list.c revision 30a5e8fa1253cb33980ee4514743cf683f584b4e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file implements the token object list operation for this tool.
* It loads the PKCS#11 modules, finds the object to list, lists it,
* and cleans up. User must be logged into the token to list private
* objects.
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <cryptoutil.h>
#include <security/cryptoki.h>
#include "common.h"
#include <kmfapi.h>
static void
{
int i;
for (i = 0; i < num_certs; i++) {
subject);
issuer);
start);
end);
serial);
altname);
}
keyusage);
}
&extkeyusage) == KMF_OK) {
}
}
}
static char *
{
return (gettext("RSA public key"));
return (gettext("DSA public key"));
}
return ("RSA private key");
return ("DSA private key");
}
case KMF_AES:
return (gettext("AES"));
break;
case KMF_RC4:
return (gettext("ARCFOUR"));
break;
case KMF_DES:
return (gettext("DES"));
break;
case KMF_DES3:
return (gettext("Triple-DES"));
break;
default:
return (gettext("symmetric"));
break;
}
}
return (gettext("unrecognized key object"));
}
static void
{
int i;
for (i = 0; i < numkeys; i++) {
gettext("No label"));
&rkey);
if (rv == KMF_ERR_SENSITIVE_KEY) {
} else if (rv == KMF_ERR_UNEXTRACTABLE_KEY) {
" (non-extractable)");
} else {
" (error: %s)", err);
}
}
}
}
}
/*
* Generic routine used by all "list cert" operations to find
* all matching certificates.
*/
static KMF_RETURN
{
return (rv);
numattr++;
numcerts);
sizeof (KMF_X509_DER_CERT));
return (KMF_ERR_MEMORY);
sizeof (KMF_X509_DER_CERT));
sizeof (KMF_X509_DER_CERT));
numattr++;
int i;
numcerts);
for (i = 0; i < numcerts; i++)
}
}
if (rv == KMF_ERR_CERT_NOT_FOUND &&
return (rv);
}
static KMF_RETURN
{
return (rv);
numattr++;
int i;
sizeof (KMF_KEY_HANDLE));
return (KMF_ERR_MEMORY);
sizeof (KMF_KEY_HANDLE));
keys, sizeof (KMF_KEY_HANDLE));
numattr++;
for (i = 0; i < numkeys; i++)
}
if (rv == KMF_ERR_KEY_NOT_FOUND &&
return (rv);
}
static KMF_RETURN
{
int numattr = 0;
/*
* created with the "CKA_PRIVATE" field == TRUE, so
* make sure we search for them with it also set.
*/
oclass |= PK_PRIVATE_OBJ;
return (rv);
}
numattr++;
numattr++;
}
sizeof (private));
numattr++;
sizeof (token_bool));
numattr++;
if (oclass & PK_PRIKEY_OBJ) {
sizeof (keyclass));
num++;
sizeof (KMF_CREDENTIAL));
num++;
}
/* list asymmetric private keys */
}
sizeof (keyclass));
num++;
sizeof (KMF_CREDENTIAL));
num++;
}
sizeof (format));
num++;
/* list symmetric keys */
}
sizeof (keyclass));
num++;
/* list asymmetric public keys (if any) */
}
return (rv);
}
numattr = 0;
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
sizeof (KMF_BIGINT));
numattr++;
}
sizeof (private));
numattr++;
sizeof (KMF_CERT_VALIDITY));
numattr++;
return (rv);
}
numattr = 0;
if (oclass & PK_CRL_OBJ) {
numattr++;
numattr++;
}
numattr++;
}
&crldata, sizeof (char *));
numattr++;
}
}
return (rv);
}
static int
{
int rv;
int numattr = 0;
char *defaultdir = ".";
if (oclass & PK_KEY_OBJ) {
numattr++;
dir = defaultdir;
numattr++;
}
numattr++;
}
if (oclass & PK_PRIKEY_OBJ) {
sizeof (keyclass));
num++;
/* list asymmetric private keys */
}
if (rv == KMF_ERR_KEY_NOT_FOUND)
sizeof (keyclass));
num++;
sizeof (format));
num++;
/* list symmetric keys */
}
if (rv == KMF_ERR_KEY_NOT_FOUND)
return (rv);
}
numattr = 0;
if (oclass & PK_CERT_OBJ) {
sizeof (kstype));
numattr++;
numattr++;
}
numattr++;
}
sizeof (KMF_BIGINT));
numattr++;
}
numattr++;
}
numattr++;
}
sizeof (KMF_CERT_VALIDITY));
numattr++;
return (rv);
}
numattr = 0;
if (oclass & PK_CRL_OBJ) {
numattr++;
numattr++;
}
numattr++;
}
&crldata, sizeof (char *));
numattr++;
}
}
return (rv);
}
static int
{
int numattr = 0;
return (rv);
numattr++;
if (oclass & PK_KEY_OBJ) {
sizeof (KMF_CREDENTIAL));
numattr++;
}
strlen(token_spec));
numattr++;
}
numattr++;
}
}
if (oclass & PK_PRIKEY_OBJ) {
sizeof (keyclass));
num++;
/* list asymmetric private keys */
}
sizeof (keyclass));
num++;
sizeof (format));
num++;
/* list symmetric keys */
}
sizeof (keyclass));
num++;
/* list asymmetric public keys */
}
/* If searching for public objects or certificates, find certs now */
numattr = 0;
sizeof (kstype));
numattr++;
numattr++;
}
numattr++;
}
numattr++;
}
sizeof (KMF_BIGINT));
numattr++;
}
if (token_spec != NULL) {
strlen(token_spec));
numattr++;
}
sizeof (KMF_CERT_VALIDITY));
numattr++;
}
numattr = 0;
int numcrls;
numattr++;
if (token_spec != NULL) {
numattr++;
}
&numcrls, sizeof (int));
numattr++;
char **p;
if (numcrls == 0) {
"NSS keystore.\n"));
return (KMF_OK);
}
if (p == NULL) {
return (KMF_ERR_MEMORY);
}
KMF_CRL_NAMELIST_ATTR, p, sizeof (char *));
numattr++;
int i;
for (i = 0; i < numcrls; i++) {
(void) printf("%d. Name = %s\n",
i + 1, p[i]);
free(p[i]);
}
}
free(p);
}
}
return (rv);
}
/*
* List token object.
*/
int
{
int opt;
extern int optind_av;
extern char *optarg_av;
char *token_spec = NULL;
char *list_label = NULL;
int oclass = 0;
KMF_KEYSTORE_TYPE kstype = 0;
char *find_criteria = NULL;
"k:(keystore)t:(objtype)T:(token)d:(dir)"
"p:(prefix)n:(nickname)S:(serial)s:(subject)"
"c:(criteria)"
"i:(issuer)l:(label)f:(infile)")) != EOF) {
if (EMPTYSTRING(optarg_av))
return (PK_ERR_USAGE);
switch (opt) {
case 'k':
if (kstype != 0)
return (PK_ERR_USAGE);
if (kstype == 0)
return (PK_ERR_USAGE);
break;
case 't':
if (oclass != 0)
return (PK_ERR_USAGE);
if (oclass == -1)
return (PK_ERR_USAGE);
break;
case 's':
if (subject)
return (PK_ERR_USAGE);
break;
case 'i':
if (issuer)
return (PK_ERR_USAGE);
break;
case 'd':
if (dir)
return (PK_ERR_USAGE);
break;
case 'p':
if (prefix)
return (PK_ERR_USAGE);
break;
case 'S':
break;
case 'f':
if (filename)
return (PK_ERR_USAGE);
break;
case 'T': /* token specifier */
if (token_spec)
return (PK_ERR_USAGE);
break;
case 'n':
case 'l': /* object with specific label */
if (list_label)
return (PK_ERR_USAGE);
break;
case 'c':
else
return (PK_ERR_USAGE);
break;
default:
return (PK_ERR_USAGE);
}
}
/* No additional args allowed. */
if (argc)
return (PK_ERR_USAGE);
/* Error message ? */
return (rv);
}
/* Assume keystore = PKCS#11 if not specified. */
if (kstype == 0)
/* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
kstype != KMF_KEYSTORE_PK11TOKEN) {
"is only relevant if keystore=pkcs11\n"));
return (PK_ERR_USAGE);
}
/* If no object class specified, list certificate objects. */
if (oclass == 0)
}
"must be specified as a hex number "
"(ex: 0x0102030405ffeeddee)\n"));
return (PK_ERR_USAGE);
}
}
if ((kstype == KMF_KEYSTORE_PK11TOKEN ||
kstype == KMF_KEYSTORE_NSS) &&
&tokencred);
}
if (kstype == KMF_KEYSTORE_PK11TOKEN) {
} else if (kstype == KMF_KEYSTORE_NSS) {
} else if (kstype == KMF_KEYSTORE_OPENSSL) {
}
gettext("Error listing objects"));
}
(void) kmf_finalize(kmfhandle);
return (rv);
}