7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER START
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * or http://www.opensolaris.org/os/licensing.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * See the License for the specific language governing permissions
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and limitations under the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * When distributing Covered Code, include this CDDL HEADER in each
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * If applicable, add the following below this CDDL HEADER, with the
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * fields enclosed by brackets "[]" replaced with your own identifying
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * information: Portions Copyright [yyyy] [name of copyright owner]
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER END
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
9e765c33c4dfc2dff414f25e1aa96208c482839bHuie-Ying Lee * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * Use is subject to license terms.
33f5ff17089e3a43e6e730bf80384c233123dbd9Milan Jurik * Copyright 2012 Milan Jurik. All rights reserved.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * This file implements the import operation for this tool.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The basic flow of the process is to decrypt the PKCS#12
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * input file if it has a password, parse the elements in
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * the file, find the soft token, log into it, import the
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * PKCS#11 objects into the soft token, and log out.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <stdio.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <stdlib.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <string.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ctype.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <errno.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <fcntl.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <sys/types.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <sys/stat.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include "common.h"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapi.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys#define NEW_ATTRLIST(a, n) \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys{ \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys a = (KMF_ATTRIBUTE *)malloc(n * sizeof (KMF_ATTRIBUTE)); \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys if (a == NULL) { \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys rv = KMF_ERR_MEMORY; \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys goto end; \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys } \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys (void) memset(a, 0, n * sizeof (KMF_ATTRIBUTE)); \
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys}
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_import_pk12_files(KMF_HANDLE_T kmfhandle, KMF_CREDENTIAL *cred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *outfile, char *certfile, char *keyfile,
448b8615fe9e8af757530284920a235430ead7e8wyllys KMF_ENCODE_FORMAT outformat)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_X509_DER_CERT *certs = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RAW_KEY_DATA *keys = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int ncerts = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int nkeys = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_ATTRIBUTE *attrlist = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_import_objects(kmfhandle, outfile, cred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs, &ncerts, &keys, &nkeys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf(gettext("Found %d certificate(s) and %d "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "key(s) in %s\n"), ncerts, nkeys, outfile);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && ncerts > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char newcertfile[MAXPATHLEN];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys NEW_ATTRLIST(attrlist, (3 + (3 * ncerts)));
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT_ATTR, &outformat, sizeof (outformat));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; rv == KMF_OK && i < ncerts; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If storing more than 1 cert, gotta change
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * the name so we don't overwrite the previous one.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Just append a _# to the name.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (i > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) snprintf(newcertfile,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (newcertfile), "%s_%d", certfile, i);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_FILENAME_ATTR, newcertfile,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(newcertfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_FILENAME_ATTR, certfile,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(certfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys if (certs[i].kmf_private.label != NULL) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_set_attr_at_index(attrlist, num,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_CERT_LABEL_ATTR,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys certs[i].kmf_private.label,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys strlen(certs[i].kmf_private.label));
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys num++;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_CERT_DATA_ATTR, &certs[i].certificate,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys sizeof (KMF_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_store_cert(kmfhandle, num, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys free(attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && nkeys > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char newkeyfile[MAXPATHLEN];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys NEW_ATTRLIST(attrlist, (4 + (4 * nkeys)));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT_ATTR, &outformat,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (outformat));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (cred != NULL && cred->credlen > 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, cred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* The order of certificates and keys should match */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; rv == KMF_OK && i < nkeys; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (i > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) snprintf(newkeyfile,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (newkeyfile), "%s_%d", keyfile, i);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_FILENAME_ATTR, newkeyfile,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(newkeyfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_FILENAME_ATTR, keyfile,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(keyfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys if (i < ncerts) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_set_attr_at_index(attrlist, num,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_CERT_DATA_ATTR, &certs[i],
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys sizeof (KMF_CERT_DATA_ATTR));
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys num++;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_RAW_KEY_ATTR, &keys[i],
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_RAW_KEY_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_store_key(kmfhandle, num, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys free(attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Cleanup memory.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (certs) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < ncerts; i++)
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_free_kmf_cert(kmfhandle, &certs[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(certs);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (keys) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < nkeys; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_raw_key(&keys[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(keys);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_import_pk12_nss(
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE_T kmfhandle, KMF_CREDENTIAL *kmfcred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *token_spec, char *dir, char *prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *nickname, char *trustflags, char *filename)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_X509_DER_CERT *certs = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RAW_KEY_DATA *keys = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int ncerts = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int nkeys = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_ATTRIBUTE *attrlist = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = configure_nss(kmfhandle, dir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_import_objects(kmfhandle, filename, kmfcred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs, &ncerts, &keys, &nkeys);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf(gettext("Found %d certificate(s) and %d "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "key(s) in %s\n"), ncerts, nkeys, filename);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
64012b183780cacb63ca9686d771578f883ac119wyllys numattr = 0;
64012b183780cacb63ca9686d771578f883ac119wyllys NEW_ATTRLIST(attrlist, (4 + (2 * nkeys)));
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_KEYSTORE_TYPE_ATTR, &kstype,
64012b183780cacb63ca9686d771578f883ac119wyllys sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (token_spec != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_TOKEN_LABEL_ATTR, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
64012b183780cacb63ca9686d771578f883ac119wyllys if (nickname != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_KEYLABEL_ATTR, nickname,
64012b183780cacb63ca9686d771578f883ac119wyllys strlen(nickname));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
64012b183780cacb63ca9686d771578f883ac119wyllys if (tokencred->credlen > 0) {
64012b183780cacb63ca9686d771578f883ac119wyllys kmf_set_attr_at_index(attrlist, numattr,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_CREDENTIAL_ATTR, tokencred,
64012b183780cacb63ca9686d771578f883ac119wyllys sizeof (KMF_CREDENTIAL));
64012b183780cacb63ca9686d771578f883ac119wyllys numattr++;
64012b183780cacb63ca9686d771578f883ac119wyllys }
64012b183780cacb63ca9686d771578f883ac119wyllys
64012b183780cacb63ca9686d771578f883ac119wyllys /* The order of certificates and keys should match */
64012b183780cacb63ca9686d771578f883ac119wyllys for (i = 0; i < nkeys; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
64012b183780cacb63ca9686d771578f883ac119wyllys if (i < ncerts) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_CERT_DATA_ATTR, &certs[i],
64012b183780cacb63ca9686d771578f883ac119wyllys sizeof (KMF_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_RAW_KEY_ATTR, &keys[i],
64012b183780cacb63ca9686d771578f883ac119wyllys sizeof (KMF_RAW_KEY_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
64012b183780cacb63ca9686d771578f883ac119wyllys
64012b183780cacb63ca9686d771578f883ac119wyllys rv = kmf_store_key(kmfhandle, num, attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys free(attrlist);
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys attrlist = NULL;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
9e765c33c4dfc2dff414f25e1aa96208c482839bHuie-Ying Lee numattr = 0;
64012b183780cacb63ca9686d771578f883ac119wyllys NEW_ATTRLIST(attrlist, (3 + (2 * ncerts)));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (token_spec != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_TOKEN_LABEL_ATTR, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
64012b183780cacb63ca9686d771578f883ac119wyllys if (trustflags != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_TRUSTFLAG_ATTR, trustflags,
64012b183780cacb63ca9686d771578f883ac119wyllys strlen(trustflags));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
64012b183780cacb63ca9686d771578f883ac119wyllys for (i = 0; rv == KMF_OK && i < ncerts; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
64012b183780cacb63ca9686d771578f883ac119wyllys if (certs[i].kmf_private.label != NULL) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_set_attr_at_index(attrlist, num,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_CERT_LABEL_ATTR,
64012b183780cacb63ca9686d771578f883ac119wyllys certs[i].kmf_private.label,
64012b183780cacb63ca9686d771578f883ac119wyllys strlen(certs[i].kmf_private.label));
64012b183780cacb63ca9686d771578f883ac119wyllys num++;
64012b183780cacb63ca9686d771578f883ac119wyllys } else if (i == 0 && nickname != NULL) {
64012b183780cacb63ca9686d771578f883ac119wyllys kmf_set_attr_at_index(attrlist, num,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_CERT_LABEL_ATTR, nickname,
64012b183780cacb63ca9686d771578f883ac119wyllys strlen(nickname));
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys num++;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
64012b183780cacb63ca9686d771578f883ac119wyllys KMF_CERT_DATA_ATTR,
64012b183780cacb63ca9686d771578f883ac119wyllys &certs[i].certificate, sizeof (KMF_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
64012b183780cacb63ca9686d771578f883ac119wyllys rv = kmf_store_cert(kmfhandle, num, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys free(attrlist);
64012b183780cacb63ca9686d771578f883ac119wyllys attrlist = NULL;
64012b183780cacb63ca9686d771578f883ac119wyllys if (rv != KMF_OK) {
64012b183780cacb63ca9686d771578f883ac119wyllys display_error(kmfhandle, rv,
64012b183780cacb63ca9686d771578f883ac119wyllys gettext("Error storing certificate in NSS token"));
64012b183780cacb63ca9686d771578f883ac119wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Cleanup memory.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (certs) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < ncerts; i++)
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_free_kmf_cert(kmfhandle, &certs[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(certs);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (keys) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < nkeys; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_raw_key(&keys[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(keys);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_import_cert(
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE_T kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_KEYSTORE_TYPE kstype,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *label, char *token_spec, char *filename,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *dir, char *prefix, char *trustflags)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attrlist[32];
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys KMF_CREDENTIAL tokencred;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int i = 0;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = select_token(kmfhandle, token_spec, FALSE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else if (kstype == KMF_KEYSTORE_NSS) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = configure_nss(kmfhandle, dir, prefix);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (KMF_KEYSTORE_TYPE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, i, KMF_CERT_FILENAME_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (label != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, i, KMF_CERT_LABEL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys label, strlen(label));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kstype == KMF_KEYSTORE_NSS) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (trustflags != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, i, KMF_TRUSTFLAG_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys trustflags, strlen(trustflags));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (token_spec != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_TOKEN_LABEL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys token_spec, strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_import_cert(kmfhandle, i, attrlist);
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (rv == KMF_ERR_AUTH_FAILED) {
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys /*
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys * The token requires a credential, prompt and try again.
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys */
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys (void) get_token_password(kstype, token_spec, &tokencred);
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys kmf_set_attr_at_index(attrlist, i, KMF_CREDENTIAL_ATTR,
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys &tokencred, sizeof (KMF_CREDENTIAL));
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys i++;
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys rv = kmf_import_cert(kmfhandle, i, attrlist);
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_import_file_crl(void *kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *infile,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *outfile,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ENCODE_FORMAT outfmt)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attrlist[8];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (infile) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CRL_FILENAME_ATTR, infile, strlen(infile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (outfile) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CRL_OUTFILE_ATTR, outfile, strlen(outfile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT_ATTR, &outfmt, sizeof (outfmt));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (kmf_import_crl(kmfhandle, numattr, attrlist));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_import_nss_crl(void *kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys boolean_t verify_crl_flag,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *infile,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *outdir,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *prefix)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attrlist[4];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = configure_nss(kmfhandle, outdir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (infile) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_FILENAME_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys infile, strlen(infile));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_CHECK_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &verify_crl_flag, sizeof (verify_crl_flag));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (kmf_import_crl(kmfhandle, numattr, attrlist));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_import_pk12_pk11(
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE_T kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CREDENTIAL *p12cred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *label, char *token_spec,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *filename)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_X509_DER_CERT *certs = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RAW_KEY_DATA *keys = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int ncerts = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int nkeys = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_ATTRIBUTE *attrlist = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = select_token(kmfhandle, token_spec, FALSE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_import_objects(kmfhandle, filename, p12cred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs, &ncerts, &keys, &nkeys);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys NEW_ATTRLIST(attrlist, (3 + (2 * nkeys)));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (label != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYLABEL_ATTR, label,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(label));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (tokencred != NULL && tokencred->credlen > 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* The order of certificates and keys should match */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < nkeys; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys if (i < ncerts) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_set_attr_at_index(attrlist, num,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_CERT_DATA_ATTR, &certs[i].certificate,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys sizeof (KMF_DATA));
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys num++;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_RAW_KEY_ATTR, &keys[i],
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_RAW_KEY_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_store_key(kmfhandle, num, attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys free(attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys numattr = 0;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys NEW_ATTRLIST(attrlist, (1 + (2 * ncerts)));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf(gettext("Found %d certificate(s) and %d "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "key(s) in %s\n"), ncerts, nkeys, filename);
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; rv == KMF_OK && i < ncerts; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys if (certs[i].kmf_private.label != NULL) {
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_set_attr_at_index(attrlist, num,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_CERT_LABEL_ATTR,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys certs[i].kmf_private.label,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys strlen(certs[i].kmf_private.label));
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys num++;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys } else if (i == 0 && label != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_LABEL_ATTR, label, strlen(label));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys KMF_CERT_DATA_ATTR, &certs[i].certificate,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys sizeof (KMF_DATA));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_store_cert(kmfhandle, num, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys free(attrlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Cleanup memory.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (certs) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < ncerts; i++)
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys kmf_free_kmf_cert(kmfhandle, &certs[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(certs);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (keys) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < nkeys; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_raw_key(&keys[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(keys);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
46d33f7eb2dfb8bdd702b0d0605ce8c741b50f9dwyllys/*ARGSUSED*/
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysstatic KMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_import_keys(KMF_HANDLE_T kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype, char *token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL *cred, char *filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *label, char *senstr, char *extstr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE fileks = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_HANDLE key;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_RAW_KEY_DATA rawkey;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_CLASS class = KMF_ASYM_PRI;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numkeys = 1;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kstype == KMF_KEYSTORE_PK11TOKEN) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = select_token(kmfhandle, token_spec, FALSE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * First, set up to read the keyfile using the FILE plugin
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * mechanisms.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &fileks, sizeof (fileks));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &numkeys, sizeof (numkeys));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_HANDLE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &key, sizeof (key));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_RAW_KEY_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &rawkey, sizeof (rawkey));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYCLASS_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &class, sizeof (class));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_FILENAME_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_find_key(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (cred != NULL && cred->credlen > 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (label != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYLABEL_ATTR, label, strlen(label));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_RAW_KEY_ATTR, &rawkey, sizeof (rawkey));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_store_key(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv == KMF_OK) {
46d33f7eb2dfb8bdd702b0d0605ce8c741b50f9dwyllys (void) printf(gettext("Importing %d keys\n"), numkeys);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_kmf_key(kmfhandle, &key);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_raw_key(&rawkey);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("Failed to load key from file (%s)\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysstatic KMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_import_rawkey(KMF_HANDLE_T kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype, char *token,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL *cred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *filename, char *label, KMF_KEY_ALG keyAlg,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *senstr, char *extstr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys uint32_t keylen;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys boolean_t sensitive = B_FALSE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys boolean_t not_extractable = B_FALSE;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO KMF_DATA keydata = { 0, NULL };
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_HANDLE rawkey;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_read_input_file(kmfhandle, filename, &keydata);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = select_token(kmfhandle, token, FALSE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (senstr != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (tolower(senstr[0]) == 'y')
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sensitive = B_TRUE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys else if (tolower(senstr[0]) == 'n')
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sensitive = B_FALSE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("Incorrect sensitive option value.\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (KMF_ERR_BAD_PARAMETER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (extstr != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (tolower(extstr[0]) == 'y')
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys not_extractable = B_FALSE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys else if (tolower(extstr[0]) == 'n')
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys not_extractable = B_TRUE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("Incorrect extractable option value.\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (KMF_ERR_BAD_PARAMETER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_HANDLE_ATTR, &rawkey, sizeof (rawkey));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYALG_ATTR, &keyAlg, sizeof (KMF_KEY_ALG));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_DATA_ATTR, keydata.Data, keydata.Length);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* Key length is given in bits not bytes */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keylen = keydata.Length * 8;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYLENGTH_ATTR, &keylen, sizeof (keydata.Length));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_SENSITIVE_BOOL_ATTR, &sensitive, sizeof (sensitive));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_NON_EXTRACTABLE_BOOL_ATTR, &not_extractable,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (not_extractable));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (label != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYLABEL_ATTR, label, strlen(label));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (cred != NULL && cred->credlen > 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, cred, sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_create_sym_key(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Import objects from into KMF repositories.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinakint
7711facfe58561dd91d6ece0f5f41150c3956c83dinakpk_import(int argc, char *argv[])
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak int opt;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak extern int optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak extern char *optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak char *token_spec = NULL;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak char *filename = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *keyfile = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *certfile = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *crlfile = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *label = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *dir = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *prefix = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *trustflags = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *verify_crl = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *keytype = "generic";
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *senstr = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *extstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys boolean_t verify_crl_flag = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int oclass = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_KEYSTORE_TYPE kstype = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ENCODE_FORMAT kfmt = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ENCODE_FORMAT okfmt = KMF_FORMAT_ASN1;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CREDENTIAL pk12cred = { NULL, 0 };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CREDENTIAL tokencred = { NULL, 0 };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE_T kmfhandle = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_ALG keyAlg = KMF_GENERIC_SECRET;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak /* Parse command line options. Do NOT i18n/l10n. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while ((opt = getopt_av(argc, argv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "T:(token)i:(infile)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "k:(keystore)y:(objtype)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "d:(dir)p:(prefix)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "n:(certlabel)N:(label)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "K:(outkey)c:(outcert)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "v:(verifycrl)l:(outcrl)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "E:(keytype)s:(sensitive)x:(extractable)"
448b8615fe9e8af757530284920a235430ead7e8wyllys "t:(trust)F:(outformat)")) != EOF) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (EMPTYSTRING(optarg_av))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak switch (opt) {
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak case 'T': /* token specifier */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak if (token_spec)
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak token_spec = optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'c': /* output cert file name */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (certfile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certfile = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'l': /* output CRL file name */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (crlfile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys crlfile = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'K': /* output key file name */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (keyfile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys keyfile = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak case 'i': /* input file name */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak if (filename)
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak filename = optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'k':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kstype = KS2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'y':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys oclass = OT2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass == -1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'd':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys dir = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'p':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (prefix)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys prefix = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'n':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'N':
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (label)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys label = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'F':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys okfmt = Str2Format(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (okfmt == KMF_FORMAT_UNDEF)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 't':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (trustflags)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys trustflags = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'v':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys verify_crl = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (tolower(verify_crl[0]) == 'y')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys verify_crl_flag = B_TRUE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (tolower(verify_crl[0]) == 'n')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys verify_crl_flag = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys case 'E':
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keytype = optarg_av;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys break;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys case 's':
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (senstr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (PK_ERR_USAGE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys senstr = optarg_av;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys break;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys case 'x':
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (extstr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (PK_ERR_USAGE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys extstr = optarg_av;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys break;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak default:
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak return (PK_ERR_USAGE);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak }
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak }
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Assume keystore = PKCS#11 if not specified */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kstype = KMF_KEYSTORE_PK11TOKEN;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak /* Filename arg is required. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (EMPTYSTRING(filename)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("The 'infile' parameter"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "is required for the import operation.\n"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak /* No additional args allowed. */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak argc -= optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak argv += optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak if (argc)
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
577f4726f2ea5aeaa2cf3dd65aca52869834b137wyllys DIR_OPTION_CHECK(kstype, dir);
577f4726f2ea5aeaa2cf3dd65aca52869834b137wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((oclass & (PK_PUBLIC_OBJ | PK_PRIVATE_OBJ)) &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype != KMF_KEYSTORE_PK11TOKEN) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stderr, gettext("The objtype parameter "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "is only relevant if keystore=pkcs11\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You must specify a certlabel (cert label) when importing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * into NSS or PKCS#11.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_NSS &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (oclass != PK_CRL_OBJ) && EMPTYSTRING(label)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("The 'label' argument "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "is required for this operation\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_get_file_format(filename, &kfmt)) != KMF_OK) {
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll char *kmferrstr = NULL;
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll KMF_RETURN rv2;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Allow for raw key data to be imported.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv == KMF_ERR_ENCODING) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kfmt = KMF_FORMAT_RAWKEY;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Set the object class only if it was not
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * given on the command line or if it was
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * specified as a symmetric key object.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (oclass == 0 || (oclass & PK_SYMKEY_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys oclass = PK_SYMKEY_OBJ;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cryptoerror(LOG_STDERR, gettext(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "The input file does not contain the "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "object type indicated on command "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "line."));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (KMF_ERR_BAD_PARAMETER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else {
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll if (rv == KMF_ERR_OPEN_FILE) {
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll cryptoerror(LOG_STDERR,
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll gettext("Cannot open file (%s)\n."),
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll filename);
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll } else {
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll rv2 = kmf_get_kmf_error_str(rv, &kmferrstr);
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll if (rv2 == KMF_OK && kmferrstr) {
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll cryptoerror(LOG_STDERR,
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll gettext("libkmf error: %s"),
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll kmferrstr);
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll kmf_free_str(kmferrstr);
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll }
592106a23e99a1790d339bab84de7fa3474964a4Wyllys Ingersoll }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* Check parameters for raw key import operation */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kfmt == KMF_FORMAT_RAWKEY) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (keytype != NULL &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys Str2SymKeyType(keytype, &keyAlg) != 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("Unrecognized keytype(%s).\n"), keytype);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (PK_ERR_USAGE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (senstr != NULL && extstr != NULL &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype != KMF_KEYSTORE_PK11TOKEN) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("The sensitive or extractable option "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "applies only when importing a key from a file "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "into a PKCS#11 keystore.\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (PK_ERR_USAGE);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* If no objtype was given, treat it as a certificate */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass == 0 && (kfmt == KMF_FORMAT_ASN1 ||
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kfmt == KMF_FORMAT_PEM))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys oclass = PK_CERT_OBJ;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_NSS) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass == PK_CRL_OBJ &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (kfmt != KMF_FORMAT_ASN1 && kfmt != KMF_FORMAT_PEM)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "CRL data can only be imported as DER or "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "PEM format"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass == PK_CERT_OBJ &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (kfmt != KMF_FORMAT_ASN1 && kfmt != KMF_FORMAT_PEM)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "Certificates can only be imported as DER or "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "PEM format"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* we do not import private keys except in PKCS12 bundles */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & (PK_PRIVATE_OBJ | PK_PRIKEY_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "Private key data can only be imported as part "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "of a PKCS12 file.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_OPENSSL && oclass != PK_CRL_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (EMPTYSTRING(keyfile) || EMPTYSTRING(certfile)) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak cryptoerror(LOG_STDERR, gettext(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "The 'outkey' and 'outcert' parameters "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "are required for the import operation "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "when the 'file' keystore is used.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN && EMPTYSTRING(token_spec))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys token_spec = PK_DEFAULT_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (kstype == KMF_KEYSTORE_NSS && EMPTYSTRING(token_spec))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys token_spec = DEFAULT_NSS_TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kfmt == KMF_FORMAT_PKCS12) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) get_pk12_password(&pk12cred);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((kfmt == KMF_FORMAT_PKCS12 || kfmt == KMF_FORMAT_RAWKEY ||
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (kfmt == KMF_FORMAT_PEM && (oclass & PK_KEY_OBJ))) &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (kstype == KMF_KEYSTORE_PK11TOKEN || kstype == KMF_KEYSTORE_NSS)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) get_token_password(kstype, token_spec, &tokencred);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("Error initializing "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "KMF: 0x%02x\n"), rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys switch (kstype) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_KEYSTORE_PK11TOKEN:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kfmt == KMF_FORMAT_PKCS12)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_pk12_pk11(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, &pk12cred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &tokencred, label,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys token_spec, filename);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (oclass == PK_CERT_OBJ)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_cert(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys label, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys NULL, NULL, NULL);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (oclass == PK_CRL_OBJ)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_file_crl(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, filename,
448b8615fe9e8af757530284920a235430ead7e8wyllys crlfile, okfmt);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys else if (kfmt == KMF_FORMAT_RAWKEY &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys oclass == PK_SYMKEY_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_import_rawkey(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype, token_spec, &tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, label,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyAlg, senstr, extstr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else if (kfmt == KMF_FORMAT_PEM ||
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kfmt == KMF_FORMAT_PEM_KEYPAIR) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_import_keys(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype, token_spec, &tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, label, senstr, extstr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = PK_ERR_USAGE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_KEYSTORE_NSS:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (dir == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys dir = PK_DEFAULT_DIRECTORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kfmt == KMF_FORMAT_PKCS12)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_pk12_nss(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, &pk12cred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys token_spec, dir, prefix,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys label, trustflags, filename);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (oclass == PK_CERT_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_cert(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys label, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, dir, prefix, trustflags);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (oclass == PK_CRL_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_nss_crl(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, verify_crl_flag,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, dir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_KEYSTORE_OPENSSL:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kfmt == KMF_FORMAT_PKCS12)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_pk12_files(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, &pk12cred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, certfile, keyfile,
448b8615fe9e8af757530284920a235430ead7e8wyllys okfmt);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (oclass == PK_CRL_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = pk_import_file_crl(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfhandle, filename,
448b8615fe9e8af757530284920a235430ead7e8wyllys crlfile, okfmt);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * It doesn't make sense to import anything
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * else for the files plugin.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = PK_ERR_USAGE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys display_error(kmfhandle, rv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("Error importing objects"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (tokencred.cred != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(tokencred.cred);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (pk12cred.cred != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(pk12cred.cred);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) kmf_finalize(kmfhandle);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (0);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}