3150. 

  3150. 	}
    3151. 

  3151. 

  3152. 	*attnum = i;
    3153. 

  3153. 

  3154. 	return (ret);
    3155. 

  3155. }
    3156. 

  3156. 

  3157. int
    3158. 

  3158. set_delete_key_from_keystore_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    3159. 

  3159. 	KMF_KEYSTORE_TYPE *kstype, KMF_CREDENTIAL *cred,
    3160. 

  3160. 	KMF_KEY_HANDLE *key, boolean_t *token_destroy, char *slotlabel)
    3161. 

  3161. {
    3162. 

  3162. 	int i = 0;
    3163. 

  3163. 	int ret = 0;
    3164. 

  3164. 

  3165. 	if (NULL != kstype) {
    3166. 

  3166. 		kmf_set_attr_at_index(attlist, i,
    3167. 

  3167. 		    KMF_KEYSTORE_TYPE_ATTR, kstype,
    3168. 

  3168. 		    sizeof (KMF_KEYSTORE_TYPE));
    3169. 

  3169. 		i++;
    3170. 

  3170. 	}
    3171. 

  3171. 

  3172. 	if (NULL != key) {
    3173. 

  3173. 		kmf_set_attr_at_index(attlist, i,
    3174. 

  3174. 		    KMF_KEY_HANDLE_ATTR, key, sizeof (KMF_KEY_HANDLE));
    3175. 

  3175. 		i++;
    3176. 

  3176. 	}
    3177. 

  3177. 

  3178. 	if (NULL != token_destroy) {
    3179. 

  3179. 		kmf_set_attr_at_index(attlist, i,
    3180. 

  3180. 		    KMF_DESTROY_BOOL_ATTR, token_destroy, sizeof (boolean_t));
    3181. 

  3181. 		i++;
    3182. 

  3182. 	}
    3183. 

  3183. 

  3184. 	if (cred && cred->credlen > 0) {
    3185. 

  3185. 		kmf_set_attr_at_index(attlist, i,
    3186. 

  3186. 		    KMF_CREDENTIAL_ATTR, cred,
    3187. 

  3187. 		    sizeof (KMF_CREDENTIAL));
    3188. 

  3188. 		i++;
    3189. 

  3189. 	}
    3190. 

  3190. 

  3191. 	if (*kstype == KMF_KEYSTORE_NSS) {
    3192. 

  3192. 		if (slotlabel != NULL) {
    3193. 

  3193. 			kmf_set_attr_at_index(attlist, i,
    3194. 

  3194. 			    KMF_TOKEN_LABEL_ATTR, slotlabel,
    3195. 

  3195. 			    strlen(slotlabel));
    3196. 

  3196. 			i++;
    3197. 

  3197. 		}
    3198. 

  3198. 	}
    3199. 

  3199. 

  3200. 	*attnum = i;
    3201. 

  3201. 	return (ret);
    3202. 

  3202. }
    3203. 

  3203. 

  3204. /*
    3205. 

  3205.  * Name: set_findcrl_params
    3206. 

  3206.  *
    3207. 

  3207.  * Description:
    3208. 

  3208.  *      Set attributes for kmf_find_crl function
    3209. 

  3209.  *
    3210. 

  3210.  * Parameter:
    3211. 

  3211.  *      attrlist: attribute list to be set
    3212. 

  3212.  *      kstype: keystore type
    3213. 

  3213.  *	crl_subjName: crl subject name
    3214. 

  3214.  *	crl_issuerName: crl issuer name
    3215. 

  3215.  *
    3216. 

  3216.  * Returns:
    3217. 

  3217.  *      -1: failed
    3218. 

  3218.  *      >0 : number of attributes set
    3219. 

  3219.  *
    3220. 

  3220.  */
    3221. 

  3221. int
    3222. 

  3222. set_findcrl_params(KMF_ATTRIBUTE *attrlist,
    3223. 

  3223.     KMF_KEYSTORE_TYPE *kstype,
    3224. 

  3224.     char *crl_subjName, char *crl_issuerName,
    3225. 

  3225.     char **namelist, int *crlcount)
    3226. 

  3226. {
    3227. 

  3227. 	int ret = 0;
    3228. 

  3228. 	int numattr = 0;
    3229. 

  3229. 	char *slotlabel = NULL;
    3230. 

  3230. 	char *trustflag = NULL;
    3231. 

  3231. 

  3232. 	if (attrlist == NULL || kstype == NULL) {
    3233. 

  3233. 		return (-1);
    3234. 

  3234. 	}
    3235. 

  3235. 

  3236. 	kmf_set_attr_at_index(attrlist, numattr,
    3237. 

  3237. 	    KMF_KEYSTORE_TYPE_ATTR,
    3238. 

  3238. 	    kstype, sizeof (KMF_KEYSTORE_TYPE));
    3239. 

  3239. 	numattr++;
    3240. 

  3240. 

  3241. 	if (namelist != NULL) {
    3242. 

  3242. 		kmf_set_attr_at_index(attrlist, numattr,
    3243. 

  3243. 		    KMF_CRL_NAMELIST_ATTR,
    3244. 

  3244. 		    namelist, sizeof (char *));
    3245. 

  3245. 		numattr++;
    3246. 

  3246. 	}
    3247. 

  3247. 

  3248. 	kmf_set_attr_at_index(attrlist, numattr,
    3249. 

  3249. 	    KMF_CRL_COUNT_ATTR,
    3250. 

  3250. 	    crlcount, sizeof (int *));
    3251. 

  3251. 	numattr++;
    3252. 

  3252. 

  3253. 	if (*kstype == KMF_KEYSTORE_NSS) { /* NSS */
    3254. 

  3254. 		slotlabel = strdup(DEFAULT_NSSLABEL);
    3255. 

  3255. 		if (slotlabel == NULL) {
    3256. 

  3256. 			ret = -1;
    3257. 

  3257. 			goto out;
    3258. 

  3258. 		}
    3259. 

  3259. 		kmf_set_attr_at_index(attrlist, numattr,
    3260. 

  3260. 		    KMF_TOKEN_LABEL_ATTR, slotlabel,
    3261. 

  3261. 		    strlen(slotlabel));
    3262. 

  3262. 		numattr++;
    3263. 

  3263. 

  3264. 		trustflag = strdup(NSS_TRUST_FLAG);
    3265. 

  3265. 		if (trustflag == NULL) {
    3266. 

  3266. 			ret = -1;
    3267. 

  3267. 			goto out;
    3268. 

  3268. 		}
    3269. 

  3269. 		kmf_set_attr_at_index(attrlist, numattr,
    3270. 

  3270. 		    KMF_TRUSTFLAG_ATTR, trustflag,
    3271. 

  3271. 		    strlen(trustflag));
    3272. 

  3272. 		numattr++;
    3273. 

  3273. 		if (crl_subjName != NULL) {
    3274. 

  3274. 			kmf_set_attr_at_index(attrlist, numattr,
    3275. 

  3275. 			    KMF_SUBJECT_NAME_ATTR, crl_subjName,
    3276. 

  3276. 			    strlen(crl_subjName));
    3277. 

  3277. 			numattr++;
    3278. 

  3278. 		}
    3279. 

  3279. 		if (crl_issuerName != NULL) {
    3280. 

  3280. 			kmf_set_attr_at_index(attrlist, numattr,
    3281. 

  3281. 			    KMF_ISSUER_NAME_ATTR, crl_issuerName,
    3282. 

  3282. 			    strlen(crl_issuerName));
    3283. 

  3283. 			numattr++;
    3284. 

  3284. 		}
    3285. 

  3285. 	}
    3286. 

  3286. out:
    3287. 

  3287. 	if (ret) {
    3288. 

  3288. 		(void) jnl_printf("set_findcrl_params failed\n");
    3289. 

  3289. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    3290. 

  3290. 		free_findcrl_params(attrlist, numattr);
    3291. 

  3291. 		return (-1);
    3292. 

  3292. 	}
    3293. 

  3293. 

  3294. 	return (numattr);
    3295. 

  3295. }
    3296. 

  3296. 

  3297. /*
    3298. 

  3298.  * Name: free_findcrl_params
    3299. 

  3299.  *
    3300. 

  3300.  * Description:
    3301. 

  3301.  *      Free heap memory used by KMF_FINDCRL_PARAMS
    3302. 

  3302.  *
    3303. 

  3303.  * Parameter:
    3304. 

  3304.  *      params: parameter to be freed
    3305. 

  3305.  *
    3306. 

  3306.  */
    3307. 

  3307. void
    3308. 

  3308. free_findcrl_params(KMF_ATTRIBUTE *attrlist, int numattr)
    3309. 

  3309. {
    3310. 

  3310. 	char *p;
    3311. 

  3311. 	if (attrlist == NULL || numattr == 0)
    3312. 

  3312. 		return;
    3313. 

  3313. 

  3314. 	p = kmf_get_attr_ptr(KMF_TOKEN_LABEL_ATTR,
    3315. 

  3315. 	    attrlist, numattr);
    3316. 

  3316. 	if (p)
    3317. 

  3317. 		free(p);
    3318. 

  3318. 

  3319. 	p = kmf_get_attr_ptr(KMF_TRUSTFLAG_ATTR,
    3320. 

  3320. 	    attrlist, numattr);
    3321. 

  3321. 	if (p)
    3322. 

  3322. 		free(p);
    3323. 

  3323. }
    3324. 

  3324. 

  3325. /* build expired cert */
    3326. 

  3326. int
    3327. 

  3327. build_x509_expired_cert(KMF_HANDLE_T kmfhandle,
    3328. 

  3328.     KMF_X509_CERTIFICATE *cert,
    3329. 

  3329.     uchar_t *sernum, uint32_t numlen, KMF_KEY_HANDLE *key)
    3330. 

  3330. {
    3331. 

  3331. 	struct tm time;
    3332. 

  3332. 	time_t starttime;
    3333. 

  3333. 

  3334. 	(void) memset(&time, 0, sizeof (time));
    3335. 

  3335. 	time.tm_year = 2000 - 1900;
    3336. 

  3336. 	starttime = mktime(&time);
    3337. 

  3337. 

  3338. 	if (build_x509_nokeyusage_cert(kmfhandle, cert, sernum, numlen, key))
    3339. 

  3339. 		goto fail_out;
    3340. 

  3340. 

  3341. 	if (testcall(kmf_set_cert_validity(cert, starttime, 365*24*60*60),
    3342. 

  3342. 	    "KMF_SetCertValidityTimes"))
    3343. 

  3343. 		goto fail_out;
    3344. 

  3344. 

  3345. 	return (0);
    3346. 

  3346. 

  3347. fail_out:
    3348. 

  3348. 	return (1);
    3349. 

  3349. }
    3350. 

  3350. 

  3351. /*
    3352. 

  3352.  * Name: set_findcertincrl_params
    3353. 

  3353.  *
    3354. 

  3354.  * Description:
    3355. 

  3355.  *      Set attribute list for kmf_find_cert_in_crl
    3356. 

  3356.  *
    3357. 

  3357.  * Parameter:
    3358. 

  3358.  *      attrlist: attribute list to be set
    3359. 

  3359.  *      kstype: keystore type
    3360. 

  3360.  *	certLabel: cert label
    3361. 

  3361.  *	dirpath: ssl dir path
    3362. 

  3362.  *	crlfile: ssl crl file name
    3363. 

  3363.  *	certfile: ssl cert file name
    3364. 

  3364.  *	format: ssl crl encode format
    3365. 

  3365.  *
    3366. 

  3366.  * Returns:
    3367. 

  3367.  *      -1: failed
    3368. 

  3368.  *      >0: number of attributes added
    3369. 

  3369.  */
    3370. 

  3370. int
    3371. 

  3371. set_findcertincrl_params(KMF_ATTRIBUTE *attrlist,
    3372. 

  3372.     KMF_KEYSTORE_TYPE *kstype,
    3373. 

  3373.     char *certLabel, char *dirpath, char *crlfile,
    3374. 

  3374.     char *certfile, KMF_ENCODE_FORMAT *format)
    3375. 

  3375. {
    3376. 

  3376. 	int ret = 0;
    3377. 

  3377. 	int numattr = 0;
    3378. 

  3378. 	char *slotlabel = NULL;
    3379. 

  3379. 	char *trustflag = NULL;
    3380. 

  3380. 

  3381. 	if (attrlist == NULL) {
    3382. 

  3382. 		return (-1);
    3383. 

  3383. 	}
    3384. 

  3384. 

  3385. 	kmf_set_attr_at_index(attrlist, numattr,
    3386. 

  3386. 	    KMF_KEYSTORE_TYPE_ATTR,
    3387. 

  3387. 	    kstype, sizeof (KMF_KEYSTORE_TYPE));
    3388. 

  3388. 	numattr++;
    3389. 

  3389. 

  3390. 	if (*kstype == KMF_KEYSTORE_NSS) { /* NSS */
    3391. 

  3391. 		slotlabel = strdup(DEFAULT_NSSLABEL);
    3392. 

  3392. 		if (slotlabel == NULL) {
    3393. 

  3393. 			ret = -1;
    3394. 

  3394. 			goto out;
    3395. 

  3395. 		}
    3396. 

  3396. 		kmf_set_attr_at_index(attrlist, numattr,
    3397. 

  3397. 		    KMF_TOKEN_LABEL_ATTR, slotlabel,
    3398. 

  3398. 		    strlen(slotlabel));
    3399. 

  3399. 		numattr++;
    3400. 

  3400. 

  3401. 		trustflag = strdup(NSS_TRUST_FLAG);
    3402. 

  3402. 		if (trustflag == NULL) {
    3403. 

  3403. 			ret = -1;
    3404. 

  3404. 			goto out;
    3405. 

  3405. 		}
    3406. 

  3406. 		kmf_set_attr_at_index(attrlist, numattr,
    3407. 

  3407. 		    KMF_TRUSTFLAG_ATTR, trustflag,
    3408. 

  3408. 		    strlen(trustflag));
    3409. 

  3409. 		numattr++;
    3410. 

  3410. 

  3411. 		if (certLabel != NULL) {
    3412. 

  3412. 			kmf_set_attr_at_index(attrlist, numattr,
    3413. 

  3413. 			    KMF_CERT_LABEL_ATTR, certLabel,
    3414. 

  3414. 			    strlen(certLabel));
    3415. 

  3415. 			numattr++;
    3416. 

  3416. 		}
    3417. 

  3417. 	} else { /* OpenSSL or PK11TOKEN */
    3418. 

  3418. 		if (dirpath != NULL) {
    3419. 

  3419. 			kmf_set_attr_at_index(attrlist, numattr,
    3420. 

  3420. 			    KMF_DIRPATH_ATTR, dirpath,
    3421. 

  3421. 			    strlen(dirpath));
    3422. 

  3422. 			numattr++;
    3423. 

  3423. 		}
    3424. 

  3424. 		if (crlfile != NULL) {
    3425. 

  3425. 			kmf_set_attr_at_index(attrlist, numattr,
    3426. 

  3426. 			    KMF_CRL_FILENAME_ATTR, crlfile,
    3427. 

  3427. 			    strlen(crlfile));
    3428. 

  3428. 			numattr++;
    3429. 

  3429. 		}
    3430. 

  3430. 		if (certfile) {
    3431. 

  3431. 			kmf_set_attr_at_index(attrlist, numattr,
    3432. 

  3432. 			    KMF_CERT_FILENAME_ATTR, certfile,
    3433. 

  3433. 			    strlen(certfile));
    3434. 

  3434. 			numattr++;
    3435. 

  3435. 		}
    3436. 

  3436. 		kmf_set_attr_at_index(attrlist, numattr,
    3437. 

  3437. 		    KMF_ENCODE_FORMAT_ATTR, format,
    3438. 

  3438. 		    sizeof (KMF_ENCODE_FORMAT));
    3439. 

  3439. 		numattr++;
    3440. 

  3440. 	}
    3441. 

  3441. 

  3442. out:
    3443. 

  3443. 	if (ret) {
    3444. 

  3444. 		(void) jnl_printf("set_findcertincrl_params failed\n");
    3445. 

  3445. 		(void) jnl_printf("%s\n", result_tbl[STF_UNRESOLVED]);
    3446. 

  3446. 		free_findcertincrl_params(attrlist, NULL);
    3447. 

  3447. 		return (-1);
    3448. 

  3448. 	}
    3449. 

  3449. 

  3450. 	return (numattr);
    3451. 

  3451. }
    3452. 

  3452. 

  3453. /*
    3454. 

  3454.  * Name: free_findcertincrl_params
    3455. 

  3455.  *
    3456. 

  3456.  * Description:
    3457. 

  3457.  *      Free heap memory used by attributes in kmf_find_cert_in_crl
    3458. 

  3458.  *
    3459. 

  3459.  * Parameter:
    3460. 

  3460.  *      attrlist - list of attributes
    3461. 

  3461.  *	numattr - number of attributes
    3462. 

  3462.  *
    3463. 

  3463.  */
    3464. 

  3464. void
    3465. 

  3465. free_findcertincrl_params(KMF_ATTRIBUTE *attrlist, int numattr)
    3466. 

  3466. {
    3467. 

  3467. 	char *p;
    3468. 

  3468. 

  3469. 	p = kmf_get_attr_ptr(KMF_TOKEN_LABEL_ATTR,
    3470. 

  3470. 	    attrlist, numattr);
    3471. 

  3471. 	if (p)
    3472. 

  3472. 		free(p);
    3473. 

  3473. 

  3474. 	p = kmf_get_attr_ptr(KMF_TRUSTFLAG_ATTR,
    3475. 

  3475. 	    attrlist, numattr);
    3476. 

  3476. 	if (p)
    3477. 

  3477. 		free(p);
    3478. 

  3478. }
    3479. 

  3479. 

  3480. int
    3481. 

  3481. set_ocsprequest_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    3482. 

  3482. 	KMF_DATA *issuer_cert, KMF_DATA *user_cert, char *reqfile)
    3483. 

  3483. {
    3484. 

  3484. 	int i = 0;
    3485. 

  3485. 	int ret = 0;
    3486. 

  3486. 

  3487. 	if (NULL != reqfile) {
    3488. 

  3488. 		kmf_set_attr_at_index(attlist, i,
    3489. 

  3489. 		    KMF_OCSP_REQUEST_FILENAME_ATTR, reqfile, strlen(reqfile));
    3490. 

  3490. 		i++;
    3491. 

  3491. 	}
    3492. 

  3492. 

  3493. 	if (NULL != user_cert) {
    3494. 

  3494. 		kmf_set_attr_at_index(attlist, i,
    3495. 

  3495. 		    KMF_USER_CERT_DATA_ATTR, user_cert, sizeof (KMF_DATA));
    3496. 

  3496. 		i++;
    3497. 

  3497. 	}
    3498. 

  3498. 

  3499. 	if (NULL != issuer_cert) {
    3500. 

  3500. 		kmf_set_attr_at_index(attlist, i,
    3501. 

  3501. 		    KMF_ISSUER_CERT_DATA_ATTR, issuer_cert,
    3502. 

  3502. 		    sizeof (KMF_DATA));
    3503. 

  3503. 		i++;
    3504. 

  3504. 	}
    3505. 

  3505. 

  3506. 	*attnum = i;
    3507. 

  3507. 

  3508. 	return (ret);
    3509. 

  3509. }
    3510. 

  3510. 

  3511. int
    3512. 

  3512. set_get_ocsp_status_for_cert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    3513. 

  3513.     KMF_OCSPRESPONSE_PARAMS_INPUT *params_in,
    3514. 

  3514.     KMF_OCSPRESPONSE_PARAMS_OUTPUT *params_out)
    3515. 

  3515. {
    3516. 

  3516. 	int i = 0;
    3517. 

  3517. 	int ret = 0;
    3518. 

  3518. 

  3519. 	if (params_in) {
    3520. 

  3520. 

  3521. 	kmf_set_attr_at_index(attlist, i,
    3522. 

  3522. 	    KMF_ISSUER_CERT_DATA_ATTR, params_in->issuer_cert,
    3523. 

  3523. 	    sizeof (KMF_DATA));
    3524. 

  3524. 	i++;
    3525. 

  3525. 

  3526. 	kmf_set_attr_at_index(attlist, i,
    3527. 

  3527. 	    KMF_USER_CERT_DATA_ATTR, params_in->user_cert,
    3528. 

  3528. 	    sizeof (KMF_DATA));
    3529. 

  3529. 	i++;
    3530. 

  3530. 

  3531. 	kmf_set_attr_at_index(attlist, i,
    3532. 

  3532. 	    KMF_OCSP_RESPONSE_DATA_ATTR, params_in->response,
    3533. 

  3533. 	    sizeof (KMF_DATA));
    3534. 

  3534. 	i++;
    3535. 

  3535. 

  3536. 	kmf_set_attr_at_index(attlist, i,
    3537. 

  3537. 	    KMF_SIGNER_CERT_DATA_ATTR, params_in->signer_cert,
    3538. 

  3538. 	    sizeof (KMF_DATA));
    3539. 

  3539. 	i++;
    3540. 

  3540. 

  3541. 	kmf_set_attr_at_index(attlist, i,
    3542. 

  3542. 	    KMF_IGNORE_RESPONSE_SIGN_ATTR, &params_in->ignore_response_sign,
    3543. 

  3543. 	    sizeof (boolean_t));
    3544. 

  3544. 	i++;
    3545. 

  3545. 

  3546. 	kmf_set_attr_at_index(attlist, i,
    3547. 

  3547. 	    KMF_RESPONSE_LIFETIME_ATTR, &params_in->response_lifetime,
    3548. 

  3548. 	    sizeof (uint32_t));
    3549. 

  3549. 	i++;
    3550. 

  3550. 

  3551. 	}
    3552. 

  3552. 

  3553. 	if (params_out) {
    3554. 

  3554. 

  3555. 	kmf_set_attr_at_index(attlist, i,
    3556. 

  3556. 	    KMF_OCSP_RESPONSE_STATUS_ATTR, &params_out->response_status,
    3557. 

  3557. 	    sizeof (int));
    3558. 

  3558. 	i++;
    3559. 

  3559. 

  3560. 	kmf_set_attr_at_index(attlist, i,
    3561. 

  3561. 	    KMF_OCSP_RESPONSE_REASON_ATTR, &params_out->reason,
    3562. 

  3562. 	    sizeof (int));
    3563. 

  3563. 	i++;
    3564. 

  3564. 

  3565. 	kmf_set_attr_at_index(attlist, i,
    3566. 

  3566. 	    KMF_OCSP_RESPONSE_CERT_STATUS_ATTR, &params_out->cert_status,
    3567. 

  3567. 	    sizeof (int));
    3568. 

  3568. 	i++;
    3569. 

  3569. 

  3570. 	}
    3571. 

  3571. 

  3572. 	*attnum = i;
    3573. 

  3573. 	return (ret);
    3574. 

  3574. }
    3575. 

  3575. 

  3576. int
    3577. 

  3577. set_encrypt_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    3578. 

  3578. 	KMF_DATA *cert, KMF_DATA *plaintext, KMF_DATA *ciphertext)
    3579. 

  3579. {
    3580. 

  3580. 	int i = 0;
    3581. 

  3581. 	int ret = 0;
    3582. 

  3582. 

  3583. 	if (cert) {
    3584. 

  3584. 		kmf_set_attr_at_index(attlist, i, KMF_CERT_DATA_ATTR,
    3585. 

  3585. 		    cert, sizeof (KMF_DATA));
    3586. 

  3586. 		i++;
    3587. 

  3587. 	}
    3588. 

  3588. 

  3589. 	if (plaintext) {
    3590. 

  3590. 		kmf_set_attr_at_index(attlist, i,
    3591. 

  3591. 		    KMF_PLAINTEXT_DATA_ATTR, plaintext,
    3592. 

  3592. 		    sizeof (KMF_DATA));
    3593. 

  3593. 		i++;
    3594. 

  3594. 	}
    3595. 

  3595. 

  3596. 	if (ciphertext) {
    3597. 

  3597. 		kmf_set_attr_at_index(attlist, i,
    3598. 

  3598. 		    KMF_CIPHERTEXT_DATA_ATTR, ciphertext,
    3599. 

  3599. 		    sizeof (KMF_DATA));
    3600. 

  3600. 		i++;
    3601. 

  3601. 	}
    3602. 

  3602. 

  3603. 	*attnum = i;
    3604. 

  3604. 

  3605. 	return (ret);
    3606. 

  3606. }
    3607. 

  3607. 

  3608. int
    3609. 

  3609. set_verify_data_attrs(KMF_ATTRIBUTE *attrlist, int *attnum,
    3610. 

  3610. 	KMF_ALGORITHM_INDEX *algid, KMF_DATA *indata, KMF_DATA *insig,
    3611. 

  3611. 	KMF_KEYSTORE_TYPE *kstype, const KMF_DATA *SignerCert,
    3612. 

  3612. 	KMF_KEY_HANDLE *KMFKey)
    3613. 

  3613. {
    3614. 

  3614. 	int numattr = 0;
    3615. 

  3615. 	int ret = 0;
    3616. 

  3616. 

  3617. 	if (algid) {
    3618. 

  3618. 		kmf_set_attr_at_index(attrlist, numattr,
    3619. 

  3619. 		    KMF_ALGORITHM_INDEX_ATTR,
    3620. 

  3620. 		    algid, sizeof (KMF_ALGORITHM_INDEX));
    3621. 

  3621. 		numattr++;
    3622. 

  3622. 	}
    3623. 

  3623. 

  3624. 	if (indata) {
    3625. 

  3625. 		kmf_set_attr_at_index(attrlist, numattr,
    3626. 

  3626. 		    KMF_DATA_ATTR,
    3627. 

  3627. 		    indata, sizeof (KMF_DATA));
    3628. 

  3628. 		numattr++;
    3629. 

  3629. 	}
    3630. 

  3630. 

  3631. 	if (insig) {
    3632. 

  3632. 		kmf_set_attr_at_index(attrlist, numattr,
    3633. 

  3633. 		    KMF_IN_SIGN_ATTR,
    3634. 

  3634. 		    insig, sizeof (KMF_DATA));
    3635. 

  3635. 		numattr++;
    3636. 

  3636. 	}
    3637. 

  3637. 

  3638. 	if (kstype) {
    3639. 

  3639. 		kmf_set_attr_at_index(attrlist, numattr,
    3640. 

  3640. 		    KMF_KEYSTORE_TYPE_ATTR,
    3641. 

  3641. 		    kstype,  sizeof (KMF_KEYSTORE_TYPE));
    3642. 

  3642. 		numattr++;
    3643. 

  3643. 	}
    3644. 

  3644. 

  3645. 	if (SignerCert) {
    3646. 

  3646. 		kmf_set_attr_at_index(attrlist, numattr,
    3647. 

  3647. 		    KMF_SIGNER_CERT_DATA_ATTR,
    3648. 

  3648. 		    (KMF_DATA *)SignerCert, sizeof (KMF_DATA));
    3649. 

  3649. 		numattr++;
    3650. 

  3650. 	}
    3651. 

  3651. 

  3652. 	if (KMFKey) {
    3653. 

  3653. 		kmf_set_attr_at_index(attrlist, numattr,
    3654. 

  3654. 		    KMF_KEYSTORE_TYPE_ATTR, &KMFKey->kstype,
    3655. 

  3655. 		    sizeof (KMF_KEYSTORE_TYPE));
    3656. 

  3656. 		numattr++;
    3657. 

  3657. 

  3658. 		kmf_set_attr_at_index(attrlist, numattr,
    3659. 

  3659. 		    KMF_KEY_HANDLE_ATTR, KMFKey, sizeof (KMF_KEY_HANDLE));
    3660. 

  3660. 		numattr++;
    3661. 

  3661. 	}
    3662. 

  3662. 

  3663. 	*attnum = numattr;
    3664. 

  3664. 

  3665. 	return (ret);
    3666. 

  3666. }
    3667. 

  3667. 

  3668. int
    3669. 

  3669. set_sign_data_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    3670. 

  3670. 	KMF_DATA *tobesigned, KMF_DATA *output,
    3671. 

  3671. 	KMF_KEY_HANDLE *key, KMF_OID *AlgOID,
    3672. 

  3672. 	KMF_CRYPTOWITHCERT_PARAMS *params, KMF_DATA *SignerCertData)
    3673. 

  3673. {
    3674. 

  3674. 	int i = 0;
    3675. 

  3675. 	int ret = 0;
    3676. 

  3676. 

  3677. 	if (NULL != key) {
    3678. 

  3678. 		kmf_set_attr_at_index(attlist, i,
    3679. 

  3679. 		    KMF_KEYSTORE_TYPE_ATTR, &key->kstype,
    3680. 

  3680. 		    sizeof (key->kstype));
    3681. 

  3681. 		i++;
    3682. 

  3682. 

  3683. 		kmf_set_attr_at_index(attlist, i,
    3684. 

  3684. 		    KMF_KEY_HANDLE_ATTR, key, sizeof (KMF_KEY_HANDLE));
    3685. 

  3685. 		i++;
    3686. 

  3686. 	}
    3687. 

  3687. 

  3688. 	if (NULL != AlgOID) {
    3689. 

  3689. 		kmf_set_attr_at_index(attlist, i,
    3690. 

  3690. 		    KMF_OID_ATTR, AlgOID, sizeof (KMF_OID));
    3691. 

  3691. 		i++;
    3692. 

  3692. 	}
    3693. 

  3693. 

  3694. 	if (NULL != tobesigned) {
    3695. 

  3695. 		kmf_set_attr_at_index(attlist, i,
    3696. 

  3696. 		    KMF_DATA_ATTR, tobesigned, sizeof (KMF_DATA));
    3697. 

  3697. 		i++;
    3698. 

  3698. 	}
    3699. 

  3699. 

  3700. 	if (NULL != output) {
    3701. 

  3701. 		kmf_set_attr_at_index(attlist, i,
    3702. 

  3702. 		    KMF_OUT_DATA_ATTR, output, sizeof (KMF_DATA));
    3703. 

  3703. 		i++;
    3704. 

  3704. 	}
    3705. 

  3705. 

  3706. 	if (NULL != SignerCertData) {
    3707. 

  3707. 		kmf_set_attr_at_index(attlist, i,
    3708. 

  3708. 		    KMF_SIGNER_CERT_DATA_ATTR, SignerCertData,
    3709. 

  3709. 		    sizeof (KMF_DATA));
    3710. 

  3710. 		i++;
    3711. 

  3711. 	}
    3712. 

  3712. 

  3713. 	if (NULL == params) {
    3714. 

  3714. 		*attnum = i;
    3715. 

  3715. 		return (ret);
    3716. 

  3716. 	}
    3717. 

  3717. 

  3718. 	kmf_set_attr_at_index(attlist, i,
    3719. 

  3719. 	    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    3720. 

  3720. 	    sizeof (params->kstype));
    3721. 

  3721. 	i++;
    3722. 

  3722. 

  3723. 	if (params->cred.credlen > 0) {
    3724. 

  3724. 		kmf_set_attr_at_index(attlist, i,
    3725. 

  3725. 		    KMF_CREDENTIAL_ATTR, &params->cred,
    3726. 

  3726. 		    sizeof (KMF_CREDENTIAL));
    3727. 

  3727. 		i++;
    3728. 

  3728. 	}
    3729. 

  3729. 

  3730. 	if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    3731. 

  3731. 		if (params->sslparms.keyfile == NULL)
    3732. 

  3732. 			return (KMF_ERR_BAD_PARAMETER);
    3733. 

  3733. 		else {
    3734. 

  3734. 			kmf_set_attr_at_index(attlist, i,
    3735. 

  3735. 			    KMF_KEY_FILENAME_ATTR,
    3736. 

  3736. 			    params->sslparms.keyfile,
    3737. 

  3737. 			    strlen(params->sslparms.keyfile));
    3738. 

  3738. 			i++;
    3739. 

  3739. 		}
    3740. 

  3740. 

  3741. 		if (params->sslparms.dirpath != NULL) {
    3742. 

  3742. 			kmf_set_attr_at_index(attlist, i,
    3743. 

  3743. 			    KMF_DIRPATH_ATTR, params->sslparms.dirpath,
    3744. 

  3744. 			    strlen(params->sslparms.dirpath));
    3745. 

  3745. 			i++;
    3746. 

  3746. 		}
    3747. 

  3747. 	}
    3748. 

  3748. 

  3749. 	if (params->algid != KMF_ALGID_NONE) {
    3750. 

  3750. 		kmf_set_attr_at_index(attlist, i,
    3751. 

  3751. 		    KMF_ALGORITHM_INDEX_ATTR,
    3752. 

  3752. 		    &params->algid, sizeof (KMF_ALGORITHM_INDEX));
    3753. 

  3753. 		i++;
    3754. 

  3754. 	}
    3755. 

  3755. 

  3756. 	*attnum = i;
    3757. 

  3757. 	return (ret);
    3758. 

  3758. }
    3759. 

  3759. 

  3760. int
    3761. 

  3761. set_SignCertWithCert_attrs(KMF_ATTRIBUTE *attlist, int *attnum,
    3762. 

  3762. 	KMF_CRYPTOWITHCERT_PARAMS *params,
    3763. 

  3763. 	const KMF_X509_CERTIFICATE *CertToBeSigned, KMF_DATA *SignerCert,
    3764. 

  3764. 	KMF_DATA *SignedCert)
    3765. 

  3765. {
    3766. 

  3766. 	int i = 0;
    3767. 

  3767. 	int ret = 0;
    3768. 

  3768. 

  3769. 	if (NULL != CertToBeSigned) {
    3770. 

  3770. 		kmf_set_attr_at_index(attlist, i, KMF_X509_CERTIFICATE_ATTR,
    3771. 

  3771. 		    (void *)CertToBeSigned, sizeof (KMF_X509_CERTIFICATE_ATTR));
    3772. 

  3772. 		i++;
    3773. 

  3773. 	}
    3774. 

  3774. 

  3775. 	if (NULL != SignedCert) {
    3776. 

  3776. 		kmf_set_attr_at_index(attlist, i, KMF_CERT_DATA_ATTR,
    3777. 

  3777. 		    (void *)SignedCert, sizeof (KMF_DATA));
    3778. 

  3778. 		i++;
    3779. 

  3779. 	}
    3780. 

  3780. 

  3781. 	if (NULL != SignerCert) {
    3782. 

  3782. 		kmf_set_attr_at_index(attlist, i,
    3783. 

  3783. 		    KMF_SIGNER_CERT_DATA_ATTR, SignerCert,
    3784. 

  3784. 		    sizeof (KMF_DATA));
    3785. 

  3785. 		i++;
    3786. 

  3786. 	}
    3787. 

  3787. 

  3788. 	if (NULL == params) {
    3789. 

  3789. 		*attnum = i;
    3790. 

  3790. 		return (ret);
    3791. 

  3791. 	}
    3792. 

  3792. 

  3793. 	kmf_set_attr_at_index(attlist, i,
    3794. 

  3794. 	    KMF_KEYSTORE_TYPE_ATTR, &params->kstype,
    3795. 

  3795. 	    sizeof (params->kstype));
    3796. 

  3796. 	i++;
    3797. 

  3797. 

  3798. 	if (params->cred.credlen > 0) {
    3799. 

  3799. 		kmf_set_attr_at_index(attlist, i,
    3800. 

  3800. 		    KMF_CREDENTIAL_ATTR, &params->cred,
    3801. 

  3801. 		    sizeof (KMF_CREDENTIAL));
    3802. 

  3802. 		i++;
    3803. 

  3803. 	}
    3804. 

  3804. 

  3805. 	if (params->kstype == KMF_KEYSTORE_OPENSSL) {
    3806. 

  3806. 		if (params->sslparms.keyfile != NULL) {
    3807. 

  3807. 			kmf_set_attr_at_index(attlist, i,
    3808. 

  3808. 			    KMF_KEY_FILENAME_ATTR, params->sslparms.keyfile,
    3809. 

  3809. 			    strlen(params->sslparms.keyfile));
    3810. 

  3810. 			i++;
    3811. 

  3811. 		}
    3812. 

  3812. 

  3813. 		if (params->sslparms.dirpath != NULL) {
    3814. 

  3814. 			kmf_set_attr_at_index(attlist, i,
    3815. 

  3815. 			    KMF_DIRPATH_ATTR, params->sslparms.dirpath,
    3816. 

  3816. 			    strlen(params->sslparms.dirpath));
    3817. 

  3817. 			i++;
    3818. 

  3818. 		}
    3819. 

  3819. 	} else if (params->kstype == KMF_KEYSTORE_NSS) {
    3820. 

  3820. 		if (params->nssparms.slotlabel != NULL) {
    3821. 

  3821. 			kmf_set_attr_at_index(attlist, i,
    3822. 

  3822. 			    KMF_TOKEN_LABEL_ATTR,
    3823. 

  3823. 			    params->nssparms.slotlabel,
    3824. 

  3824. 			    strlen(params->nssparms.slotlabel));
    3825. 

  3825. 			i++;
    3826. 

  3826. 		}
    3827. 

  3827. 	}
    3828. 

  3828. 

  3829. 

  3830. 	*attnum = i;
    3831. 

  3831. 

  3832. 	return (ret);
    3833. 

  3833. }
    3834. 

  3834. 

  3835. int
    3836. 

  3836. set_SignCertRecord_attrs(KMF_ATTRIBUTE *attrs, int *attnum,
    3837. 

  3837. 	KMF_KEY_HANDLE *key, KMF_X509_CERTIFICATE *certrec,
    3838. 

  3838. 	KMF_DATA *signedcert)
    3839. 

  3839. {
    3840. 

  3840. 	int i = 0;
    3841. 

  3841. 	int ret = 0;
    3842. 

  3842. 

  3843. 	if (key) {
    3844. 

  3844. 		kmf_set_attr_at_index(attrs, i, KMF_KEYSTORE_TYPE_ATTR,
    3845. 

  3845. 		    &key->kstype, sizeof (KMF_KEYSTORE_TYPE));
    3846. 

  3846. 		i++;
    3847. 

  3847. 		kmf_set_attr_at_index(attrs, i, KMF_KEY_HANDLE_ATTR,
    3848. 

  3848. 		    key, sizeof (KMF_KEY_HANDLE));
    3849. 

  3849. 		i++;
    3850. 

  3850. 	}
    3851. 

  3851. 

  3852. 	if (certrec) {
    3853. 

  3853. 		kmf_set_attr_at_index(attrs, i, KMF_X509_CERTIFICATE_ATTR,
    3854. 

  3854. 		    certrec, sizeof (KMF_X509_CERTIFICATE));
    3855. 

  3855. 		i++;
    3856. 

  3856. 	}
    3857. 

  3857. 	if (signedcert) {
    3858. 

  3858. 		kmf_set_attr_at_index(attrs, i, KMF_CERT_DATA_ATTR,
    3859. 

  3859. 		    signedcert, sizeof (KMF_DATA));
    3860. 

  3860. 		i++;
    3861. 

  3861. 	}
    3862. 

  3862. 

  3863. 	*attnum = i;
    3864. 

  3864. 

  3865. 	return (ret);
    3866. 

  3866. }
    3867. 

  3867. 

  3868. int
    3869. 

  3869. set_SignCertWithKey_attrs(KMF_ATTRIBUTE *attrs, int *attnum,
    3870. 

  3870. 	KMF_X509_CERTIFICATE *unsigned_cert, KMF_KEY_HANDLE *key,
    3871. 

  3871. 	KMF_DATA *signed_cert)
    3872. 

  3872. {
    3873. 

  3873. 	int ret = 0;
    3874. 

  3874. 	int i = 0;
    3875. 

  3875. 

  3876. 	if (key) {
    3877. 

  3877. 		kmf_set_attr_at_index(attrs, i, KMF_KEYSTORE_TYPE_ATTR,
    3878. 

  3878. 		    &key->kstype, sizeof (KMF_KEYSTORE_TYPE));
    3879. 

  3879. 		i++;
    3880. 

  3880. 		kmf_set_attr_at_index(attrs, i, KMF_KEY_HANDLE_ATTR,
    3881. 

  3881. 		    key, sizeof (KMF_KEY_HANDLE));
    3882. 

  3882. 		i++;
    3883. 

  3883. 	}
    3884. 

  3884. 

  3885. 	if (unsigned_cert) {
    3886. 

  3886. 		kmf_set_attr_at_index(attrs, i, KMF_X509_CERTIFICATE_ATTR,
    3887. 

  3887. 		    unsigned_cert, sizeof (KMF_X509_CERTIFICATE_ATTR));
    3888. 

  3888. 		i++;
    3889. 

  3889. 	}
    3890. 

  3890. 

  3891. 	if (signed_cert) {
    3892. 

  3892. 		kmf_set_attr_at_index(attrs, i, KMF_CERT_DATA_ATTR,
    3893. 

  3893. 		    signed_cert, sizeof (KMF_DATA));
    3894. 

  3894. 		i++;
    3895. 

  3895. 	}
    3896. 

  3896. 

  3897. 	return (i);
    3898. 

  3898. }
    3899. 

  3899. 

  3900. int
    3901. 

  3901. add_attr(KMF_ATTR *list_in, int len, KMF_ATTRIBUTE *list_out)
    3902. 

  3902. {
    3903. 

  3903. 	int i, idx;
    3904. 

  3904. 

  3905. 	idx = 0;
    3906. 

  3906. 	for (i = 0; i < len; i++) {
    3907. 

  3907. 	if (list_in[idx].pValue) {
    3908. 

  3908. 			kmf_set_attr_at_index(list_out, idx,
    3909. 

  3909. 			    list_in[idx].type, list_in[idx].pValue,
    3910. 

  3910. 			    list_in[idx].valueLen);
    3911. 

  3911. 			idx++;
    3912. 

  3912. 		}
    3913. 

  3913. 	}
    3914. 

  3914. 

  3915. 	return (idx);
    3916. 

  3916. }
    3917. 

  3917.