7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER START
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * or http://www.opensolaris.org/os/licensing.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * See the License for the specific language governing permissions
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and limitations under the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * When distributing Covered Code, include this CDDL HEADER in each
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * If applicable, add the following below this CDDL HEADER, with the
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * fields enclosed by brackets "[]" replaced with your own identifying
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * information: Portions Copyright [yyyy] [name of copyright owner]
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER END
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
f2e5cf43165f583e4a435785d96ecfefa15539d1Wyllys Ingersoll * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
33f5ff17089e3a43e6e730bf80384c233123dbd9Milan Jurik * Copyright 2012 Milan Jurik. All rights reserved.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * This file implements the token object list operation for this tool.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * It loads the PKCS#11 modules, finds the object to list, lists it,
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and cleans up. User must be logged into the token to list private
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * objects.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <stdio.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <errno.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <string.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <cryptoutil.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <security/cryptoki.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include "common.h"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapi.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic void
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_show_certs(KMF_HANDLE_T kmfhandle, KMF_X509_DER_CERT *certs, int num_certs)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *subject, *issuer, *serial, *id, *altname;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *start, *end, *keyusage, *extkeyusage;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < num_certs; i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys subject = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys issuer = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serial = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys id = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys altname = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys start = end = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyusage = extkeyusage = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("%d. (X.509 certificate)\n"), i + 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (certs[i].kmf_private.label != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, gettext("\t%s: %s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (certs[i].kmf_private.keystore_type ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_OPENSSL ? "Filename" : "Label"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys certs[i].kmf_private.label);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_id_str(&certs[i].certificate,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &id) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, gettext("\tID: %s\n"), id);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_subject_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, &subject) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, gettext("\tSubject: %s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys subject);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_issuer_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, &issuer) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, gettext("\tIssuer: %s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys issuer);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_start_date_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, &start) == KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout, gettext("\tNot Before: %s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys start);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_end_date_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, &end) == KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout, gettext("\tNot After: %s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys end);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_serial_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, &serial) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, gettext("\tSerial: %s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys serial);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_extn_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, KMF_X509_EXT_SUBJ_ALTNAME,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &altname) == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, gettext("\t%s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys altname);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_extn_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, KMF_X509_EXT_KEY_USAGE,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &keyusage) == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout, gettext("\t%s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyusage);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_cert_extn_str(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &certs[i].certificate, KMF_X509_EXT_EXT_KEY_USAGE,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &extkeyusage) == KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout, gettext("\t%s\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys extkeyusage);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(subject);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(issuer);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(serial);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(id);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(altname);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(keyusage);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(extkeyusage);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(start);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_str(end);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, "\n");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic char *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysdescribeKey(KMF_KEY_HANDLE *key)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (key->keyclass == KMF_ASYM_PUB) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (key->keyalg == KMF_RSA)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("RSA public key"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (key->keyalg == KMF_DSA)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("DSA public key"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (key->keyalg == KMF_ECDSA)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll return (gettext("ECDSA public key"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (key->keyclass == KMF_ASYM_PRI) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (key->keyalg == KMF_RSA)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll return (gettext("RSA private key"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (key->keyalg == KMF_DSA)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll return (gettext("DSA private key"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (key->keyalg == KMF_ECDSA)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll return (gettext("ECDSA private key"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (key->keyclass == KMF_SYMMETRIC) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys switch (key->keyalg) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_AES:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("AES"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_RC4:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("ARCFOUR"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_DES:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("DES"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_DES3:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("Triple-DES"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("symmetric"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (gettext("unrecognized key object"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic void
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_show_keys(void *handle, KMF_KEY_HANDLE *keys, int numkeys)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numkeys; i++) {
69648175ab3df6ed66211c75234243dbdf9ddd35hylee (void) fprintf(stdout, gettext("Key #%d - %s: %s"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i+1, describeKey(&keys[i]),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keys[i].keylabel ? keys[i].keylabel :
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("No label"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (keys[i].keyclass == KMF_SYMMETRIC) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RAW_SYM_KEY rkey;
69648175ab3df6ed66211c75234243dbdf9ddd35hylee
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) memset(&rkey, 0, sizeof (rkey));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_sym_key_value(handle, &keys[i],
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
69648175ab3df6ed66211c75234243dbdf9ddd35hylee (void) fprintf(stdout, " (%d bits)",
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rkey.keydata.len * 8);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_bigint(&rkey.keydata);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else if (keys[i].kstype == KMF_KEYSTORE_PK11TOKEN) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv == KMF_ERR_SENSITIVE_KEY) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout, " (sensitive)");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else if (rv == KMF_ERR_UNEXTRACTABLE_KEY) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys " (non-extractable)");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *err = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmf_get_kmf_error_str(rv, &err) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys " (error: %s)", err);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (err != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys free(err);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stdout, "\n");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Generic routine used by all "list cert" operations to find
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * all matching certificates.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_find_certs(KMF_HANDLE_T kmfhandle, KMF_ATTRIBUTE *attrlist, int numattr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_X509_DER_CERT *certlist = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys uint32_t numcerts = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, NULL);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &numcerts, sizeof (uint32_t));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_find_cert(kmfhandle, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && numcerts > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf(gettext("Found %d certificates.\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numcerts);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys certlist = (KMF_X509_DER_CERT *)malloc(numcerts *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_X509_DER_CERT));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (certlist == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(certlist, 0, numcerts *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_X509_DER_CERT));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_X509_DER_CERT_ATTR, certlist,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_X509_DER_CERT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_find_cert(kmfhandle, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) pk_show_certs(kmfhandle, certlist,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numcerts);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numcerts; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_kmf_cert(kmfhandle, &certlist[i]);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(certlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_ERR_CERT_NOT_FOUND &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype != KMF_KEYSTORE_OPENSSL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_OK;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
2cbed7292737821015ab481353eb10e8346b2c05wyllyspk_list_keys(void *handle, KMF_ATTRIBUTE *attrlist, int numattr, char *label)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_KEY_HANDLE *keys;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys uint32_t numkeys = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, NULL);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (rv);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &numkeys, sizeof (uint32_t));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_find_key(handle, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && numkeys > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
2cbed7292737821015ab481353eb10e8346b2c05wyllys (void) printf(gettext("Found %d %s keys.\n"),
2cbed7292737821015ab481353eb10e8346b2c05wyllys numkeys, label);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys keys = (KMF_KEY_HANDLE *)malloc(numkeys *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_KEY_HANDLE));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (keys == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(keys, 0, numkeys *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_HANDLE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keys, sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_find_key(handle, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys pk_show_keys(handle, keys, numkeys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numkeys; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_kmf_key(handle, &keys[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(keys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_ERR_KEY_NOT_FOUND &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype != KMF_KEYSTORE_OPENSSL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_OK;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyslist_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *objlabel, KMF_BIGINT *serial, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *dir, char *filename, KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CERT_VALIDITY find_criteria_flag)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys KMF_ATTRIBUTE attrlist[18];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys boolean_t token_bool = B_TRUE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys boolean_t private = B_FALSE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_CLASS keyclass;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT format;
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys int auth = 0;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO KMF_CREDENTIAL cred = { NULL, 0 };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /*
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * Symmetric keys and RSA/DSA/ECDSA private keys are always
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * created with the "CKA_PRIVATE" field == TRUE, so
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * make sure we search for them with it also set.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & (PK_SYMKEY_OBJ | PK_PRIKEY_OBJ))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys oclass |= PK_PRIVATE_OBJ;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = select_token(kmfhandle, token,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys !(oclass & (PK_PRIVATE_OBJ | PK_PRIKEY_OBJ)));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys rv = token_auth_needed(kmfhandle, token, &auth);
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (rv != KMF_OK)
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys return (rv);
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (tokencred != NULL)
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys cred = *tokencred;
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & (PK_KEY_OBJ | PK_PRIVATE_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (objlabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYLABEL_ATTR, objlabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(objlabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys private = ((oclass & PK_PRIVATE_OBJ) > 0);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_PRIVATE_BOOL_ATTR, &private,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (private));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_TOKEN_BOOL_ATTR, &token_bool,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (token_bool));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_PRIKEY_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_ASYM_PRI;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (tokencred != NULL &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys tokencred->credlen > 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* list asymmetric private keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num,
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric private");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && (oclass & PK_SYMKEY_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_SYMMETRIC;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (tokencred != NULL &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys tokencred->credlen > 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys format = KMF_FORMAT_RAWKEY;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT_ATTR, &format,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (format));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* list symmetric keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num,
2cbed7292737821015ab481353eb10e8346b2c05wyllys "symmetric");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && (oclass & PK_PUBKEY_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (auth > 0 && (tokencred == NULL ||
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys tokencred->cred == NULL) &&
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys (cred.cred == NULL)) {
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys (void) get_token_password(kstype, token, &cred);
f2e5cf43165f583e4a435785d96ecfefa15539d1Wyllys Ingersoll kmf_set_attr_at_index(attrlist, num,
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys KMF_CREDENTIAL_ATTR,
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys &cred, sizeof (KMF_CREDENTIAL));
f2e5cf43165f583e4a435785d96ecfefa15539d1Wyllys Ingersoll num++;
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys }
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys
4ba70ed0e487727de98a6297bc6d0a827001a390wyllys private = B_FALSE;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_ASYM_PUB;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* list asymmetric public keys (if any) */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num,
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric public");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & (PK_CERT_OBJ | PK_PUBLIC_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (auth > 0 && (cred.cred == NULL)) {
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys (void) get_token_password(kstype, token, &cred);
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys }
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (cred.cred != NULL) {
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys kmf_set_attr_at_index(attrlist, numattr,
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys KMF_CREDENTIAL_ATTR,
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys &cred, sizeof (KMF_CREDENTIAL));
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys numattr++;
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (objlabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_LABEL_ATTR, objlabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(objlabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ISSUER_NAME_ATTR, issuer,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_SUBJECT_NAME_ATTR, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys if (serial != NULL && serial->val != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_BIGINT_ATTR, serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_PRIVATE_BOOL_ATTR, &private,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (private));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_VALIDITY_ATTR, &find_criteria_flag,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CERT_VALIDITY));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_find_certs(kmfhandle, attrlist, numattr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype = KMF_KEYSTORE_OPENSSL; /* CRL is file-based */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_CRL_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *crldata = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (dir != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_DIRPATH_ATTR, dir, strlen(dir));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (filename != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CRL_FILENAME_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_DATA_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &crldata, sizeof (char *));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_list_crl(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv == KMF_OK && crldata != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf("%s\n", crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic int
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyslist_file_objects(KMF_HANDLE_T kmfhandle, int oclass,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *dir, char *filename, KMF_BIGINT *serial,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CERT_VALIDITY find_criteria_flag)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_CLASS keyclass;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT format;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *defaultdir = ".";
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_KEY_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (dir == NULL && filename == NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys dir = defaultdir;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (dir != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_DIRPATH_ATTR, dir,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(dir));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (filename != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_FILENAME_ATTR, filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_PRIKEY_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_ASYM_PRI;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list asymmetric private keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num,
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric private");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_ERR_KEY_NOT_FOUND)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_OK;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && (oclass & PK_SYMKEY_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_SYMMETRIC;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys format = KMF_FORMAT_RAWKEY;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT_ATTR, &format,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (format));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list symmetric keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num,
2cbed7292737821015ab481353eb10e8346b2c05wyllys "symmetric");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_ERR_KEY_NOT_FOUND)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_CERT_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ISSUER_NAME_ATTR, issuer,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_SUBJECT_NAME_ATTR, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys if (serial != NULL && serial->val != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_BIGINT_ATTR, serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (filename != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_FILENAME_ATTR, filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (dir != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_DIRPATH_ATTR, dir,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(dir));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_VALIDITY_ATTR, &find_criteria_flag,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CERT_VALIDITY));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_find_certs(kmfhandle, attrlist, numattr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_CRL_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys char *crldata = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (dir != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_DIRPATH_ATTR, dir, strlen(dir));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (filename != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CRL_FILENAME_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys filename, strlen(filename));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_DATA_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &crldata, sizeof (char *));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_list_crl(kmfhandle, numattr, attrlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (rv == KMF_OK && crldata != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf("%s\n", crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(crldata);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic int
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyslist_nss_objects(KMF_HANDLE_T kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int oclass, char *token_spec, char *dir, char *prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *nickname, KMF_BIGINT *serial, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CERT_VALIDITY find_criteria_flag)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int numattr = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attrlist[16];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEY_CLASS keyclass;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT format;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = configure_nss(kmfhandle, dir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_KEY_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (tokencred != NULL && tokencred->credlen > 0) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CREDENTIAL_ATTR, tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (token_spec && strlen(token_spec)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_TOKEN_LABEL_ATTR, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (nickname != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYLABEL_ATTR, nickname,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(nickname));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass & PK_PRIKEY_OBJ) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_ASYM_PRI;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list asymmetric private keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num,
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric private");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && (oclass & PK_SYMKEY_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_SYMMETRIC;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys format = KMF_FORMAT_RAWKEY;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ENCODE_FORMAT_ATTR, &format,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (format));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list symmetric keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num, "symmetric");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && (oclass & PK_PUBKEY_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys int num = numattr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys keyclass = KMF_ASYM_PUB;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, num,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYCLASS_ATTR, &keyclass,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (keyclass));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys num++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list asymmetric public keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num,
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric public");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* If searching for public objects or certificates, find certs now */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && (oclass & PK_CERT_OBJ)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_KEYSTORE_TYPE_ATTR, &kstype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (nickname != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_LABEL_ATTR, nickname,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(nickname));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (issuer != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ISSUER_NAME_ATTR, issuer,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(issuer));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (subject != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_SUBJECT_NAME_ATTR, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(subject));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (serial != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_BIGINT_ATTR, serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_BIGINT));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (token_spec != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_TOKEN_LABEL_ATTR, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CERT_VALIDITY_ATTR, &find_criteria_flag,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys sizeof (KMF_CERT_VALIDITY));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = pk_find_certs(kmfhandle, attrlist, numattr);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK && (oclass & PK_CRL_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int numcrls;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (token_spec != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_TOKEN_LABEL_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys token_spec, strlen(token_spec));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &numcrls, sizeof (int));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_find_crl(kmfhandle, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char **p;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (numcrls == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf(gettext("No CRLs found in "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "NSS keystore.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys p = malloc(numcrls * sizeof (char *));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (p == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(p, 0, numcrls * sizeof (char *));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CRL_NAMELIST_ATTR, p, sizeof (char *));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys numattr++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_find_crl(kmfhandle, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numcrls; i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf("%d. Name = %s\n",
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i + 1, p[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(p[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(p);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * List token object.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinakint
7711facfe58561dd91d6ece0f5f41150c3956c83dinakpk_list(int argc, char *argv[])
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
7711facfe58561dd91d6ece0f5f41150c3956c83dinak int opt;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak extern int optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak extern char *optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak char *token_spec = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *subject = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *issuer = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *dir = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *prefix = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *filename = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *serstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_BIGINT serial = { NULL, 0 };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *list_label = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int oclass = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_KEYSTORE_TYPE kstype = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_HANDLE_T kmfhandle = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *find_criteria = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CERT_VALIDITY find_criteria_flag = KMF_ALL_CERTS;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO KMF_CREDENTIAL tokencred = { NULL, 0 };
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak /* Parse command line options. Do NOT i18n/l10n. */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak while ((opt = getopt_av(argc, argv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "k:(keystore)t:(objtype)T:(token)d:(dir)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "p:(prefix)n:(nickname)S:(serial)s:(subject)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "c:(criteria)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "i:(issuer)l:(label)f:(infile)")) != EOF) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (EMPTYSTRING(optarg_av))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak switch (opt) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'k':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype != 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kstype = KS2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 't':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass != 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys oclass = OT2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (oclass == -1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 's':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (subject)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys subject = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'i':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (issuer)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys issuer = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'd':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (dir)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys dir = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'p':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (prefix)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys prefix = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'S':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serstr = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'f':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (filename)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys filename = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'T': /* token specifier */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (token_spec)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys token_spec = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'n':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'l': /* object with specific label */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (list_label)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys list_label = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case 'c':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys find_criteria = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (!strcasecmp(find_criteria, "valid"))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys find_criteria_flag =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_NONEXPIRED_CERTS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (!strcasecmp(find_criteria, "expired"))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys find_criteria_flag = KMF_EXPIRED_CERTS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else if (!strcasecmp(find_criteria, "both"))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys find_criteria_flag = KMF_ALL_CERTS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys default:
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* No additional args allowed. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys argc -= optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys argv += optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (argc)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Error message ? */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak }
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Assume keystore = PKCS#11 if not specified. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys kstype = KMF_KEYSTORE_PK11TOKEN;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((oclass & (PK_PUBLIC_OBJ | PK_PRIVATE_OBJ)) &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype != KMF_KEYSTORE_PK11TOKEN) {
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stderr, gettext("The objtype parameter "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "is only relevant if keystore=pkcs11\n"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN && EMPTYSTRING(token_spec)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys token_spec = PK_DEFAULT_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (kstype == KMF_KEYSTORE_NSS && EMPTYSTRING(token_spec)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys token_spec = DEFAULT_NSS_TOKEN;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (serstr != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys uchar_t *bytes = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys size_t bytelen;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_hexstr_to_bytes((uchar_t *)serstr, &bytes, &bytelen);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK || bytes == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stderr, gettext("serial number "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "must be specified as a hex number "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "(ex: 0x0102030405ffeeddee)\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serial.val = bytes;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys serial.len = bytelen;
2cbed7292737821015ab481353eb10e8346b2c05wyllys /* if objtype was not given, it must be for certs */
2cbed7292737821015ab481353eb10e8346b2c05wyllys if (oclass == 0)
2cbed7292737821015ab481353eb10e8346b2c05wyllys oclass = PK_CERT_OBJ;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
2cbed7292737821015ab481353eb10e8346b2c05wyllys if (oclass == 0 && (issuer != NULL || subject != NULL))
2cbed7292737821015ab481353eb10e8346b2c05wyllys oclass = PK_CERT_OBJ;
2cbed7292737821015ab481353eb10e8346b2c05wyllys
2cbed7292737821015ab481353eb10e8346b2c05wyllys /* If no object class specified, list public objects. */
2cbed7292737821015ab481353eb10e8346b2c05wyllys if (oclass == 0)
2cbed7292737821015ab481353eb10e8346b2c05wyllys oclass = PK_CERT_OBJ | PK_PUBKEY_OBJ;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((kstype == KMF_KEYSTORE_PK11TOKEN ||
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype == KMF_KEYSTORE_NSS) &&
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (oclass & (PK_PRIKEY_OBJ | PK_PRIVATE_OBJ))) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) get_token_password(kstype, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &tokencred);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = list_pk11_objects(kmfhandle, token_spec,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys oclass, list_label, &serial,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys issuer, subject, dir, filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &tokencred, find_criteria_flag);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (kstype == KMF_KEYSTORE_NSS) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (dir == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys dir = PK_DEFAULT_DIRECTORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = list_nss_objects(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys oclass, token_spec, dir, prefix,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys list_label, &serial, issuer, subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &tokencred, find_criteria_flag);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (kstype == KMF_KEYSTORE_OPENSSL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = list_file_objects(kmfhandle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys oclass, dir, filename,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &serial, issuer, subject, find_criteria_flag);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys display_error(kmfhandle, rv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys gettext("Error listing objects"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (serial.val != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(serial.val);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (tokencred.cred != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys free(tokencred.cred);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) kmf_finalize(kmfhandle);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}