summaryrefslogtreecommitdiff
path: root/usr/src/cmd/cmd-crypto/pktool/export.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/cmd/cmd-crypto/pktool/export.c')
-rw-r--r--usr/src/cmd/cmd-crypto/pktool/export.c672
1 files changed, 512 insertions, 160 deletions
diff --git a/usr/src/cmd/cmd-crypto/pktool/export.c b/usr/src/cmd/cmd-crypto/pktool/export.c
index 9170a00468..1d3b36e703 100644
--- a/usr/src/cmd/cmd-crypto/pktool/export.c
+++ b/usr/src/cmd/cmd-crypto/pktool/export.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*
*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -44,31 +44,40 @@
#include <kmfapi.h>
static KMF_RETURN
-pk_find_export_cert(KMF_HANDLE_T kmfhandle, KMF_FINDCERT_PARAMS *parms,
- KMF_X509_DER_CERT *cert)
+pk_find_export_cert(KMF_HANDLE_T kmfhandle, KMF_ATTRIBUTE *attrlist,
+ int numattr, KMF_X509_DER_CERT *cert)
{
KMF_RETURN rv = KMF_OK;
uint32_t numcerts = 0;
numcerts = 0;
(void) memset(cert, 0, sizeof (KMF_X509_DER_CERT));
- rv = KMF_FindCert(kmfhandle, parms, NULL, &numcerts);
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
+ &numcerts, sizeof (uint32_t));
+ numattr++;
+
+ rv = kmf_find_cert(kmfhandle, numattr, attrlist);
if (rv != KMF_OK) {
return (rv);
}
if (numcerts == 0) {
cryptoerror(LOG_STDERR,
- gettext("No matching certificates found."));
+ gettext("No matching certificates found."));
return (KMF_ERR_CERT_NOT_FOUND);
} else if (numcerts == 1) {
- rv = KMF_FindCert(kmfhandle, parms, cert, &numcerts);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_X509_DER_CERT_ATTR, cert,
+ sizeof (KMF_X509_DER_CERT));
+ numattr++;
+ rv = kmf_find_cert(kmfhandle, numattr, attrlist);
} else if (numcerts > 1) {
cryptoerror(LOG_STDERR,
- gettext("%d certificates found, refine the "
- "search parameters to eliminate ambiguity\n"),
- numcerts);
+ gettext("%d certificates found, refine the "
+ "search parameters to eliminate ambiguity\n"),
+ numcerts);
return (KMF_ERR_BAD_PARAMETER);
}
return (rv);
@@ -77,36 +86,80 @@ pk_find_export_cert(KMF_HANDLE_T kmfhandle, KMF_FINDCERT_PARAMS *parms,
static KMF_RETURN
pk_export_file_objects(KMF_HANDLE_T kmfhandle, int oclass,
char *issuer, char *subject, KMF_BIGINT *serial,
- KMF_ENCODE_FORMAT ofmt,
char *dir, char *infile, char *filename)
{
KMF_RETURN rv = KMF_OK;
- KMF_STORECERT_PARAMS scparms;
KMF_X509_DER_CERT kmfcert;
+ KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL;
+ int numattr = 0;
+ KMF_ATTRIBUTE attrlist[16];
/* If searching for public objects or certificates, find certs now */
if (oclass & (PK_CERT_OBJ | PK_PUBLIC_OBJ)) {
- KMF_FINDCERT_PARAMS fcargs;
-
- (void) memset(&fcargs, 0, sizeof (fcargs));
- fcargs.kstype = KMF_KEYSTORE_OPENSSL;
- fcargs.certLabel = NULL;
- fcargs.issuer = issuer;
- fcargs.subject = subject;
- fcargs.serial = serial;
- fcargs.sslparms.dirpath = dir;
- fcargs.sslparms.certfile = infile;
- fcargs.sslparms.format = ofmt;
-
- rv = pk_find_export_cert(kmfhandle, &fcargs, &kmfcert);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype,
+ sizeof (kstype));
+ numattr++;
+
+ if (issuer != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_ISSUER_NAME_ATTR, issuer,
+ strlen(issuer));
+ numattr++;
+ }
+
+ if (subject != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_SUBJECT_NAME_ATTR, subject,
+ strlen(subject));
+ numattr++;
+ }
+
+ if (serial != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_BIGINT_ATTR, serial,
+ sizeof (KMF_BIGINT));
+ numattr++;
+ }
+
+ if (dir != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_DIRPATH_ATTR, dir,
+ strlen(dir));
+ numattr++;
+ }
+
+ if (infile != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_FILENAME_ATTR, infile,
+ strlen(infile));
+ numattr++;
+ }
+
+ rv = pk_find_export_cert(kmfhandle, attrlist, numattr,
+ &kmfcert);
if (rv == KMF_OK) {
- (void) memset(&scparms, 0, sizeof (scparms));
- scparms.kstype = KMF_KEYSTORE_OPENSSL;
- scparms.sslparms.certfile = filename;
- rv = KMF_StoreCert(kmfhandle, &scparms,
- &kmfcert.certificate);
+ kstype = KMF_KEYSTORE_OPENSSL;
+ numattr = 0;
- KMF_FreeKMFCert(kmfhandle, &kmfcert);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_DATA_ATTR, &kmfcert.certificate,
+ sizeof (KMF_DATA));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_FILENAME_ATTR, filename,
+ strlen(filename));
+ numattr++;
+
+ rv = kmf_store_cert(kmfhandle, numattr,
+ attrlist);
+
+ kmf_free_kmf_cert(kmfhandle, &kmfcert);
}
}
return (rv);
@@ -120,31 +173,70 @@ pk_export_pk12_nss(KMF_HANDLE_T kmfhandle,
char *filename)
{
KMF_RETURN rv = KMF_OK;
- KMF_EXPORTP12_PARAMS p12parms;
+ KMF_KEYSTORE_TYPE kstype;
+ KMF_CREDENTIAL p12cred = { NULL, 0};
+ KMF_ATTRIBUTE attrlist[16];
+ int numattr = 0;
rv = configure_nss(kmfhandle, dir, prefix);
if (rv != KMF_OK)
return (rv);
- (void) memset(&p12parms, 0, sizeof (p12parms));
if (token_spec == NULL)
token_spec = DEFAULT_NSS_TOKEN;
- p12parms.kstype = KMF_KEYSTORE_NSS;
- p12parms.certLabel = certlabel;
- p12parms.issuer = issuer;
- p12parms.subject = subject;
- p12parms.serial = serial;
- p12parms.idstr = NULL;
- if (tokencred != NULL)
- p12parms.cred = *tokencred;
- p12parms.nssparms.slotlabel = token_spec;
+ kstype = KMF_KEYSTORE_NSS;
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
+ numattr++;
+
+ if (certlabel != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_LABEL_ATTR, certlabel, strlen(certlabel));
+ numattr++;
+ }
+
+ if (issuer != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_ISSUER_NAME_ATTR, issuer, strlen(issuer));
+ numattr++;
+ }
+
+ if (subject != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_SUBJECT_NAME_ATTR, subject, strlen(subject));
+ numattr++;
+ }
- (void) get_pk12_password(&p12parms.p12cred);
+ if (serial != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_BIGINT_ATTR, serial, sizeof (KMF_BIGINT));
+ numattr++;
+ }
- rv = KMF_ExportPK12(kmfhandle, &p12parms, filename);
- if (p12parms.p12cred.cred)
- free(p12parms.p12cred.cred);
+ if (tokencred != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CREDENTIAL_ATTR, tokencred, sizeof (KMF_CREDENTIAL));
+ numattr++;
+ }
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_TOKEN_LABEL_ATTR,
+ token_spec, strlen(token_spec));
+ numattr++;
+
+ (void) get_pk12_password(&p12cred);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
+ numattr++;
+
+ rv = kmf_export_pk12(kmfhandle, numattr, attrlist);
+
+ if (p12cred.cred)
+ free(p12cred.cred);
return (rv);
}
@@ -155,26 +247,47 @@ pk_export_pk12_files(KMF_HANDLE_T kmfhandle,
char *outfile)
{
KMF_RETURN rv;
- KMF_EXPORTP12_PARAMS p12parms;
+ KMF_KEYSTORE_TYPE kstype;
+ KMF_CREDENTIAL p12cred = { NULL, 0};
+ KMF_ATTRIBUTE attrlist[16];
+ int numattr = 0;
+
+ kstype = KMF_KEYSTORE_OPENSSL;
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
+ numattr++;
+
+ if (dir != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_DIRPATH_ATTR, dir, strlen(dir));
+ numattr++;
+ }
- (void) memset(&p12parms, 0, sizeof (p12parms));
+ if (certfile != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_FILENAME_ATTR, certfile, strlen(certfile));
+ numattr++;
+ }
+
+ if (keyfile != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEY_FILENAME_ATTR, keyfile, strlen(keyfile));
+ numattr++;
+ }
- p12parms.kstype = KMF_KEYSTORE_OPENSSL;
- p12parms.certLabel = NULL;
- p12parms.issuer = NULL;
- p12parms.subject = NULL;
- p12parms.serial = 0;
- p12parms.idstr = NULL;
- p12parms.sslparms.dirpath = dir;
- p12parms.sslparms.certfile = certfile;
- p12parms.sslparms.keyfile = keyfile;
+ (void) get_pk12_password(&p12cred);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
+ numattr++;
- (void) get_pk12_password(&p12parms.p12cred);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_OUTPUT_FILENAME_ATTR, outfile, strlen(outfile));
+ numattr++;
- rv = KMF_ExportPK12(kmfhandle, &p12parms, outfile);
+ rv = kmf_export_pk12(kmfhandle, numattr, attrlist);
- if (p12parms.p12cred.cred)
- free(p12parms.p12cred.cred);
+ if (p12cred.cred)
+ free(p12cred.cred);
return (rv);
}
@@ -186,8 +299,10 @@ pk_export_nss_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
char *prefix, char *filename)
{
KMF_RETURN rv = KMF_OK;
- KMF_STORECERT_PARAMS scparms;
KMF_X509_DER_CERT kmfcert;
+ KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
+ KMF_ATTRIBUTE attrlist[16];
+ int numattr = 0;
rv = configure_nss(kmfhandle, dir, prefix);
if (rv != KMF_OK)
@@ -195,27 +310,73 @@ pk_export_nss_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
/* If searching for public objects or certificates, find certs now */
if (oclass & (PK_CERT_OBJ | PK_PUBLIC_OBJ)) {
- KMF_FINDCERT_PARAMS fcargs;
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype,
+ sizeof (kstype));
+ numattr++;
+
+ if (certlabel != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_LABEL_ATTR, certlabel,
+ strlen(certlabel));
+ numattr++;
+ }
- (void) memset(&fcargs, 0, sizeof (fcargs));
- fcargs.kstype = KMF_KEYSTORE_NSS;
- fcargs.certLabel = certlabel;
- fcargs.issuer = issuer;
- fcargs.subject = subject;
- fcargs.serial = serial;
- fcargs.nssparms.slotlabel = token_spec;
+ if (issuer != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_ISSUER_NAME_ATTR, issuer,
+ strlen(issuer));
+ numattr++;
+ }
- rv = pk_find_export_cert(kmfhandle, &fcargs, &kmfcert);
+ if (subject != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_SUBJECT_NAME_ATTR, subject,
+ strlen(subject));
+ numattr++;
+ }
+
+ if (serial != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_BIGINT_ATTR, serial,
+ sizeof (KMF_BIGINT));
+ numattr++;
+ }
+
+ if (token_spec != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_TOKEN_LABEL_ATTR, token_spec,
+ strlen(token_spec));
+ numattr++;
+ }
+
+ rv = pk_find_export_cert(kmfhandle, attrlist, numattr,
+ &kmfcert);
if (rv == KMF_OK) {
- (void) memset(&scparms, 0, sizeof (scparms));
- scparms.kstype = KMF_KEYSTORE_OPENSSL;
- scparms.sslparms.certfile = filename;
- scparms.sslparms.format = kfmt;
+ kstype = KMF_KEYSTORE_OPENSSL;
+ numattr = 0;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
+ numattr++;
- rv = KMF_StoreCert(kmfhandle, &scparms,
- &kmfcert.certificate);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_DATA_ATTR, &kmfcert.certificate,
+ sizeof (KMF_DATA));
+ numattr++;
- KMF_FreeKMFCert(kmfhandle, &kmfcert);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_FILENAME_ATTR, filename,
+ strlen(filename));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_ENCODE_FORMAT_ATTR, &kfmt, sizeof (kfmt));
+ numattr++;
+
+ rv = kmf_store_cert(kmfhandle, numattr, attrlist);
+
+ kmf_free_kmf_cert(kmfhandle, &kmfcert);
}
}
return (rv);
@@ -227,29 +388,179 @@ pk_export_pk12_pk11(KMF_HANDLE_T kmfhandle, char *token_spec,
KMF_BIGINT *serial, KMF_CREDENTIAL *tokencred, char *filename)
{
KMF_RETURN rv = KMF_OK;
- KMF_EXPORTP12_PARAMS p12parms;
+ KMF_KEYSTORE_TYPE kstype;
+ KMF_CREDENTIAL p12cred = { NULL, 0};
+ KMF_ATTRIBUTE attrlist[16];
+ int numattr = 0;
rv = select_token(kmfhandle, token_spec, TRUE);
if (rv != KMF_OK) {
return (rv);
}
- (void) memset(&p12parms, 0, sizeof (p12parms));
+ kstype = KMF_KEYSTORE_PK11TOKEN;
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
+ numattr++;
+
+ if (certlabel != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_LABEL_ATTR, certlabel, strlen(certlabel));
+ numattr++;
+ }
+
+ if (issuer != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_ISSUER_NAME_ATTR, issuer, strlen(issuer));
+ numattr++;
+ }
+
+ if (subject != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_SUBJECT_NAME_ATTR, subject, strlen(subject));
+ numattr++;
+ }
+
+ if (serial != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_BIGINT_ATTR, serial, sizeof (KMF_BIGINT));
+ numattr++;
+ }
+
+ if (tokencred != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CREDENTIAL_ATTR, tokencred, sizeof (KMF_CREDENTIAL));
+ numattr++;
+ }
+
+ (void) get_pk12_password(&p12cred);
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_PK12CRED_ATTR, &p12cred, sizeof (KMF_CREDENTIAL));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_OUTPUT_FILENAME_ATTR, filename, strlen(filename));
+ numattr++;
+
+ rv = kmf_export_pk12(kmfhandle, numattr, attrlist);
+
+ if (p12cred.cred)
+ free(p12cred.cred);
+
+ return (rv);
+}
+
+static KMF_RETURN
+pk_export_pk11_keys(KMF_HANDLE_T kmfhandle, char *token,
+ KMF_CREDENTIAL *cred, KMF_ENCODE_FORMAT format,
+ char *label, char *filename)
+{
+ KMF_RETURN rv = KMF_OK;
+ KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
+ int numattr = 0;
+ uint32_t numkeys = 1;
+ KMF_ATTRIBUTE attrlist[16];
+ KMF_KEY_HANDLE key;
+ KMF_KEY_CLASS keyclass = KMF_SYMMETRIC;
+ boolean_t is_token = B_TRUE;
+
+ if (EMPTYSTRING(label)) {
+ cryptoerror(LOG_STDERR, gettext("A label "
+ "must be specified to export a key."));
+ return (KMF_ERR_BAD_PARAMETER);
+ }
+
+ rv = select_token(kmfhandle, token, TRUE);
+ if (rv != KMF_OK) {
+ return (rv);
+ }
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
+ &kstype, sizeof (kstype));
+ numattr++;
+
+ if (cred != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr, KMF_CREDENTIAL_ATTR,
+ cred, sizeof (KMF_CREDENTIAL));
+ numattr++;
+ }
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_KEYLABEL_ATTR,
+ label, strlen(label));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_COUNT_ATTR,
+ &numkeys, sizeof (numkeys));
+ numattr++;
- p12parms.kstype = KMF_KEYSTORE_PK11TOKEN;
- p12parms.certLabel = certlabel;
- p12parms.issuer = issuer;
- p12parms.subject = subject;
- p12parms.serial = serial;
- p12parms.idstr = NULL;
- if (tokencred != NULL)
- p12parms.cred = *tokencred;
- (void) get_pk12_password(&p12parms.p12cred);
+ kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_HANDLE_ATTR,
+ &key, sizeof (key));
+ numattr++;
- rv = KMF_ExportPK12(kmfhandle, &p12parms, filename);
+ kmf_set_attr_at_index(attrlist, numattr, KMF_TOKEN_BOOL_ATTR,
+ &is_token, sizeof (is_token));
+ numattr++;
- if (p12parms.p12cred.cred)
- free(p12parms.p12cred.cred);
+ kmf_set_attr_at_index(attrlist, numattr, KMF_ENCODE_FORMAT_ATTR,
+ &format, sizeof (format));
+ numattr++;
+
+ rv = kmf_find_key(kmfhandle, numattr, attrlist);
+ if (rv == KMF_OK && key.keyclass == KMF_SYMMETRIC) {
+ KMF_RAW_SYM_KEY rkey;
+
+ (void) memset(&rkey, 0, sizeof (KMF_RAW_SYM_KEY));
+ rv = kmf_get_sym_key_value(kmfhandle, &key, &rkey);
+ if (rv == KMF_OK) {
+ int fd, n, total = 0;
+
+ fd = open(filename, O_CREAT | O_RDWR |O_TRUNC, 0600);
+ if (fd == -1) {
+ rv = KMF_ERR_OPEN_FILE;
+ goto done;
+ }
+ do {
+ n = write(fd, rkey.keydata.val + total,
+ rkey.keydata.len - total);
+ if (n < 0) {
+ if (errno == EINTR)
+ continue;
+ close(fd);
+ rv = KMF_ERR_WRITE_FILE;
+ goto done;
+ }
+ total += n;
+
+ } while (total < rkey.keydata.len);
+ close(fd);
+ }
+done:
+ kmf_free_bigint(&rkey.keydata);
+ kmf_free_kmf_key(kmfhandle, &key);
+ } else if (rv == KMF_OK) {
+ KMF_KEYSTORE_TYPE sslks = KMF_KEYSTORE_OPENSSL;
+ printf(gettext("Found %d asymmetric keys\n"), numkeys);
+
+ numattr = 0;
+ kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
+ &sslks, sizeof (sslks));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_RAW_KEY_ATTR,
+ key.keyp, sizeof (KMF_RAW_KEY_DATA));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_ENCODE_FORMAT_ATTR,
+ &format, sizeof (format));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr, KMF_KEY_FILENAME_ATTR,
+ filename, strlen(filename));
+ numattr++;
+
+ rv = kmf_store_key(kmfhandle, numattr, attrlist);
+ kmf_free_kmf_key(kmfhandle, &key);
+ }
return (rv);
}
@@ -261,9 +572,10 @@ pk_export_pk11_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
char *filename)
{
KMF_RETURN rv = KMF_OK;
- KMF_FINDCERT_PARAMS fcparms;
- KMF_STORECERT_PARAMS scparms;
KMF_X509_DER_CERT kmfcert;
+ KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
+ int numattr = 0;
+ KMF_ATTRIBUTE attrlist[16];
rv = select_token(kmfhandle, token_spec, TRUE);
@@ -271,25 +583,64 @@ pk_export_pk11_objects(KMF_HANDLE_T kmfhandle, char *token_spec,
return (rv);
}
- (void) memset(&fcparms, 0, sizeof (fcparms));
- fcparms.kstype = KMF_KEYSTORE_PK11TOKEN;
- fcparms.certLabel = certlabel;
- fcparms.issuer = issuer;
- fcparms.subject = subject;
- fcparms.serial = serial;
+ kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
+ &kstype, sizeof (kstype));
+ numattr++;
- rv = pk_find_export_cert(kmfhandle, &fcparms, &kmfcert);
+ if (certlabel != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_LABEL_ATTR, certlabel,
+ strlen(certlabel));
+ numattr++;
+ }
+
+ if (issuer != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_ISSUER_NAME_ATTR, issuer,
+ strlen(issuer));
+ numattr++;
+ }
+
+ if (subject != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_SUBJECT_NAME_ATTR, subject,
+ strlen(subject));
+ numattr++;
+ }
+
+ if (serial != NULL) {
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_BIGINT_ATTR, serial,
+ sizeof (KMF_BIGINT));
+ numattr++;
+ }
+
+ rv = pk_find_export_cert(kmfhandle, attrlist, numattr, &kmfcert);
if (rv == KMF_OK) {
- (void) memset(&scparms, 0, sizeof (scparms));
- scparms.kstype = KMF_KEYSTORE_OPENSSL;
- scparms.sslparms.certfile = filename;
- scparms.sslparms.format = kfmt;
+ kstype = KMF_KEYSTORE_OPENSSL;
+ numattr = 0;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_DATA_ATTR, &kmfcert.certificate,
+ sizeof (KMF_DATA));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_CERT_FILENAME_ATTR, filename, strlen(filename));
+ numattr++;
+
+ kmf_set_attr_at_index(attrlist, numattr,
+ KMF_ENCODE_FORMAT_ATTR, &kfmt, sizeof (kfmt));
+ numattr++;
- rv = KMF_StoreCert(kmfhandle, &scparms,
- &kmfcert.certificate);
+ rv = kmf_store_cert(kmfhandle, numattr, attrlist);
- KMF_FreeKMFCert(kmfhandle, &kmfcert);
+ kmf_free_kmf_cert(kmfhandle, &kmfcert);
}
return (rv);
}
@@ -324,13 +675,13 @@ pk_export(int argc, char *argv[])
/* Parse command line options. Do NOT i18n/l10n. */
while ((opt = getopt_av(argc, argv,
- "k:(keystore)y:(objtype)T:(token)"
- "d:(dir)p:(prefix)"
- "l:(label)n:(nickname)s:(subject)"
- "i:(issuer)S:(serial)"
- "K:(keyfile)c:(certfile)"
- "F:(outformat)"
- "I:(infile)o:(outfile)")) != EOF) {
+ "k:(keystore)y:(objtype)T:(token)"
+ "d:(dir)p:(prefix)"
+ "l:(label)n:(nickname)s:(subject)"
+ "i:(issuer)S:(serial)"
+ "K:(keyfile)c:(certfile)"
+ "F:(outformat)"
+ "I:(infile)o:(outfile)")) != EOF) {
if (EMPTYSTRING(optarg_av))
return (PK_ERR_USAGE);
switch (opt) {
@@ -416,7 +767,7 @@ pk_export(int argc, char *argv[])
/* Filename arg is required. */
if (EMPTYSTRING(filename)) {
cryptoerror(LOG_STDERR, gettext("You must specify "
- "an 'outfile' parameter when exporting.\n"));
+ "an 'outfile' parameter when exporting.\n"));
return (PK_ERR_USAGE);
}
@@ -428,10 +779,10 @@ pk_export(int argc, char *argv[])
/* if PUBLIC or PRIVATE obj was given, the old syntax was used. */
if ((oclass & (PK_PUBLIC_OBJ | PK_PRIVATE_OBJ)) &&
- kstype != KMF_KEYSTORE_PK11TOKEN) {
+ kstype != KMF_KEYSTORE_PK11TOKEN) {
(void) fprintf(stderr, gettext("The objtype parameter "
- "is only relevant if keystore=pkcs11\n"));
+ "is only relevant if keystore=pkcs11\n"));
return (PK_ERR_USAGE);
}
@@ -443,16 +794,16 @@ pk_export(int argc, char *argv[])
if (kstype == KMF_KEYSTORE_OPENSSL) {
if (kfmt != KMF_FORMAT_PKCS12) {
cryptoerror(LOG_STDERR, gettext("PKCS12 "
- "is the only export format "
- "supported for the 'file' "
- "keystore.\n"));
+ "is the only export format "
+ "supported for the 'file' "
+ "keystore.\n"));
return (PK_ERR_USAGE);
}
if (EMPTYSTRING(keyfile) || EMPTYSTRING(certfile)) {
cryptoerror(LOG_STDERR, gettext("A cert file"
- "and a key file must be specified "
- "when exporting to PKCS12 from the "
- "'file' keystore.\n"));
+ "and a key file must be specified "
+ "when exporting to PKCS12 from the "
+ "'file' keystore.\n"));
return (PK_ERR_USAGE);
}
}
@@ -460,8 +811,8 @@ pk_export(int argc, char *argv[])
/* Check if the file exists and might be overwritten. */
if (access(filename, F_OK) == 0) {
cryptoerror(LOG_STDERR,
- gettext("Warning: file \"%s\" exists, "
- "will be overwritten."), filename);
+ gettext("Warning: file \"%s\" exists, "
+ "will be overwritten."), filename);
if (yesno(gettext("Continue with export? "),
gettext("Respond with yes or no.\n"), B_FALSE) == B_FALSE) {
return (0);
@@ -470,7 +821,7 @@ pk_export(int argc, char *argv[])
rv = verify_file(filename);
if (rv != KMF_OK) {
cryptoerror(LOG_STDERR, gettext("The file (%s) "
- "cannot be created.\n"), filename);
+ "cannot be created.\n"), filename);
return (PK_ERR_USAGE);
}
}
@@ -479,11 +830,11 @@ pk_export(int argc, char *argv[])
uchar_t *bytes = NULL;
size_t bytelen;
- rv = KMF_HexString2Bytes((uchar_t *)serstr, &bytes, &bytelen);
+ rv = kmf_hexstr_to_bytes((uchar_t *)serstr, &bytes, &bytelen);
if (rv != KMF_OK || bytes == NULL) {
(void) fprintf(stderr, gettext("serial number "
- "must be specified as a hex number "
- "(ex: 0x0102030405ffeeddee)\n"));
+ "must be specified as a hex number "
+ "(ex: 0x0102030405ffeeddee)\n"));
return (PK_ERR_USAGE);
}
serial.val = bytes;
@@ -491,61 +842,62 @@ pk_export(int argc, char *argv[])
}
if ((kstype == KMF_KEYSTORE_PK11TOKEN ||
- kstype == KMF_KEYSTORE_NSS) &&
- (oclass & (PK_KEY_OBJ | PK_PRIVATE_OBJ) ||
- kfmt == KMF_FORMAT_PKCS12)) {
+ kstype == KMF_KEYSTORE_NSS) &&
+ (oclass & (PK_KEY_OBJ | PK_PRIVATE_OBJ) ||
+ kfmt == KMF_FORMAT_PKCS12)) {
(void) get_token_password(kstype, token_spec,
- &tokencred);
+ &tokencred);
}
- if ((rv = KMF_Initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
+ if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
cryptoerror(LOG_STDERR, gettext("Error initializing "
- "KMF: 0x%02x\n"), rv);
+ "KMF: 0x%02x\n"), rv);
return (rv);
}
switch (kstype) {
case KMF_KEYSTORE_PK11TOKEN:
if (kfmt == KMF_FORMAT_PKCS12)
- rv = pk_export_pk12_pk11(
- kmfhandle,
- token_spec,
- certlabel,
- issuer, subject,
- &serial, &tokencred,
- filename);
+ rv = pk_export_pk12_pk11(kmfhandle,
+ token_spec, certlabel,
+ issuer, subject,
+ &serial, &tokencred,
+ filename);
+ else if ((oclass & PK_KEY_OBJ) ||
+ kfmt == KMF_FORMAT_RAWKEY)
+ rv = pk_export_pk11_keys(kmfhandle,
+ token_spec, &tokencred, kfmt,
+ certlabel, filename);
else
rv = pk_export_pk11_objects(kmfhandle,
- token_spec,
- certlabel,
- issuer, subject,
- &serial, kfmt,
- filename);
+ token_spec, certlabel,
+ issuer, subject, &serial, kfmt,
+ filename);
break;
case KMF_KEYSTORE_NSS:
if (dir == NULL)
dir = PK_DEFAULT_DIRECTORY;
if (kfmt == KMF_FORMAT_PKCS12)
rv = pk_export_pk12_nss(kmfhandle,
- token_spec, dir, prefix,
- certlabel, issuer,
- subject, &serial,
- &tokencred, filename);
+ token_spec, dir, prefix,
+ certlabel, issuer,
+ subject, &serial,
+ &tokencred, filename);
else
rv = pk_export_nss_objects(kmfhandle,
- token_spec,
- oclass, certlabel, issuer, subject,
- &serial, kfmt, dir, prefix, filename);
+ token_spec,
+ oclass, certlabel, issuer, subject,
+ &serial, kfmt, dir, prefix, filename);
break;
case KMF_KEYSTORE_OPENSSL:
if (kfmt == KMF_FORMAT_PKCS12)
rv = pk_export_pk12_files(kmfhandle,
- certfile, keyfile, dir,
- filename);
+ certfile, keyfile, dir,
+ filename);
else
rv = pk_export_file_objects(kmfhandle, oclass,
- issuer, subject, &serial, kfmt,
- dir, infile, filename);
+ issuer, subject, &serial,
+ dir, infile, filename);
break;
default:
rv = PK_ERR_USAGE;
@@ -554,13 +906,13 @@ pk_export(int argc, char *argv[])
if (rv != KMF_OK) {
display_error(kmfhandle, rv,
- gettext("Error exporting objects"));
+ gettext("Error exporting objects"));
}
if (serial.val != NULL)
free(serial.val);
- (void) KMF_Finalize(kmfhandle);
+ (void) kmf_finalize(kmfhandle);
return (rv);
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 04:18:58 +0000