export.c revision 30a5e8fa1253cb33980ee4514743cf683f584b4e
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER START
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The contents of this file are subject to the terms of the
9e860378843d64d584ff9a1833e3cadea8dd71e1dinak * Common Development and Distribution License (the "License").
9e860378843d64d584ff9a1833e3cadea8dd71e1dinak * You may not use this file except in compliance with the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * See the License for the specific language governing permissions
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and limitations under the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * When distributing Covered Code, include this CDDL HEADER in each
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * If applicable, add the following below this CDDL HEADER, with the
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * fields enclosed by brackets "[]" replaced with your own identifying
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * information: Portions Copyright [yyyy] [name of copyright owner]
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER END
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * Use is subject to license terms.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#pragma ident "%Z%%M% %I% %E% SMI"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * This file implements the export operation for this tool.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The basic flow of the process is to find the soft token,
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * log into it, find the PKCS#11 objects in the soft token
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * to be exported matching keys with their certificates, export
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * them to the PKCS#12 file encrypting them with a file password
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * if desired, and log out.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_find_export_cert(KMF_HANDLE_T kmfhandle, KMF_ATTRIBUTE *attrlist,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "search parameters to eliminate ambiguity\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_file_objects(KMF_HANDLE_T kmfhandle, int oclass,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* If searching for public objects or certificates, find certs now */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_find_export_cert(kmfhandle, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, tokencred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_TOKEN_LABEL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_nss_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int oclass, char *certlabel, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_BIGINT *serial, KMF_ENCODE_FORMAT kfmt, char *dir,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* If searching for public objects or certificates, find certs now */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_find_export_cert(kmfhandle, attrlist, numattr,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_pk12_pk11(KMF_HANDLE_T kmfhandle, char *token_spec,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_BIGINT *serial, KMF_CREDENTIAL *tokencred, char *filename)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, tokencred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_export_pk11_keys(KMF_HANDLE_T kmfhandle, char *token,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "must be specified to export a key."));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CREDENTIAL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYLABEL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_HANDLE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_TOKEN_BOOL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_ENCODE_FORMAT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys fd = open(filename, O_CREAT | O_RDWR |O_TRUNC, 0600);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (n < 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys printf(gettext("Found %d asymmetric keys\n"), numkeys);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_RAW_KEY_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_ENCODE_FORMAT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_FILENAME_ATTR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_export_pk11_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_find_export_cert(kmfhandle, attrlist, numattr, &kmfcert);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Export objects from one keystore to a file.
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak extern char *optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak /* Parse command line options. Do NOT i18n/l10n. */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "k:(keystore)y:(objtype)T:(token)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "d:(dir)p:(prefix)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "l:(label)n:(nickname)s:(subject)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "i:(issuer)S:(serial)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "K:(keyfile)c:(certfile)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "F:(outformat)"
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak switch (opt) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Assume keystore = PKCS#11 if not specified */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak /* Filename arg is required. */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "an 'outfile' parameter when exporting.\n"));
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak /* No additional args allowed. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stderr, gettext("The objtype parameter "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "is only relevant if keystore=pkcs11\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN && EMPTYSTRING(token_spec))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (kstype == KMF_KEYSTORE_NSS && EMPTYSTRING(token_spec))
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "is the only export format "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "supported for the 'file' "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "keystore.\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "and a key file must be specified "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "when exporting to PKCS12 from the "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "'file' keystore.\n"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak /* Check if the file exists and might be overwritten. */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak gettext("Respond with yes or no.\n"), B_FALSE) == B_FALSE) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (0);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_hexstr_to_bytes((uchar_t *)serstr, &bytes, &bytelen);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "must be specified as a hex number "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "(ex: 0x0102030405ffeeddee)\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("Error initializing "