X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b04fe171f0375ecd5d8a24747ca1dff85720a0ca..6b200bc335dc93c5516ccb52f14bd896d8c7fad7:/SecurityTests/clxutils/kcExport/kcExport.cpp

diff --git a/SecurityTests/clxutils/kcExport/kcExport.cpp b/SecurityTests/clxutils/kcExport/kcExport.cpp
deleted file mode 100644
index cb6299aa..00000000
--- a/SecurityTests/clxutils/kcExport/kcExport.cpp
+++ /dev/null
@@ -1,392 +0,0 @@
-/*
- * kcExport.cpp - export keychain items using SecKeychainItemExport
- */
- 
-#include <Security/Security.h>
-#include <Security/SecImportExport.h>
-#include <security_cdsa_utils/cuFileIo.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <utilLib/common.h>
-
-static void usage(char **argv)
-{
-    printf("Usage: %s keychain [option ...]\n", argv[0]);
-	printf("Options:\n");
-	printf("   -t <type>       itemType = certs|allKeys|pubKeys|privKeys|identities|all\n");
-	printf("                   ...default itemType=all\n");
-	printf("   -f <format>     format = openssl|openssh1|openssh2|bsafe|pkcs7|pkcs8|pkcs12|pemseq\n"
-	       "                            ...default itemType is pemseq for aggregate, openssl\n"
-		   "                            for single \n");
-	printf("   -p              PEM encode\n");
-	printf("   -w              Private keys are wrapped\n");
-	printf("   -o outFileName  (default is stdout)\n");
-	printf("   -z passphrase   (for PKCS12 and wrapped keys only)\n");
-	printf("   -Z              Use secure passphrase\n");
-	printf("   -q              Quiet\n");
-	printf("   -h              help\n");
-	exit(1);
-}
-
-typedef enum {
-	IS_Certs,
-	IS_AllKeys,
-	IS_PubKeys,
-	IS_PrivKeys,
-	IS_Identities,
-	IS_All
-} ItemSpec;
-
-/* 
- * Add all itmes of specified class from a keychain to an array.
- * Item class are things like kSecCertificateItemClass, and
- * CSSM_DL_DB_RECORD_PRIVATE_KEY. Identities are searched separately.
- */
-static OSStatus addKcItems(
-	SecKeychainRef kcRef,
-	SecItemClass itemClass,		// kSecCertificateItemClass
-	CFMutableArrayRef outArray)
-{
-	OSStatus ortn;
-	SecKeychainSearchRef srchRef;
-	
-	ortn = SecKeychainSearchCreateFromAttributes(kcRef,
-		itemClass,
-		NULL,		// no attrs
-		&srchRef);
-	if(ortn) {
-		cssmPerror("SecKeychainSearchCreateFromAttributes", ortn);
-		return ortn;
-	}
-	for(;;) {
-		SecKeychainItemRef itemRef;
-		ortn = SecKeychainSearchCopyNext(srchRef, &itemRef);
-		if(ortn) {
-			if(ortn == errSecItemNotFound) {
-				/* normal search end */
-				ortn = noErr;
-			}
-			else {
-				cssmPerror("SecKeychainSearchCopyNext", ortn);
-			}
-			break;
-		}
-		CFArrayAppendValue(outArray, itemRef);
-		CFRelease(itemRef);		// array owns it
-	}
-	CFRelease(srchRef);
-	return ortn;
-}
-
-/* 
- * Add all SecIdentityRefs from a keychain into an array.
- */
-static OSStatus addIdentities(
-	SecKeychainRef kcRef,
-	CFMutableArrayRef outArray)
-{
-	/* Search for all identities */
-	SecIdentitySearchRef srchRef;
-	OSStatus ortn = SecIdentitySearchCreate(kcRef, 
-		0,				// keyUsage - any
-		&srchRef);
-	if(ortn) {
-		cssmPerror("SecIdentitySearchCreate", ortn);
-		return ortn;
-	}
-	
-	do {
-		SecIdentityRef identity;
-		ortn = SecIdentitySearchCopyNext(srchRef, &identity);
-		if(ortn) {
-			if(ortn == errSecItemNotFound) {
-				/* normal search end */
-				ortn = noErr;
-			}
-			else {
-				cssmPerror("SecIdentitySearchCopyNext", ortn);
-			}
-			break;
-		}
-		CFArrayAppendValue(outArray, identity);
-		
-		/* the array has the retain count we need */
-		CFRelease(identity);
-	} while(ortn == noErr);
-	CFRelease(srchRef);
-	return ortn;
-}
-
-int main(int argc, char **argv)
-{
-	if(argc < 4) {
-		usage(argv);
-	}
-	
-	const char *kcName = argv[1];
-	SecKeychainRef kcRef = NULL;
-	OSStatus ortn = SecKeychainOpen(kcName, &kcRef);
-	if(ortn) {
-		cssmPerror("SecKeychainOpen", ortn);
-		exit(1);
-	}
-	
-	/* user specified options */
-	ItemSpec itemSpec = IS_All;		// default
-	SecExternalFormat exportForm = kSecFormatUnknown;
-	bool pemEncode = false;
-	const char *outFile = NULL;
-	CFStringRef passphrase = NULL;
-	bool securePassphrase = false;
-	bool quiet = false;
-	bool wrapPrivKeys = false;
-	
-	extern int optind;
-	extern char *optarg;
-	int arg;
-	optind = 2;
-	
-	while ((arg = getopt(argc, argv, "t:f:po:z:Zhqw")) != -1) {
-		switch (arg) {
-			case 't':
-				if(!strcmp("certs", optarg)) {
-					itemSpec = IS_Certs;
-				}
-				else if(!strcmp("allKeys", optarg)) {
-					itemSpec = IS_AllKeys;
-				}
-				else if(!strcmp("pubKeys", optarg)) {
-					itemSpec = IS_PubKeys;
-				}
-				else if(!strcmp("privKeys", optarg)) {
-					itemSpec = IS_PrivKeys;
-				}
-				else if(!strcmp("identities", optarg)) {
-					itemSpec = IS_Identities;
-				}
-				else if(!strcmp("all", optarg)) {
-					itemSpec = IS_All;
-				}
-				else {
-					usage(argv);
-				}
-				break;
-			case 'f':
-				if(!strcmp("openssl", optarg)) {
-					exportForm = kSecFormatOpenSSL;
-				}
-				else if(!strcmp("openssh1", optarg)) {
-					exportForm = kSecFormatSSH;
-				}
-				else if(!strcmp("openssh2", optarg)) {
-					exportForm = kSecFormatSSHv2;
-				}
-				else if(!strcmp("bsafe", optarg)) {
-					exportForm = kSecFormatBSAFE;
-				}
-				else if(!strcmp("pkcs7", optarg)) {
-					exportForm = kSecFormatPKCS7;
-				}
-				else if(!strcmp("pkcs8", optarg)) {
-					exportForm = kSecFormatWrappedPKCS8;
-				}
-				else if(!strcmp("pkcs12", optarg)) {
-					exportForm = kSecFormatPKCS12;
-				}
-				else if(!strcmp("pemseq", optarg)) {
-					exportForm = kSecFormatPEMSequence;
-				}
-				else {
-					usage(argv);
-				}
-				break;
-			case 'p':
-				pemEncode = true;
-				break;
-			case 'o':
-				outFile = optarg;
-				break;
-			case 'z':
-				passphrase = CFStringCreateWithCString(NULL, optarg,
-					kCFStringEncodingASCII);
-				break;
-			case 'Z':
-				securePassphrase = true;
-				break;
-			case 'w':
-				wrapPrivKeys = true;
-				break;
-			case 'q':
-				quiet = true;
-				break;
-			case '?':
-			case 'h':
-				default:
-					usage(argv);
-		}
-		
-	}
-	if(optind != argc) {
-		/* getopt does not return '?' */
-		usage(argv);
-	}
-	if(wrapPrivKeys) {
-		switch(exportForm) {
-			case kSecFormatOpenSSL:
-			case kSecFormatUnknown:		// i.e., use default
-				exportForm = kSecFormatWrappedOpenSSL;
-				break;
-			case kSecFormatSSH:
-				exportForm = kSecFormatWrappedSSH;
-				break;
-			case kSecFormatSSHv2:
-				/* there is no wrappedSSHv2 */
-				exportForm = kSecFormatWrappedOpenSSL;
-				break;
-			case kSecFormatWrappedPKCS8:
-				/* proceed */
-				break;
-			default:
-				printf("Don't know how to wrap in specified format/type.\n");
-				exit(1);
-		}
-	}
-	
-	/* gather items */
-	CFMutableArrayRef exportItems = CFArrayCreateMutable(NULL, 0, 
-		&kCFTypeArrayCallBacks);
-	switch(itemSpec) {
-		case IS_Certs:
-			ortn = addKcItems(kcRef, kSecCertificateItemClass, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			break;
-			
-		case IS_PrivKeys:
-			ortn = addKcItems(kcRef, CSSM_DL_DB_RECORD_PRIVATE_KEY, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			break;
-			
-		case IS_PubKeys:
-			ortn = addKcItems(kcRef, CSSM_DL_DB_RECORD_PUBLIC_KEY, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			break;
-			
-		case IS_AllKeys:
-			ortn = addKcItems(kcRef, CSSM_DL_DB_RECORD_PRIVATE_KEY, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			ortn = addKcItems(kcRef, CSSM_DL_DB_RECORD_PUBLIC_KEY, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			break;
-			
-		case IS_All:
-			/* No public keys here - PKCS12 doesn't support them */
-			ortn = addKcItems(kcRef, kSecCertificateItemClass, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			ortn = addKcItems(kcRef, CSSM_DL_DB_RECORD_PRIVATE_KEY, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			break;
-			
-		case IS_Identities:
-			ortn = addIdentities(kcRef, exportItems);
-			if(ortn) {
-				exit(1);
-			}
-			break;
-		default:
-			printf("Huh? Bogus itemSpec!\n");
-			exit(1);
-	}
-	
-	CFIndex numItems = CFArrayGetCount(exportItems);
-	
-	if(exportForm == kSecFormatUnknown) {
-		/* Use default export format per set of items */
-		if(numItems > 1) {
-			exportForm = kSecFormatPEMSequence;
-		}
-		else {
-			exportForm = kSecFormatOpenSSL;
-		}
-	}
-	uint32 expFlags = 0;		// SecItemImportExportFlags
-	if(pemEncode) {
-		expFlags |= kSecItemPemArmour;
-	}
-	
-	/* optional key related arguments */
-	SecKeyImportExportParameters keyParams;
-	SecKeyImportExportParameters *keyParamPtr = NULL;
-	if((passphrase != NULL) || securePassphrase) {
-		memset(&keyParams, 0, sizeof(keyParams));
-		keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
-		if(securePassphrase) {
-			/* give this precedence */
-			keyParams.flags |= kSecKeySecurePassphrase;
-		}
-		else {
-			keyParams.passphrase = passphrase;		// may be NULL
-		}
-		keyParamPtr = &keyParams;
-	}
-	
-	/* GO */
-	CFDataRef outData = NULL;
-	ortn = SecKeychainItemExport(exportItems, exportForm, expFlags, keyParamPtr,
-		&outData);
-	if(ortn) {
-		cssmPerror("SecKeychainItemExport", ortn);
-		exit(1);
-	}
-		
-	unsigned len = CFDataGetLength(outData);
-	if(outFile) {
-		int rtn = writeFile(outFile, CFDataGetBytePtr(outData), len);
-		if(rtn == 0) {
-			if(!quiet) {
-				printf("...%u bytes written to %s\n", len, outFile);
-			}
-		}
-		else {
-			printf("***Error writing to %s\n", outFile);
-		}
-	}
-	else {
-		int irtn = write(STDOUT_FILENO, CFDataGetBytePtr(outData), len);
-		if(irtn != (int)len) {
-			perror("write");
-		}
-	}
-	if(!quiet) {
-		fprintf(stderr, "\n%u items exported.\n", (unsigned)numItems);
-	}
-	if(exportItems) {
-		/* FIXME this in conjunction with the release of the KC crashes */
-		CFRelease(exportItems);
-	}
-	if(passphrase) {
-		CFRelease(passphrase);
-	}
-	if(outData) {
-		CFRelease(outData);
-	}
-	if(kcRef) {
-		CFRelease(kcRef);
-	}
-	return 0;
-}