diff options
| author | John Sonnenschein <johns@joyent.com> | 2012-05-17 18:26:57 +0000 |
|---|---|---|
| committer | John Sonnenschein <johns@joyent.com> | 2012-05-17 18:26:57 +0000 |
| commit | 04b244dd661c24b510ac22936decfc0972d202d3 (patch) | |
| tree | 3ebfef98afc303fddf3415d6fba64e8682f495e8 /usr/src/lib/libkmsagent/common/KMSAgentPKICert.cpp | |
| parent | eac250589e41f1b705e1b7427b02b3379aac9f9e (diff) | |
| parent | a69187741b83640a90dd8586195456dd50c016a8 (diff) | |
| download | illumos-joyent-20120517.tar.gz | |
Merge git.joyent.com:illumos-joyent20120517
Diffstat (limited to 'usr/src/lib/libkmsagent/common/KMSAgentPKICert.cpp')
| -rw-r--r-- | usr/src/lib/libkmsagent/common/KMSAgentPKICert.cpp | 308 |
1 files changed, 0 insertions, 308 deletions
diff --git a/usr/src/lib/libkmsagent/common/KMSAgentPKICert.cpp b/usr/src/lib/libkmsagent/common/KMSAgentPKICert.cpp deleted file mode 100644 index 9989b26e0e..0000000000 --- a/usr/src/lib/libkmsagent/common/KMSAgentPKICert.cpp +++ /dev/null @@ -1,308 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - */ - -/** - * \file KMSAgentPKICert.cpp - * - * This is an implementation of PKICommon.h CCertificate class. - */ - -#include <stdio.h> -#include <memory.h> -#include <time.h> -#include <string.h> - -#ifdef KMSUSERPKCS12 -#include <openssl/bio.h> -#include <openssl/evp.h> -#include <openssl/conf.h> -#include <openssl/err.h> -#include <openssl/asn1.h> -#include <openssl/x509.h> -#include <openssl/x509v3.h> -#include <openssl/objects.h> -#include <openssl/pem.h> -#include <openssl/pkcs12.h> -#endif - -#include "SYSCommon.h" -#include "KMSAgentPKICommon.h" -#include "KMSAgentPKIimpl.h" - -///////////////////////////////////////////////////////////////////////// -// CCertificate -// -CCertificate::CCertificate() -{ - m_pCertImpl = InitializeCertImpl(); - - FATAL_ASSERT( m_pCertImpl != NULL ); -} - - -CCertificate::~CCertificate() -{ - if ( m_pCertImpl != NULL ) - { - FinalizeCertImpl( m_pCertImpl ); - } -} - -/** - * Save - This OVERLOADED method saves the Cert into a file - * @param i_pcFileName - filename of file to save into - * @param i_iFormat - IGNORED - * - * @returns bool - success (true = successful) - */ -bool CCertificate::Save( const char * const i_pcFileName, - int i_iFormat ) -{ - return SaveX509CertTofile( m_pCertImpl, i_pcFileName ); -} - -/** - * Save - This OVERLOADED method saves the Cert into a buffer - * @param i_pcBuffer - buffer to save into - * @param i_BufferLength - length of buffer to save - * @param o_pActualLength - length of buffer saved - * @param i_iFormat - IGNORED - * - * @returns bool - success (true = successful) - */ -bool CCertificate::Save( unsigned char * const i_pcBuffer, - int i_iBufferLength, - int * const o_pActualLength, - int i_iFormat ) -{ - return SaveX509CertToBuffer( m_pCertImpl, - i_pcBuffer, - i_iBufferLength, - o_pActualLength ); -} - -/** - * Load - * This OVERLOADED method loads the Cert from a FILE - * @param i_pcFileName - name of file to load from - * @param i_iFormat - IGNORED - * - * @returns bool - success (true = successful) - */ - -bool CCertificate::Load( const char * const i_pcFileName, - int i_iFormat ) -{ - return LoadX509CertFromFile( m_pCertImpl, i_pcFileName ); -} - -/** - * Load - * This OVERLOADED method loads the Cert from a buffer - * @param i_pcBuffer - buffer to load from - * @param i_iLength - amount to load from buffer - * @param i_iFormat - IGNORED - * - * @returns bool - success (true = successful) - */ -bool CCertificate::Load( unsigned char * const i_pcBuffer, - int i_iLength, - int i_iFormat ) -{ - return LoadX509CertFromBuffer( m_pCertImpl, i_pcBuffer, i_iLength ); -} - -/** - * Dump - * dump the readable format to standard output - * @returns bool - success (true = successful) - */ -bool CCertificate::Dump() -{ - return PrintX509Cert( m_pCertImpl ); -} - -#ifdef KMSUSERPKCS12 -bool -CCertificate::LoadPKCS12CertAndKey( - char *filename, - int i_iFormat, - CPrivateKey *i_pPrivateKey, - char *i_pPassphrase) -{ - BIO *pFileBio= NULL; - X509 *pRequest =NULL; - - pFileBio = BIO_new(BIO_s_file()); - if (pFileBio == NULL) - return false; - if (!BIO_read_filename(pFileBio, filename)) { - BIO_free(pFileBio); - return (false); - } - - switch( i_iFormat ) { - case FILE_FORMAT_DER: - - pRequest=d2i_X509_bio(pFileBio, NULL); - if (pRequest == NULL) { - // fixme: log: invalid certificate format - return false; - } - break; - - case FILE_FORMAT_PEM: - - pRequest=PEM_read_bio_X509(pFileBio, NULL, NULL, NULL); - if (pRequest == NULL) { - // fixme: log: invalid certificate format - return false; - } - break; - - case FILE_FORMAT_PKCS12: - PKCS12* pPKCS12Request = d2i_PKCS12_bio(pFileBio, NULL); - if (pPKCS12Request == NULL) { - // fixme: log: invalid certificate format - return false; - } - - // convert PKCS12 to X509 - EVP_PKEY *pKeyTemp = NULL; - if (!PKCS12_parse(pPKCS12Request, i_pPassphrase, - &pKeyTemp, &pRequest, NULL)) { - // fixme: log: invalid certificate format or passphrase - PKCS12_free(pPKCS12Request); - return false; - } - - if (pKeyTemp && i_pPrivateKey) { - i_pPrivateKey->SetNative((void *)pKeyTemp); - } else if (pKeyTemp) - EVP_PKEY_free(pKeyTemp); - - PKCS12_free(pPKCS12Request); - break; - } - if (pRequest != NULL) { - SetCert(m_pCertImpl, (void *)pRequest); - } - - return (true); -} - -void * -CCertificate::SaveCertToPKCS12MemoryBIO( - CPrivateKey* i_pPrivateKey, - char *i_sPassphrase) -{ - BIO *pMemBio = NULL; - int iReturn; - - // create memory BIO - pMemBio = BIO_new(BIO_s_mem()); - - if(pMemBio == NULL) - { - //fixme: log -- no memory - return NULL; - } - - PKCS12 *p12 = PKCS12_create(i_sPassphrase, - NULL, - (EVP_PKEY *)i_pPrivateKey->GetNative(), - (X509 *)GetCert(m_pCertImpl), - NULL, - 0, - 0, - 0, - 0, - 0); - if ( ! p12 ) - { - return NULL; - } - - // now pMemBIO != NULL, remember to free it before exiting - iReturn = i2d_PKCS12_bio(pMemBio, p12); - - if(!iReturn) // return 0: means error occurs - { - //fixme: log -- could not export private key - BIO_free(pMemBio); - return NULL; - } - - return (void *)pMemBio; -} - -bool -CCertificate::SavePKCS12( - unsigned char *i_pcBuffer, - int i_iBufferLength, - int *o_pActualLength, - CPrivateKey* i_pPrivateKey, - char* i_sPassphrase ) -{ - BIO *pMemBio = NULL; - char *pData = NULL; - int iLength; - - // sanity check - if(i_pcBuffer == NULL) return false; - if(i_iBufferLength <= 0) return false; - if(o_pActualLength == NULL) return false; - - // create memory BIO - pMemBio = (BIO *)SaveCertToPKCS12MemoryBIO(i_pPrivateKey, i_sPassphrase); - - if(pMemBio == NULL) - { - //fixme: log -- no memory - return false; - } - - iLength = BIO_get_mem_data(pMemBio, &pData); - - // If the output buffer is a string, it needs to be NULL terminated - // So always append a NULL to the output - if(iLength + 1 > i_iBufferLength) - { - //fixme: log -- buffer too small - BIO_free(pMemBio); - return false; - } - // copy the data to given buffer - memcpy(i_pcBuffer, pData, iLength); - // NULL terminate the string - i_pcBuffer[iLength] = '\0'; - *o_pActualLength = iLength; - - // free memory - BIO_free(pMemBio); - - return true; -} -#endif /* PKCS12 */ |