1*9781SMoriah.Waterland@Sun.COM /* 2*9781SMoriah.Waterland@Sun.COM * CDDL HEADER START 3*9781SMoriah.Waterland@Sun.COM * 4*9781SMoriah.Waterland@Sun.COM * The contents of this file are subject to the terms of the 5*9781SMoriah.Waterland@Sun.COM * Common Development and Distribution License (the "License"). 6*9781SMoriah.Waterland@Sun.COM * You may not use this file except in compliance with the License. 7*9781SMoriah.Waterland@Sun.COM * 8*9781SMoriah.Waterland@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*9781SMoriah.Waterland@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*9781SMoriah.Waterland@Sun.COM * See the License for the specific language governing permissions 11*9781SMoriah.Waterland@Sun.COM * and limitations under the License. 12*9781SMoriah.Waterland@Sun.COM * 13*9781SMoriah.Waterland@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*9781SMoriah.Waterland@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*9781SMoriah.Waterland@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*9781SMoriah.Waterland@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*9781SMoriah.Waterland@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*9781SMoriah.Waterland@Sun.COM * 19*9781SMoriah.Waterland@Sun.COM * CDDL HEADER END 20*9781SMoriah.Waterland@Sun.COM */ 21*9781SMoriah.Waterland@Sun.COM 22*9781SMoriah.Waterland@Sun.COM /* 23*9781SMoriah.Waterland@Sun.COM * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24*9781SMoriah.Waterland@Sun.COM * Use is subject to license terms. 25*9781SMoriah.Waterland@Sun.COM */ 26*9781SMoriah.Waterland@Sun.COM 27*9781SMoriah.Waterland@Sun.COM #ifndef _KEYSTORE_H 28*9781SMoriah.Waterland@Sun.COM #define _KEYSTORE_H 29*9781SMoriah.Waterland@Sun.COM 30*9781SMoriah.Waterland@Sun.COM 31*9781SMoriah.Waterland@Sun.COM /* 32*9781SMoriah.Waterland@Sun.COM * Module: keystore.h 33*9781SMoriah.Waterland@Sun.COM * Description: This module contains the structure definitions for processing 34*9781SMoriah.Waterland@Sun.COM * package keystore files. 35*9781SMoriah.Waterland@Sun.COM */ 36*9781SMoriah.Waterland@Sun.COM 37*9781SMoriah.Waterland@Sun.COM #ifdef __cplusplus 38*9781SMoriah.Waterland@Sun.COM extern "C" { 39*9781SMoriah.Waterland@Sun.COM #endif 40*9781SMoriah.Waterland@Sun.COM 41*9781SMoriah.Waterland@Sun.COM #include <openssl/evp.h> 42*9781SMoriah.Waterland@Sun.COM #include <openssl/x509.h> 43*9781SMoriah.Waterland@Sun.COM #include "pkgerr.h" 44*9781SMoriah.Waterland@Sun.COM 45*9781SMoriah.Waterland@Sun.COM /* keystore structures */ 46*9781SMoriah.Waterland@Sun.COM 47*9781SMoriah.Waterland@Sun.COM /* this opaque type represents a keystore */ 48*9781SMoriah.Waterland@Sun.COM typedef void *keystore_handle_t; 49*9781SMoriah.Waterland@Sun.COM 50*9781SMoriah.Waterland@Sun.COM /* flags passed to open_keystore */ 51*9781SMoriah.Waterland@Sun.COM 52*9781SMoriah.Waterland@Sun.COM /* opens keystore read-only. Attempts to modify results in an error */ 53*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_ACCESS_READONLY 0x00000001L 54*9781SMoriah.Waterland@Sun.COM 55*9781SMoriah.Waterland@Sun.COM /* opens keystore read-write */ 56*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_ACCESS_READWRITE 0x00000002L 57*9781SMoriah.Waterland@Sun.COM 58*9781SMoriah.Waterland@Sun.COM /* 59*9781SMoriah.Waterland@Sun.COM * tells open_keystore to fall back to app-generic paths in the case that 60*9781SMoriah.Waterland@Sun.COM * the app-specific paths do not exist. 61*9781SMoriah.Waterland@Sun.COM */ 62*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_PATH_SOFT 0x00000010L 63*9781SMoriah.Waterland@Sun.COM 64*9781SMoriah.Waterland@Sun.COM /* 65*9781SMoriah.Waterland@Sun.COM * tells open_keystore to use the app-specific paths no matter what, 66*9781SMoriah.Waterland@Sun.COM * failing if they cannot be used for any reason. 67*9781SMoriah.Waterland@Sun.COM */ 68*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_PATH_HARD 0x00000020L 69*9781SMoriah.Waterland@Sun.COM 70*9781SMoriah.Waterland@Sun.COM /* masks off various types of flags */ 71*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_ACCESS_MASK 0x0000000FL 72*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_PATH_MASK 0x000000F0L 73*9781SMoriah.Waterland@Sun.COM 74*9781SMoriah.Waterland@Sun.COM /* default is read-only, soft */ 75*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_DFLT_FLAGS \ 76*9781SMoriah.Waterland@Sun.COM (KEYSTORE_ACCESS_READONLY|KEYSTORE_PATH_SOFT) 77*9781SMoriah.Waterland@Sun.COM 78*9781SMoriah.Waterland@Sun.COM /* 79*9781SMoriah.Waterland@Sun.COM * possible encoding formats used by the library, used 80*9781SMoriah.Waterland@Sun.COM * by print_cert 81*9781SMoriah.Waterland@Sun.COM */ 82*9781SMoriah.Waterland@Sun.COM typedef enum { 83*9781SMoriah.Waterland@Sun.COM KEYSTORE_FORMAT_PEM, 84*9781SMoriah.Waterland@Sun.COM KEYSTORE_FORMAT_DER, 85*9781SMoriah.Waterland@Sun.COM KEYSTORE_FORMAT_TEXT 86*9781SMoriah.Waterland@Sun.COM } keystore_encoding_format_t; 87*9781SMoriah.Waterland@Sun.COM 88*9781SMoriah.Waterland@Sun.COM /* 89*9781SMoriah.Waterland@Sun.COM * structure passed back to password callback for determining how 90*9781SMoriah.Waterland@Sun.COM * to prompt for passphrase, and where to record errors 91*9781SMoriah.Waterland@Sun.COM */ 92*9781SMoriah.Waterland@Sun.COM typedef struct { 93*9781SMoriah.Waterland@Sun.COM PKG_ERR *err; 94*9781SMoriah.Waterland@Sun.COM } keystore_passphrase_data; 95*9781SMoriah.Waterland@Sun.COM 96*9781SMoriah.Waterland@Sun.COM 97*9781SMoriah.Waterland@Sun.COM /* max length of a passphrase. One could use a short story! */ 98*9781SMoriah.Waterland@Sun.COM #define KEYSTORE_PASS_MAX 1024 99*9781SMoriah.Waterland@Sun.COM 100*9781SMoriah.Waterland@Sun.COM /* callback for collecting passphrase when open_keystore() is called */ 101*9781SMoriah.Waterland@Sun.COM typedef int keystore_passphrase_cb(char *, int, int, void *); 102*9781SMoriah.Waterland@Sun.COM 103*9781SMoriah.Waterland@Sun.COM /* names of the individual files within the keystore path */ 104*9781SMoriah.Waterland@Sun.COM #define TRUSTSTORE "truststore" 105*9781SMoriah.Waterland@Sun.COM #define KEYSTORE "keystore" 106*9781SMoriah.Waterland@Sun.COM #define CERTSTORE "certstore" 107*9781SMoriah.Waterland@Sun.COM 108*9781SMoriah.Waterland@Sun.COM /* keystore.c */ 109*9781SMoriah.Waterland@Sun.COM extern int open_keystore(PKG_ERR *, char *, char *, 110*9781SMoriah.Waterland@Sun.COM keystore_passphrase_cb, long flags, keystore_handle_t *); 111*9781SMoriah.Waterland@Sun.COM 112*9781SMoriah.Waterland@Sun.COM extern int print_certs(PKG_ERR *, keystore_handle_t, char *, 113*9781SMoriah.Waterland@Sun.COM keystore_encoding_format_t, FILE *); 114*9781SMoriah.Waterland@Sun.COM 115*9781SMoriah.Waterland@Sun.COM extern int check_cert(PKG_ERR *, X509 *); 116*9781SMoriah.Waterland@Sun.COM 117*9781SMoriah.Waterland@Sun.COM extern int check_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *); 118*9781SMoriah.Waterland@Sun.COM 119*9781SMoriah.Waterland@Sun.COM extern int print_cert(PKG_ERR *, X509 *, 120*9781SMoriah.Waterland@Sun.COM keystore_encoding_format_t, char *, boolean_t, FILE *); 121*9781SMoriah.Waterland@Sun.COM 122*9781SMoriah.Waterland@Sun.COM extern int close_keystore(PKG_ERR *, keystore_handle_t, 123*9781SMoriah.Waterland@Sun.COM keystore_passphrase_cb); 124*9781SMoriah.Waterland@Sun.COM 125*9781SMoriah.Waterland@Sun.COM extern int merge_ca_cert(PKG_ERR *, X509 *, keystore_handle_t); 126*9781SMoriah.Waterland@Sun.COM extern int merge_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *, 127*9781SMoriah.Waterland@Sun.COM char *, keystore_handle_t); 128*9781SMoriah.Waterland@Sun.COM 129*9781SMoriah.Waterland@Sun.COM extern int delete_cert_and_keys(PKG_ERR *, keystore_handle_t, 130*9781SMoriah.Waterland@Sun.COM char *); 131*9781SMoriah.Waterland@Sun.COM 132*9781SMoriah.Waterland@Sun.COM extern int find_key_cert_pair(PKG_ERR *, keystore_handle_t, 133*9781SMoriah.Waterland@Sun.COM char *, EVP_PKEY **, X509 **); 134*9781SMoriah.Waterland@Sun.COM 135*9781SMoriah.Waterland@Sun.COM extern int find_ca_certs(PKG_ERR *, keystore_handle_t, 136*9781SMoriah.Waterland@Sun.COM STACK_OF(X509) **); 137*9781SMoriah.Waterland@Sun.COM 138*9781SMoriah.Waterland@Sun.COM extern int find_cl_certs(PKG_ERR *, keystore_handle_t, 139*9781SMoriah.Waterland@Sun.COM STACK_OF(X509) **); 140*9781SMoriah.Waterland@Sun.COM 141*9781SMoriah.Waterland@Sun.COM #ifdef __cplusplus 142*9781SMoriah.Waterland@Sun.COM } 143*9781SMoriah.Waterland@Sun.COM #endif 144*9781SMoriah.Waterland@Sun.COM 145*9781SMoriah.Waterland@Sun.COM #endif /* _KEYSTORE_H */ 146