xref: /onnv-gate/usr/src/lib/libkmsagent/common/KMSAgentPKICommon.cpp (revision 12720:3db6e0082404)
1*12720SWyllys.Ingersoll@Sun.COM /*
2*12720SWyllys.Ingersoll@Sun.COM  * CDDL HEADER START
3*12720SWyllys.Ingersoll@Sun.COM  *
4*12720SWyllys.Ingersoll@Sun.COM  * The contents of this file are subject to the terms of the
5*12720SWyllys.Ingersoll@Sun.COM  * Common Development and Distribution License (the "License").
6*12720SWyllys.Ingersoll@Sun.COM  * You may not use this file except in compliance with the License.
7*12720SWyllys.Ingersoll@Sun.COM  *
8*12720SWyllys.Ingersoll@Sun.COM  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*12720SWyllys.Ingersoll@Sun.COM  * or http://www.opensolaris.org/os/licensing.
10*12720SWyllys.Ingersoll@Sun.COM  * See the License for the specific language governing permissions
11*12720SWyllys.Ingersoll@Sun.COM  * and limitations under the License.
12*12720SWyllys.Ingersoll@Sun.COM  *
13*12720SWyllys.Ingersoll@Sun.COM  * When distributing Covered Code, include this CDDL HEADER in each
14*12720SWyllys.Ingersoll@Sun.COM  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*12720SWyllys.Ingersoll@Sun.COM  * If applicable, add the following below this CDDL HEADER, with the
16*12720SWyllys.Ingersoll@Sun.COM  * fields enclosed by brackets "[]" replaced with your own identifying
17*12720SWyllys.Ingersoll@Sun.COM  * information: Portions Copyright [yyyy] [name of copyright owner]
18*12720SWyllys.Ingersoll@Sun.COM  *
19*12720SWyllys.Ingersoll@Sun.COM  * CDDL HEADER END
20*12720SWyllys.Ingersoll@Sun.COM  */
21*12720SWyllys.Ingersoll@Sun.COM 
22*12720SWyllys.Ingersoll@Sun.COM /*
23*12720SWyllys.Ingersoll@Sun.COM  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24*12720SWyllys.Ingersoll@Sun.COM  */
25*12720SWyllys.Ingersoll@Sun.COM 
26*12720SWyllys.Ingersoll@Sun.COM /**
27*12720SWyllys.Ingersoll@Sun.COM  * \file KMSAgentPKICommon.cpp
28*12720SWyllys.Ingersoll@Sun.COM  */
29*12720SWyllys.Ingersoll@Sun.COM #include <stdio.h>
30*12720SWyllys.Ingersoll@Sun.COM 
31*12720SWyllys.Ingersoll@Sun.COM #include "SYSCommon.h"
32*12720SWyllys.Ingersoll@Sun.COM #include "KMSAgentPKICommon.h"
33*12720SWyllys.Ingersoll@Sun.COM #include "KMSAgentStringUtilities.h"
34*12720SWyllys.Ingersoll@Sun.COM 
35*12720SWyllys.Ingersoll@Sun.COM #include "KMSAgent_direct.h"
36*12720SWyllys.Ingersoll@Sun.COM 
37*12720SWyllys.Ingersoll@Sun.COM 
38*12720SWyllys.Ingersoll@Sun.COM //////////////////////////////////////////////////////////////////////
39*12720SWyllys.Ingersoll@Sun.COM // Construction/Destruction
40*12720SWyllys.Ingersoll@Sun.COM //////////////////////////////////////////////////////////////////////
41*12720SWyllys.Ingersoll@Sun.COM 
CPKI()42*12720SWyllys.Ingersoll@Sun.COM CPKI::CPKI()
43*12720SWyllys.Ingersoll@Sun.COM {
44*12720SWyllys.Ingersoll@Sun.COM    m_iKeyLength = DEFAULT_KEY_SIZE;
45*12720SWyllys.Ingersoll@Sun.COM 
46*12720SWyllys.Ingersoll@Sun.COM    // used for CA
47*12720SWyllys.Ingersoll@Sun.COM    m_pCACertificate = NULL;
48*12720SWyllys.Ingersoll@Sun.COM    m_pCAPrivateKey = NULL;
49*12720SWyllys.Ingersoll@Sun.COM }
50*12720SWyllys.Ingersoll@Sun.COM 
51*12720SWyllys.Ingersoll@Sun.COM // BEN - make these
52*12720SWyllys.Ingersoll@Sun.COM // global lengths
53*12720SWyllys.Ingersoll@Sun.COM int iLength1 = 0;
54*12720SWyllys.Ingersoll@Sun.COM int iLength2 = 0;
55*12720SWyllys.Ingersoll@Sun.COM 
56*12720SWyllys.Ingersoll@Sun.COM // THIS CAN'T BE STACK DATA - TOO BIG
57*12720SWyllys.Ingersoll@Sun.COM static unsigned char aTempBuffer[MAX_CERT_SIZE + MAX_KEY_SIZE];
58*12720SWyllys.Ingersoll@Sun.COM #ifdef METAWARE
59*12720SWyllys.Ingersoll@Sun.COM static char aNotherTempBuffer[50];
60*12720SWyllys.Ingersoll@Sun.COM #endif
61*12720SWyllys.Ingersoll@Sun.COM 
62*12720SWyllys.Ingersoll@Sun.COM // used by StoreAgentPKI - KMSAgentStorage.cpp
63*12720SWyllys.Ingersoll@Sun.COM 
ExportCertAndKeyToFile(CCertificate * const i_pCertificate,CPrivateKey * const i_pPrivateKey,const char * const i_pcFileName,const char * const i_sPassphrase,EnumPKIFileFormat i_eFileFormat)64*12720SWyllys.Ingersoll@Sun.COM bool CPKI::ExportCertAndKeyToFile(
65*12720SWyllys.Ingersoll@Sun.COM    CCertificate* const         i_pCertificate,
66*12720SWyllys.Ingersoll@Sun.COM    CPrivateKey*  const         i_pPrivateKey,
67*12720SWyllys.Ingersoll@Sun.COM    const char* const           i_pcFileName,
68*12720SWyllys.Ingersoll@Sun.COM    const char* const           i_sPassphrase,
69*12720SWyllys.Ingersoll@Sun.COM    EnumPKIFileFormat           i_eFileFormat )
70*12720SWyllys.Ingersoll@Sun.COM {
71*12720SWyllys.Ingersoll@Sun.COM    FATAL_ASSERT( i_pCertificate && i_pPrivateKey && i_pcFileName );
72*12720SWyllys.Ingersoll@Sun.COM 
73*12720SWyllys.Ingersoll@Sun.COM 
74*12720SWyllys.Ingersoll@Sun.COM    memset( aTempBuffer, 0, MAX_CERT_SIZE + MAX_KEY_SIZE );
75*12720SWyllys.Ingersoll@Sun.COM 
76*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12
77*12720SWyllys.Ingersoll@Sun.COM     if ( i_eFileFormat == FILE_FORMAT_PKCS12 )
78*12720SWyllys.Ingersoll@Sun.COM     {
79*12720SWyllys.Ingersoll@Sun.COM         if ( !i_pCertificate->SavePKCS12(aTempBuffer,
80*12720SWyllys.Ingersoll@Sun.COM                                 MAX_CERT_SIZE,
81*12720SWyllys.Ingersoll@Sun.COM                                 &iLength1,
82*12720SWyllys.Ingersoll@Sun.COM                                 i_pPrivateKey,
83*12720SWyllys.Ingersoll@Sun.COM                                 (char*)i_sPassphrase ) )
84*12720SWyllys.Ingersoll@Sun.COM         {
85*12720SWyllys.Ingersoll@Sun.COM             return false;
86*12720SWyllys.Ingersoll@Sun.COM         }
87*12720SWyllys.Ingersoll@Sun.COM     } else {
88*12720SWyllys.Ingersoll@Sun.COM #endif
89*12720SWyllys.Ingersoll@Sun.COM 
90*12720SWyllys.Ingersoll@Sun.COM    // Overloaded Save method implemented in KMSAgentPKICert.cpp
91*12720SWyllys.Ingersoll@Sun.COM    // this method saves Certificate to the temporary buffer, not a file
92*12720SWyllys.Ingersoll@Sun.COM    // but a side effect is to get the actual file length
93*12720SWyllys.Ingersoll@Sun.COM    if ( !i_pCertificate->Save(aTempBuffer,
94*12720SWyllys.Ingersoll@Sun.COM                               MAX_CERT_SIZE,
95*12720SWyllys.Ingersoll@Sun.COM                               &iLength1,          /* returned - actual length
96*12720SWyllys.Ingersoll@Sun.COM                                                      written */
97*12720SWyllys.Ingersoll@Sun.COM                               i_eFileFormat) )
98*12720SWyllys.Ingersoll@Sun.COM    {
99*12720SWyllys.Ingersoll@Sun.COM       return false;
100*12720SWyllys.Ingersoll@Sun.COM    }
101*12720SWyllys.Ingersoll@Sun.COM 
102*12720SWyllys.Ingersoll@Sun.COM    // Overloaded Save method implemented in KMSAgentPKIKey.cpp
103*12720SWyllys.Ingersoll@Sun.COM    // this method saves keys to the temporary buffer, not a file,
104*12720SWyllys.Ingersoll@Sun.COM    // but a side effect is to get the actual file length
105*12720SWyllys.Ingersoll@Sun.COM    if ( !i_pPrivateKey->Save(aTempBuffer + iLength1,
106*12720SWyllys.Ingersoll@Sun.COM                              MAX_KEY_SIZE,
107*12720SWyllys.Ingersoll@Sun.COM                              &iLength2,          /* returned - actual length
108*12720SWyllys.Ingersoll@Sun.COM                                                     written */
109*12720SWyllys.Ingersoll@Sun.COM                              i_sPassphrase,
110*12720SWyllys.Ingersoll@Sun.COM                              i_eFileFormat) )
111*12720SWyllys.Ingersoll@Sun.COM    {
112*12720SWyllys.Ingersoll@Sun.COM       return false;
113*12720SWyllys.Ingersoll@Sun.COM    }
114*12720SWyllys.Ingersoll@Sun.COM 
115*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12
116*12720SWyllys.Ingersoll@Sun.COM 	}
117*12720SWyllys.Ingersoll@Sun.COM #endif
118*12720SWyllys.Ingersoll@Sun.COM 
119*12720SWyllys.Ingersoll@Sun.COM    // now write the temporary buffer to a file
120*12720SWyllys.Ingersoll@Sun.COM    myFILE* pFile = fopen( i_pcFileName, "wb" );
121*12720SWyllys.Ingersoll@Sun.COM    if ( pFile == NULL )
122*12720SWyllys.Ingersoll@Sun.COM    {
123*12720SWyllys.Ingersoll@Sun.COM       return false;
124*12720SWyllys.Ingersoll@Sun.COM    }
125*12720SWyllys.Ingersoll@Sun.COM 
126*12720SWyllys.Ingersoll@Sun.COM #ifdef KMSUSERPKCS12
127*12720SWyllys.Ingersoll@Sun.COM #ifdef K_SOLARIS_PLATFORM
128*12720SWyllys.Ingersoll@Sun.COM 	int fd = fileno(pFile);
129*12720SWyllys.Ingersoll@Sun.COM 
130*12720SWyllys.Ingersoll@Sun.COM 	/* Make sure this file is read/write for the OWNER only! */
131*12720SWyllys.Ingersoll@Sun.COM 	(void) fchmod(fd, 0600);
132*12720SWyllys.Ingersoll@Sun.COM #endif
133*12720SWyllys.Ingersoll@Sun.COM #endif
134*12720SWyllys.Ingersoll@Sun.COM 
135*12720SWyllys.Ingersoll@Sun.COM #ifdef METAWARE
136*12720SWyllys.Ingersoll@Sun.COM    // write out the two file lengths
137*12720SWyllys.Ingersoll@Sun.COM    snprintf(aNotherTempBuffer, sizeof(aNotherTempBuffer), "iLength1=%x\n", iLength1);
138*12720SWyllys.Ingersoll@Sun.COM    fputs((const char*)aNotherTempBuffer, pFile);
139*12720SWyllys.Ingersoll@Sun.COM 
140*12720SWyllys.Ingersoll@Sun.COM    snprintf(aNotherTempBuffer, sizeof(aNotherTempBuffer), "iLength2=%x\n", iLength2);
141*12720SWyllys.Ingersoll@Sun.COM    fputs((const char*)aNotherTempBuffer, pFile);
142*12720SWyllys.Ingersoll@Sun.COM #endif
143*12720SWyllys.Ingersoll@Sun.COM 
144*12720SWyllys.Ingersoll@Sun.COM    int iBytesWritten = fwrite( (const char*)aTempBuffer,  // from
145*12720SWyllys.Ingersoll@Sun.COM                                1,                         // size
146*12720SWyllys.Ingersoll@Sun.COM                                iLength1+iLength2,         // actual file length
147*12720SWyllys.Ingersoll@Sun.COM                                pFile );                   // to-file
148*12720SWyllys.Ingersoll@Sun.COM 
149*12720SWyllys.Ingersoll@Sun.COM    fclose( pFile );
150*12720SWyllys.Ingersoll@Sun.COM 
151*12720SWyllys.Ingersoll@Sun.COM    return ( iBytesWritten == (iLength1+iLength2) );
152*12720SWyllys.Ingersoll@Sun.COM }
153*12720SWyllys.Ingersoll@Sun.COM 
154*12720SWyllys.Ingersoll@Sun.COM 
~CPKI()155*12720SWyllys.Ingersoll@Sun.COM CPKI::~CPKI()
156*12720SWyllys.Ingersoll@Sun.COM {
157*12720SWyllys.Ingersoll@Sun.COM    // empty
158*12720SWyllys.Ingersoll@Sun.COM }
159*12720SWyllys.Ingersoll@Sun.COM 
160