import.c revision 99ebb4ca412cb0a19d77a3899a87c055b9c30fa8
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file implements the import operation for this tool.
* The basic flow of the process is to decrypt the PKCS#12
* input file if it has a password, parse the elements in
* the file, find the soft token, log into it, import the
* PKCS#11 objects into the soft token, and log out.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include "common.h"
#include <kmfapi.h>
static KMF_RETURN
{
int ncerts = 0;
int nkeys = 0;
int i;
}
char newcertfile[MAXPATHLEN];
/*
* If storing more than 1 cert, gotta change
* the name so we don't overwrite the previous one.
* Just append a _# to the name.
*/
if (i > 0) {
(void) snprintf(newcertfile,
sizeof (newcertfile),
"%s_%d", certfile, i);
} else {
}
}
}
char newkeyfile[MAXPATHLEN];
/* The order of certificates and keys should match */
if (i > 0) {
(void) snprintf(newkeyfile,
sizeof (newkeyfile),
"%s_%d", keyfile, i);
} else {
}
&keys[i]);
}
}
/*
* Cleanup memory.
*/
if (certs) {
for (i = 0; i < ncerts; i++)
KMF_FreeData(&certs[i]);
}
if (keys) {
for (i = 0; i < nkeys; i++)
KMF_FreeRawKey(&keys[i]);
}
return (rv);
}
static KMF_RETURN
{
int ncerts = 0;
int nkeys = 0;
int i;
return (rv);
if (i == 0)
else
}
gettext("Error storing certificate "
"in PKCS11 token"));
}
}
/* The order of certificates and keys should match */
for (i = 0; i < nkeys; i++) {
sizeof (KMF_STOREKEY_PARAMS));
}
}
/*
* Cleanup memory.
*/
if (certs) {
for (i = 0; i < ncerts; i++)
KMF_FreeData(&certs[i]);
}
if (keys) {
for (i = 0; i < nkeys; i++)
KMF_FreeRawKey(&keys[i]);
}
return (rv);
}
static KMF_RETURN
{
if (kstype == KMF_KEYSTORE_PK11TOKEN) {
return (rv);
}
}
if (kstype == KMF_KEYSTORE_NSS) {
return (rv);
}
return (rv);
}
static KMF_RETURN
pk_import_file_crl(void *kmfhandle,
char *infile,
char *outfile,
char *outdir,
{
}
static KMF_RETURN
pk_import_nss_crl(void *kmfhandle,
char *infile,
char *outdir,
char *prefix)
{
return (rv);
}
static KMF_RETURN
char *label, char *token_spec,
char *filename)
{
int ncerts = 0;
int nkeys = 0;
int i;
return (rv);
}
/* The order of certificates and keys should match */
for (i = 0; i < nkeys; i++) {
sizeof (KMF_STOREKEY_PARAMS));
if (i == 0)
else
&keys[i]);
}
}
if (i == 0)
else
}
}
/*
* Cleanup memory.
*/
if (certs) {
for (i = 0; i < ncerts; i++)
KMF_FreeData(&certs[i]);
}
if (keys) {
for (i = 0; i < nkeys; i++)
KMF_FreeRawKey(&keys[i]);
}
return (rv);
}
/*
* Import objects from into KMF repositories.
*/
int
{
int opt;
extern int optind_av;
extern char *optarg_av;
char *token_spec = NULL;
char *trustflags = NULL;
char *verify_crl = NULL;
int oclass = 0;
KMF_KEYSTORE_TYPE kstype = 0;
KMF_ENCODE_FORMAT kfmt = 0;
"T:(token)i:(infile)"
"k:(keystore)y:(objtype)"
"d:(dir)p:(prefix)"
"n:(certlabel)N:(label)"
"K:(outkey)c:(outcert)"
"v:(verifycrl)l:(outcrl)"
"t:(trust)D:(keydir)F:(outformat)")) != EOF) {
if (EMPTYSTRING(optarg_av))
return (PK_ERR_USAGE);
switch (opt) {
case 'T': /* token specifier */
if (token_spec)
return (PK_ERR_USAGE);
break;
case 'c': /* output cert file name */
if (certfile)
return (PK_ERR_USAGE);
break;
case 'l': /* output CRL file name */
if (crlfile)
return (PK_ERR_USAGE);
break;
case 'K': /* output key file name */
if (keyfile)
return (PK_ERR_USAGE);
break;
case 'i': /* input file name */
if (filename)
return (PK_ERR_USAGE);
break;
case 'k':
if (kstype == 0)
return (PK_ERR_USAGE);
break;
case 'y':
if (oclass == -1)
return (PK_ERR_USAGE);
break;
case 'd':
break;
case 'D':
break;
case 'p':
if (prefix)
return (PK_ERR_USAGE);
break;
case 'n':
case 'N':
if (certlabel)
return (PK_ERR_USAGE);
break;
case 'F':
if (okfmt == KMF_FORMAT_UNDEF)
return (PK_ERR_USAGE);
break;
case 't':
if (trustflags)
return (PK_ERR_USAGE);
break;
case 'v':
else
return (PK_ERR_USAGE);
break;
default:
return (PK_ERR_USAGE);
break;
}
}
/* Assume keystore = PKCS#11 if not specified */
if (kstype == 0)
/* Filename arg is required. */
if (EMPTYSTRING(filename)) {
"is required for the import operation.\n"));
return (PK_ERR_USAGE);
}
/* No additional args allowed. */
if (argc)
return (PK_ERR_USAGE);
/* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
kstype != KMF_KEYSTORE_PK11TOKEN) {
"is only relevant if keystore=pkcs11\n"));
return (PK_ERR_USAGE);
}
/*
* You must specify a certlabel (cert label) when importing
* into NSS or PKCS#11.
*/
if (kstype == KMF_KEYSTORE_NSS &&
"is required for this operation\n"));
return (PK_ERR_USAGE);
}
/*
*/
if (kstype == KMF_KEYSTORE_PK11TOKEN) {
/* we do not import private keys except in PKCS12 bundles */
"The PKCS11 keystore only imports PKCS12 "
"files or raw certificate data files "
" or CRL file.\n"));
return (PK_ERR_USAGE);
}
}
gettext("File format not recognized."));
return (rv);
}
kfmt == KMF_FORMAT_PEM))
if (kstype == KMF_KEYSTORE_NSS) {
if (oclass == PK_CRL_OBJ &&
"CRL data can only be imported as DER or "
"PEM format"));
return (PK_ERR_USAGE);
}
if (oclass == PK_CERT_OBJ &&
"Certificates can only be imported as DER or "
"PEM format"));
return (PK_ERR_USAGE);
}
/* we do not import private keys except in PKCS12 bundles */
"Private key data can only be imported as part "
"of a PKCS12 file.\n"));
return (PK_ERR_USAGE);
}
}
"The 'outkey' and 'outcert' parameters "
"are required for the import operation "
"when the 'file' keystore is used.\n"));
return (PK_ERR_USAGE);
}
}
if (kfmt == KMF_FORMAT_PKCS12) {
(void) get_pk12_password(&pk12cred);
if (kstype == KMF_KEYSTORE_PK11TOKEN ||
&tokencred);
}
"KMF: 0x%02x\n"), rv);
goto end;
}
switch (kstype) {
case KMF_KEYSTORE_PK11TOKEN:
if (kfmt == KMF_FORMAT_PKCS12)
&pk12cred,
filename);
else if (oclass == PK_CERT_OBJ)
rv = pk_import_cert(
else if (oclass == PK_CRL_OBJ)
dir,
okfmt);
break;
case KMF_KEYSTORE_NSS:
if (kfmt == KMF_FORMAT_PKCS12)
else if (oclass == PK_CERT_OBJ) {
rv = pk_import_cert(
} else if (oclass == PK_CRL_OBJ) {
dir,
prefix);
}
break;
case KMF_KEYSTORE_OPENSSL:
if (kfmt == KMF_FORMAT_PKCS12)
else if (oclass == PK_CRL_OBJ) {
dir,
okfmt);
} else
/*
* It doesn't make sense to import anything
* else for the files plugin.
*/
return (PK_ERR_USAGE);
break;
default:
rv = PK_ERR_USAGE;
break;
}
end:
gettext("Error importing objects"));
(void) KMF_Finalize(kmfhandle);
return (PK_ERR_USAGE);
return (0);
}