6501154 kssladm could use KMF

--HG-- rename : usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/openssl_util.c => usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c
author: wyllys <none@none> 2007-01-11 18:12:31 -0800
committer: wyllys <none@none> 2007-01-11 18:12:31 -0800
commit: 71593db26bb6ef7b739cffe06d53bf990cac112c (patch)
tree: 00b868c1641a6b333cbb82ec94e8890bbd11c62c /usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c
parent: 24424a35444c8487648be681d47bee4f57af0ffc (diff)
download: illumos-joyent-71593db26bb6ef7b739cffe06d53bf990cac112c.tar.gz
1 files changed, 172 insertions, 0 deletions
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c
new file mode 100644
index 0000000000..30f9d5f581
--- /dev/null
+++ b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c
@@ -0,0 +1,172 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#include <stdio.h>
+#include <assert.h>
+#include <strings.h>
+
+#include <kmfapi.h>
+#include "kssladm.h"
+
+/*
+ * Extract the Certificate and raw key data from a PKCS#12 file.
+ * The password needed for decrypting the PKCS#12 PDU is stored
+ * in plaintext in the given "password_file" parameter.
+ */
+int
+PKCS12_get_rsa_key_certs(const char *filename, const char *password_file,
+    KMF_RAW_KEY_DATA **rsa, KMF_DATA **certs)
+{
+	char password_buf[1024];
+	KMF_HANDLE_T kmfh;
+	KMF_RETURN rv = KMF_OK;
+	KMF_CREDENTIAL pk12cred;
+	KMF_DATA *tcerts;
+	KMF_RAW_KEY_DATA *keys;
+	int ncerts, nkeys;
+	char *err = NULL;
+
+	rv = KMF_Initialize(&kmfh, NULL, NULL);
+	if (rv != KMF_OK) {
+		REPORT_KMF_ERROR(rv, "Error initializing KMF", err);
+		return (0);
+	}
+
+	tcerts = NULL;
+	keys = NULL;
+	ncerts = 0;
+	nkeys = 0;
+
+	if (get_passphrase(password_file, password_buf,
+		sizeof (password_buf)) <= 0) {
+		perror("Unable to read passphrase");
+		goto done;
+	}
+	pk12cred.cred = password_buf;
+	pk12cred.credlen = strlen(password_buf);
+
+	rv = KMF_ImportPK12(kmfh, (char *)filename, &pk12cred, &tcerts, &ncerts,
+		&keys, &nkeys);
+	if (rv != KMF_OK) {
+		REPORT_KMF_ERROR(rv, "Error importing PKCS12 data", err);
+	}
+
+done:
+	if (rv != KMF_OK) {
+		int i;
+		if (tcerts != NULL) {
+			for (i = 0; i < ncerts; i++)
+				KMF_FreeData(&tcerts[i]);
+			free(tcerts);
+		}
+		tcerts = NULL;
+		ncerts = 0;
+		if (keys != NULL) {
+			for (i = 0; i < nkeys; i++)
+				KMF_FreeRawKey(&keys[i]);
+			free(keys);
+		}
+		keys = NULL;
+	}
+	*certs = tcerts;
+	*rsa = keys;
+
+	(void) KMF_Finalize(kmfh);
+
+	return (ncerts);
+}
+
+/*
+ * Parse a PEM file which should contain RSA private keys and
+ * their associated X.509v3 certificates.  More than 1 may
+ * be present in the file.
+ */
+int
+PEM_get_rsa_key_certs(const char *filename, char *password_file,
+    KMF_RAW_KEY_DATA **rsa, KMF_DATA **certs)
+{
+	KMF_HANDLE_T kmfh;
+	KMF_RETURN rv = KMF_OK;
+	KMF_CREDENTIAL creds;
+	KMF_DATA *tcerts;
+	KMF_RAW_KEY_DATA *keys;
+	int ncerts, nkeys;
+	char *err = NULL;
+	char password_buf[1024];
+
+	rv = KMF_Initialize(&kmfh, NULL, NULL);
+	if (rv != KMF_OK) {
+		REPORT_KMF_ERROR(rv, "Error initializing KMF", err);
+		return (0);
+	}
+
+	tcerts = NULL;
+	keys = NULL;
+	ncerts = 0;
+	nkeys = 0;
+
+	if (get_passphrase(password_file, password_buf,
+		sizeof (password_buf)) <= 0) {
+		perror("Unable to read passphrase");
+		goto done;
+	}
+	creds.cred = password_buf;
+	creds.credlen = strlen(password_buf);
+
+	rv = KMF_ImportKeypair(kmfh, (char *)filename, &creds, &tcerts, &ncerts,
+		&keys, &nkeys);
+	if (rv != KMF_OK) {
+		REPORT_KMF_ERROR(rv, "Error importing key data", err);
+	}
+
+done:
+	if (rv != KMF_OK) {
+		int i;
+		if (tcerts != NULL) {
+			for (i = 0; i < ncerts; i++)
+				KMF_FreeData(&tcerts[i]);
+			free(tcerts);
+		}
+		tcerts = NULL;
+		ncerts = 0;
+		if (keys != NULL) {
+			for (i = 0; i < nkeys; i++)
+				KMF_FreeRawKey(&keys[i]);
+			free(keys);
+		}
+		keys = NULL;
+	}
+	if (certs != NULL)
+		*certs = tcerts;
+	if (rsa != NULL)
+		*rsa = keys;
+
+	(void) KMF_Finalize(kmfh);
+
+	return (ncerts);
+}
author	wyllys <none@none>	2007-01-11 18:12:31 -0800
committer	wyllys <none@none>	2007-01-11 18:12:31 -0800
commit	71593db26bb6ef7b739cffe06d53bf990cac112c (patch)
tree	00b868c1641a6b333cbb82ec94e8890bbd11c62c /usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c
parent	24424a35444c8487648be681d47bee4f57af0ffc (diff)
download	illumos-joyent-71593db26bb6ef7b739cffe06d53bf990cac112c.tar.gz