export.c revision 46d33f7eb2dfb8bdd702b0d0605ce8c741b50f9d
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file implements the export operation for this tool.
* The basic flow of the process is to find the soft token,
* log into it, find the PKCS#11 objects in the soft token
* to be exported matching keys with their certificates, export
* them to the PKCS#12 file encrypting them with a file password
* if desired, and log out.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include "common.h"
#include <kmfapi.h>
static KMF_RETURN
{
numcerts = 0;
numattr++;
return (rv);
}
if (numcerts == 0) {
gettext("No matching certificates found."));
return (KMF_ERR_CERT_NOT_FOUND);
} else if (numcerts == 1) {
sizeof (KMF_X509_DER_CERT));
numattr++;
} else if (numcerts > 1) {
gettext("%d certificates found, refine the "
"search parameters to eliminate ambiguity\n"),
numcerts);
return (KMF_ERR_BAD_PARAMETER);
}
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
/* If searching for public objects or certificates, find certs now */
sizeof (kstype));
numattr++;
numattr++;
}
numattr++;
}
sizeof (KMF_BIGINT));
numattr++;
}
numattr++;
}
numattr++;
}
&kmfcert);
numattr = 0;
numattr++;
sizeof (KMF_DATA));
numattr++;
numattr++;
attrlist);
}
}
return (rv);
}
static KMF_RETURN
char *filename)
{
int numattr = 0;
return (rv);
if (token_spec == NULL)
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
numattr++;
}
numattr++;
}
numattr++;
(void) get_pk12_password(&p12cred);
numattr++;
numattr++;
return (rv);
}
static KMF_RETURN
char *outfile)
{
int numattr = 0;
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
(void) get_pk12_password(&p12cred);
numattr++;
numattr++;
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
return (rv);
/* If searching for public objects or certificates, find certs now */
sizeof (kstype));
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
sizeof (KMF_BIGINT));
numattr++;
}
if (token_spec != NULL) {
strlen(token_spec));
numattr++;
}
&kmfcert);
numattr = 0;
numattr++;
sizeof (KMF_DATA));
numattr++;
numattr++;
numattr++;
}
}
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
return (rv);
}
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
numattr++;
}
numattr++;
}
(void) get_pk12_password(&p12cred);
numattr++;
numattr++;
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
if (EMPTYSTRING(label)) {
"must be specified to export a key."));
return (KMF_ERR_BAD_PARAMETER);
}
return (rv);
}
numattr++;
cred, sizeof (KMF_CREDENTIAL));
numattr++;
}
numattr++;
numattr++;
numattr++;
numattr++;
numattr++;
if (fd == -1) {
goto done;
}
do {
if (n < 0) {
continue;
goto done;
}
total += n;
}
done:
numattr = 0;
numattr++;
numattr++;
numattr++;
numattr++;
}
return (rv);
}
static KMF_RETURN
char *filename)
{
int numattr = 0;
return (rv);
}
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
sizeof (KMF_BIGINT));
numattr++;
}
numattr = 0;
numattr++;
sizeof (KMF_DATA));
numattr++;
numattr++;
numattr++;
}
return (rv);
}
/*
* Export objects from one keystore to a file.
*/
int
{
int opt;
extern int optind_av;
extern char *optarg_av;
char *token_spec = NULL;
KMF_KEYSTORE_TYPE kstype = 0;
int oclass = PK_CERT_OBJ;
"k:(keystore)y:(objtype)T:(token)"
"d:(dir)p:(prefix)"
"l:(label)n:(nickname)s:(subject)"
"i:(issuer)S:(serial)"
"K:(keyfile)c:(certfile)"
"F:(outformat)"
"I:(infile)o:(outfile)")) != EOF) {
if (EMPTYSTRING(optarg_av))
return (PK_ERR_USAGE);
switch (opt) {
case 'k':
if (kstype == 0)
return (PK_ERR_USAGE);
break;
case 'y':
if (oclass == -1)
return (PK_ERR_USAGE);
break;
case 'T': /* token specifier */
if (token_spec)
return (PK_ERR_USAGE);
break;
case 'd':
if (dir)
return (PK_ERR_USAGE);
break;
case 'p':
if (prefix)
return (PK_ERR_USAGE);
break;
case 'n':
case 'l':
if (certlabel)
return (PK_ERR_USAGE);
break;
case 's':
if (subject)
return (PK_ERR_USAGE);
break;
case 'i':
if (issuer)
return (PK_ERR_USAGE);
break;
case 'S':
break;
case 'F':
if (kfmt == KMF_FORMAT_UNDEF)
return (PK_ERR_USAGE);
break;
case 'I': /* output file name */
if (infile)
return (PK_ERR_USAGE);
break;
case 'o': /* output file name */
if (filename)
return (PK_ERR_USAGE);
break;
case 'c': /* input cert file name */
if (certfile)
return (PK_ERR_USAGE);
break;
case 'K': /* input key file name */
if (keyfile)
return (PK_ERR_USAGE);
break;
default:
return (PK_ERR_USAGE);
break;
}
}
/* Assume keystore = PKCS#11 if not specified */
if (kstype == 0)
/* Filename arg is required. */
if (EMPTYSTRING(filename)) {
"an 'outfile' parameter when exporting.\n"));
return (PK_ERR_USAGE);
}
/* No additional args allowed. */
if (argc)
return (PK_ERR_USAGE);
/* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
kstype != KMF_KEYSTORE_PK11TOKEN) {
"is only relevant if keystore=pkcs11\n"));
return (PK_ERR_USAGE);
}
if (kstype == KMF_KEYSTORE_OPENSSL) {
if (kfmt != KMF_FORMAT_PKCS12) {
"is the only export format "
"supported for the 'file' "
"keystore.\n"));
return (PK_ERR_USAGE);
}
"and a key file must be specified "
"when exporting to PKCS12 from the "
"'file' keystore.\n"));
return (PK_ERR_USAGE);
}
}
/* Check if the file exists and might be overwritten. */
gettext("Warning: file \"%s\" exists, "
"will be overwritten."), filename);
return (0);
}
} else {
"cannot be created.\n"), filename);
return (PK_ERR_USAGE);
}
}
"must be specified as a hex number "
"(ex: 0x0102030405ffeeddee)\n"));
return (PK_ERR_USAGE);
}
}
if ((kstype == KMF_KEYSTORE_PK11TOKEN ||
kstype == KMF_KEYSTORE_NSS) &&
kfmt == KMF_FORMAT_PKCS12)) {
&tokencred);
}
"KMF: 0x%02x\n"), rv);
return (rv);
}
switch (kstype) {
case KMF_KEYSTORE_PK11TOKEN:
if (kfmt == KMF_FORMAT_PKCS12)
filename);
else if ((oclass & PK_KEY_OBJ) ||
else
filename);
break;
case KMF_KEYSTORE_NSS:
if (kfmt == KMF_FORMAT_PKCS12)
else
break;
case KMF_KEYSTORE_OPENSSL:
if (kfmt == KMF_FORMAT_PKCS12)
filename);
else
break;
default:
rv = PK_ERR_USAGE;
break;
}
gettext("Error exporting objects"));
}
(void) kmf_finalize(kmfhandle);
return (rv);
}