kssl/kssladm/ksslutil.c

71593db26bb6ef7b739cffe06d53bf990cac112cwyllys/*
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * CDDL HEADER START
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys *
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * The contents of this file are subject to the terms of the
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * Common Development and Distribution License (the "License").
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * You may not use this file except in compliance with the License.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys *
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * or http://www.opensolaris.org/os/licensing.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * See the License for the specific language governing permissions
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * and limitations under the License.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys *
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * When distributing Covered Code, include this CDDL HEADER in each
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * If applicable, add the following below this CDDL HEADER, with the
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * fields enclosed by brackets "[]" replaced with your own identifying
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * information: Portions Copyright [yyyy] [name of copyright owner]
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys *
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * CDDL HEADER END
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys */
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys/*
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * Use is subject to license terms.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys */
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys#pragma ident   "%Z%%M% %I% %E% SMI"
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys#include <stdio.h>
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys#include <assert.h>
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys#include <strings.h>
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys#include <kmfapi.h>
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys#include "kssladm.h"
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys/*
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * Extract the Certificate and raw key data from a PKCS#12 file.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * The password needed for decrypting the PKCS#12 PDU is stored
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * in plaintext in the given "password_file" parameter.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys */
71593db26bb6ef7b739cffe06d53bf990cac112cwyllysint
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllysPKCS12_get_rsa_key_certs(KMF_HANDLE_T kmfh,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    const char *filename, const char *password_file,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys{
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    char password_buf[1024];
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    KMF_RETURN rv = KMF_OK;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    KMF_CREDENTIAL pk12cred;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    KMF_X509_DER_CERT *tcerts;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    KMF_RAW_KEY_DATA *keys;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    int ncerts, nkeys;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    char *err = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    tcerts = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    keys = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    ncerts = 0;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    nkeys = 0;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (get_passphrase(password_file, password_buf,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (password_buf)) <= 0) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        perror("Unable to read passphrase");
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        goto done;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    pk12cred.cred = password_buf;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    pk12cred.credlen = strlen(password_buf);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = kmf_import_objects(kmfh, (char *)filename, &pk12cred, &tcerts,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &ncerts, &keys, &nkeys);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (rv != KMF_OK) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        REPORT_KMF_ERROR(rv, "Error importing PKCS12 data", err);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllysdone:
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (rv != KMF_OK) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        int i;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        if (tcerts != NULL) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            for (i = 0; i < ncerts; i++)
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys                kmf_free_kmf_cert(kmfh, &tcerts[i]);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            free(tcerts);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        tcerts = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        ncerts = 0;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        if (keys != NULL) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            for (i = 0; i < nkeys; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                kmf_free_raw_key(&keys[i]);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            free(keys);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        keys = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    *certs = tcerts;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    *rsa = keys;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    return (ncerts);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys}
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys/*
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * Parse a PEM file which should contain RSA private keys and
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * their associated X.509v3 certificates.  More than 1 may
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys * be present in the file.
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys */
71593db26bb6ef7b739cffe06d53bf990cac112cwyllysint
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllysPEM_get_rsa_key_certs(KMF_HANDLE_T kmfh,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    const char *filename, char *password_file,
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys{
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    KMF_RETURN rv = KMF_OK;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    KMF_CREDENTIAL creds;
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys    KMF_X509_DER_CERT *tcerts;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    KMF_RAW_KEY_DATA *keys;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    int ncerts, nkeys;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    char *err = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    char password_buf[1024];
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    tcerts = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    keys = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    ncerts = 0;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    nkeys = 0;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (get_passphrase(password_file, password_buf,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (password_buf)) <= 0) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        perror("Unable to read passphrase");
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        goto done;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    creds.cred = password_buf;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    creds.credlen = strlen(password_buf);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    rv = kmf_import_objects(kmfh, (char *)filename, &creds, &tcerts,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &ncerts, &keys, &nkeys);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (rv != KMF_OK) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        REPORT_KMF_ERROR(rv, "Error importing key data", err);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllysdone:
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (rv != KMF_OK) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        int i;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        if (tcerts != NULL) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            for (i = 0; i < ncerts; i++)
5b3e1433c6213363bcb6387e66fc84ee9ff21a5dwyllys                kmf_free_kmf_cert(kmfh, &tcerts[i]);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            free(tcerts);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        tcerts = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        ncerts = 0;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        if (keys != NULL) {
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            for (i = 0; i < nkeys; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                kmf_free_raw_key(&keys[i]);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys            free(keys);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        keys = NULL;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    }
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (certs != NULL)
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        *certs = tcerts;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    if (rsa != NULL)
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys        *rsa = keys;
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys    return (ncerts);
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys}