diff options
Diffstat (limited to 'usr/src/cmd/svr4pkg/pkgadm/certs.c')
| -rw-r--r-- | usr/src/cmd/svr4pkg/pkgadm/certs.c | 239 |
1 files changed, 0 insertions, 239 deletions
diff --git a/usr/src/cmd/svr4pkg/pkgadm/certs.c b/usr/src/cmd/svr4pkg/pkgadm/certs.c deleted file mode 100644 index c7c8f045ae..0000000000 --- a/usr/src/cmd/svr4pkg/pkgadm/certs.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - - -#include <stdio.h> -#include <limits.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <pkglocs.h> -#include <locale.h> -#include <libintl.h> -#include <signal.h> -#include <sys/stat.h> -#include <sys/statvfs.h> -#include <sys/types.h> -#include <fcntl.h> -#include <libintl.h> -#include <dirent.h> -#include <openssl/err.h> -#include <openssl/pkcs7.h> -#include <openssl/pkcs12.h> -#include <openssl/x509.h> -#include <openssl/pem.h> -#include <openssl/x509v3.h> - -#include <pkglib.h> -#include <p12lib.h> -#include <install.h> -#include <libadm.h> -#include <libinst.h> -#include "pkgadm.h" -#include "pkgadm_msgs.h" - - -/* - * Function: load_cert_and_key - * Description: Loads a public key certificate and associated private key - * from a stream. - * Parameters: err - Where to write errors to for underlying library calls - * incert - File to read certs and keys from - * format - The format of the file - * passarg - How to collect password if needed to decrypt file - * key - Location to store resulting key if found - * cert - Location to store resulting cert if found. - * - * Returns: f one or more certificates are found in the file, - * and one or more keys are found, then the first - * certificate is used, and the keys are searched for a - * match. If no key matches the cert, then only the cert - * is returned. If no certs are found, but one or more - * keys are found, then the first key is returned. - */ -int -load_cert_and_key(PKG_ERR *err, FILE *incert, - keystore_encoding_format_t format, char *passarg, EVP_PKEY **key, - X509 **cert) -{ - X509 *tmpcert = NULL; - EVP_PKEY *tmpkey = NULL; - STACK_OF(EVP_PKEY) *keys = NULL; - STACK_OF(X509) *certs = NULL; - int i, ret = 0; - keystore_passphrase_data data; - unsigned long crypto_err; - - if (key) *key = NULL; - if (cert) *cert = NULL; - - switch (format) { - case KEYSTORE_FORMAT_DER: - /* first try to load a DER cert, which cannot contain a key */ - if ((tmpcert = d2i_X509_fp(incert, NULL)) == NULL) { - log_msg(LOG_MSG_ERR, MSG_PARSE); - ret = 1; - } - break; - case KEYSTORE_FORMAT_PEM: - default: - data.err = err; - set_passphrase_passarg(passarg); - set_passphrase_prompt(gettext("Enter PEM passphrase:")); - if (sunw_PEM_contents(incert, pkg_passphrase_cb, - &data, &keys, &certs) < 0) { - /* print out openssl-generated PEM errors */ - while ((crypto_err = ERR_get_error()) != 0) { - log_msg(LOG_MSG_ERR, - ERR_reason_error_string(crypto_err)); - } - ret = 1; - goto cleanup; - } - - /* take the first cert in the file, if any */ - if (cert && (certs != NULL)) { - if (sk_X509_num(certs) != 1) { - log_msg(LOG_MSG_ERR, MSG_MULTIPLE_CERTS); - ret = 1; - goto cleanup; - } else { - tmpcert = sk_X509_value(certs, 0); - } - } - - if (key && (keys != NULL)) { - if (tmpcert != NULL) { - /* - * if we found a cert and some keys, - * only return the key that - * matches the cert - */ - for (i = 0; i < sk_EVP_PKEY_num(keys); i++) { - if (X509_check_private_key(tmpcert, - sk_EVP_PKEY_value(keys, i))) { - tmpkey = - sk_EVP_PKEY_value(keys, i); - break; - } - } - } else { - if (sk_EVP_PKEY_num(keys) > 0) { - tmpkey = sk_EVP_PKEY_value(keys, 0); - } - } - } - break; - } - - /* set results */ - if (key && tmpkey) { - *key = tmpkey; - tmpkey = NULL; - } - - if (cert && tmpcert) { - *cert = tmpcert; - tmpcert = NULL; - } - -cleanup: - if (tmpcert != NULL) { - X509_free(tmpcert); - } - if (tmpkey != NULL) { - sunw_evp_pkey_free(tmpkey); - } - return (ret); -} - -/* - * Function: load_all_certs - * Description: Loads alll certificates from a stream. - * Parameters: err - Where to write errors to for underlying library calls - * incert - File to read certs and keys from - * format - The format of the file - * passarg - How to collect password if needed to decrypt file - * certs - Location to store resulting cert if found. - * - * Returns: 0 - success, all certs placed in ''certs' - * non-zero failure, errors in 'err' - */ -int -load_all_certs(PKG_ERR *err, FILE *incert, - keystore_encoding_format_t format, char *passarg, STACK_OF(X509) **certs) -{ - X509 *tmpcert = NULL; - STACK_OF(X509) *tmpcerts = NULL; - int ret = 0; - keystore_passphrase_data data; - unsigned long crypto_err; - if (certs) *certs = NULL; - - switch (format) { - case KEYSTORE_FORMAT_DER: - /* first try to load a DER cert, which cannot contain a key */ - if ((tmpcert = d2i_X509_fp(incert, NULL)) == NULL) { - log_msg(LOG_MSG_ERR, MSG_PARSE); - ret = 1; - goto cleanup; - } - - if ((tmpcerts = sk_X509_new_null()) == NULL) { - log_msg(LOG_MSG_ERR, MSG_MEM); - ret = 1; - goto cleanup; - } - sk_X509_push(tmpcerts, tmpcert); - break; - case KEYSTORE_FORMAT_PEM: - default: - data.err = err; - set_passphrase_prompt(MSG_PEM_PASSPROMPT); - set_passphrase_passarg(passarg); - if (sunw_PEM_contents(incert, pkg_passphrase_cb, - &data, NULL, &tmpcerts) < 0) { - /* print out openssl-generated PEM errors */ - while ((crypto_err = ERR_get_error()) != 0) { - log_msg(LOG_MSG_ERR, - ERR_reason_error_string(crypto_err)); - } - } - break; - } - - /* set results */ - if (certs && tmpcerts) { - *certs = tmpcerts; - tmpcerts = NULL; - } - -cleanup: - if (tmpcerts != NULL) { - sk_X509_free(tmpcerts); - } - return (ret); -} |