5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * CDDL HEADER START
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * The contents of this file are subject to the terms of the
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Common Development and Distribution License (the "License").
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * You may not use this file except in compliance with the License.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * or http://www.opensolaris.org/os/licensing.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * See the License for the specific language governing permissions
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * and limitations under the License.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * When distributing Covered Code, include this CDDL HEADER in each
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * If applicable, add the following below this CDDL HEADER, with the
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * fields enclosed by brackets "[]" replaced with your own identifying
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * information: Portions Copyright [yyyy] [name of copyright owner]
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * CDDL HEADER END
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Use is subject to license terms.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Function: load_cert_and_key
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Description: Loads a public key certificate and associated private key
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * from a stream.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Parameters: err - Where to write errors to for underlying library calls
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * incert - File to read certs and keys from
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * format - The format of the file
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * passarg - How to collect password if needed to decrypt file
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * key - Location to store resulting key if found
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * cert - Location to store resulting cert if found.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Returns: f one or more certificates are found in the file,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * and one or more keys are found, then the first
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * certificate is used, and the keys are searched for a
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * match. If no key matches the cert, then only the cert
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * is returned. If no certs are found, but one or more
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * keys are found, then the first key is returned.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterlandload_cert_and_key(PKG_ERR *err, FILE *incert,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_encoding_format_t format, char *passarg, EVP_PKEY **key,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* first try to load a DER cert, which cannot contain a key */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if ((tmpcert = d2i_X509_fp(incert, NULL)) == NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland set_passphrase_prompt(gettext("Enter PEM passphrase:"));
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (sunw_PEM_contents(incert, pkg_passphrase_cb,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* print out openssl-generated PEM errors */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland while ((crypto_err = ERR_get_error()) != 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* take the first cert in the file, if any */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * if we found a cert and some keys,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * only return the key that
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * matches the cert
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland for (i = 0; i < sk_EVP_PKEY_num(keys); i++) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* set results */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Function: load_all_certs
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Description: Loads alll certificates from a stream.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Parameters: err - Where to write errors to for underlying library calls
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * incert - File to read certs and keys from
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * format - The format of the file
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * passarg - How to collect password if needed to decrypt file
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * certs - Location to store resulting cert if found.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Returns: 0 - success, all certs placed in ''certs'
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * non-zero failure, errors in 'err'
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland keystore_encoding_format_t format, char *passarg, STACK_OF(X509) **certs)
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* first try to load a DER cert, which cannot contain a key */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if ((tmpcert = d2i_X509_fp(incert, NULL)) == NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if ((tmpcerts = sk_X509_new_null()) == NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (sunw_PEM_contents(incert, pkg_passphrase_cb,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* print out openssl-generated PEM errors */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland while ((crypto_err = ERR_get_error()) != 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* set results */