|
Packit Service |
3749ba |
/*
|
|
Packit Service |
3749ba |
* Copyright (c) 2013, Red Hat Inc.
|
|
Packit Service |
3749ba |
*
|
|
Packit Service |
3749ba |
* Redistribution and use in source and binary forms, with or without
|
|
Packit Service |
3749ba |
* modification, are permitted provided that the following conditions
|
|
Packit Service |
3749ba |
* are met:
|
|
Packit Service |
3749ba |
*
|
|
Packit Service |
3749ba |
* * Redistributions of source code must retain the above
|
|
Packit Service |
3749ba |
* copyright notice, this list of conditions and the
|
|
Packit Service |
3749ba |
* following disclaimer.
|
|
Packit Service |
3749ba |
* * Redistributions in binary form must reproduce the
|
|
Packit Service |
3749ba |
* above copyright notice, this list of conditions and
|
|
Packit Service |
3749ba |
* the following disclaimer in the documentation and/or
|
|
Packit Service |
3749ba |
* other materials provided with the distribution.
|
|
Packit Service |
3749ba |
* * The names of contributors to this software may not be
|
|
Packit Service |
3749ba |
* used to endorse or promote products derived from this
|
|
Packit Service |
3749ba |
* software without specific prior written permission.
|
|
Packit Service |
3749ba |
*
|
|
Packit Service |
3749ba |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
Packit Service |
3749ba |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
Packit Service |
3749ba |
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
Packit Service |
3749ba |
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
Packit Service |
3749ba |
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
Packit Service |
3749ba |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
Packit Service |
3749ba |
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
|
Packit Service |
3749ba |
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
Packit Service |
3749ba |
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
Packit Service |
3749ba |
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
|
|
Packit Service |
3749ba |
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
|
Packit Service |
3749ba |
* DAMAGE.
|
|
Packit Service |
3749ba |
*
|
|
Packit Service |
3749ba |
* Author: Stef Walter <stefw@redhat.com>
|
|
Packit Service |
3749ba |
*/
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
#include "config.h"
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
#define P11_DEBUG_FLAG P11_DEBUG_TOOL
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
#include "compat.h"
|
|
Packit Service |
3749ba |
#include "debug.h"
|
|
Packit Service |
3749ba |
#include "extract.h"
|
|
Packit Service |
3749ba |
#include "message.h"
|
|
Packit Service |
3749ba |
#include "path.h"
|
|
Packit Service |
3749ba |
#include "pem.h"
|
|
Packit Service |
3749ba |
#include "save.h"
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
#include <stdlib.h>
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
bool
|
|
Packit Service |
3749ba |
p11_extract_pem_bundle (p11_enumerate *ex,
|
|
Packit Service |
3749ba |
const char *destination)
|
|
Packit Service |
3749ba |
{
|
|
Packit Service |
3749ba |
char *comment;
|
|
Packit Service |
3749ba |
p11_buffer buf;
|
|
Packit Service |
3749ba |
p11_save_file *file;
|
|
Packit Service |
3749ba |
bool ret = true;
|
|
Packit Service |
3749ba |
bool first = true;
|
|
Packit Service |
3749ba |
CK_RV rv;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
file = p11_save_open_file (destination, NULL, ex->flags);
|
|
Packit Service |
3749ba |
if (!file)
|
|
Packit Service |
3749ba |
return false;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
p11_buffer_init (&buf, 0);
|
|
Packit Service |
3749ba |
while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
|
|
Packit Service |
3749ba |
if (!p11_buffer_reset (&buf, 2048))
|
|
Packit Service |
3749ba |
return_val_if_reached (false);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
|
|
Packit Service |
3749ba |
return_val_if_reached (false);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
comment = p11_enumerate_comment (ex, first);
|
|
Packit Service |
3749ba |
first = false;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
ret = p11_save_write (file, comment, -1) &&
|
|
Packit Service |
3749ba |
p11_save_write (file, buf.data, buf.len);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
free (comment);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (!ret)
|
|
Packit Service |
3749ba |
break;
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
p11_buffer_uninit (&buf;;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (rv != CKR_OK && rv != CKR_CANCEL) {
|
|
Packit Service |
3749ba |
p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
|
|
Packit Service |
3749ba |
ret = false;
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
/*
|
|
Packit Service |
3749ba |
* This will produce an empty file (which is a valid PEM bundle) if no
|
|
Packit Service |
3749ba |
* certificates were found.
|
|
Packit Service |
3749ba |
*/
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (!p11_save_finish_file (file, NULL, ret))
|
|
Packit Service |
3749ba |
ret = false;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
return ret;
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
static bool
|
|
Packit Service |
3749ba |
extract_pem_directory (p11_enumerate *ex,
|
|
Packit Service |
3749ba |
const char *destination,
|
|
Packit Service |
3749ba |
bool hash)
|
|
Packit Service |
3749ba |
{
|
|
Packit Service |
3749ba |
p11_save_file *file;
|
|
Packit Service |
3749ba |
p11_save_dir *dir;
|
|
Packit Service |
3749ba |
p11_buffer buf;
|
|
Packit Service |
3749ba |
bool ret = true;
|
|
Packit Service |
3749ba |
char *filename;
|
|
Packit Service |
3749ba |
char *path;
|
|
Packit Service |
3749ba |
char *name;
|
|
Packit Service |
3749ba |
CK_RV rv;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
dir = p11_save_open_directory (destination, ex->flags);
|
|
Packit Service |
3749ba |
if (dir == NULL)
|
|
Packit Service |
3749ba |
return false;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
p11_buffer_init (&buf, 0);
|
|
Packit Service |
3749ba |
while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
|
|
Packit Service |
3749ba |
if (!p11_buffer_reset (&buf, 2048))
|
|
Packit Service |
3749ba |
return_val_if_reached (false);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
|
|
Packit Service |
3749ba |
return_val_if_reached (false);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
name = p11_enumerate_filename (ex);
|
|
Packit Service |
3749ba |
return_val_if_fail (name != NULL, false);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
path = NULL;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
file = p11_save_open_file_in (dir, name, ".pem");
|
|
Packit Service |
3749ba |
ret = p11_save_write (file, buf.data, buf.len);
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (!p11_save_finish_file (file, &path, ret))
|
|
Packit Service |
3749ba |
ret = false;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (ret && hash) {
|
|
Packit Service |
3749ba |
filename = p11_path_base (path);
|
|
Packit Service |
3749ba |
ret = p11_openssl_symlink(ex, dir, filename);
|
|
Packit Service |
3749ba |
free (filename);
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
free (path);
|
|
Packit Service |
3749ba |
free (name);
|
|
Packit Service |
3749ba |
if (!ret)
|
|
Packit Service |
3749ba |
break;
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
p11_buffer_uninit (&buf;;
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
if (rv != CKR_OK && rv != CKR_CANCEL) {
|
|
Packit Service |
3749ba |
p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
|
|
Packit Service |
3749ba |
ret = false;
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
p11_save_finish_directory (dir, ret);
|
|
Packit Service |
3749ba |
return ret;
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
bool
|
|
Packit Service |
3749ba |
p11_extract_pem_directory (p11_enumerate *ex,
|
|
Packit Service |
3749ba |
const char *destination)
|
|
Packit Service |
3749ba |
{
|
|
Packit Service |
3749ba |
bool ret = true;
|
|
Packit Service |
3749ba |
ret = extract_pem_directory (ex, destination, false);
|
|
Packit Service |
3749ba |
return ret;
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
bool
|
|
Packit Service |
3749ba |
p11_extract_pem_directory_hash (p11_enumerate *ex,
|
|
Packit Service |
3749ba |
const char *destination)
|
|
Packit Service |
3749ba |
{
|
|
Packit Service |
3749ba |
bool ret = true;
|
|
Packit Service |
3749ba |
ret = extract_pem_directory (ex, destination, true);
|
|
Packit Service |
3749ba |
return ret;
|
|
Packit Service |
3749ba |
}
|