source-git / p11-kit

Clone
Source Code
GIT

Blame trust/extract-pem.c

c8 c8s master
  1.   3749ba2733d07fc588d392a87a0d080ee1894801
  2.   trust
  3.   extract-pem.c
Blob History Raw
Packit Service 3749ba 
/*
Packit Service 3749ba 
 * Copyright (c) 2013, Red Hat Inc.
Packit Service 3749ba 
 *
Packit Service 3749ba 
 * Redistribution and use in source and binary forms, with or without
Packit Service 3749ba 
 * modification, are permitted provided that the following conditions
Packit Service 3749ba 
 * are met:
Packit Service 3749ba 
 *
Packit Service 3749ba 
 *     * Redistributions of source code must retain the above
Packit Service 3749ba 
 *       copyright notice, this list of conditions and the
Packit Service 3749ba 
 *       following disclaimer.
Packit Service 3749ba 
 *     * Redistributions in binary form must reproduce the
Packit Service 3749ba 
 *       above copyright notice, this list of conditions and
Packit Service 3749ba 
 *       the following disclaimer in the documentation and/or
Packit Service 3749ba 
 *       other materials provided with the distribution.
Packit Service 3749ba 
 *     * The names of contributors to this software may not be
Packit Service 3749ba 
 *       used to endorse or promote products derived from this
Packit Service 3749ba 
 *       software without specific prior written permission.
Packit Service 3749ba 
 *
Packit Service 3749ba 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
Packit Service 3749ba 
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
Packit Service 3749ba 
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
Packit Service 3749ba 
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
Packit Service 3749ba 
 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
Packit Service 3749ba 
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
Packit Service 3749ba 
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
Packit Service 3749ba 
 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
Packit Service 3749ba 
 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
Packit Service 3749ba 
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
Packit Service 3749ba 
 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
Packit Service 3749ba 
 * DAMAGE.
Packit Service 3749ba 
 *
Packit Service 3749ba 
 * Author: Stef Walter <stefw@redhat.com>
Packit Service 3749ba 
 */
Packit Service 3749ba
Packit Service 3749ba 
#include "config.h"
Packit Service 3749ba
Packit Service 3749ba 
#define P11_DEBUG_FLAG P11_DEBUG_TOOL
Packit Service 3749ba
Packit Service 3749ba 
#include "compat.h"
Packit Service 3749ba 
#include "debug.h"
Packit Service 3749ba 
#include "extract.h"
Packit Service 3749ba 
#include "message.h"
Packit Service 3749ba 
#include "path.h"
Packit Service 3749ba 
#include "pem.h"
Packit Service 3749ba 
#include "save.h"
Packit Service 3749ba
Packit Service 3749ba 
#include <stdlib.h>
Packit Service 3749ba
Packit Service 3749ba 
bool
Packit Service 3749ba 
p11_extract_pem_bundle (p11_enumerate *ex,
Packit Service 3749ba 
                        const char *destination)
Packit Service 3749ba 
{
Packit Service 3749ba 
	char *comment;
Packit Service 3749ba 
	p11_buffer buf;
Packit Service 3749ba 
	p11_save_file *file;
Packit Service 3749ba 
	bool ret = true;
Packit Service 3749ba 
	bool first = true;
Packit Service 3749ba 
	CK_RV rv;
Packit Service 3749ba
Packit Service 3749ba 
	file = p11_save_open_file (destination, NULL, ex->flags);
Packit Service 3749ba 
	if (!file)
Packit Service 3749ba 
		return false;
Packit Service 3749ba
Packit Service 3749ba 
	p11_buffer_init (&buf, 0);
Packit Service 3749ba 
	while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
Packit Service 3749ba 
		if (!p11_buffer_reset (&buf, 2048))
Packit Service 3749ba 
			return_val_if_reached (false);
Packit Service 3749ba
Packit Service 3749ba 
		if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
Packit Service 3749ba 
			return_val_if_reached (false);
Packit Service 3749ba
Packit Service 3749ba 
		comment = p11_enumerate_comment (ex, first);
Packit Service 3749ba 
		first = false;
Packit Service 3749ba
Packit Service 3749ba 
		ret = p11_save_write (file, comment, -1) &&
Packit Service 3749ba 
		      p11_save_write (file, buf.data, buf.len);
Packit Service 3749ba
Packit Service 3749ba 
		free (comment);
Packit Service 3749ba
Packit Service 3749ba 
		if (!ret)
Packit Service 3749ba 
			break;
Packit Service 3749ba 
	}
Packit Service 3749ba
Packit Service 3749ba 
	p11_buffer_uninit (&buf;;
Packit Service 3749ba
Packit Service 3749ba 
	if (rv != CKR_OK && rv != CKR_CANCEL) {
Packit Service 3749ba 
		p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
Packit Service 3749ba 
		ret = false;
Packit Service 3749ba 
	}
Packit Service 3749ba
Packit Service 3749ba 
	/*
Packit Service 3749ba 
	 * This will produce an empty file (which is a valid PEM bundle) if no
Packit Service 3749ba 
	 * certificates were found.
Packit Service 3749ba 
	 */
Packit Service 3749ba
Packit Service 3749ba 
	if (!p11_save_finish_file (file, NULL, ret))
Packit Service 3749ba 
		ret = false;
Packit Service 3749ba
Packit Service 3749ba 
	return ret;
Packit Service 3749ba 
}
Packit Service 3749ba
Packit Service 3749ba 
static bool
Packit Service 3749ba 
extract_pem_directory (p11_enumerate *ex,
Packit Service 3749ba 
                       const char *destination,
Packit Service 3749ba 
                       bool hash)
Packit Service 3749ba 
{
Packit Service 3749ba 
	p11_save_file *file;
Packit Service 3749ba 
	p11_save_dir *dir;
Packit Service 3749ba 
	p11_buffer buf;
Packit Service 3749ba 
	bool ret = true;
Packit Service 3749ba 
	char *filename;
Packit Service 3749ba 
	char *path;
Packit Service 3749ba 
	char *name;
Packit Service 3749ba 
	CK_RV rv;
Packit Service 3749ba
Packit Service 3749ba 
	dir = p11_save_open_directory (destination, ex->flags);
Packit Service 3749ba 
	if (dir == NULL)
Packit Service 3749ba 
		return false;
Packit Service 3749ba
Packit Service 3749ba 
	p11_buffer_init (&buf, 0);
Packit Service 3749ba 
	while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
Packit Service 3749ba 
		if (!p11_buffer_reset (&buf, 2048))
Packit Service 3749ba 
			return_val_if_reached (false);
Packit Service 3749ba
Packit Service 3749ba 
		if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
Packit Service 3749ba 
			return_val_if_reached (false);
Packit Service 3749ba
Packit Service 3749ba 
		name = p11_enumerate_filename (ex);
Packit Service 3749ba 
		return_val_if_fail (name != NULL, false);
Packit Service 3749ba
Packit Service 3749ba 
		path = NULL;
Packit Service 3749ba
Packit Service 3749ba 
		file = p11_save_open_file_in (dir, name, ".pem");
Packit Service 3749ba 
		ret = p11_save_write (file, buf.data, buf.len);
Packit Service 3749ba
Packit Service 3749ba 
		if (!p11_save_finish_file (file, &path, ret))
Packit Service 3749ba 
			ret = false;
Packit Service 3749ba
Packit Service 3749ba 
		if (ret && hash) {
Packit Service 3749ba 
			filename = p11_path_base (path);
Packit Service 3749ba 
			ret = p11_openssl_symlink(ex, dir, filename);
Packit Service 3749ba 
			free (filename);
Packit Service 3749ba 
		}
Packit Service 3749ba
Packit Service 3749ba 
		free (path);
Packit Service 3749ba 
		free (name);
Packit Service 3749ba 
		if (!ret)
Packit Service 3749ba 
			break;
Packit Service 3749ba 
	}
Packit Service 3749ba
Packit Service 3749ba 
	p11_buffer_uninit (&buf;;
Packit Service 3749ba
Packit Service 3749ba 
	if (rv != CKR_OK && rv != CKR_CANCEL) {
Packit Service 3749ba 
		p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
Packit Service 3749ba 
		ret = false;
Packit Service 3749ba 
	}
Packit Service 3749ba
Packit Service 3749ba 
	p11_save_finish_directory (dir, ret);
Packit Service 3749ba 
	return ret;
Packit Service 3749ba 
}
Packit Service 3749ba
Packit Service 3749ba 
bool
Packit Service 3749ba 
p11_extract_pem_directory (p11_enumerate *ex,
Packit Service 3749ba 
                           const char *destination)
Packit Service 3749ba 
{
Packit Service 3749ba 
	bool ret = true;
Packit Service 3749ba 
	ret = extract_pem_directory (ex, destination, false);
Packit Service 3749ba 
	return ret;
Packit Service 3749ba 
}
Packit Service 3749ba
Packit Service 3749ba 
bool
Packit Service 3749ba 
p11_extract_pem_directory_hash (p11_enumerate *ex,
Packit Service 3749ba 
                           const char *destination)
Packit Service 3749ba 
{
Packit Service 3749ba 
	bool ret = true;
Packit Service 3749ba 
	ret = extract_pem_directory (ex, destination, true);
Packit Service 3749ba 
	return ret;
Packit Service 3749ba 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation