delete.c revision 30a5e8fa1253cb33980ee4514743cf683f584b4e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file implements the token object delete operation for this tool.
* It loads the PKCS#11 modules, finds the object to delete, deletes it,
* and cleans up. User must be R/W logged into the token.
*/
#include <stdio.h>
#include <string.h>
#include <cryptoutil.h>
#include <security/cryptoki.h>
#include "common.h"
#include <kmfapi.h>
static KMF_RETURN
{
int i;
int del_num = 0;
return (rv);
del_num++;
/* "destroy" is optional. Default is TRUE */
del_num++;
switch (kstype) {
case KMF_KEYSTORE_NSS:
sizeof (KMF_CREDENTIAL));
del_num++;
}
}
numattr);
del_num++;
}
break;
case KMF_KEYSTORE_OPENSSL:
break;
case KMF_KEYSTORE_PK11TOKEN:
sizeof (KMF_CREDENTIAL));
del_num++;
}
}
break;
default:
return (PK_ERR_USAGE);
}
return (PK_ERR_USAGE);
return (PK_ERR_USAGE);
num++;
}
return (rv);
}
static KMF_RETURN
char *desc, int *keysdeleted)
{
*keysdeleted = 0;
numkeys = 0;
num++;
char prompt[1024];
gettext("%d %s key(s) found, do you want "
"to delete them (y/N) ?"), numkeys,
gettext("Respond with yes or no.\n"),
B_FALSE)) {
return (KMF_OK);
}
sizeof (KMF_KEY_HANDLE));
return (KMF_ERR_MEMORY);
sizeof (KMF_KEY_HANDLE));
num++;
}
}
if (rv == KMF_ERR_KEY_NOT_FOUND) {
}
*keysdeleted = numkeys;
return (rv);
}
static KMF_RETURN
{
num++;
char prompt[1024];
gettext("%d certificate(s) found, do you want "
"to delete them (y/N) ?"), numcerts);
gettext("Respond with yes or no.\n"),
B_FALSE)) {
return (KMF_OK);
}
/*
* Use numattr because delete cert does not require
* KMF_COUNT_ATTR attribute.
*/
} else if (rv == KMF_ERR_CERT_NOT_FOUND) {
}
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
return (rv);
numattr++;
numattr++;
}
tokencred, sizeof (KMF_CREDENTIAL));
numattr++;
}
numattr++;
}
if (oclass & PK_PRIKEY_OBJ) {
num++;
keytype = "private";
}
num++;
keytype = "symmetric";
}
num++;
keytype = "public";
}
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
return (rv);
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
sizeof (KMF_BIGINT));
numattr++;
}
sizeof (KMF_CERT_VALIDITY));
numattr++;
numattr++;
}
return (rv);
}
static KMF_RETURN
delete_nss_crl(void *kmfhandle,
{
int numattr = 0;
return (rv);
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
KMF_KEY_ALG keytype = 0;
/*
* created with the "CKA_PRIVATE" field == TRUE, so
* make sure we search for them with it also set.
*/
oclass |= PK_PRIVATE_OBJ;
return (rv);
}
numattr++;
numattr++;
}
tokencred, sizeof (KMF_CREDENTIAL));
numattr++;
}
numattr++;
numattr++;
&token_bool, sizeof (token_bool));
numattr++;
if (oclass & PK_PRIKEY_OBJ) {
num++;
}
num++;
}
num++;
}
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
return (kmfrv);
}
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
serno, sizeof (KMF_BIGINT));
numattr++;
}
&find_criteria_flag, sizeof (KMF_CERT_VALIDITY));
numattr++;
return (kmfrv);
}
static KMF_RETURN
{
int numattr = 0;
numattr++;
numattr++;
}
numattr++;
}
serial, sizeof (KMF_BIGINT));
numattr++;
}
numattr++;
}
numattr++;
}
&find_criteria_flag, sizeof (KMF_CERT_VALIDITY));
numattr++;
return (rv);
}
static KMF_RETURN
{
char *keytype = "";
int numattr = 0;
numattr++;
numattr++;
}
numattr++;
}
num++;
keytype = "Asymmetric";
}
num++;
keytype = "symmetric";
}
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
numattr++;
if (dir) {
numattr++;
}
if (filename) {
numattr++;
}
return (rv);
}
/*
* Delete token objects.
*/
int
{
int opt;
extern int optind_av;
extern char *optarg_av;
char *token_spec = NULL;
char *object_label = NULL;
int oclass = 0;
KMF_KEYSTORE_TYPE kstype = 0;
int rv = 0;
char *find_criteria = NULL;
"T:(token)y:(objtype)l:(label)"
"k:(keystore)s:(subject)n:(nickname)"
"d:(dir)p:(prefix)S:(serial)i:(issuer)"
"c:(criteria)"
"f:(infile)")) != EOF) {
if (EMPTYSTRING(optarg_av))
return (PK_ERR_USAGE);
switch (opt) {
case 'T': /* token specifier */
if (token_spec)
return (PK_ERR_USAGE);
break;
case 'y': /* object type: public, private, both */
if (oclass)
return (PK_ERR_USAGE);
if (oclass == -1)
return (PK_ERR_USAGE);
break;
case 'l': /* objects with specific label */
case 'n':
if (object_label)
return (PK_ERR_USAGE);
object_label = (char *)optarg_av;
break;
case 'k':
if (kstype == 0)
return (PK_ERR_USAGE);
break;
case 's':
break;
case 'i':
break;
case 'd':
break;
case 'p':
break;
case 'S':
break;
case 'f':
break;
case 'c':
else
return (PK_ERR_USAGE);
break;
default:
return (PK_ERR_USAGE);
break;
}
}
/* Assume keystore = PKCS#11 if not specified */
if (kstype == 0)
/* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
kstype != KMF_KEYSTORE_PK11TOKEN) {
"is only relevant if keystore=pkcs11\n"));
return (PK_ERR_USAGE);
}
/* If no object class specified, delete everything but CRLs */
if (oclass == 0)
/* No additional args allowed. */
if (argc)
return (PK_ERR_USAGE);
/* Done parsing command line options. */
}
"must be specified as a hex number "
"(ex: 0x0102030405ffeeddee)\n"));
return (PK_ERR_USAGE);
}
}
if ((kstype == KMF_KEYSTORE_PK11TOKEN ||
kstype == KMF_KEYSTORE_NSS) &&
&tokencred);
}
return (kmfrv);
switch (kstype) {
case KMF_KEYSTORE_PK11TOKEN:
if (oclass & PK_KEY_OBJ) {
/*
* If deleting groups of objects, it is OK
* to ignore the "key not found" case so that
* we can continue to find other objects.
*/
if (kmfrv == KMF_ERR_KEY_NOT_FOUND &&
(oclass != PK_KEY_OBJ))
break;
}
/*
* If cert delete failed, but we are looking at
* other objects, then it is OK.
*/
if (kmfrv == KMF_ERR_CERT_NOT_FOUND &&
break;
}
if (oclass & PK_CRL_OBJ)
break;
case KMF_KEYSTORE_NSS:
if (oclass & PK_KEY_OBJ) {
oclass, (char *)object_label,
&tokencred);
break;
}
if (oclass & PK_CERT_OBJ) {
(char *)object_label,
break;
}
if (oclass & PK_CRL_OBJ)
(char *)object_label, subject);
break;
case KMF_KEYSTORE_OPENSSL:
if (oclass & PK_KEY_OBJ) {
break;
}
if (oclass & (PK_CERT_OBJ)) {
break;
}
if (oclass & PK_CRL_OBJ)
break;
default:
rv = PK_ERR_USAGE;
break;
}
gettext("Error deleting objects"));
}
(void) kmf_finalize(kmfhandle);
return (kmfrv);
}