7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <stdio.h>
30 #include <libintl.h>
31 #include <locale.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <sys/wanboot_impl.h>
35 #include <unistd.h>
36 #include <string.h>
37 #include <libinetutil.h>
38 #include <wanbootutil.h>
39
40 #include <openssl/crypto.h>
41 #include <openssl/buffer.h>
42 #include <openssl/bio.h>
43 #include <openssl/err.h>
44 #include <openssl/x509.h>
45 #include <openssl/x509v3.h>
46 #include <openssl/pkcs12.h>
47 #include <openssl/evp.h>
48 #include <p12aux.h>
245 (void) printf(gettext(" Subject: %s\n"),
246 bufp);
247 OPENSSL_free(bufp);
248 }
249
250 bufp = sunw_issuer_attrs(xcert_in, NULL, 0);
251 if (bufp != NULL) {
252 (void) printf(gettext(" Issuer: %s\n"), bufp);
253 OPENSSL_free(bufp);
254 }
255
256 (void) sunw_print_times(stdout, PRNT_BOTH, NULL,
257 xcert_in);
258 }
259
260 if (ta_in != NULL) {
261 X509 *x;
262 int i;
263
264 for (i = 0; i < sk_X509_num(ta_in); i++) {
265 /* LINTED */
266 x = sk_X509_value(ta_in, i);
267 (void) printf(
268 gettext("\nTrust Anchor cert %d:\n"), i);
269
270 /*
271 * sunw_subject_attrs() returns a pointer to
272 * memory allocated on our behalf. We get the
273 * same behavior from sunw_issuer_attrs().
274 */
275 bufp = sunw_subject_attrs(x, NULL, 0);
276 if (bufp != NULL) {
277 (void) printf(
278 gettext(" Subject: %s\n"), bufp);
279 OPENSSL_free(bufp);
280 }
281
282 bufp = sunw_issuer_attrs(x, NULL, 0);
283 if (bufp != NULL) {
284 (void) printf(
285 gettext(" Issuer: %s\n"), bufp);
359 {
360 X509 *curr;
361 time_errs_t ret;
362 int i;
363 int del_expired = (outfiles != 0);
364
365 if (c_in != NULL && *c_in != NULL) {
366 ret = time_check_print(*c_in);
367 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
368 del_expired) {
369 (void) fprintf(stderr, gettext(" Removing cert\n"));
370 X509_free(*c_in);
371 *c_in = NULL;
372 }
373 }
374
375 if (ta_in == NULL)
376 return;
377
378 for (i = 0; i < sk_X509_num(ta_in); ) {
379 /* LINTED */
380 curr = sk_X509_value(ta_in, i);
381 ret = time_check_print(curr);
382 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
383 del_expired) {
384 (void) fprintf(stderr, gettext(" Removing cert\n"));
385 /* LINTED */
386 curr = sk_X509_delete(ta_in, i);
387 X509_free(curr);
388 continue;
389 }
390 i++;
391 }
392 }
393
394 static time_errs_t
395 time_check_print(X509 *cert)
396 {
397 char buf[256];
398 int ret;
399
400 ret = time_check(cert);
401 if (ret == CHK_TIME_OK)
402 return (CHK_TIME_OK);
403
404 (void) fprintf(stderr, gettext(" Subject: %s"),
405 sunw_subject_attrs(cert, buf, sizeof (buf)));
569 goto cleanup;
570 }
571
572 if (i2d_PKCS12_fp(fp, p12) == 0) {
573 wbku_printerr("cannot write %s: %s\n", name, cryptoerr());
574 ret = -1;
575 goto cleanup;
576 }
577
578 cleanup:
579 (void) fclose(fp);
580 if (p12 != NULL)
581 PKCS12_free(p12);
582 /*
583 * Put the cert and pkey off of the stack so that they won't
584 * be freed two times. (If they get left in the stack then
585 * they will be freed with the stack.)
586 */
587 if (clist != NULL) {
588 if (cert != NULL && sk_X509_num(clist) == 1) {
589 /* LINTED */
590 (void) sk_X509_delete(clist, 0);
591 }
592 sk_X509_pop_free(clist, X509_free);
593 }
594 if (klist != NULL) {
595 if (pkey != NULL && sk_EVP_PKEY_num(klist) == 1) {
596 /* LINTED */
597 (void) sk_EVP_PKEY_delete(klist, 0);
598 }
599 sk_EVP_PKEY_pop_free(klist, sunw_evp_pkey_free);
600 }
601
602 return (ret);
603 }
604
605 static void
606 usage(void)
607 {
608 (void) fprintf(stderr,
609 gettext("usage:\n"
610 " %s -i <file> -c <file> -k <file> -t <file> [-l <keyid> -v]\n"
611 "\n"),
612 progname);
613 (void) fprintf(stderr,
614 gettext(" where:\n"
615 " -i - input file to be split into component parts and put in\n"
616 " files given by -c, -k and -t\n"
|
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <stdio.h>
28 #include <libintl.h>
29 #include <locale.h>
30 #include <sys/types.h>
31 #include <sys/stat.h>
32 #include <sys/wanboot_impl.h>
33 #include <unistd.h>
34 #include <string.h>
35 #include <libinetutil.h>
36 #include <wanbootutil.h>
37
38 #include <openssl/crypto.h>
39 #include <openssl/buffer.h>
40 #include <openssl/bio.h>
41 #include <openssl/err.h>
42 #include <openssl/x509.h>
43 #include <openssl/x509v3.h>
44 #include <openssl/pkcs12.h>
45 #include <openssl/evp.h>
46 #include <p12aux.h>
243 (void) printf(gettext(" Subject: %s\n"),
244 bufp);
245 OPENSSL_free(bufp);
246 }
247
248 bufp = sunw_issuer_attrs(xcert_in, NULL, 0);
249 if (bufp != NULL) {
250 (void) printf(gettext(" Issuer: %s\n"), bufp);
251 OPENSSL_free(bufp);
252 }
253
254 (void) sunw_print_times(stdout, PRNT_BOTH, NULL,
255 xcert_in);
256 }
257
258 if (ta_in != NULL) {
259 X509 *x;
260 int i;
261
262 for (i = 0; i < sk_X509_num(ta_in); i++) {
263 x = sk_X509_value(ta_in, i);
264 (void) printf(
265 gettext("\nTrust Anchor cert %d:\n"), i);
266
267 /*
268 * sunw_subject_attrs() returns a pointer to
269 * memory allocated on our behalf. We get the
270 * same behavior from sunw_issuer_attrs().
271 */
272 bufp = sunw_subject_attrs(x, NULL, 0);
273 if (bufp != NULL) {
274 (void) printf(
275 gettext(" Subject: %s\n"), bufp);
276 OPENSSL_free(bufp);
277 }
278
279 bufp = sunw_issuer_attrs(x, NULL, 0);
280 if (bufp != NULL) {
281 (void) printf(
282 gettext(" Issuer: %s\n"), bufp);
356 {
357 X509 *curr;
358 time_errs_t ret;
359 int i;
360 int del_expired = (outfiles != 0);
361
362 if (c_in != NULL && *c_in != NULL) {
363 ret = time_check_print(*c_in);
364 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
365 del_expired) {
366 (void) fprintf(stderr, gettext(" Removing cert\n"));
367 X509_free(*c_in);
368 *c_in = NULL;
369 }
370 }
371
372 if (ta_in == NULL)
373 return;
374
375 for (i = 0; i < sk_X509_num(ta_in); ) {
376 curr = sk_X509_value(ta_in, i);
377 ret = time_check_print(curr);
378 if ((ret != CHK_TIME_OK && ret != CHK_TIME_IS_BEFORE) &&
379 del_expired) {
380 (void) fprintf(stderr, gettext(" Removing cert\n"));
381 curr = sk_X509_delete(ta_in, i);
382 X509_free(curr);
383 continue;
384 }
385 i++;
386 }
387 }
388
389 static time_errs_t
390 time_check_print(X509 *cert)
391 {
392 char buf[256];
393 int ret;
394
395 ret = time_check(cert);
396 if (ret == CHK_TIME_OK)
397 return (CHK_TIME_OK);
398
399 (void) fprintf(stderr, gettext(" Subject: %s"),
400 sunw_subject_attrs(cert, buf, sizeof (buf)));
564 goto cleanup;
565 }
566
567 if (i2d_PKCS12_fp(fp, p12) == 0) {
568 wbku_printerr("cannot write %s: %s\n", name, cryptoerr());
569 ret = -1;
570 goto cleanup;
571 }
572
573 cleanup:
574 (void) fclose(fp);
575 if (p12 != NULL)
576 PKCS12_free(p12);
577 /*
578 * Put the cert and pkey off of the stack so that they won't
579 * be freed two times. (If they get left in the stack then
580 * they will be freed with the stack.)
581 */
582 if (clist != NULL) {
583 if (cert != NULL && sk_X509_num(clist) == 1) {
584 (void) sk_X509_delete(clist, 0);
585 }
586 sk_X509_pop_free(clist, X509_free);
587 }
588 if (klist != NULL) {
589 if (pkey != NULL && sk_EVP_PKEY_num(klist) == 1) {
590 (void) sk_EVP_PKEY_delete(klist, 0);
591 }
592 sk_EVP_PKEY_pop_free(klist, sunw_evp_pkey_free);
593 }
594
595 return (ret);
596 }
597
598 static void
599 usage(void)
600 {
601 (void) fprintf(stderr,
602 gettext("usage:\n"
603 " %s -i <file> -c <file> -k <file> -t <file> [-l <keyid> -v]\n"
604 "\n"),
605 progname);
606 (void) fprintf(stderr,
607 gettext(" where:\n"
608 " -i - input file to be split into component parts and put in\n"
609 " files given by -c, -k and -t\n"
|