13408Swyllys /*
23408Swyllys * CDDL HEADER START
33408Swyllys *
43408Swyllys * The contents of this file are subject to the terms of the
53408Swyllys * Common Development and Distribution License (the "License").
63408Swyllys * You may not use this file except in compliance with the License.
73408Swyllys *
83408Swyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
93408Swyllys * or http://www.opensolaris.org/os/licensing.
103408Swyllys * See the License for the specific language governing permissions
113408Swyllys * and limitations under the License.
123408Swyllys *
133408Swyllys * When distributing Covered Code, include this CDDL HEADER in each
143408Swyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
153408Swyllys * If applicable, add the following below this CDDL HEADER, with the
163408Swyllys * fields enclosed by brackets "[]" replaced with your own identifying
173408Swyllys * information: Portions Copyright [yyyy] [name of copyright owner]
183408Swyllys *
193408Swyllys * CDDL HEADER END
203408Swyllys */
213408Swyllys
223408Swyllys /*
233408Swyllys * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
243408Swyllys * Use is subject to license terms.
253408Swyllys */
263408Swyllys
273408Swyllys #pragma ident "%Z%%M% %I% %E% SMI"
283408Swyllys
293408Swyllys #include <stdio.h>
303408Swyllys #include <assert.h>
313408Swyllys #include <strings.h>
323408Swyllys
333408Swyllys #include <kmfapi.h>
343408Swyllys #include "kssladm.h"
353408Swyllys
363408Swyllys /*
373408Swyllys * Extract the Certificate and raw key data from a PKCS#12 file.
383408Swyllys * The password needed for decrypting the PKCS#12 PDU is stored
393408Swyllys * in plaintext in the given "password_file" parameter.
403408Swyllys */
413408Swyllys int
PKCS12_get_rsa_key_certs(KMF_HANDLE_T kmfh,const char * filename,const char * password_file,KMF_RAW_KEY_DATA ** rsa,KMF_X509_DER_CERT ** certs)42*5536Swyllys PKCS12_get_rsa_key_certs(KMF_HANDLE_T kmfh,
43*5536Swyllys const char *filename, const char *password_file,
44*5536Swyllys KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
453408Swyllys {
463408Swyllys char password_buf[1024];
473408Swyllys KMF_RETURN rv = KMF_OK;
483408Swyllys KMF_CREDENTIAL pk12cred;
49*5536Swyllys KMF_X509_DER_CERT *tcerts;
503408Swyllys KMF_RAW_KEY_DATA *keys;
513408Swyllys int ncerts, nkeys;
523408Swyllys char *err = NULL;
533408Swyllys
543408Swyllys tcerts = NULL;
553408Swyllys keys = NULL;
563408Swyllys ncerts = 0;
573408Swyllys nkeys = 0;
583408Swyllys
593408Swyllys if (get_passphrase(password_file, password_buf,
605051Swyllys sizeof (password_buf)) <= 0) {
613408Swyllys perror("Unable to read passphrase");
623408Swyllys goto done;
633408Swyllys }
643408Swyllys pk12cred.cred = password_buf;
653408Swyllys pk12cred.credlen = strlen(password_buf);
663408Swyllys
675051Swyllys rv = kmf_import_objects(kmfh, (char *)filename, &pk12cred, &tcerts,
685051Swyllys &ncerts, &keys, &nkeys);
693408Swyllys if (rv != KMF_OK) {
703408Swyllys REPORT_KMF_ERROR(rv, "Error importing PKCS12 data", err);
713408Swyllys }
723408Swyllys
733408Swyllys done:
743408Swyllys if (rv != KMF_OK) {
753408Swyllys int i;
763408Swyllys if (tcerts != NULL) {
773408Swyllys for (i = 0; i < ncerts; i++)
78*5536Swyllys kmf_free_kmf_cert(kmfh, &tcerts[i]);
793408Swyllys free(tcerts);
803408Swyllys }
813408Swyllys tcerts = NULL;
823408Swyllys ncerts = 0;
833408Swyllys if (keys != NULL) {
843408Swyllys for (i = 0; i < nkeys; i++)
855051Swyllys kmf_free_raw_key(&keys[i]);
863408Swyllys free(keys);
873408Swyllys }
883408Swyllys keys = NULL;
893408Swyllys }
903408Swyllys *certs = tcerts;
913408Swyllys *rsa = keys;
923408Swyllys
933408Swyllys return (ncerts);
943408Swyllys }
953408Swyllys
963408Swyllys /*
973408Swyllys * Parse a PEM file which should contain RSA private keys and
983408Swyllys * their associated X.509v3 certificates. More than 1 may
993408Swyllys * be present in the file.
1003408Swyllys */
1013408Swyllys int
PEM_get_rsa_key_certs(KMF_HANDLE_T kmfh,const char * filename,char * password_file,KMF_RAW_KEY_DATA ** rsa,KMF_X509_DER_CERT ** certs)102*5536Swyllys PEM_get_rsa_key_certs(KMF_HANDLE_T kmfh,
103*5536Swyllys const char *filename, char *password_file,
104*5536Swyllys KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs)
1053408Swyllys {
1063408Swyllys KMF_RETURN rv = KMF_OK;
1073408Swyllys KMF_CREDENTIAL creds;
108*5536Swyllys KMF_X509_DER_CERT *tcerts;
1093408Swyllys KMF_RAW_KEY_DATA *keys;
1103408Swyllys int ncerts, nkeys;
1113408Swyllys char *err = NULL;
1123408Swyllys char password_buf[1024];
1133408Swyllys
1143408Swyllys tcerts = NULL;
1153408Swyllys keys = NULL;
1163408Swyllys ncerts = 0;
1173408Swyllys nkeys = 0;
1183408Swyllys
1193408Swyllys if (get_passphrase(password_file, password_buf,
1205051Swyllys sizeof (password_buf)) <= 0) {
1213408Swyllys perror("Unable to read passphrase");
1223408Swyllys goto done;
1233408Swyllys }
1243408Swyllys creds.cred = password_buf;
1253408Swyllys creds.credlen = strlen(password_buf);
1263408Swyllys
1275051Swyllys rv = kmf_import_objects(kmfh, (char *)filename, &creds, &tcerts,
1285051Swyllys &ncerts, &keys, &nkeys);
1293408Swyllys if (rv != KMF_OK) {
1303408Swyllys REPORT_KMF_ERROR(rv, "Error importing key data", err);
1313408Swyllys }
1323408Swyllys
1333408Swyllys done:
1343408Swyllys if (rv != KMF_OK) {
1353408Swyllys int i;
1363408Swyllys if (tcerts != NULL) {
1373408Swyllys for (i = 0; i < ncerts; i++)
138*5536Swyllys kmf_free_kmf_cert(kmfh, &tcerts[i]);
1393408Swyllys free(tcerts);
1403408Swyllys }
1413408Swyllys tcerts = NULL;
1423408Swyllys ncerts = 0;
1433408Swyllys if (keys != NULL) {
1443408Swyllys for (i = 0; i < nkeys; i++)
1455051Swyllys kmf_free_raw_key(&keys[i]);
1463408Swyllys free(keys);
1473408Swyllys }
1483408Swyllys keys = NULL;
1493408Swyllys }
1503408Swyllys if (certs != NULL)
1513408Swyllys *certs = tcerts;
1523408Swyllys if (rsa != NULL)
1533408Swyllys *rsa = keys;
1543408Swyllys
1553408Swyllys return (ncerts);
1563408Swyllys }
157