gencsr.c revision 448b8615fe9e8af757530284920a235430ead7e8
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <malloc.h>
#include <libgen.h>
#include <errno.h>
#include <cryptoutil.h>
#include <security/cryptoki.h>
#include "common.h"
#include <kmfapi.h>
#define SET_VALUE(f, s) \
kmfrv = f; \
gettext("Failed to %s: 0x%02\n"), \
s, kmfrv); \
goto cleanup; \
}
static KMF_RETURN
{
int numattr = 0;
else
/* If the subject name cannot be parsed, flag it now and exit */
return (kmfrv);
}
/* Select a PKCS11 token */
return (kmfrv);
}
numattr++;
numattr++;
}
numattr++;
numattr++;
tokencred, sizeof (KMF_CREDENTIAL));
numattr++;
numattr++;
}
&pubk, sizeof (KMF_KEY_HANDLE));
numattr++;
&prik, sizeof (KMF_KEY_HANDLE));
numattr++;
numattr++;
return (kmfrv);
}
"SignatureAlgorithm");
alttype), "SetCSRSubjectAltName");
}
if (kubits != 0) {
"SetCSRKeyUsage");
}
int i;
"Extended Key Usage");
}
}
KMF_OK) {
}
(void) kmf_free_data(&signedCsr);
/* delete the key */
numattr = 0;
numattr++;
&pubk, sizeof (KMF_KEY_HANDLE));
numattr++;
(void) kmf_free_signed_csr(&csr);
return (kmfrv);
}
static KMF_RETURN
{
char *fullcsrpath = NULL;
char *fullkeypath = NULL;
int numattr = 0;
gettext("No output file was specified for "
"the csr or key\n"));
return (KMF_ERR_BAD_PARAMETER);
}
if (verify_file(fullcsrpath)) {
gettext("Cannot write the indicated output "
"certificate file (%s).\n"), fullcsrpath);
return (PK_ERR_USAGE);
}
if (verify_file(fullcsrpath)) {
gettext("Cannot write the indicated output "
"key file (%s).\n"), fullkeypath);
return (PK_ERR_USAGE);
}
else
/* If the subject name cannot be parsed, flag it now and exit */
return (kmfrv);
}
numattr++;
numattr++;
numattr++;
numattr++;
numattr++;
&prik, sizeof (KMF_KEY_HANDLE));
numattr++;
&pubk, sizeof (KMF_KEY_HANDLE));
numattr++;
numattr++;
goto cleanup;
}
"SetCSRPubKey");
"kmf_set_csr_subject");
alttype), "kmf_set_csr_subject_altname");
}
"kmf_set_csr_ku");
}
int i;
"Extended Key Usage");
}
}
KMF_OK) {
}
if (fullkeypath)
if (fullcsrpath)
return (kmfrv);
}
static KMF_RETURN
{
int numattr = 0;
else
return (kmfrv);
/* If the subject name cannot be parsed, flag it now and exit */
return (kmfrv);
}
numattr++;
numattr++;
}
numattr++;
numattr++;
tokencred, sizeof (KMF_CREDENTIAL));
numattr++;
}
numattr++;
}
&pubk, sizeof (KMF_KEY_HANDLE));
numattr++;
&prik, sizeof (KMF_KEY_HANDLE));
numattr++;
numattr++;
goto cleanup;
}
"kmf_set_csr_pubkey");
"kmf_set_csr_subject");
alttype), "kmf_set_csr_subject_altname");
}
"kmf_set_csr_ku");
}
int i;
"Extended Key Usage");
}
}
KMF_OK) {
}
(void) kmf_free_data(&signedCsr);
/* delete the key */
numattr = 0;
numattr++;
&pubk, sizeof (KMF_KEY_HANDLE));
numattr++;
tokencred, sizeof (KMF_CREDENTIAL));
numattr++;
}
numattr++;
}
(void) kmf_free_signed_csr(&csr);
return (kmfrv);
}
int
{
int opt;
extern int optind_av;
extern char *optarg_av;
KMF_KEYSTORE_TYPE kstype = 0;
int keylen = PK_DEFAULT_KEYLENGTH;
char *keytype = PK_DEFAULT_KEYTYPE;
"ik:(keystore)s:(subject)n:(nickname)A:(altname)"
"u:(keyusage)T:(token)d:(dir)p:(prefix)t:(keytype)"
"y:(keylen)l:(label)c:(outcsr)e:(eku)"
"K:(outkey)F:(format)")) != EOF) {
return (PK_ERR_USAGE);
switch (opt) {
case 'A':
break;
case 'i':
if (interactive || subject)
return (PK_ERR_USAGE);
else
break;
case 'k':
if (kstype == 0)
return (PK_ERR_USAGE);
break;
case 's':
if (interactive || subject)
return (PK_ERR_USAGE);
else
break;
case 'l':
case 'n':
if (certlabel)
return (PK_ERR_USAGE);
break;
case 'T':
if (tokenname)
return (PK_ERR_USAGE);
break;
case 'd':
break;
case 'p':
if (prefix)
return (PK_ERR_USAGE);
break;
case 't':
break;
case 'u':
break;
case 'y':
&keylen) != 1) {
gettext("Unrecognized "
"key length (%s)\n"), optarg_av);
return (PK_ERR_USAGE);
}
break;
case 'c':
if (outcsr)
return (PK_ERR_USAGE);
break;
case 'K':
if (outkey)
return (PK_ERR_USAGE);
break;
case 'F':
if (format)
return (PK_ERR_USAGE);
break;
case 'e':
break;
default:
"unrecognized gencsr option '%s'\n"),
return (PK_ERR_USAGE);
}
}
/* No additional args allowed. */
if (argc) {
return (PK_ERR_USAGE);
}
return (PK_ERR_USAGE);
}
/* Assume keystore = PKCS#11 if not specified. */
if (kstype == 0)
}
if (EMPTYSTRING(outcsr)) {
"the final certificate request data.\n"));
return (PK_ERR_USAGE);
}
/*
* verify that the outcsr file does not already exist
* and that it can be created.
*/
"cannot be created.\n"), outcsr);
return (PK_ERR_USAGE);
}
(void) get_certlabel(&certlabel);
if (EMPTYSTRING(certlabel)) {
"specified to create a certificate request.\n"));
return (PK_ERR_USAGE);
}
} else if (kstype == KMF_KEYSTORE_OPENSSL) {
if (EMPTYSTRING(outkey)) {
"must be specified to create a certificate "
"request.\n"));
return (PK_ERR_USAGE);
}
}
return (PK_ERR_USAGE);
}
gettext("CSR must be DER or PEM format.\n"));
return (PK_ERR_USAGE);
}
/*
* Check the subject name.
* If interactive is true, get it now interactively.
*/
if (interactive) {
"subject name interactively.\n"));
return (PK_ERR_USAGE);
}
} else {
if (EMPTYSTRING(subject)) {
"-i must be specified to create a certificate "
"request.\n"));
return (PK_ERR_USAGE);
} else {
gettext("Out of memory.\n"));
return (PK_ERR_SYSTEM);
}
}
}
"must be specified as a name=value pair. "
"See the man page for details."));
goto end;
} else {
/* advance the altname past the '=' sign */
if (p != NULL)
altname = p + 1;
}
}
"must be specified as a comma-separated list. "
"See the man page for details."));
goto end;
}
}
"be specified as a comma-separated list. "
"See the man page for details.\n"));
rv = PK_ERR_USAGE;
goto end;
}
}
keytype);
goto end;
}
if (kstype == KMF_KEYSTORE_NSS) {
tokenname = "internal";
} else {
}
}
}
if (kstype == KMF_KEYSTORE_NSS) {
} else if (kstype == KMF_KEYSTORE_PK11TOKEN) {
} else if (kstype == KMF_KEYSTORE_OPENSSL) {
}
end:
gettext("Error creating CSR or keypair"));
if (subname)
(void) kmf_finalize(kmfhandle);
return (PK_ERR_USAGE);
return (0);
}