csrcrlop.c revision 99ebb4ca412cb0a19d77a3899a87c055b9c30fa8
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER START
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * See the License for the specific language governing permissions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and limitations under the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * When distributing Covered Code, include this CDDL HEADER in each
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If applicable, add the following below this CDDL HEADER, with the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * fields enclosed by brackets "[]" replaced with your own identifying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * information: Portions Copyright [yyyy] [name of copyright owner]
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER END
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Use is subject to license terms.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Copyright(c) 1995-2000 Intel Corporation. All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#pragma ident "%Z%%M% %I% %E% SMI"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Name: KMF_SetCSRPubKey
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Description:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function converts the specified plugin public key to SPKI form,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and save it in the KMF_CSR_DATA internal structure
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Parameters:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMFkey(input) - pointer to the KMF_KEY_HANDLE structure containing the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * public key generated by the plug-in CreateKeypair
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Csr(input/output) - pointer to a KMF_CSR_DATA structure containing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * A KMF_RETURN value indicating success or specifying a particular
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The value KMF_OK indicates success. All other values represent
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * an error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* The keystore must extract the pubkey data */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->EncodePubkeyData != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_SetCSRVersion(KMF_CSR_DATA *CsrData, uint32_t version)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * From RFC 3280:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Version ::= INTEGER { v1(0), v2(1), v3(2) }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (set_integer(&CsrData->csr.version, (void *)&version,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_CreateCSRFile(KMF_DATA *csrdata, KMF_ENCODE_FORMAT format,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (format != KMF_FORMAT_PEM && format != KMF_FORMAT_ASN1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((fd = open(csrfile, O_CREAT |O_RDWR, 0644)) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys &CsrData->csr.subjectPublicKeyInfo.algorithm.parameters);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (KMF_OID *)&KMFOID_SubjectAltName, critical, alttype,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Name: KMF_SignCSR
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Description:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function signs a CSR and returns the result as a
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * signed, encoded CSR in SignedCsr
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Parameters:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * tbsCsr(input) - pointer to a KMF_DATA structure containing a
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * DER encoded TBS CSR data
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Signkey(input) - pointer to the KMF_KEY_HANDLE structure containing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * the private key generated by the plug-in CreateKeypair
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * algo(input) - contains algorithm info needed for signing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * SignedCsr(output) - pointer to the KMF_DATA structure containing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * the signed CSR
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * A KMF_RETURN value indicating success or specifying a particular
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The value KMF_OK indicates success. All other values represent
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * an error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys err = DerEncodeTbsCsr((KMF_TBS_CSR *)&tbsCsr->csr, &csrdata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_ImportCRL(KMF_HANDLE_T handle, KMF_IMPORTCRL_PARAMS *params)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_KEYSTORE_PK11TOKEN: /* PKCS#11 CRL is file-based */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->ImportCRL != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (plugin->funclist->ImportCRL(handle, params));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_DeleteCRL(KMF_HANDLE_T handle, KMF_DELETECRL_PARAMS *params)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_KEYSTORE_PK11TOKEN: /* PKCS#11 CRL is file-based */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->DeleteCRL != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (plugin->funclist->DeleteCRL(handle, params));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_ListCRL(KMF_HANDLE_T handle, KMF_LISTCRL_PARAMS *params, char **crldata)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_KEYSTORE_PK11TOKEN: /* PKCS#11 CRL is file-based */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->ListCRL != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (plugin->funclist->ListCRL(handle, params, crldata));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_FindCRL(KMF_HANDLE_T handle, KMF_FINDCRL_PARAMS *params,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->FindCRL != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_FindCertInCRL(KMF_HANDLE_T handle, KMF_FINDCERTINCRL_PARAMS *params)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys case KMF_KEYSTORE_PK11TOKEN: /* PKCS#11 CRL is file-based */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->FindCertInCRL != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (plugin->funclist->FindCertInCRL(handle, params));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys verifyCRLFile = (KMF_RETURN(*)())dlsym(plugin->dldesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "OpenSSL_VerifyCRLFile");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_CheckCRLDate(KMF_HANDLE_T handle, KMF_CHECKCRLDATE_PARAMS *params)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys checkCRLDate = (KMF_RETURN(*)())dlsym(plugin->dldesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "OpenSSL_CheckCRLDate");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_IsCRLFile(KMF_HANDLE_T handle, char *filename, KMF_ENCODE_FORMAT *pformat)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_RETURN (*IsCRLFileFn)(void *, char *, KMF_ENCODE_FORMAT *);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This framework function is actually implemented in the openssl
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * plugin library, so we find the function address and call it.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "OpenSSL_IsCRLFile");