download.c revision 99ebb4ca412cb0a19d77a3899a87c055b9c30fa8
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER START
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * or http://www.opensolaris.org/os/licensing.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * See the License for the specific language governing permissions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and limitations under the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * When distributing Covered Code, include this CDDL HEADER in each
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If applicable, add the following below this CDDL HEADER, with the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * fields enclosed by brackets "[]" replaced with your own identifying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * information: Portions Copyright [yyyy] [name of copyright owner]
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER END
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Use is subject to license terms.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#pragma ident "%Z%%M% %I% %E% SMI"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <stdio.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <stdlib.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <string.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ctype.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <malloc.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <libgen.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <fcntl.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <errno.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <cryptoutil.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include "common.h"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapi.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysint
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_download(int argc, char *argv[])
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int opt;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys extern int optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys extern char *optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int oclass = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *url = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *http_proxy = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *dir = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *outfile = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *proxy = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int proxy_port = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE_T kmfhandle = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ENCODE_FORMAT format;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN ch_rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *fullpath = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA cert = {NULL, 0};
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_DATA cert_der = {NULL, 0};
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while ((opt = getopt_av(argc, argv,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "t:(objtype)u:(url)h:(http_proxy)o:(outfile)d:(dir)")) != EOF) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (EMPTYSTRING(optarg_av))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys switch (opt) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 't':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys oclass = OT2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (!(oclass & (PK_CERT_OBJ | PK_CRL_OBJ)))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'u':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (url)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys url = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'h':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (http_proxy)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys http_proxy = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'o':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (outfile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys outfile = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'd':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (dir)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys dir = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext(
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "unrecognized download option '%s'\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys argv[optind_av]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* No additional args allowed. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys argc -= optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys argv += optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (argc) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Check the dir and outfile options */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (outfile == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* If outfile is not specified, use the basename of URI */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys outfile = basename(url);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys fullpath = get_fullpath(dir, outfile);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (fullpath == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("Incorrect dir or outfile "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "option value \n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Check if the file exists and might be overwritten. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (access(fullpath, F_OK) == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Warning: file \"%s\" exists, "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "will be overwritten."), fullpath);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (yesno(gettext("Continue with download? "),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Respond with yes or no.\n"), B_FALSE) == B_FALSE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = verify_file(fullpath);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("The file (%s) "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "cannot be created.\n"), fullpath);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* URI MUST be specified */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (url == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("A URL must be specified\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Get the http proxy from the command "http_proxy" option or the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * environment variable. The command option has a higher priority.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (http_proxy == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys http_proxy = getenv("http_proxy");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (http_proxy != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *ptmp = http_proxy;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *proxy_port_s;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (strncasecmp(ptmp, "http://", 7) == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ptmp += 7; /* skip the scheme prefix */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys proxy = strtok(ptmp, ":");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys proxy_port_s = strtok(NULL, "\0");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (proxy_port_s != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys proxy_port = strtol(proxy_port_s, NULL, 0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys proxy_port = 8080;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* If objtype is not specified, default to CRL */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys oclass = PK_CRL_OBJ;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((rv = KMF_Initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("Error initializing KMF\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Now we are ready to download */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_CRL_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_DownloadCRL(kmfhandle, url, proxy, proxy_port, 30,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys fullpath, &format);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (oclass & PK_CERT_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_DownloadCert(kmfhandle, url, proxy, proxy_port, 30,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys fullpath, &format);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys switch (rv) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_ERR_BAD_URI:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Error in parsing URI\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_ERR_OPEN_FILE:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Error in opening file\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_ERR_WRITE_FILE:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Error in writing file\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_ERR_BAD_CRLFILE:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("Not a CRL file\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_ERR_BAD_CERTFILE:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Not a certificate file\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_ERR_MEMORY:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Not enough memory\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_SYSTEM;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Error in downloading the file.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_SYSTEM;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If the file is successfully downloaded, we also check the date.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If the downloaded file is outdated, give a warning.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_CRL_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CHECKCRLDATE_PARAMS params;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys params.crl_name = fullpath;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ch_rv = KMF_CheckCRLDate(kmfhandle, &params);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else { /* certificate */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ch_rv = KMF_ReadInputFile(kmfhandle, fullpath, &cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ch_rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (format == KMF_FORMAT_PEM) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ch_rv = KMF_Pem2Der(cert.Data, cert.Length,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys &cert_der.Data, &len);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ch_rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cert_der.Length = (size_t)len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ch_rv = KMF_CheckCertDate(kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys format == KMF_FORMAT_ASN1 ? &cert : &cert_der);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (ch_rv == KMF_ERR_VALIDITY_PERIOD) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Warning: the downloaded file is expired.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (ch_rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("Warning: failed to check the validity.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (fullpath)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(fullpath);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_FreeData(&cert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_FreeData(&cert_der);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) KMF_Finalize(kmfhandle);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}