202     STACK_OF(X509) *, X509 **cert);
220  * Parse and decrypt a PKCS#12 structure returning user key, user cert and/or
222  * or it should point to a valid STACK_OF(X509) structure. pkey and cert can
237  *   cert     - Points to locaiton which points to the client cert returned
248  *   1) Find the key and/or cert whose localkeyid attributes matches
250  *   2) Find the key and/or cert whose friendlyname attributes matches
252  *   3) Return the first matching key/cert pair found.
253  *   4) Return the last matching key/cert pair found.
254  *   5) Return whatever cert and/or key are available, even unmatching.
263  * selected after a cert/key pairs are isolated.
273     int keyid_len, char *name_str, EVP_PKEY **pkey, X509 **cert,
288 	if (cert)
289 		*cert = NULL;
329 	    name_str, pkey, cert, ca);
340 	if (cert && *cert)
341 		X509_free(*cert);
509  *   Notes:  If an error occurs while moving certs, the cert being move may be
513  *   If there is a key which does not have a matching cert, it is moved to
522  *  >= 0 - The number of certs moved from 'cert' to 'pkcerts'.
578 			 * No cert matching this key.  Move the key if
612  * Given one or more of user private key, user cert and/or other (CA) certs,
646 	X509 *cert = NULL;
666 			cert = sk_X509_value(certs, i);
669 			if ((bag = M_PKCS12_x5092certbag(cert)) == NULL) {
673 			if (cert->aux != NULL && cert->aux->alias != NULL &&
674 			    cert->aux->alias->type == V_ASN1_UTF8STRING) {
675 				str = utf82ascstr(cert->aux->alias);
690 			if (cert->aux != NULL && cert->aux->keyid != NULL &&
691 			    cert->aux->keyid->type == V_ASN1_OCTET_STRING) {
692 				str = cert->aux->keyid->data;
693 				len = cert->aux->keyid->length;
716 			cert = sk_X509_value(cacerts, i);
717 			if ((bag = M_PKCS12_x5092certbag(cert)) == NULL) {
722 			if (cert->aux != NULL && cert->aux->alias != NULL &&
723 			    cert->aux->alias->type == V_ASN1_UTF8STRING) {
724 				str = utf82ascstr(cert->aux->alias);
739 			if (cert->aux != NULL && cert->aux->keyid != NULL &&
740 			    cert->aux->keyid->type == V_ASN1_OCTET_STRING) {
741 				str = cert->aux->keyid->data;
742 				len = cert->aux->keyid->length;
936  * sunw_set_localkeyid() sets the localkeyid in a cert, a private key or
943  *   cert     - Points to a cert to set the keyidstr in.
945  * Note that setting a keyid into a cert which will not be written out as
946  * a PKCS12 cert is pointless since it will be lost.
956     X509 *cert)
964 	if (cert != NULL) {
965 		if (X509_keyid_set1(cert, (uchar_t *)keyid_str, keyid_len)
1153  *     and returns  the first matching cert/private key found.
1156  * not NULL, search the list of private keys.  Move the matching cert to
1158  * cert or keys match, no match occurred.
1172  *            - Pointer to receive address of first matching cert found.
1229  *     a matching friendlyname and returns the first matching cert/private
1233  * is not NULL, search the list of private keys.  Move the matching cert to
1235  * cert or keys match, no match occurred.
1246  *            - Pointer to receive address of first matching cert found.
1301  * sunw_get_cert_fname() gets the fiendlyname from a cert.  It can
1306  *   cert     - Points to a cert to get the friendlyName from.
1317 sunw_get_cert_fname(getdo_actions_t dowhat, X509 *cert, char **fname)
1324 	if (cert == NULL || cert->aux == NULL || cert->aux->alias == NULL) {
1330 		ASN1_UTF8STRING_free(cert->aux->alias);
1331 		cert->aux->alias = NULL;
1335 	*((uchar_t **)fname) = utf82ascstr(cert->aux->alias);
1349  * sunw_set_fname() sets the friendlyName in a cert, a private key or
1355  *   cert     - Points to a cert to set the fname in.
1357  * Note that setting a friendlyName into a cert which will not be written out
1358  * as a PKCS12 cert is pointless since it will be lost.
1367 sunw_set_fname(const char *ascname, EVP_PKEY *pkey, X509 *cert)
1385 	if (cert != NULL) {
1386 		if (cert->aux != NULL && cert->aux->alias != NULL) {
1387 			ASN1_UTF8STRING_free(cert->aux->alias);
1392 		if (len <= 0 || (i = X509_alias_set1(cert, data, len)) == 0) {
1454  *   cert     - Points to a certificate.
1459  *  != 0 - The cert's public key and the private key match.
1462 sunw_check_keys(X509 *cert, EVP_PKEY *pkey)
1466 	if (pkey != NULL && cert != NULL)
1467 		retval = X509_check_private_key(cert, pkey);
1475  * Compare the 'not before' and the 'not after' times in the cert
1477  * cert not yet in force, cert expired or in range)
1481  *   cert     - Points to a cert to check
1487 sunw_check_cert_times(chk_actions_t chkwhat, X509 *cert)
1489 	return (check_time(chkwhat, cert));
1516  *   cert     - Points to locaiton which points to the client cert returned
1534     int kstr_len, char *name_str, EVP_PKEY **pkey, X509 **cert,
1539 	STACK_OF(X509) *work_ca = NULL;		/* Head for cert list */
1577 		    work_kl, work_cl, pkey, cert);
1595 		    pkey, cert);
1606 		/* Find the first cert and private key and return them */
1607 		retval = get_key_cert(0, work_kl, pkey, work_cl, cert);
1619 		 * Find the last matching cert and private key and return
1623 		 * key which matches a client cert.
1626 		retval = get_key_cert(n, work_kl, pkey, work_cl, cert);
1639 		/* Find the first cert and private key and return them */
1646 		retval = get_key_cert(0, tmpk, pkey, tmpc, cert);
1670 	if (cert != NULL && *cert != NULL) {
1671 		X509_free(*cert);
1672 		*cert = NULL;
1786  *    1 - one safebag was parsed. If it contained a cert or private key, it
2013  * the kinds of information included (private keys, public keys, cert requests,
2041 	 * Allocate the working stacks for private key(s) and for the cert(s).
2219  * get_key_cert - Get a cert and its matching key from the stacks of certs
2229  *   cert     - Points to locaiton where the address of the matching client cert
2232  * The assumption is that the stacks of keys and certs contain key/cert pairs,
2234  * the key and cert selected match, each will be removed from its stack and
2238  * versa.  In that case, the indicated key/cert will be returned.
2247     X509 **cert)
2264 	if (cert != NULL && *cert == NULL) {
2266 			*cert = sk_X509_delete(cl, n);
2267 			if (*cert != NULL)
2505  *   cert	- The cert to check.
2511 check_time(chk_actions_t chkwhat, X509 *cert)
2516 		i = X509_cmp_time(X509_get_notBefore(cert), NULL);
2526 		i = X509_cmp_time(X509_get_notAfter(cert), NULL);
2549  *   cert     - Points to locaiton where the address of the matching client cert
2569  *   - Once a cert is found, verify that the key actually matches by
2570  *     comparing the private key with the public key (in the cert).
2573  *   A pointer to cert and/or pkey which matches the name or keyid is stored
2583     STACK_OF(X509) *cl, X509 **cert)
2598 	chkcerts = (cert != NULL || pkey != NULL) && cl != NULL;
2643 				if (cert != NULL)
2644 					*cert = sk_X509_delete(cl, c);
2657 		 * Looking for pkey to match a cert?  If so, assume that
2662 		if (found != 0 && cert != NULL) {
2670 		} else if (cert == NULL) {

Indexes created Mon Jul 01 21:43:02 MDT 2024