cmd-crypto/pktool/export.c

7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER START
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The contents of this file are subject to the terms of the
9e860378843d64d584ff9a1833e3cadea8dd71e1dinak * Common Development and Distribution License (the "License").
9e860378843d64d584ff9a1833e3cadea8dd71e1dinak * You may not use this file except in compliance with the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * or http://www.opensolaris.org/os/licensing.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * See the License for the specific language governing permissions
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and limitations under the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * When distributing Covered Code, include this CDDL HEADER in each
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * If applicable, add the following below this CDDL HEADER, with the
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * fields enclosed by brackets "[]" replaced with your own identifying
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * information: Portions Copyright [yyyy] [name of copyright owner]
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER END
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
33f5ff17089e3a43e6e730bf80384c233123dbd9Milan Jurik * Copyright 2012 Milan Jurik. All rights reserved.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * This file implements the export operation for this tool.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The basic flow of the process is to find the soft token,
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * log into it, find the PKCS#11 objects in the soft token
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * to be exported matching keys with their certificates, export
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * them to the PKCS#12 file encrypting them with a file password
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * if desired, and log out.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <stdio.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <stdlib.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <string.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <errno.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <fcntl.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include "common.h"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapi.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_find_export_cert(KMF_HANDLE_T kmfhandle, KMF_ATTRIBUTE *attrlist,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr, KMF_X509_DER_CERT *cert)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    uint32_t numcerts = 0;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    numcerts = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(cert, 0, sizeof (KMF_X509_DER_CERT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &numcerts, sizeof (uint32_t));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = kmf_find_cert(kmfhandle, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (numcerts == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            gettext("No matching certificates found."));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_CERT_NOT_FOUND);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (numcerts == 1) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_X509_DER_CERT_ATTR, cert,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_X509_DER_CERT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = kmf_find_cert(kmfhandle, numattr, attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (numcerts > 1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            gettext("%d certificates found, refine the "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "search parameters to eliminate ambiguity\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numcerts);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_file_objects(KMF_HANDLE_T kmfhandle, int oclass,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *issuer, char *subject, KMF_BIGINT *serial,
448b8615fe9e8af757530284920a235430ead7e8wyllys    char *infile, char *filename)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_DER_CERT kmfcert;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attrlist[16];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* If searching for public objects or certificates, find certs now */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & (PK_CERT_OBJ | PK_PUBLIC_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_KEYSTORE_TYPE_ATTR, &kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_ISSUER_NAME_ATTR, issuer,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_SUBJECT_NAME_ATTR, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (serial != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_BIGINT_ATTR, serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (infile != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_CERT_FILENAME_ATTR, infile,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(infile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = pk_find_export_cert(kmfhandle, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &kmfcert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_CERT_DATA_ATTR, &kmfcert.certificate,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                sizeof (KMF_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_CERT_FILENAME_ATTR, filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            rv = kmf_store_cert(kmfhandle, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_free_kmf_cert(kmfhandle, &kmfcert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_pk12_nss(KMF_HANDLE_T kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *token_spec, char *dir, char *prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *certlabel, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BIGINT *serial, KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *filename)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_CREDENTIAL p12cred = { NULL, 0 };
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr = 0;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = configure_nss(kmfhandle, dir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (token_spec == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        token_spec = DEFAULT_NSS_TOKEN;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kstype = KMF_KEYSTORE_NSS;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (certlabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CERT_LABEL_ATTR, certlabel, strlen(certlabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_ISSUER_NAME_ATTR, issuer, strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_SUBJECT_NAME_ATTR, subject, strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (serial != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_BIGINT_ATTR, serial, sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (tokencred != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CREDENTIAL_ATTR, tokencred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_TOKEN_LABEL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        token_spec, strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    (void) get_pk12_password(&p12cred);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = kmf_export_pk12(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (p12cred.cred)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        free(p12cred.cred);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_pk12_files(KMF_HANDLE_T kmfhandle,
448b8615fe9e8af757530284920a235430ead7e8wyllys    char *certfile, char *keyfile,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *outfile)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_CREDENTIAL p12cred = { NULL, 0 };
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (certfile != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CERT_FILENAME_ATTR, certfile, strlen(certfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (keyfile != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_KEY_FILENAME_ATTR, keyfile, strlen(keyfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    (void) get_pk12_password(&p12cred);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_OUTPUT_FILENAME_ATTR, outfile, strlen(outfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = kmf_export_pk12(kmfhandle, numattr, attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (p12cred.cred)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        free(p12cred.cred);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_nss_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int oclass, char *certlabel, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BIGINT *serial, KMF_ENCODE_FORMAT kfmt, char *dir,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *prefix, char *filename)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_DER_CERT kmfcert;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr = 0;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = configure_nss(kmfhandle, dir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* If searching for public objects or certificates, find certs now */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & (PK_CERT_OBJ | PK_PUBLIC_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_KEYSTORE_TYPE_ATTR, &kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (certlabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_CERT_LABEL_ATTR, certlabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(certlabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_ISSUER_NAME_ATTR, issuer,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_SUBJECT_NAME_ATTR, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (serial != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_BIGINT_ATTR, serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (token_spec != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_TOKEN_LABEL_ATTR, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = pk_find_export_cert(kmfhandle, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &kmfcert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_CERT_DATA_ATTR, &kmfcert.certificate,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                sizeof (KMF_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_CERT_FILENAME_ATTR, filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                KMF_ENCODE_FORMAT_ATTR, &kfmt, sizeof (kfmt));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            rv = kmf_store_cert(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmf_free_kmf_cert(kmfhandle, &kmfcert);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_pk12_pk11(KMF_HANDLE_T kmfhandle, char *token_spec,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *certlabel, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BIGINT *serial, KMF_CREDENTIAL *tokencred, char *filename)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_CREDENTIAL p12cred = { NULL, 0 };
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr = 0;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = select_token(kmfhandle, token_spec, TRUE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kstype = KMF_KEYSTORE_PK11TOKEN;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (certlabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CERT_LABEL_ATTR, certlabel, strlen(certlabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_ISSUER_NAME_ATTR, issuer, strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_SUBJECT_NAME_ATTR, subject, strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (serial != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_BIGINT_ATTR, serial, sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (tokencred != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CREDENTIAL_ATTR, tokencred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    (void) get_pk12_password(&p12cred);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = kmf_export_pk12(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (p12cred.cred)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        free(p12cred.cred);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysstatic KMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_export_pk11_keys(KMF_HANDLE_T kmfhandle, char *token,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_CREDENTIAL *cred, KMF_ENCODE_FORMAT format,
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    char *label, char *filename, int oclass)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    KMF_KEY_CLASS kclass = KMF_KEYCLASS_NONE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    uint32_t numkeys = 1;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEY_HANDLE key;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    boolean_t is_token = B_TRUE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (EMPTYSTRING(label)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        cryptoerror(LOG_STDERR, gettext("A label "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "must be specified to export a key."));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_BAD_PARAMETER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = select_token(kmfhandle, token, TRUE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (rv != KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (cred != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr, KMF_CREDENTIAL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_KEYLABEL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        label, strlen(label));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &numkeys, sizeof (numkeys));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_HANDLE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &key, sizeof (key));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_TOKEN_BOOL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &is_token, sizeof (is_token));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_ENCODE_FORMAT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &format, sizeof (format));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    /* Check to see if we are exporting private or public only */
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    if ((oclass & PK_KEY_OBJ) == PK_PRIKEY_OBJ)
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        kclass = KMF_ASYM_PRI;
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    else if ((oclass & PK_KEY_OBJ) == PK_PUBKEY_OBJ)
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        kclass = KMF_ASYM_PUB;
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    else if ((oclass & PK_KEY_OBJ) == PK_SYMKEY_OBJ)
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        kclass = KMF_SYMMETRIC;
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    else /* only 1 key at a time can be exported here, so default to pri */
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        kclass = KMF_ASYM_PRI;
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_KEYCLASS_ATTR,
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        &kclass, sizeof (kclass));
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys    numattr++;
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = kmf_find_key(kmfhandle, numattr, attrlist);
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys    /*
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys     * If nothing found but caller wanted ALL keys, try symmetric
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys     * this time.
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys     */
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys    if (rv == KMF_ERR_KEY_NOT_FOUND && (oclass == PK_KEY_OBJ)) {
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys        kclass = KMF_SYMMETRIC;
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys        rv = kmf_find_key(kmfhandle, numattr, attrlist);
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys    }
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys    /*
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys     * If nothing found but caller wanted ALL keys, try asymmetric
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys     * public this time.
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys     */
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys    if (rv == KMF_ERR_KEY_NOT_FOUND && (oclass == PK_KEY_OBJ)) {
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys        kclass = KMF_ASYM_PUB;
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys        rv = kmf_find_key(kmfhandle, numattr, attrlist);
71a79fe7afa36dcf0de6902c2c6ef432980534d3wyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (rv == KMF_OK && key.keyclass == KMF_SYMMETRIC) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_RAW_SYM_KEY rkey;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (void) memset(&rkey, 0, sizeof (KMF_RAW_SYM_KEY));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = kmf_get_sym_key_value(kmfhandle, &key, &rkey);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        if (rv == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            int fd, n, total = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            fd = open(filename, O_CREAT | O_RDWR |O_TRUNC, 0600);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            if (fd == -1) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                rv = KMF_ERR_OPEN_FILE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                goto done;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            do {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                n = write(fd, rkey.keydata.val + total,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    rkey.keydata.len - total);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                if (n < 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    if (errno == EINTR)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                        continue;
46d33f7eb2dfb8bdd702b0d0605ce8c741b50f9dwyllys                    (void) close(fd);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    rv = KMF_ERR_WRITE_FILE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    goto done;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                total += n;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            } while (total < rkey.keydata.len);
46d33f7eb2dfb8bdd702b0d0605ce8c741b50f9dwyllys            (void) close(fd);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysdone:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_bigint(&rkey.keydata);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_kmf_key(kmfhandle, &key);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    } else if (rv == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYSTORE_TYPE sslks = KMF_KEYSTORE_OPENSSL;
46d33f7eb2dfb8bdd702b0d0605ce8c741b50f9dwyllys        (void) printf(gettext("Found %d asymmetric keys\n"), numkeys);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &sslks, sizeof (sslks));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr, KMF_RAW_KEY_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            key.keyp, sizeof (KMF_RAW_KEY_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr, KMF_ENCODE_FORMAT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &format, sizeof (format));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_FILENAME_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        kmf_set_attr_at_index(attrlist, numattr, KMF_KEYCLASS_ATTR,
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys            &key.keyclass, sizeof (KMF_KEY_CLASS));
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        numattr++;
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = kmf_store_key(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_kmf_key(kmfhandle, &key);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_pk11_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll    KMF_CREDENTIAL *cred, char *certlabel, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BIGINT *serial, KMF_ENCODE_FORMAT kfmt,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *filename)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_DER_CERT kmfcert;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attrlist[16];
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = select_token(kmfhandle, token_spec, TRUE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll    if (rv != KMF_OK)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll    if (cred != NULL) {
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll        kmf_set_attr_at_index(attrlist, numattr, KMF_CREDENTIAL_ATTR,
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll            cred, sizeof (KMF_CREDENTIAL));
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll        numattr++;
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (certlabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CERT_LABEL_ATTR, certlabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(certlabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_ISSUER_NAME_ATTR, issuer,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_SUBJECT_NAME_ATTR, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (serial != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_BIGINT_ATTR, serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = pk_find_export_cert(kmfhandle, attrlist, numattr, &kmfcert);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CERT_DATA_ATTR, &kmfcert.certificate,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CERT_FILENAME_ATTR, filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_ENCODE_FORMAT_ATTR, &kfmt, sizeof (kfmt));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = kmf_store_cert(kmfhandle, numattr, attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_kmf_cert(kmfhandle, &kmfcert);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Export objects from one keystore to a file.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinakint
7711facfe58561dd91d6ece0f5f41150c3956c83dinakpk_export(int argc, char *argv[])
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    int     opt;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    extern int  optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    extern char *optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    char        *token_spec = NULL;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    char        *filename = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *dir = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *prefix = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *certlabel = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *subject = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *issuer = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *infile = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *keyfile = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *certfile = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char        *serstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEYSTORE_TYPE   kstype = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_ENCODE_FORMAT   kfmt = KMF_FORMAT_PKCS12;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN      rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int     oclass = PK_CERT_OBJ;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BIGINT  serial = { NULL, 0 };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_HANDLE_T    kmfhandle = NULL;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_CREDENTIAL  tokencred = { NULL, 0 };
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    /* Parse command line options.  Do NOT i18n/l10n. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    while ((opt = getopt_av(argc, argv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "k:(keystore)y:(objtype)T:(token)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "d:(dir)p:(prefix)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "l:(label)n:(nickname)s:(subject)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "i:(issuer)S:(serial)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "K:(keyfile)c:(certfile)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "F:(outformat)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "I:(infile)o:(outfile)")) != EOF) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (EMPTYSTRING(optarg_av))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak        switch (opt) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'k':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            kstype = KS2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'y':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            oclass = OT2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (oclass == -1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak        case 'T':   /* token specifier */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak            if (token_spec)
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak                return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak            token_spec = optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'd':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (dir)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            dir = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'p':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (prefix)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            prefix = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'n':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'l':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (certlabel)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            certlabel = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 's':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (subject)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            subject = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'i':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (issuer)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            issuer = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'S':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            serstr = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'F':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            kfmt = Str2Format(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kfmt == KMF_FORMAT_UNDEF)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'I':   /* output file name */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (infile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            infile = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak        case 'o':   /* output file name */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak            if (filename)
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak                return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak            filename = optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'c':   /* input cert file name */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (certfile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            certfile = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case 'K':   /* input key file name */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (keyfile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            keyfile = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak        default:
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak            return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak        }
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Assume keystore = PKCS#11 if not specified */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kstype = KMF_KEYSTORE_PK11TOKEN;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    /* Filename arg is required. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (EMPTYSTRING(filename)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR, gettext("You must specify "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "an 'outfile' parameter when exporting.\n"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    /* No additional args allowed. */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    argc -= optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    argv += optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    if (argc)
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
577f4726f2ea5aeaa2cf3dd65aca52869834b137wyllys    DIR_OPTION_CHECK(kstype, dir);
577f4726f2ea5aeaa2cf3dd65aca52869834b137wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((oclass & (PK_PUBLIC_OBJ | PK_PRIVATE_OBJ)) &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kstype != KMF_KEYSTORE_PK11TOKEN) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) fprintf(stderr, gettext("The objtype parameter "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "is only relevant if keystore=pkcs11\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == KMF_KEYSTORE_PK11TOKEN && EMPTYSTRING(token_spec))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        token_spec = PK_DEFAULT_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    else if (kstype == KMF_KEYSTORE_NSS && EMPTYSTRING(token_spec))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        token_spec = DEFAULT_NSS_TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == KMF_KEYSTORE_OPENSSL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kfmt != KMF_FORMAT_PKCS12) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR, gettext("PKCS12 "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "is the only export format "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "supported for the 'file' "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "keystore.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (EMPTYSTRING(keyfile) || EMPTYSTRING(certfile)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR, gettext("A cert file"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "and a key file must be specified "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "when exporting to PKCS12 from the "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "'file' keystore.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll    /* Check if the file exists */
2c9a247fb01631b3eb3b85a1127e72f0b60ae108Wyllys Ingersoll    if (verify_file(filename) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            gettext("Warning: file \"%s\" exists, "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "will be overwritten."), filename);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        if (yesno(gettext("Continue with export? "),
7711facfe58561dd91d6ece0f5f41150c3956c83dinak            gettext("Respond with yes or no.\n"), B_FALSE) == B_FALSE) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak            return (0);
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys        } else {
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys            /* remove the file */
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys            (void) unlink(filename);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (serstr != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        uchar_t *bytes = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        size_t bytelen;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = kmf_hexstr_to_bytes((uchar_t *)serstr, &bytes, &bytelen);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv != KMF_OK || bytes == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stderr, gettext("serial number "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "must be specified as a hex number "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "(ex: 0x0102030405ffeeddee)\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        serial.val = bytes;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        serial.len = bytelen;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll    /*
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll     * We need a password in the following situations:
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll     * 1.  When accessing PKCS11 token
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll     * 2.  If NSS keystore, when making a PKCS12 file or when
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll     * accessing any private object or key.
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll     */
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll    if (kstype == KMF_KEYSTORE_PK11TOKEN ||
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll        ((kstype == KMF_KEYSTORE_NSS) &&
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll        ((oclass & (PK_KEY_OBJ | PK_PRIVATE_OBJ)) ||
ab8b4e5c888370036603c72719799620ea5c6b77Wyllys Ingersoll        (kfmt == KMF_FORMAT_PKCS12)))) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) get_token_password(kstype, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                &tokencred);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR, gettext("Error initializing "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "KMF: 0x%02x\n"), rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    switch (kstype) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case KMF_KEYSTORE_PK11TOKEN:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kfmt == KMF_FORMAT_PKCS12)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                rv = pk_export_pk12_pk11(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    token_spec, certlabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    issuer, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    &serial, &tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    filename);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            else if ((oclass & PK_KEY_OBJ) ||
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                kfmt == KMF_FORMAT_RAWKEY)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                rv = pk_export_pk11_keys(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    token_spec, &tokencred, kfmt,
73cc0e021f4115db3085cd78083c42c8be4559e3wyllys                    certlabel, filename, oclass);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                rv = pk_export_pk11_objects(kmfhandle,
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll                    token_spec, &tokencred, certlabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    issuer, subject, &serial, kfmt,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    filename);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case KMF_KEYSTORE_NSS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (dir == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dir = PK_DEFAULT_DIRECTORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kfmt == KMF_FORMAT_PKCS12)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                rv = pk_export_pk12_nss(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    token_spec, dir, prefix,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    certlabel, issuer,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    subject, &serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    &tokencred, filename);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                rv = pk_export_nss_objects(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    oclass, certlabel, issuer, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    &serial, kfmt, dir, prefix, filename);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        case KMF_KEYSTORE_OPENSSL:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kfmt == KMF_FORMAT_PKCS12)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                rv = pk_export_pk12_files(kmfhandle,
448b8615fe9e8af757530284920a235430ead7e8wyllys                    certfile, keyfile, filename);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                rv = pk_export_file_objects(kmfhandle, oclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                    issuer, subject, &serial,
448b8615fe9e8af757530284920a235430ead7e8wyllys                    infile, filename);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            break;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        display_error(kmfhandle, rv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            gettext("Error exporting objects"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (serial.val != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(serial.val);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    (void) kmf_finalize(kmfhandle);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}