cmd-crypto/pktool/list.c

	list.c revision 99ebb4ca412cb0a19d77a3899a87c055b9c30fa8
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER START
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * or http://www.opensolaris.org/os/licensing.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * See the License for the specific language governing permissions
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and limitations under the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * When distributing Covered Code, include this CDDL HEADER in each
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * If applicable, add the following below this CDDL HEADER, with the
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * fields enclosed by brackets "[]" replaced with your own identifying
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * information: Portions Copyright [yyyy] [name of copyright owner]
7711facfe58561dd91d6ece0f5f41150c3956c83dinak *
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER END
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * Use is subject to license terms.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#pragma ident   "%Z%%M% %I% %E% SMI"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * This file implements the token object list operation for this tool.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * It loads the PKCS#11 modules, finds the object to list, lists it,
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and cleans up.  User must be logged into the token to list private
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * objects.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <stdio.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <errno.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <string.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <cryptoutil.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include <security/cryptoki.h>
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#include "common.h"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapi.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic void
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_show_certs(KMF_HANDLE_T kmfhandle, KMF_X509_DER_CERT *certs, int num_certs)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *subject, *issuer, *serial, *id, *altname;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    for (i = 0; i < num_certs; i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        subject = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        issuer = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        serial = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        id = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        altname = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) fprintf(stdout,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            gettext("%d. (X.509 certificate)\n"), i + 1);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (certs[i].kmf_private.label != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stdout, gettext("\t%s: %s\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                (certs[i].kmf_private.keystore_type ==
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                KMF_KEYSTORE_OPENSSL ?  "Filename" : "Label"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                certs[i].kmf_private.label);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (KMF_GetCertIDString(&certs[i].certificate,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                &id) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stdout, gettext("\tID: %s\n"), id);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (KMF_GetCertSubjectNameString(kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &certs[i].certificate, &subject) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stdout, gettext("\tSubject: %s\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                subject);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (KMF_GetCertIssuerNameString(kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &certs[i].certificate, &issuer) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stdout, gettext("\tIssuer: %s\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                issuer);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (KMF_GetCertSerialNumberString(kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &certs[i].certificate, &serial) == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stdout, gettext("\tSerial: %s\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                serial);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (KMF_GetCertExtensionString(kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &certs[i].certificate, KMF_X509_EXT_SUBJ_ALTNAME,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &altname) == KMF_OK)  {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stdout, gettext("\t%s\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                altname);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FreeString(subject);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FreeString(issuer);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FreeString(serial);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FreeString(id);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FreeString(altname);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) fprintf(stdout, "\n");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic char *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysdescribeKey(KMF_KEY_HANDLE *key)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (key->keyclass == KMF_ASYM_PUB) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (key->keyalg == KMF_RSA)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (gettext("RSA public key"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (key->keyalg == KMF_DSA)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (gettext("DSA public key"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (key->keyclass == KMF_ASYM_PRI) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (key->keyalg == KMF_RSA)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return ("RSA private key");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (key->keyalg == KMF_DSA)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return ("DSA private key");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (key->keyclass == KMF_SYMMETRIC) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        switch (key->keyalg) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case KMF_AES:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (gettext("AES"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case KMF_RC4:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (gettext("ARCFOUR"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case KMF_DES:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (gettext("DES"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case KMF_DES3:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (gettext("Triple-DES"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (gettext("symmetric"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (gettext("unrecognized key object"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic char *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyskeybitstr(KMF_KEY_HANDLE *key)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RAW_SYM_KEY *rkey;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char keystr[256];
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *p;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (key == NULL || (key->keyclass != KMF_SYMMETRIC))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return ("");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rkey = (KMF_RAW_SYM_KEY *)key->keyp;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(keystr, 0, sizeof (keystr));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rkey != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) snprintf(keystr, sizeof (keystr),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            " (%d bits)", rkey->keydata.len * 8);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        p = keystr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return ("");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (p);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic void
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_show_keys(void *handle, KMF_KEY_HANDLE *keys, int numkeys)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    for (i = 0; i < numkeys; i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) fprintf(stdout, gettext("Key #%d - %s:  %s%s"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            i+1, describeKey(&keys[i]),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            keys[i].keylabel ? keys[i].keylabel :
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            gettext("No label"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (keys[i].keyclass == KMF_SYMMETRIC ?
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            keybitstr(&keys[i]) : ""));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (keys[i].keyclass == KMF_SYMMETRIC) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            KMF_RETURN rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            KMF_RAW_SYM_KEY rkey;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = KMF_GetSymKeyValue(handle, &keys[i],
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                &rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                (void) fprintf(stdout, "\t %d bits",
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    rkey.keydata.len * 8);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                KMF_FreeRawSymKey(&rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) fprintf(stdout, "\n");
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Generic routine used by all "list cert" operations to find
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * all matching certificates.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_find_certs(KMF_HANDLE_T kmfhandle, KMF_FINDCERT_PARAMS *params)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_DER_CERT *certlist = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    uint32_t numcerts = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    numcerts = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = KMF_FindCert(kmfhandle, params, NULL, &numcerts);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_OK && numcerts > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) printf(gettext("Found %d certificates.\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            numcerts);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        certlist = (KMF_X509_DER_CERT *)malloc(numcerts *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                sizeof (KMF_X509_DER_CERT));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (certlist == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(certlist, 0, numcerts *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            sizeof (KMF_X509_DER_CERT));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_FindCert(kmfhandle, params, certlist, &numcerts);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) pk_show_certs(kmfhandle, certlist,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                numcerts);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            for (i = 0; i < numcerts; i++)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                KMF_FreeKMFCert(kmfhandle, &certlist[i]);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(certlist);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_ERR_CERT_NOT_FOUND &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        params->kstype != KMF_KEYSTORE_OPENSSL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_OK;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_list_keys(void *handle, KMF_FINDKEY_PARAMS *parms)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEY_HANDLE *keys;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    uint32_t numkeys = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    numkeys = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = KMF_FindKey(handle, parms, NULL, &numkeys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_OK && numkeys > 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) printf(gettext("Found %d keys.\n"), numkeys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        keys = (KMF_KEY_HANDLE *)malloc(numkeys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                sizeof (KMF_KEY_HANDLE));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (keys == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(keys, 0, numkeys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            sizeof (KMF_KEY_HANDLE));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_FindKey(handle, parms, keys, &numkeys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            pk_show_keys(handle, keys, numkeys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        for (i = 0; i < numkeys; i++)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            KMF_FreeKMFKey(handle, &keys[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(keys);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_ERR_KEY_NOT_FOUND &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms->kstype != KMF_KEYSTORE_OPENSSL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_OK;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyslist_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *objlabel, KMF_BIGINT *serial, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *dir, char *filename, KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CERT_VALIDITY find_criteria_flag)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_LISTCRL_PARAMS lcrlargs;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Symmetric keys and RSA/DSA private keys are always
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * created with the "CKA_PRIVATE" field == TRUE, so
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * make sure we search for them with it also set.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & (PK_SYMKEY_OBJ | PK_PRIKEY_OBJ))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        oclass |= PK_PRIVATE_OBJ;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = select_token(kmfhandle, token,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        !(oclass & (PK_PRIVATE_OBJ | PK_PRIKEY_OBJ)));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & (PK_KEY_OBJ | PK_PRIVATE_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FINDKEY_PARAMS parms;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&parms, 0, sizeof (parms));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.kstype = KMF_KEYSTORE_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (oclass & PK_PRIKEY_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.keyclass = KMF_ASYM_PRI;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.findLabel = objlabel;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.cred = *tokencred;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.pkcs11parms.private =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ((oclass & PK_PRIVATE_OBJ) > 0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* list asymmetric private keys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = pk_list_keys(kmfhandle, &parms);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK && (oclass & PK_SYMKEY_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.keyclass = KMF_SYMMETRIC;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.findLabel = objlabel;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.cred = *tokencred;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.format = KMF_FORMAT_RAWKEY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.pkcs11parms.private =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ((oclass & PK_PRIVATE_OBJ) > 0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* list symmetric keys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = pk_list_keys(kmfhandle, &parms);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK && (oclass & PK_PUBKEY_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.keyclass = KMF_ASYM_PUB;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.findLabel = objlabel;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            parms.pkcs11parms.private =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                ((oclass & PK_PRIVATE_OBJ) > 0);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            /* list asymmetric public keys (if any) */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = pk_list_keys(kmfhandle, &parms);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & (PK_CERT_OBJ | PK_PUBLIC_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FINDCERT_PARAMS parms;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&parms, 0, sizeof (parms));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.kstype = KMF_KEYSTORE_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.certLabel = objlabel;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.issuer = issuer;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.subject = subject;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.serial = serial;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.pkcs11parms.private = FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        parms.find_cert_validity = find_criteria_flag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = pk_find_certs(kmfhandle, &parms);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & PK_CRL_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        char *crldata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&lcrlargs, 0, sizeof (lcrlargs));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        lcrlargs.kstype = KMF_KEYSTORE_OPENSSL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        lcrlargs.sslparms.dirpath = dir;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        lcrlargs.sslparms.crlfile = filename;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_ListCRL(kmfhandle, &lcrlargs, &crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) printf("%s\n", crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic int
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyslist_file_objects(KMF_HANDLE_T kmfhandle, int oclass,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *dir, char *filename, KMF_BIGINT *serial,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CERT_VALIDITY find_criteria_flag)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_FINDCERT_PARAMS fcargs;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_FINDKEY_PARAMS fkargs;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_LISTCRL_PARAMS lcrlargs;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & PK_KEY_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&fkargs, 0, sizeof (fkargs));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.kstype = KMF_KEYSTORE_OPENSSL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.sslparms.dirpath = dir;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.sslparms.keyfile = filename;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (oclass & PK_PRIKEY_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fkargs.keyclass = KMF_ASYM_PRI;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = pk_list_keys(kmfhandle, &fkargs);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_ERR_KEY_NOT_FOUND)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = KMF_OK;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK && (oclass & PK_SYMKEY_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fkargs.keyclass = KMF_SYMMETRIC;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            fkargs.format = KMF_FORMAT_RAWKEY;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = pk_list_keys(kmfhandle, &fkargs);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_ERR_KEY_NOT_FOUND)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & PK_CERT_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&fcargs, 0, sizeof (fcargs));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.kstype = KMF_KEYSTORE_OPENSSL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.certLabel = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.issuer = issuer;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.subject = subject;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.serial = serial;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.sslparms.dirpath = dir;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.sslparms.certfile = filename;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.find_cert_validity = find_criteria_flag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = pk_find_certs(kmfhandle, &fcargs);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & PK_CRL_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        char *crldata;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&lcrlargs, 0, sizeof (lcrlargs));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        lcrlargs.kstype = KMF_KEYSTORE_OPENSSL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        lcrlargs.sslparms.dirpath = dir;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        lcrlargs.sslparms.crlfile = filename;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_ListCRL(kmfhandle, &lcrlargs, &crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) printf("%s\n", crldata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(crldata);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic int
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyslist_nss_objects(KMF_HANDLE_T kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int oclass, char *token_spec, char *dir, char *prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *nickname, KMF_BIGINT *serial, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CERT_VALIDITY find_criteria_flag)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_FINDKEY_PARAMS fkargs;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    rv = configure_nss(kmfhandle, dir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK)
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & PK_KEY_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&fkargs, 0, sizeof (fkargs));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.kstype = KMF_KEYSTORE_NSS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.findLabel = nickname;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.cred = *tokencred;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.nssparms.slotlabel = token_spec;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass & PK_PRIKEY_OBJ) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.keyclass = KMF_ASYM_PRI;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = pk_list_keys(kmfhandle, &fkargs);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_OK && (oclass & PK_SYMKEY_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.keyclass = KMF_SYMMETRIC;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.format = KMF_FORMAT_RAWKEY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = pk_list_keys(kmfhandle, &fkargs);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_OK && (oclass & PK_PUBKEY_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fkargs.keyclass = KMF_ASYM_PUB;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = pk_list_keys(kmfhandle, &fkargs);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* If searching for public objects or certificates, find certs now */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_OK && (oclass & PK_CERT_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FINDCERT_PARAMS fcargs;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&fcargs, 0, sizeof (fcargs));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.kstype = KMF_KEYSTORE_NSS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.certLabel = nickname;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.issuer = issuer;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.subject = subject;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.serial = serial;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.nssparms.slotlabel = token_spec;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcargs.find_cert_validity = find_criteria_flag;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = pk_find_certs(kmfhandle, &fcargs);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv == KMF_OK && (oclass & PK_CRL_OBJ)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        int numcrls;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        KMF_FINDCRL_PARAMS fcrlargs;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(&fcrlargs, 0, sizeof (fcrlargs));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcrlargs.kstype = KMF_KEYSTORE_NSS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        fcrlargs.nssparms.slotlabel = token_spec;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_FindCRL(kmfhandle, &fcrlargs, NULL, &numcrls);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            char **p;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (numcrls == 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                (void) printf(gettext("No CRLs found in "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    "NSS keystore.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            p = malloc(numcrls * sizeof (char *));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (p == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (KMF_ERR_MEMORY);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) memset(p, 0, numcrls * sizeof (char *));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = KMF_FindCRL(kmfhandle, &fcrlargs,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                p, &numcrls);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (rv == KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                int i;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                for (i = 0; i < numcrls; i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    (void) printf("%d. Name = %s\n",
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                        i + 1, p[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    free(p[i]);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            free(p);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak/*
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * List token object.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak */
7711facfe58561dd91d6ece0f5f41150c3956c83dinakint
7711facfe58561dd91d6ece0f5f41150c3956c83dinakpk_list(int argc, char *argv[])
7711facfe58561dd91d6ece0f5f41150c3956c83dinak{
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    int         opt;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    extern int      optind_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    extern char     *optarg_av;
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    char            *token_spec = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *subject = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *issuer = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *dir = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *prefix = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *filename = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *serstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_BIGINT      serial = { NULL, 0 };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *list_label = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int         oclass = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEYSTORE_TYPE   kstype = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN      rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_HANDLE_T        kmfhandle = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char            *find_criteria = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CERT_VALIDITY   find_criteria_flag = KMF_ALL_CERTS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CREDENTIAL      tokencred = {NULL, 0};
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    /* Parse command line options.  Do NOT i18n/l10n. */
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    while ((opt = getopt_av(argc, argv,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "k:(keystore)t:(objtype)T:(token)d:(dir)"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "p:(prefix)n:(nickname)S:(serial)s:(subject)"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "c:(criteria)"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "i:(issuer)l:(label)f:(infile)")) != EOF) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (EMPTYSTRING(optarg_av))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        switch (opt) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'k':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (kstype != 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                kstype = KS2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 't':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (oclass != 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                oclass = OT2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (oclass == -1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 's':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (subject)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                subject = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'i':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (issuer)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                issuer = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'd':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (dir)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dir = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'p':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (prefix)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                prefix = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'S':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                serstr = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'f':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (filename)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                filename = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'T':   /* token specifier */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (token_spec)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                token_spec = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'n':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'l':   /* object with specific label */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (list_label)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                list_label = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'c':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                find_criteria = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (!strcasecmp(find_criteria, "valid"))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    find_criteria_flag =
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                        KMF_NONEXPIRED_CERTS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                else if (!strcasecmp(find_criteria, "expired"))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    find_criteria_flag = KMF_EXPIRED_CERTS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                else if (!strcasecmp(find_criteria, "both"))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    find_criteria_flag = KMF_ALL_CERTS;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                else
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            default:
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak                return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* No additional args allowed. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    argc -= optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    argv += optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (argc)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((rv = KMF_Initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        /* Error message ? */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (rv);
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak    }
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Assume keystore = PKCS#11 if not specified. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kstype = KMF_KEYSTORE_PK11TOKEN;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((oclass & (PK_PUBLIC_OBJ | PK_PRIVATE_OBJ)) &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kstype != KMF_KEYSTORE_PK11TOKEN) {
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) fprintf(stderr, gettext("The objtype parameter "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            "is only relevant if keystore=pkcs11\n"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* If no object class specified, list certificate objects. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (oclass == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        oclass = PK_CERT_OBJ;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == KMF_KEYSTORE_PK11TOKEN && EMPTYSTRING(token_spec)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        token_spec = PK_DEFAULT_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (kstype == KMF_KEYSTORE_NSS && EMPTYSTRING(token_spec)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        token_spec = DEFAULT_NSS_TOKEN;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (serstr != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        uchar_t *bytes = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        size_t bytelen;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_HexString2Bytes((uchar_t *)serstr, &bytes, &bytelen);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv != KMF_OK || bytes == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) fprintf(stderr, gettext("serial number "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                "must be specified as a hex number "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                "(ex: 0x0102030405ffeeddee)\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        serial.val = bytes;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        serial.len = bytelen;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((kstype == KMF_KEYSTORE_PK11TOKEN ||
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        kstype == KMF_KEYSTORE_NSS) &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (oclass & (PK_PRIKEY_OBJ | PK_PRIVATE_OBJ))) {
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) get_token_password(kstype, token_spec,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &tokencred);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == KMF_KEYSTORE_PK11TOKEN) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = list_pk11_objects(kmfhandle, token_spec,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            oclass, list_label, &serial,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            issuer, subject, dir, filename,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &tokencred, find_criteria_flag);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (kstype == KMF_KEYSTORE_NSS) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (dir == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            dir = PK_DEFAULT_DIRECTORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = list_nss_objects(kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            oclass, token_spec, dir, prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            list_label, &serial, issuer, subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &tokencred, find_criteria_flag);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (kstype == KMF_KEYSTORE_OPENSSL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = list_file_objects(kmfhandle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            oclass, dir, filename,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &serial, issuer, subject, find_criteria_flag);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        display_error(kmfhandle, rv,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            gettext("Error listing objects"));
7711facfe58561dd91d6ece0f5f41150c3956c83dinak    }
7711facfe58561dd91d6ece0f5f41150c3956c83dinak
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (serial.val != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(serial.val);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tokencred.cred != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tokencred.cred);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) KMF_Finalize(kmfhandle);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak}