list.c revision fa60c371cd00bdca17de2ff18fe3e64d051ae61b
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER START
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * See the License for the specific language governing permissions
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and limitations under the License.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * When distributing Covered Code, include this CDDL HEADER in each
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * If applicable, add the following below this CDDL HEADER, with the
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * fields enclosed by brackets "[]" replaced with your own identifying
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * information: Portions Copyright [yyyy] [name of copyright owner]
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * CDDL HEADER END
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * Use is subject to license terms.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak#pragma ident "%Z%%M% %I% %E% SMI"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * This file implements the token object list operation for this tool.
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * It loads the PKCS#11 modules, finds the object to list, lists it,
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * and cleans up. User must be logged into the token to list private
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_show_certs(KMF_HANDLE_T kmfhandle, KMF_X509_DER_CERT *certs, int num_certs)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < num_certs; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) fprintf(stdout, gettext("\tNot Before: %s\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic char *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return ("RSA private key");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return ("DSA private key");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_show_keys(void *handle, KMF_KEY_HANDLE *keys, int numkeys)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numkeys; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys } else if (keys[i].kstype == KMF_KEYSTORE_PK11TOKEN) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys " (non-extractable)");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Generic routine used by all "list cert" operations to find
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * all matching certificates.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyspk_find_certs(KMF_HANDLE_T kmfhandle, KMF_ATTRIBUTE *attrlist, int numattr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numcerts; i++)
2cbed7292737821015ab481353eb10e8346b2c05wyllyspk_list_keys(void *handle, KMF_ATTRIBUTE *attrlist, int numattr, char *label)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numkeys; i++)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyslist_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *objlabel, KMF_BIGINT *serial, char *issuer, char *subject,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *dir, char *filename, KMF_CREDENTIAL *tokencred,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Symmetric keys and RSA/DSA private keys are always
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * created with the "CKA_PRIVATE" field == TRUE, so
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * make sure we search for them with it also set.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* list asymmetric private keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric private");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* list symmetric keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys "symmetric");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* list asymmetric public keys (if any) */
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric public");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kstype = KMF_KEYSTORE_OPENSSL; /* CRL is file-based */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_DATA_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &crldata, sizeof (char *));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list asymmetric private keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric private");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list symmetric keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys "symmetric");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_DATA_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &crldata, sizeof (char *));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys int oclass, char *token_spec, char *dir, char *prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *nickname, KMF_BIGINT *serial, char *issuer, char *subject,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list asymmetric private keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric private");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list symmetric keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys rv = pk_list_keys(kmfhandle, attrlist, num, "symmetric");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* list asymmetric public keys */
2cbed7292737821015ab481353eb10e8346b2c05wyllys "asymmetric public");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* If searching for public objects or certificates, find certs now */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_set_attr_at_index(attrlist, numattr, KMF_CRL_COUNT_ATTR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys &numcrls, sizeof (int));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "NSS keystore.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (p == NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_CRL_NAMELIST_ATTR, p, sizeof (char *));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < numcrls; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys i + 1, p[i]);
7711facfe58561dd91d6ece0f5f41150c3956c83dinak * List token object.
49e212991a3065f7e499a4b29ae8d8eaf33f3135dinak extern char *optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_CERT_VALIDITY find_criteria_flag = KMF_ALL_CERTS;
7711facfe58561dd91d6ece0f5f41150c3956c83dinak /* Parse command line options. Do NOT i18n/l10n. */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "k:(keystore)t:(objtype)T:(token)d:(dir)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "p:(prefix)n:(nickname)S:(serial)s:(subject)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "c:(criteria)"
7711facfe58561dd91d6ece0f5f41150c3956c83dinak switch (opt) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* No additional args allowed. */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Error message ? */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Assume keystore = PKCS#11 if not specified. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) fprintf(stderr, gettext("The objtype parameter "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "is only relevant if keystore=pkcs11\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN && EMPTYSTRING(token_spec)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (kstype == KMF_KEYSTORE_NSS && EMPTYSTRING(token_spec)) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_hexstr_to_bytes((uchar_t *)serstr, &bytes, &bytelen);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "must be specified as a hex number "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "(ex: 0x0102030405ffeeddee)\n"));
2cbed7292737821015ab481353eb10e8346b2c05wyllys /* if objtype was not given, it must be for certs */
2cbed7292737821015ab481353eb10e8346b2c05wyllys if (oclass == 0 && (issuer != NULL || subject != NULL))
2cbed7292737821015ab481353eb10e8346b2c05wyllys /* If no object class specified, list public objects. */