[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-43-gc69f729
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-43-gc69f729 |
|
Date: |
Sun, 22 Jan 2012 16:22:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c69f729ef1cea90d98897e98bf6aa49a0c038109
The branch, master has been updated
via c69f729ef1cea90d98897e98bf6aa49a0c038109 (commit)
via d0ae20f780ac74857d70b4190166bf18195ef4d7 (commit)
from 4aeea362549ccd153f1d367828158201cfa8327a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c69f729ef1cea90d98897e98bf6aa49a0c038109
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 22 17:27:11 2012 +0100
No need for action enumerations.
commit d0ae20f780ac74857d70b4190166bf18195ef4d7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 22 17:23:17 2012 +0100
certtool uses libopts for command line parsing.
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 1 +
doc/manpages/Makefile.am | 3 +
src/Makefile.am | 8 +-
src/certtool-args.def.in | 441 +++++++++++++
src/certtool-common.h | 35 +-
src/certtool-gaa.c | 1548 ----------------------------------------------
src/certtool-gaa.h | 85 ---
src/certtool.c | 481 +++++++--------
src/certtool.gaa | 160 -----
src/p11tool-args.def.in | 1 +
src/p11tool.c | 137 ++---
src/p11tool.h | 13 -
12 files changed, 744 insertions(+), 2169 deletions(-)
create mode 100644 src/certtool-args.def.in
delete mode 100644 src/certtool-gaa.c
delete mode 100644 src/certtool-gaa.h
delete mode 100644 src/certtool.gaa
diff --git a/configure.ac b/configure.ac
index 65c3ee0..860fcc0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -487,6 +487,7 @@ AC_CONFIG_FILES([
lib/x509/Makefile
po/Makefile.in
src/Makefile
+ src/certtool-args.def
src/cli-args.def
src/serv-args.def
src/cli-debug-args.def
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 3c6ada6..d8bd888 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -26,6 +26,9 @@ if ENABLE_SRP
dist_man_MANS += srptool.1
endif
+certtool.1: ../../src/certtool-args.def
+ -autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $<
+
gnutls-cli.1: ../../src/cli-args.def
-autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $<
diff --git a/src/Makefile.am b/src/Makefile.am
index 7586d11..3ac290b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -123,9 +123,9 @@ certtool_LDADD += libcfg.la
endif
noinst_LTLIBRARIES += libcmd-certtool.la
libcmd_certtool_la_CFLAGS =
-libcmd_certtool_la_SOURCES = certtool-gaa.c certtool.gaa certtool-gaa.h
\
+libcmd_certtool_la_SOURCES = certtool-args.c certtool-args.def certtool-args.h
\
certtool-cfg.h certtool-cfg.c
-libcmd_certtool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE)
+libcmd_certtool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE) $(LIBOPTS_LDADD)
libcmd_certtool_la_LIBADD += ../lib/libgnutls.la
libcmd_certtool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
@@ -161,8 +161,6 @@ if ENABLE_PKCS11
p11tool-gaa.c: $(srcdir)/p11tool.gaa
-$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h
endif
-certtool-gaa.c: $(srcdir)/certtool.gaa
- -$(GAA) $< -o certtool-gaa.c -i certtool-gaa.h
psk-args.c: $(srcdir)/psk-args.def
-autogen $<
cli-debug-args.c: $(srcdir)/cli-debug-args.def
@@ -175,3 +173,5 @@ srptool-args.c: $(srcdir)/srptool-args.def
-autogen $<
p11tool-args.c: $(srcdir)/p11tool-args.def
-autogen $<
+certtool-args.c: $(srcdir)/certtool-args.def
+ -autogen $<
diff --git a/src/certtool-args.def.in b/src/certtool-args.def.in
new file mode 100644
index 0000000..9332b9a
--- /dev/null
+++ b/src/certtool-args.def.in
@@ -0,0 +1,441 @@
+AutoGen Definitions options;
+prog-name = certtool;
+prog-title = "GnuTLS PKCS #11 tool";
+prog-desc = "Manipulate certificates and private keys.";
+detail = "Tool to parse and generate X.509 certificates, requests and
private keys.";
+
+short-usage = "certtool [options] [url]\ncerttool --help for usage
instructions.\n";
+prog-group = "GnuTLS";
+explain = "";
+gnu-usage;
+no-xlate = opt;
+no-misuse-usage;
+disable-save;
+long-opts;
+config-header = 'config.h';
+export = '#include <gettext.h>';
+
+copyright = {
+ date = "2000-2012";
+ owner = "Free Software Foundation";
+ author = "Nikos Mavrogiannopoulos, Simon Josefsson and others; see
/usr/share/doc/gnutls-bin/AUTHORS for a complete list.";
+ eaddr = "address@hidden";
+ type = gpl;
+};
+version = "@VERSION@";
+
+flag = {
+ name = debug;
+ value = d;
+ arg-type = number;
+ arg-range = "0 -> 9999";
+ descrip = "Enable debugging.";
+ doc = "Specifies the debug level.";
+};
+
+flag = {
+ name = generate-self-signed;
+ value = s;
+ descrip = "Generate a self-signed certificate";
+ doc = "";
+};
+
+flag = {
+ name = generate-certificate;
+ value = c;
+ descrip = "Generate a signed certificate";
+ doc = "";
+};
+
+flag = {
+ name = generate-proxy;
+ descrip = "Generates a proxy certificate";
+ doc = "";
+};
+
+flag = {
+ name = generate-crl;
+ descrip = "Generate a CRL";
+ doc = "";
+};
+
+flag = {
+ name = update-certificate;
+ value = u;
+ descrip = "Update a signed certificate";
+ doc = "";
+};
+
+flag = {
+ name = generate-privkey;
+ value = p;
+ descrip = "Generate a private key";
+ doc = "";
+};
+
+flag = {
+ name = generate-request;
+ value = q;
+ descrip = "Generate a PKCS #10 certificate request";
+ doc = "";
+};
+
+flag = {
+ name = verify-chain;
+ value = e;
+ descrip = "Verify a PEM encoded certificate chain. The last certificate
in the chain must be a self signed one";
+ doc = "";
+};
+
+flag = {
+ name = verify;
+ descrip = "Verify a PEM encoded certificate chain using a trusted list.";
+ doc = "The trusted certificate list must be loaded with
--load-ca-certificate.";
+ flags-must = load-ca-certificate;
+};
+
+flag = {
+ name = verify-crl;
+ descrip = "Verify a CRL using a trusted list.";
+ doc = "The trusted certificate list must be loaded with
--load-ca-certificate.";
+ flags-must = load-ca-certificate;
+};
+
+flag = {
+ name = generate-dh-params;
+ descrip = "Generate PKCS #3 encoded Diffie-Hellman parameters.";
+ doc = "";
+};
+
+flag = {
+ name = get-dh-params;
+ descrip = "Get the included PKCS #3 encoded Diffie-Hellman parameters.";
+ doc = "Returns stored DH parameters in GnuTLS. Those parameters are used
in the SRP protocol. The parameters returned by fresh generation
+are more efficient since GnuTLS 3.0.9.";
+};
+
+flag = {
+ name = dh-info;
+ descrip = "Print information PKCS #3 encoded Diffie-Hellman parameters";
+ doc = "";
+};
+
+flag = {
+ name = load-privkey;
+ descrip = "Loads a private key file";
+ arg-type = string;
+ doc = "This can be either a file or a PKCS #11 URL";
+};
+
+flag = {
+ name = load-pubkey;
+ descrip = "Loads a public key file";
+ arg-type = string;
+ doc = "This can be either a file or a PKCS #11 URL";
+};
+
+flag = {
+ name = load-request;
+ descrip = "Loads a certificate request file";
+ arg-type = file;
+ file-exists = yes;
+ doc = "";
+};
+
+flag = {
+ name = load-certificate;
+ descrip = "Loads a certificate file";
+ arg-type = string;
+ doc = "This can be either a file or a PKCS #11 URL";
+};
+
+flag = {
+ name = load-ca-privkey;
+ descrip = "Loads the certificate authority's private key file";
+ arg-type = string;
+ doc = "This can be either a file or a PKCS #11 URL";
+};
+
+flag = {
+ name = load-ca-certificate;
+ descrip = "Loads the certificate authority's certificate file";
+ arg-type = string;
+ doc = "This can be either a file or a PKCS #11 URL";
+};
+
+flag = {
+ name = password;
+ arg-type = string;
+ descrip = "Password to use";
+ doc = "";
+};
+
+flag = {
+ name = certificate-info;
+ value = i;
+ descrip = "Print information on the given certificate";
+ doc = "";
+};
+
+flag = {
+ name = certificate-pubkey;
+ descrip = "Print certificate's public key";
+ doc = "";
+};
+
+flag = {
+ name = pgp-certificate-info;
+ descrip = "Print information on the given OpenPGP certificate";
+ doc = "";
+};
+
+flag = {
+ name = pgp-ring-info;
+ descrip = "Print information on the given OpenPGP keyring structure";
+ doc = "";
+};
+
+flag = {
+ name = crl-info;
+ value = l;
+ descrip = "Print information on the given CRL structure";
+ doc = "";
+};
+
+flag = {
+ name = crq-info;
+ descrip = "Print information on the given certificate request";
+ doc = "";
+};
+
+
+flag = {
+ name = no-crq-extensions;
+ descrip = "Do not use extensions in certificate requests";
+ doc = "";
+};
+
+flag = {
+ name = p12-info;
+ descrip = "Print information on a PKCS #12 structure";
+ doc = "";
+};
+
+flag = {
+ name = p7-info;
+ descrip = "Print information on a PKCS #7 structure";
+ doc = "";
+};
+
+flag = {
+ name = smime-to-p7;
+ descrip = "Convert S/MIME to PKCS #7 structure";
+ doc = "";
+};
+
+flag = {
+ name = key-info;
+ value = k;
+ descrip = "Print information on a private key";
+ doc = "";
+};
+
+flag = {
+ name = pgp-key-info;
+ descrip = "Print information on an OpenPGP private key";
+ doc = "";
+};
+
+flag = {
+ name = pubkey-info;
+ descrip = "Print information on a public key";
+ doc = "";
+};
+
+flag = {
+ name = v1;
+ descrip = "Generate an X.509 version 1 certificate (with no extensions)";
+ doc = "";
+};
+
+flag = {
+ name = to-p12;
+ descrip = "Generate a PKCS #12 structure";
+ doc = "";
+};
+
+flag = {
+ name = to-p8;
+ descrip = "Generate a PKCS #8 structure";
+ doc = "";
+};
+
+flag = {
+ name = pkcs8;
+ value = 8;
+ descrip = "Use PKCS #8 format for private keys";
+ doc = "";
+};
+
+flag = {
+ name = rsa;
+ descrip = "Generate RSA key";
+ doc = "";
+};
+
+flag = {
+ name = dsa;
+ descrip = "Generate DSA key";
+ doc = "";
+};
+
+flag = {
+ name = ecc;
+ descrip = "Generate ECC (ECDSA) key";
+ doc = "";
+};
+
+flag = {
+ name = hash;
+ arg-type = string;
+ descrip = "Hash algorithm to use for signing
(MD5,SHA1,RMD160,SHA256,SHA384,SHA512).";
+ doc = "";
+};
+
+flag = {
+ name = inder;
+ descrip = "Use DER format for input certificates and private keys.";
+ disabled;
+ disable = "no";
+ doc = "";
+};
+
+flag = {
+ name = inraw;
+ aliases = inder;
+};
+
+flag = {
+ name = outder;
+ descrip = "Use DER format for output certificates and private keys";
+ disabled;
+ disable = "no";
+ doc = "";
+};
+
+flag = {
+ name = outraw;
+ aliases = outder;
+};
+
+flag = {
+ name = bits;
+ arg-type = number;
+ descrip = "Specify the number of bits for key generate";
+ doc = "";
+};
+
+flag = {
+ name = sec-param;
+ arg-type = string;
+ arg-name = "Security parameter";
+ descrip = "Specify the security level [low|legacy|normal|high|ultra].";
+ doc = "This is alternative to the bits option.";
+};
+
+flag = {
+ name = disable-quick-random;
+ descrip = "No effect";
+ doc = "";
+};
+
+flag = {
+ name = outfile;
+ arg-type = string;
+ descrip = "Output file";
+ doc = "";
+};
+
+flag = {
+ name = infile;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Input file";
+ doc = "";
+};
+
+flag = {
+ name = template;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Template file to use for non-interactive operation";
+ doc = "";
+};
+
+flag = {
+ name = pkcs-cipher;
+ arg-type = string;
+ arg-name = "Cipher";
+ descrip = "Cipher to use for PKCS #8 and #12 operations";
+ doc = "Cipher may be one of 3des, 3des-pkcs12, aes-128, aes-192,
aes-256, rc2-40, arcfour.";
+};
+
+doc-section = {
+ ds-type = 'SEE ALSO';
+ ds-format = 'man';
+ ds-text = <<-_EOT_
+ p11tool (1)
+_EOT_;
+};
+
+doc-section = {
+ ds-type = 'EXAMPLES';
+ ds-format = 'texi';
+ ds-text = <<-_EOT_
+To create a private key, run:
address@hidden
+$ certtool --generate-privkey --outfile key.pem
address@hidden example
+
+To create a certificate request (needed when the certificate is issued by
+another party), run:
address@hidden
+certtool --generate-request --load-privkey key.pem \
+ --outfile request.pem
address@hidden example
+
+To create a certificate request using a key stored in a PKCS #11 token, run:
address@hidden
+$ ./certtool --generate-request --load-privkey "pkcs11:..." \
+ --load-pubkey "pkcs11:..." --outfile request.pem
address@hidden example
+
+To generate a certificate using the previous request, use the command:
address@hidden
+$ certtool --generate-certificate --load-request request.pem \
+ --outfile cert.pem --load-ca-certificate ca-cert.pem \
+ --load-ca-privkey ca-key.pem
address@hidden example
+
+To generate a certificate using the private key only, use the command:
address@hidden
+$ certtool --generate-certificate --load-privkey key.pem \
+ --outfile cert.pem --load-ca-certificate ca-cert.pem \
+ --load-ca-privkey ca-key.pem
address@hidden example
+
+To view the certificate information, use:
address@hidden
+$ certtool --certificate-info --infile cert.pem
address@hidden example
+
+To generate a PKCS #12 structure using the previous key and certificate,
+use the command:
address@hidden
+$ certtool --load-certificate cert.pem --load-privkey key.pem \
+ --to-p12 --outder --outfile key.p12
address@hidden example
+
+_EOT_;
+};
+
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 052fcd1..44bfc7b 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -4,37 +4,6 @@
#include <gnutls/x509.h>
#include <stdio.h>
-enum
-{
- ACTION_SELF_SIGNED,
- ACTION_GENERATE_PRIVKEY,
- ACTION_CERT_INFO,
- ACTION_GENERATE_REQUEST,
- ACTION_GENERATE_CERTIFICATE,
- ACTION_VERIFY_CHAIN,
- ACTION_PRIVKEY_INFO,
- ACTION_UPDATE_CERTIFICATE,
- ACTION_TO_PKCS12,
- ACTION_PKCS12_INFO,
- ACTION_GENERATE_DH,
- ACTION_GET_DH,
- ACTION_CRL_INFO,
- ACTION_P7_INFO,
- ACTION_GENERATE_CRL,
- ACTION_VERIFY_CRL,
- ACTION_SMIME_TO_P7,
- ACTION_GENERATE_PROXY,
- ACTION_GENERATE_PKCS8,
- ACTION_PGP_INFO,
- ACTION_PGP_PRIVKEY_INFO,
- ACTION_RING_INFO,
- ACTION_REQUEST,
- ACTION_PUBKEY_INFO,
- ACTION_CERT_PUBKEY,
- ACTION_VERIFY,
- ACTION_DH_INFO,
-};
-
#define TYPE_CRT 1
#define TYPE_CRQ 2
@@ -57,6 +26,10 @@ typedef struct common_info
const char *ca_privkey;
int bits;
const char* sec_param;
+ const char* pkcs_cipher;
+ const char* password;
+ unsigned int crq_extensions;
+ unsigned int v1_cert;
} common_info_st;
gnutls_pubkey_t load_public_key_or_import(int mand, gnutls_privkey_t privkey,
common_info_st * info);
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
deleted file mode 100644
index 1e33cd2..0000000
--- a/src/certtool-gaa.c
+++ /dev/null
@@ -1,1548 +0,0 @@
-/* File generated by GAA 1.6.6
- */
-#define GAA_NO_WIN32
-#line 1 "certtool.gaa"
-
-
-/* C declarations */
-
-#include <config.h>
-#ifdef _WIN32
-# include <io.h>
-#endif
-
-#include "certtool-common.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#ifndef GAA_NO_WIN32
-#if defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(WINDOWS)
-#define GAA_WIN32
-#endif
-#endif
-
-static void* gaa_malloc( size_t size) {
-void* ret;
- ret = malloc(size);
- if (ret==NULL) {
- fprintf(stderr, "gaa: could not allocate memory");
- exit(1);
- }
- return ret;
-}
-
-static void __gaa_helpsingle(char short_name, char *name,
- char *arg_desc, char *opt_help)
-{
- int col1, col3, col4, tabsize = 3, curr;
- int i;
-
- col1 = 5; /* Default values */
- col3 = 30;
- col4 = 70;
-
- curr = 0;
- for(i = 0; i < col1; i++)
- {
- printf(" ");
- curr++;
- }
- if(short_name)
- {
- if(name && *name)
- {
- printf("-%c, ", short_name);
- curr += 4;
- }
- else
- {
- printf("-%c ", short_name);
- curr += 3;
- }
- }
- if(name && *name)
- {
- printf("--%s ", name);
- curr += 3 + strlen(name);
- }
- if(arg_desc && *arg_desc)
- {
- printf("%s ", arg_desc);
- curr += 1 + strlen(arg_desc);
- }
- if(curr >= col3)
- {
- printf("\n");
- curr = 0;
- }
- if(opt_help) /* let's print the option's help body */
- {
- const char *str = opt_help;
- while(*str)
- {
- while(curr < col3)
- {
- printf(" ");
- curr++;
- }
- switch(*str)
- {
- case '\n':
- printf("\n");
- curr = 0;
- break;
- case '\t':
- do
- {
- printf(" ");
- curr++;
- }
- while((curr - col3) % tabsize != 0 && curr < col4);
- case ' ':
- if(*str == ' ')
- {
- curr++;
- printf(" ");
- }
- for(i = 1; str[i] && str[i] != ' ' && str[i] != '\n'
- && str[i] != '\t'; i++);
- if(curr + i - 1 >= col4)
- curr = col4;
- break;
- default:
- printf("%c", *str);
- curr++;
- }
- if(curr >= col4)
- {
- printf("\n");
- curr = 0;
- }
- str++;
- }
- }
- printf("\n");
-}
-
-void gaa_help(void)
-{
- printf("Certtool help\nUsage: certtool [options]\n");
- __gaa_helpsingle('s', "generate-self-signed", "", "Generate a
self-signed certificate.");
- __gaa_helpsingle('c', "generate-certificate", "", "Generate a signed
certificate.");
- __gaa_helpsingle(0, "generate-proxy", "", "Generate a proxy
certificate.");
- __gaa_helpsingle(0, "generate-crl", "", "Generate a CRL.");
- __gaa_helpsingle('u', "update-certificate", "", "Update a signed
certificate.");
- __gaa_helpsingle('p', "generate-privkey", "", "Generate a private
key.");
- __gaa_helpsingle('q', "generate-request", "", "Generate a PKCS #10
certificate request.");
- __gaa_helpsingle('e', "verify-chain", "", "Verify a PEM encoded
certificate chain. The last certificate in the chain must be a self signed
one.");
- __gaa_helpsingle(0, "verify", "", "Verify a PEM encoded certificate
chain. CA certificates must be loaded with --load-ca-certificate.");
- __gaa_helpsingle(0, "verify-crl", "", "Verify a CRL.");
- __gaa_helpsingle(0, "generate-dh-params", "", "Generate PKCS #3 encoded
Diffie-Hellman parameters.");
- __gaa_helpsingle(0, "get-dh-params", "", "Get the included PKCS #3
encoded Diffie-Hellman parameters.");
- __gaa_helpsingle(0, "dh-info", "", "Print information on Diffie-Hellman
parameters.");
- __gaa_helpsingle(0, "load-privkey", "FILE ", "Private key file to
use.");
- __gaa_helpsingle(0, "load-pubkey", "FILE ", "Public key file to use.");
- __gaa_helpsingle(0, "load-request", "FILE ", "Certificate request file
to use.");
- __gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to
use.");
- __gaa_helpsingle(0, "load-ca-privkey", "FILE ", "Certificate
authority's private key file to use.");
- __gaa_helpsingle(0, "load-ca-certificate", "FILE ", "Certificate
authority's certificate file to use.");
- __gaa_helpsingle(0, "password", "PASSWORD ", "Password to use.");
- __gaa_helpsingle('i', "certificate-info", "", "Print information on a
certificate.");
- __gaa_helpsingle(0, "certificate-pubkey", "", "Print certificate public
key.");
- __gaa_helpsingle(0, "pgp-certificate-info", "", "Print information on a
OpenPGP certificate.");
- __gaa_helpsingle(0, "pgp-ring-info", "", "Print information on a
keyring structure.");
- __gaa_helpsingle('l', "crl-info", "", "Print information on a CRL.");
- __gaa_helpsingle(0, "crq-info", "", "Print information on a Certificate
Request.");
- __gaa_helpsingle(0, "no-crq-extensions", "", "Do not use extensions in
certificate requests.");
- __gaa_helpsingle(0, "p12-info", "", "Print information on a PKCS #12
structure.");
- __gaa_helpsingle(0, "p7-info", "", "Print information on a PKCS #7
structure.");
- __gaa_helpsingle(0, "smime-to-p7", "", "Convert S/MIME to PKCS #7
structure.");
- __gaa_helpsingle('k', "key-info", "", "Print information on a private
key.");
- __gaa_helpsingle(0, "pgp-key-info", "", "Print information on a OpenPGP
private key.");
- __gaa_helpsingle(0, "pubkey-info", "", "Print information on a public
key.");
- __gaa_helpsingle(0, "fix-key", "", "Regenerate the parameters in a
private key.");
- __gaa_helpsingle(0, "v1", "", "Generate an X.509 version 1 certificate
(no extensions).");
- __gaa_helpsingle(0, "to-p12", "", "Generate a PKCS #12 structure.");
- __gaa_helpsingle(0, "to-p8", "", "Generate a PKCS #8 key structure.");
- __gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private
keys.");
- __gaa_helpsingle(0, "dsa", "", "Use DSA keys.");
- __gaa_helpsingle(0, "rsa", "", "Use RSA keys.");
- __gaa_helpsingle(0, "ecc", "", "Use ECC (ECDSA) keys.");
- __gaa_helpsingle(0, "hash", "STR ", "Hash algorithm to use for signing
(MD5,SHA1,RMD160,SHA256,SHA384,SHA512).");
- __gaa_helpsingle(0, "export-ciphers", "", "Use weak encryption
algorithms.");
- __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates
and private keys.");
- __gaa_helpsingle(0, "inraw", "", "Use RAW/DER format for input
certificates and private keys.");
- __gaa_helpsingle(0, "outder", "", "Use DER format for output
certificates and private keys.");
- __gaa_helpsingle(0, "outraw", "", "Use RAW/DER format for output
certificates and private keys.");
- __gaa_helpsingle(0, "bits", "BITS ", "specify the number of bits for
key generation.");
- __gaa_helpsingle(0, "sec-param", "PARAM ", "specify the security level
[low|normal|high|ultra].");
- __gaa_helpsingle(0, "disable-quick-random", "", "Use /dev/random for
key generationg, thus increasing the quality of randomness used.");
- __gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
- __gaa_helpsingle(0, "infile", "FILE ", "Input file.");
- __gaa_helpsingle(0, "template", "FILE ", "Template file to use for non
interactive operation.");
- __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs
operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour).");
- __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level.
Default is 1.");
- __gaa_helpsingle('h', "help", "", "shows this help text");
- __gaa_helpsingle('v', "version", "", "shows the program's version");
-
-#line 100 "gaa.skel"
-}
-/* Copy of C area */
-
-#line 104 "gaa.skel"
-/* GAA HEADER */
-#ifndef GAA_HEADER_POKY
-#define GAA_HEADER_POKY
-
-typedef struct _gaainfo gaainfo;
-
-struct _gaainfo
-{
-#line 148 "certtool.gaa"
- int debug;
-#line 145 "certtool.gaa"
- char *pkcs_cipher;
-#line 142 "certtool.gaa"
- char *template;
-#line 139 "certtool.gaa"
- char *infile;
-#line 136 "certtool.gaa"
- char *outfile;
-#line 133 "certtool.gaa"
- int quick_random;
-#line 130 "certtool.gaa"
- char* sec_param;
-#line 127 "certtool.gaa"
- int bits;
-#line 123 "certtool.gaa"
- int outcert_format;
-#line 119 "certtool.gaa"
- int incert_format;
-#line 116 "certtool.gaa"
- int export;
-#line 113 "certtool.gaa"
- char *hash;
-#line 110 "certtool.gaa"
- int ecc;
-#line 105 "certtool.gaa"
- int dsa;
-#line 102 "certtool.gaa"
- int pkcs8;
-#line 95 "certtool.gaa"
- int v1_cert;
-#line 92 "certtool.gaa"
- int fix_key;
-#line 75 "certtool.gaa"
- int crq_extensions;
-#line 60 "certtool.gaa"
- char *pass;
-#line 57 "certtool.gaa"
- char *ca;
-#line 54 "certtool.gaa"
- char *ca_privkey;
-#line 51 "certtool.gaa"
- char *cert;
-#line 48 "certtool.gaa"
- char *request;
-#line 45 "certtool.gaa"
- char *pubkey;
-#line 42 "certtool.gaa"
- char *privkey;
-#line 17 "certtool.gaa"
- int action;
-#line 16 "certtool.gaa"
- int privkey_op;
-
-#line 114 "gaa.skel"
-};
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
- int gaa(int argc, char *argv[], gaainfo *gaaval);
-
- void gaa_help(void);
-
- int gaa_file(const char *name, gaainfo *gaaval);
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif
-
-#line 135 "gaa.skel"
-
-/* C declarations */
-
-#define GAAERROR(x) \
-{ \
-gaa_error = 1; \
-return x; \
-}
-
-static char *gaa_current_option;
-static int gaa_error = 0;
-
-/* Generated by gaa */
-
-#include <string.h>
-#include <stdlib.h>
-
-
-#define GAA_OK -1
-
-#define GAA_ERROR_NOMATCH 0
-#define GAA_ERROR_NOTENOUGH_ARGS 1
-#define GAA_ERROR_INVALID_ARG 2
-#define GAA_ERROR_UNKNOWN 3
-
-#define GAA_NOT_AN_OPTION 0
-#define GAA_WORD_OPTION 1
-#define GAA_LETTER_OPTION 2
-#define GAA_MULTIPLE_OPTION 3
-
-#define GAA_REST 0
-#define GAA_NB_OPTION 57
-#define GAAOPTID_version 1
-#define GAAOPTID_help 2
-#define GAAOPTID_debug 3
-#define GAAOPTID_pkcs_cipher 4
-#define GAAOPTID_template 5
-#define GAAOPTID_infile 6
-#define GAAOPTID_outfile 7
-#define GAAOPTID_disable_quick_random 8
-#define GAAOPTID_sec_param 9
-#define GAAOPTID_bits 10
-#define GAAOPTID_outraw 11
-#define GAAOPTID_outder 12
-#define GAAOPTID_inraw 13
-#define GAAOPTID_inder 14
-#define GAAOPTID_export_ciphers 15
-#define GAAOPTID_hash 16
-#define GAAOPTID_ecc 17
-#define GAAOPTID_rsa 18
-#define GAAOPTID_dsa 19
-#define GAAOPTID_pkcs8 20
-#define GAAOPTID_to_p8 21
-#define GAAOPTID_to_p12 22
-#define GAAOPTID_v1 23
-#define GAAOPTID_fix_key 24
-#define GAAOPTID_pubkey_info 25
-#define GAAOPTID_pgp_key_info 26
-#define GAAOPTID_key_info 27
-#define GAAOPTID_smime_to_p7 28
-#define GAAOPTID_p7_info 29
-#define GAAOPTID_p12_info 30
-#define GAAOPTID_no_crq_extensions 31
-#define GAAOPTID_crq_info 32
-#define GAAOPTID_crl_info 33
-#define GAAOPTID_pgp_ring_info 34
-#define GAAOPTID_pgp_certificate_info 35
-#define GAAOPTID_certificate_pubkey 36
-#define GAAOPTID_certificate_info 37
-#define GAAOPTID_password 38
-#define GAAOPTID_load_ca_certificate 39
-#define GAAOPTID_load_ca_privkey 40
-#define GAAOPTID_load_certificate 41
-#define GAAOPTID_load_request 42
-#define GAAOPTID_load_pubkey 43
-#define GAAOPTID_load_privkey 44
-#define GAAOPTID_dh_info 45
-#define GAAOPTID_get_dh_params 46
-#define GAAOPTID_generate_dh_params 47
-#define GAAOPTID_verify_crl 48
-#define GAAOPTID_verify 49
-#define GAAOPTID_verify_chain 50
-#define GAAOPTID_generate_request 51
-#define GAAOPTID_generate_privkey 52
-#define GAAOPTID_update_certificate 53
-#define GAAOPTID_generate_crl 54
-#define GAAOPTID_generate_proxy 55
-#define GAAOPTID_generate_certificate 56
-#define GAAOPTID_generate_self_signed 57
-
-#line 168 "gaa.skel"
-
-#define GAA_CHECK1STR(a,b) \
-if(a[0] == str[0]) \
-{ \
- gaa_current_option = a; \
- return b; \
-}
-
-#define GAA_CHECKSTR(a,b) \
-if(strcmp(a,str) == 0) \
-{ \
- gaa_current_option = a; \
- return b; \
-}
-
-#define GAA_TESTMOREARGS \
-if(!OK) \
-{ \
-while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \
- gaa_index++; \
-if(gaa_last_non_option == gaa_index) \
- return GAA_ERROR_NOTENOUGH_ARGS; \
-}
-
-#define GAA_TESTMOREOPTIONALARGS
\
-if(!OK) \
-{ \
-while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \
- gaa_index++; \
-if(gaa_last_non_option == gaa_index) \
- OK = 1; \
-}
-
-#define GAA_FILL_2ARGS(target, func) \
-target = func(GAAargv[gaa_index]); \
-gaa_arg_used[gaa_index] = 1; \
-if(gaa_error == 1) \
-{ \
- gaa_error = 0; \
- return GAA_ERROR_INVALID_ARG; \
-}
-
-
-
-#define GAA_FILL(target, func, num) \
-if(!OK) \
-{ \
-target = func(GAAargv[gaa_index]); \
-gaa_arg_used[gaa_index] = 1; \
-if(gaa_error == 1) \
-{ \
- gaa_error = 0; \
- return GAA_ERROR_INVALID_ARG; \
-} \
-num = 1; \
-} \
-else \
-{ \
-num = 0; \
-}
-
-#define GAA_LIST_FILL(target, func, type ,num) \
-if(!OK) \
-{ \
-num = 0; \
-target = NULL; \
-if ( gaa_last_non_option - gaa_index > 0) \
- target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\
-for(; gaa_index < gaa_last_non_option; gaa_index++) \
-{ \
- if(gaa_arg_used[gaa_index] == 0) \
- { \
- GAA_FILL_2ARGS(target[num], func); \
- num++; \
- } \
-} \
-if(num == 0) \
- return GAA_ERROR_NOTENOUGH_ARGS; \
-}
-
-#define GAA_OPTIONALLIST_FILL(target, func, type ,num) \
-if(!OK) \
-{ \
-num = 0; \
-target = NULL; \
-if ( gaa_last_non_option - gaa_index > 0) \
- target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\
-for(; gaa_index < gaa_last_non_option; gaa_index++) \
-{ \
- if(gaa_arg_used[gaa_index] == 0) \
- { \
- GAA_FILL_2ARGS(target[num], func); \
- num++; \
- } \
-} \
-}
-
-#define GAA_OBLIGAT(str) \
-k = 0; \
-for(i = 0; i < strlen(str); i++) \
-{ \
- j = gaa_get_option_num(str + i, GAA_LETTER_OPTION); \
- if(j == GAA_ERROR_NOMATCH) \
- { \
- printf("Error: invalid 'obligat' set\n"); \
- exit(-1); \
- } \
- if(opt_list[j] == 1) \
- k = 1; \
-} \
-if(k == 0) \
-{ \
- if(strlen(str) == 1) \
- printf("You must give the -%s option\n", str); \
- else \
- printf("You must give at least one option of '%s'\n", str); \
- return 0; \
-}
-
-#define GAA_INCOMP(str) \
-k = 0; \
-for(i = 0; i < strlen(str); i++) \
-{ \
- j = gaa_get_option_num(str + i, GAA_LETTER_OPTION); \
- if(j == GAA_ERROR_NOMATCH) \
- { \
- printf("Error: invalid 'obligat' set\n"); \
- exit(-1); \
- } \
- if(opt_list[j] == 1) \
- k++; \
-} \
-if(k > 1) \
-{ \
- printf("The options '%s' are incompatible\n", str); \
- return 0; \
-}
-
-
-static char **GAAargv;
-static int GAAargc;
-static char *gaa_arg_used;
-static int gaa_processing_file = 0;
-static int inited = 0;
-
-static int gaa_getint(char *arg)
-{
- int tmp;
- char a;
- if(sscanf(arg, "%d%c", &tmp, &a) < 1)
- {
- printf("Option %s: '%s' isn't an integer\n", gaa_current_option, arg);
- GAAERROR(-1);
- }
- return tmp;
-}
-
-static char gaa_getchar(char *arg)
-{
- if(strlen(arg) != 1)
- {
- printf("Option %s: '%s' isn't an character\n", gaa_current_option,
arg);
- GAAERROR(-1);
- }
- return arg[0];
-}
-
-static char* gaa_getstr(char *arg)
-{
- return arg;
-}
-static float gaa_getfloat(char *arg)
-{
- float tmp;
- char a;
- if(sscanf(arg, "%f%c", &tmp, &a) < 1)
- {
- printf("Option %s: '%s' isn't a float number\n", gaa_current_option,
arg);
- GAAERROR(-1);
- }
- return tmp;
-}
-/* option structures */
-
-struct GAAOPTION_debug
-{
- int arg1;
- int size1;
-};
-
-struct GAAOPTION_pkcs_cipher
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_template
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_infile
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_outfile
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_sec_param
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_bits
-{
- int arg1;
- int size1;
-};
-
-struct GAAOPTION_hash
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_password
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_load_ca_certificate
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_load_ca_privkey
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_load_certificate
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_load_request
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_load_pubkey
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_load_privkey
-{
- char* arg1;
- int size1;
-};
-
-#line 349 "gaa.skel"
-static int gaa_is_an_argument(char *str)
-{
-#ifdef GAA_WIN32
- if(str[0] == '/' && str[1] != 0)
- return GAA_MULTIPLE_OPTION;
-#endif
- if(str[0] != '-')
- return GAA_NOT_AN_OPTION;
- if(str[1] == 0)
- return GAA_NOT_AN_OPTION;
- if(str[1] == '-')
- {
- if(str[2] != 0)
- return GAA_WORD_OPTION;
- else
- return GAA_NOT_AN_OPTION;
- }
- if(str[2] == 0)
- return GAA_LETTER_OPTION;
- else
- return GAA_MULTIPLE_OPTION;
-}
-
-static int gaa_get_option_num(char *str, int status)
-{
- switch(status)
- {
- case GAA_LETTER_OPTION:
- GAA_CHECK1STR("d", GAAOPTID_debug);
- GAA_CHECK1STR("", GAAOPTID_pkcs_cipher);
- GAA_CHECK1STR("", GAAOPTID_template);
- GAA_CHECK1STR("", GAAOPTID_infile);
- GAA_CHECK1STR("", GAAOPTID_outfile);
- GAA_CHECK1STR("", GAAOPTID_sec_param);
- GAA_CHECK1STR("", GAAOPTID_bits);
- GAA_CHECK1STR("", GAAOPTID_hash);
- GAA_CHECK1STR("", GAAOPTID_password);
- GAA_CHECK1STR("", GAAOPTID_load_ca_certificate);
- GAA_CHECK1STR("", GAAOPTID_load_ca_privkey);
- GAA_CHECK1STR("", GAAOPTID_load_certificate);
- GAA_CHECK1STR("", GAAOPTID_load_request);
- GAA_CHECK1STR("", GAAOPTID_load_pubkey);
- GAA_CHECK1STR("", GAAOPTID_load_privkey);
- case GAA_MULTIPLE_OPTION:
-#line 375 "gaa.skel"
- GAA_CHECK1STR("v", GAAOPTID_version);
- GAA_CHECK1STR("h", GAAOPTID_help);
- GAA_CHECK1STR("", GAAOPTID_disable_quick_random);
- GAA_CHECK1STR("", GAAOPTID_outraw);
- GAA_CHECK1STR("", GAAOPTID_outder);
- GAA_CHECK1STR("", GAAOPTID_inraw);
- GAA_CHECK1STR("", GAAOPTID_inder);
- GAA_CHECK1STR("", GAAOPTID_export_ciphers);
- GAA_CHECK1STR("", GAAOPTID_ecc);
- GAA_CHECK1STR("", GAAOPTID_rsa);
- GAA_CHECK1STR("", GAAOPTID_dsa);
- GAA_CHECK1STR("8", GAAOPTID_pkcs8);
- GAA_CHECK1STR("", GAAOPTID_to_p8);
- GAA_CHECK1STR("", GAAOPTID_to_p12);
- GAA_CHECK1STR("", GAAOPTID_v1);
- GAA_CHECK1STR("", GAAOPTID_fix_key);
- GAA_CHECK1STR("", GAAOPTID_pubkey_info);
- GAA_CHECK1STR("", GAAOPTID_pgp_key_info);
- GAA_CHECK1STR("k", GAAOPTID_key_info);
- GAA_CHECK1STR("", GAAOPTID_smime_to_p7);
- GAA_CHECK1STR("", GAAOPTID_p7_info);
- GAA_CHECK1STR("", GAAOPTID_p12_info);
- GAA_CHECK1STR("", GAAOPTID_no_crq_extensions);
- GAA_CHECK1STR("", GAAOPTID_crq_info);
- GAA_CHECK1STR("l", GAAOPTID_crl_info);
- GAA_CHECK1STR("", GAAOPTID_pgp_ring_info);
- GAA_CHECK1STR("", GAAOPTID_pgp_certificate_info);
- GAA_CHECK1STR("", GAAOPTID_certificate_pubkey);
- GAA_CHECK1STR("i", GAAOPTID_certificate_info);
- GAA_CHECK1STR("", GAAOPTID_dh_info);
- GAA_CHECK1STR("", GAAOPTID_get_dh_params);
- GAA_CHECK1STR("", GAAOPTID_generate_dh_params);
- GAA_CHECK1STR("", GAAOPTID_verify_crl);
- GAA_CHECK1STR("", GAAOPTID_verify);
- GAA_CHECK1STR("e", GAAOPTID_verify_chain);
- GAA_CHECK1STR("q", GAAOPTID_generate_request);
- GAA_CHECK1STR("p", GAAOPTID_generate_privkey);
- GAA_CHECK1STR("u", GAAOPTID_update_certificate);
- GAA_CHECK1STR("", GAAOPTID_generate_crl);
- GAA_CHECK1STR("", GAAOPTID_generate_proxy);
- GAA_CHECK1STR("c", GAAOPTID_generate_certificate);
- GAA_CHECK1STR("s", GAAOPTID_generate_self_signed);
-
-#line 277 "gaa.skel"
- break;
- case GAA_WORD_OPTION:
- GAA_CHECKSTR("version", GAAOPTID_version);
- GAA_CHECKSTR("help", GAAOPTID_help);
- GAA_CHECKSTR("debug", GAAOPTID_debug);
- GAA_CHECKSTR("pkcs-cipher", GAAOPTID_pkcs_cipher);
- GAA_CHECKSTR("template", GAAOPTID_template);
- GAA_CHECKSTR("infile", GAAOPTID_infile);
- GAA_CHECKSTR("outfile", GAAOPTID_outfile);
- GAA_CHECKSTR("disable-quick-random",
GAAOPTID_disable_quick_random);
- GAA_CHECKSTR("sec-param", GAAOPTID_sec_param);
- GAA_CHECKSTR("bits", GAAOPTID_bits);
- GAA_CHECKSTR("outraw", GAAOPTID_outraw);
- GAA_CHECKSTR("outder", GAAOPTID_outder);
- GAA_CHECKSTR("inraw", GAAOPTID_inraw);
- GAA_CHECKSTR("inder", GAAOPTID_inder);
- GAA_CHECKSTR("export-ciphers", GAAOPTID_export_ciphers);
- GAA_CHECKSTR("hash", GAAOPTID_hash);
- GAA_CHECKSTR("ecc", GAAOPTID_ecc);
- GAA_CHECKSTR("rsa", GAAOPTID_rsa);
- GAA_CHECKSTR("dsa", GAAOPTID_dsa);
- GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8);
- GAA_CHECKSTR("to-p8", GAAOPTID_to_p8);
- GAA_CHECKSTR("to-p12", GAAOPTID_to_p12);
- GAA_CHECKSTR("v1", GAAOPTID_v1);
- GAA_CHECKSTR("fix-key", GAAOPTID_fix_key);
- GAA_CHECKSTR("pubkey-info", GAAOPTID_pubkey_info);
- GAA_CHECKSTR("pgp-key-info", GAAOPTID_pgp_key_info);
- GAA_CHECKSTR("key-info", GAAOPTID_key_info);
- GAA_CHECKSTR("smime-to-p7", GAAOPTID_smime_to_p7);
- GAA_CHECKSTR("p7-info", GAAOPTID_p7_info);
- GAA_CHECKSTR("p12-info", GAAOPTID_p12_info);
- GAA_CHECKSTR("no-crq-extensions",
GAAOPTID_no_crq_extensions);
- GAA_CHECKSTR("crq-info", GAAOPTID_crq_info);
- GAA_CHECKSTR("crl-info", GAAOPTID_crl_info);
- GAA_CHECKSTR("pgp-ring-info", GAAOPTID_pgp_ring_info);
- GAA_CHECKSTR("pgp-certificate-info",
GAAOPTID_pgp_certificate_info);
- GAA_CHECKSTR("certificate-pubkey",
GAAOPTID_certificate_pubkey);
- GAA_CHECKSTR("certificate-info",
GAAOPTID_certificate_info);
- GAA_CHECKSTR("password", GAAOPTID_password);
- GAA_CHECKSTR("load-ca-certificate",
GAAOPTID_load_ca_certificate);
- GAA_CHECKSTR("load-ca-privkey",
GAAOPTID_load_ca_privkey);
- GAA_CHECKSTR("load-certificate",
GAAOPTID_load_certificate);
- GAA_CHECKSTR("load-request", GAAOPTID_load_request);
- GAA_CHECKSTR("load-pubkey", GAAOPTID_load_pubkey);
- GAA_CHECKSTR("load-privkey", GAAOPTID_load_privkey);
- GAA_CHECKSTR("dh-info", GAAOPTID_dh_info);
- GAA_CHECKSTR("get-dh-params", GAAOPTID_get_dh_params);
- GAA_CHECKSTR("generate-dh-params",
GAAOPTID_generate_dh_params);
- GAA_CHECKSTR("verify-crl", GAAOPTID_verify_crl);
- GAA_CHECKSTR("verify", GAAOPTID_verify);
- GAA_CHECKSTR("verify-chain", GAAOPTID_verify_chain);
- GAA_CHECKSTR("generate-request",
GAAOPTID_generate_request);
- GAA_CHECKSTR("generate-privkey",
GAAOPTID_generate_privkey);
- GAA_CHECKSTR("update-certificate",
GAAOPTID_update_certificate);
- GAA_CHECKSTR("generate-crl", GAAOPTID_generate_crl);
- GAA_CHECKSTR("generate-proxy", GAAOPTID_generate_proxy);
- GAA_CHECKSTR("generate-certificate",
GAAOPTID_generate_certificate);
- GAA_CHECKSTR("generate-self-signed",
GAAOPTID_generate_self_signed);
-
-#line 281 "gaa.skel"
- break;
- default: break;
- }
- return GAA_ERROR_NOMATCH;
-}
-
-static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
-{
- int OK = 0;
- int gaa_last_non_option;
- struct GAAOPTION_debug GAATMP_debug;
- struct GAAOPTION_pkcs_cipher GAATMP_pkcs_cipher;
- struct GAAOPTION_template GAATMP_template;
- struct GAAOPTION_infile GAATMP_infile;
- struct GAAOPTION_outfile GAATMP_outfile;
- struct GAAOPTION_sec_param GAATMP_sec_param;
- struct GAAOPTION_bits GAATMP_bits;
- struct GAAOPTION_hash GAATMP_hash;
- struct GAAOPTION_password GAATMP_password;
- struct GAAOPTION_load_ca_certificate GAATMP_load_ca_certificate;
- struct GAAOPTION_load_ca_privkey GAATMP_load_ca_privkey;
- struct GAAOPTION_load_certificate GAATMP_load_certificate;
- struct GAAOPTION_load_request GAATMP_load_request;
- struct GAAOPTION_load_pubkey GAATMP_load_pubkey;
- struct GAAOPTION_load_privkey GAATMP_load_privkey;
-
-#line 393 "gaa.skel"
-#ifdef GAA_REST_EXISTS
- struct GAAREST GAAREST_tmp;
-#endif
-
- opt_list[gaa_num] = 1;
-
- for(gaa_last_non_option = gaa_index;
- (gaa_last_non_option != GAAargc) &&
(gaa_is_an_argument(GAAargv[gaa_last_non_option]) == GAA_NOT_AN_OPTION);
- gaa_last_non_option++);
-
- if(gaa_num == GAA_REST)
- {
- gaa_index = 1;
- gaa_last_non_option = GAAargc;
- }
-
- switch(gaa_num)
- {
- case GAAOPTID_version:
- OK = 0;
-#line 153 "certtool.gaa"
-{ certtool_version(); exit(0); ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_help:
- OK = 0;
-#line 151 "certtool.gaa"
-{ gaa_help(); exit(0); ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_debug:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
- gaa_index++;
-#line 149 "certtool.gaa"
-{ gaaval->debug = GAATMP_debug.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_pkcs_cipher:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr,
GAATMP_pkcs_cipher.size1);
- gaa_index++;
-#line 146 "certtool.gaa"
-{ gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_template:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_template.arg1, gaa_getstr,
GAATMP_template.size1);
- gaa_index++;
-#line 143 "certtool.gaa"
-{ gaaval->template = GAATMP_template.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_infile:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
- gaa_index++;
-#line 140 "certtool.gaa"
-{ gaaval->infile = GAATMP_infile.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_outfile:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
- gaa_index++;
-#line 137 "certtool.gaa"
-{ gaaval->outfile = GAATMP_outfile.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_disable_quick_random:
- OK = 0;
-#line 134 "certtool.gaa"
-{ gaaval->quick_random = 0; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_sec_param:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr,
GAATMP_sec_param.size1);
- gaa_index++;
-#line 131 "certtool.gaa"
-{ gaaval->sec_param = GAATMP_sec_param.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_bits:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
- gaa_index++;
-#line 128 "certtool.gaa"
-{ gaaval->bits = GAATMP_bits.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_outraw:
- OK = 0;
-#line 125 "certtool.gaa"
-{ gaaval->outcert_format=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_outder:
- OK = 0;
-#line 124 "certtool.gaa"
-{ gaaval->outcert_format=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_inraw:
- OK = 0;
-#line 121 "certtool.gaa"
-{ gaaval->incert_format=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_inder:
- OK = 0;
-#line 120 "certtool.gaa"
-{ gaaval->incert_format=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_export_ciphers:
- OK = 0;
-#line 117 "certtool.gaa"
-{ gaaval->export=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_hash:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1);
- gaa_index++;
-#line 114 "certtool.gaa"
-{ gaaval->hash = GAATMP_hash.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_ecc:
- OK = 0;
-#line 111 "certtool.gaa"
-{ gaaval->ecc=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_rsa:
- OK = 0;
-#line 108 "certtool.gaa"
-{ ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_dsa:
- OK = 0;
-#line 106 "certtool.gaa"
-{ gaaval->dsa=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_pkcs8:
- OK = 0;
-#line 103 "certtool.gaa"
-{ gaaval->pkcs8=1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_to_p8:
- OK = 0;
-#line 100 "certtool.gaa"
-{ gaaval->action = ACTION_GENERATE_PKCS8; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_to_p12:
- OK = 0;
-#line 98 "certtool.gaa"
-{ gaaval->action = ACTION_TO_PKCS12; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_v1:
- OK = 0;
-#line 96 "certtool.gaa"
-{ gaaval->v1_cert = 1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_fix_key:
- OK = 0;
-#line 93 "certtool.gaa"
-{ gaaval->privkey_op=1; gaaval->fix_key = 1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_pubkey_info:
- OK = 0;
-#line 90 "certtool.gaa"
-{ gaaval->action = ACTION_PUBKEY_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_pgp_key_info:
- OK = 0;
-#line 88 "certtool.gaa"
-{ gaaval->privkey_op=1; gaaval->action = ACTION_PGP_PRIVKEY_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_key_info:
- OK = 0;
-#line 86 "certtool.gaa"
-{ gaaval->privkey_op=1; gaaval->action = ACTION_PRIVKEY_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_smime_to_p7:
- OK = 0;
-#line 82 "certtool.gaa"
-{ gaaval->action = ACTION_SMIME_TO_P7; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p7_info:
- OK = 0;
-#line 80 "certtool.gaa"
-{ gaaval->action = ACTION_P7_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p12_info:
- OK = 0;
-#line 78 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS12_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_no_crq_extensions:
- OK = 0;
-#line 76 "certtool.gaa"
-{ gaaval->crq_extensions = 0; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_crq_info:
- OK = 0;
-#line 73 "certtool.gaa"
-{ gaaval->action = ACTION_REQUEST; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_crl_info:
- OK = 0;
-#line 71 "certtool.gaa"
-{ gaaval->action = ACTION_CRL_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_pgp_ring_info:
- OK = 0;
-#line 69 "certtool.gaa"
-{ gaaval->action = ACTION_RING_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_pgp_certificate_info:
- OK = 0;
-#line 67 "certtool.gaa"
-{ gaaval->action = ACTION_PGP_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_certificate_pubkey:
- OK = 0;
-#line 65 "certtool.gaa"
-{ gaaval->action = ACTION_CERT_PUBKEY; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_certificate_info:
- OK = 0;
-#line 63 "certtool.gaa"
-{ gaaval->action = ACTION_CERT_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_password:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_password.arg1, gaa_getstr,
GAATMP_password.size1);
- gaa_index++;
-#line 61 "certtool.gaa"
-{ gaaval->pass = GAATMP_password.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_load_ca_certificate:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_load_ca_certificate.arg1, gaa_getstr,
GAATMP_load_ca_certificate.size1);
- gaa_index++;
-#line 58 "certtool.gaa"
-{ gaaval->ca = GAATMP_load_ca_certificate.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_load_ca_privkey:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_load_ca_privkey.arg1, gaa_getstr,
GAATMP_load_ca_privkey.size1);
- gaa_index++;
-#line 55 "certtool.gaa"
-{ gaaval->ca_privkey = GAATMP_load_ca_privkey.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_load_certificate:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr,
GAATMP_load_certificate.size1);
- gaa_index++;
-#line 52 "certtool.gaa"
-{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_load_request:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_load_request.arg1, gaa_getstr,
GAATMP_load_request.size1);
- gaa_index++;
-#line 49 "certtool.gaa"
-{ gaaval->request = GAATMP_load_request.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_load_pubkey:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr,
GAATMP_load_pubkey.size1);
- gaa_index++;
-#line 46 "certtool.gaa"
-{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_load_privkey:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr,
GAATMP_load_privkey.size1);
- gaa_index++;
-#line 43 "certtool.gaa"
-{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_dh_info:
- OK = 0;
-#line 40 "certtool.gaa"
-{ gaaval->action = ACTION_DH_INFO; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_get_dh_params:
- OK = 0;
-#line 39 "certtool.gaa"
-{ gaaval->action=ACTION_GET_DH; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_generate_dh_params:
- OK = 0;
-#line 38 "certtool.gaa"
-{ gaaval->action=ACTION_GENERATE_DH; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_verify_crl:
- OK = 0;
-#line 36 "certtool.gaa"
-{ gaaval->action=ACTION_VERIFY_CRL; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_verify:
- OK = 0;
-#line 34 "certtool.gaa"
-{ gaaval->action=ACTION_VERIFY; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_verify_chain:
- OK = 0;
-#line 32 "certtool.gaa"
-{ gaaval->action=ACTION_VERIFY_CHAIN; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_generate_request:
- OK = 0;
-#line 30 "certtool.gaa"
-{ gaaval->privkey_op=1; gaaval->action=ACTION_GENERATE_REQUEST; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_generate_privkey:
- OK = 0;
-#line 28 "certtool.gaa"
-{ gaaval->privkey_op=1; gaaval->action=ACTION_GENERATE_PRIVKEY; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_update_certificate:
- OK = 0;
-#line 26 "certtool.gaa"
-{ gaaval->action=ACTION_UPDATE_CERTIFICATE; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_generate_crl:
- OK = 0;
-#line 24 "certtool.gaa"
-{ gaaval->action=ACTION_GENERATE_CRL; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_generate_proxy:
- OK = 0;
-#line 22 "certtool.gaa"
-{ gaaval->action=ACTION_GENERATE_PROXY; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_generate_certificate:
- OK = 0;
-#line 20 "certtool.gaa"
-{ gaaval->action=ACTION_GENERATE_CERTIFICATE; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_generate_self_signed:
- OK = 0;
-#line 18 "certtool.gaa"
-{ gaaval->action=ACTION_SELF_SIGNED; ;};
-
- return GAA_OK;
- break;
-
-#line 413 "gaa.skel"
- default: break;
- }
- return GAA_ERROR_UNKNOWN;
-}
-
-int gaa(int argc, char **argv, gaainfo *gaaval)
-{
- int tmp1, tmp2;
- int i, j;
- char *opt_list;
-
- GAAargv = argv;
- GAAargc = argc;
-
- opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1);
-
- for(i = 0; i < GAA_NB_OPTION + 1; i++)
- opt_list[i] = 0;
- /* initialization */
- if(inited == 0)
- {
-
-#line 155 "certtool.gaa"
-{ gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL;
gaaval->ca=NULL; gaaval->ca_privkey = NULL;
- gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL;
gaaval->outfile = NULL; gaaval->cert = NULL;
- gaaval->incert_format = 0; gaaval->outcert_format = 0;
gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
- gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL;
gaaval->fix_key = 0; gaaval->quick_random=1;
- gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128";
gaaval->crq_extensions=1; gaaval->ecc=0;
- gaaval->sec_param = NULL; ;};
-
- }
- inited = 1;
-#line 438 "gaa.skel"
- gaa_arg_used = NULL;
-
- if (argc > 0) {
- gaa_arg_used = gaa_malloc(argc * sizeof(char));
- }
-
- for(i = 1; i < argc; i++)
- gaa_arg_used[i] = 0;
- for(i = 1; i < argc; i++)
- {
- if(gaa_arg_used[i] == 0)
- {
- j = 0;
- tmp1 = gaa_is_an_argument(GAAargv[i]);
- switch(tmp1)
- {
- case GAA_WORD_OPTION:
- j++;
- case GAA_LETTER_OPTION:
- j++;
- tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
- if(tmp2 == GAA_ERROR_NOMATCH)
- {
- printf("Invalid option '%s'\n", argv[i]+j);
- return 0;
- }
- switch(gaa_try(tmp2, i+1, gaaval, opt_list))
- {
- case GAA_ERROR_NOTENOUGH_ARGS:
- printf("'%s': not enough arguments\n",gaa_current_option);
- return 0;
- case GAA_ERROR_INVALID_ARG:
- printf("Invalid arguments\n");
- return 0;
- case GAA_OK:
- break;
- default:
- printf("Unknown error\n");
- }
- gaa_arg_used[i] = 1;
- break;
- case GAA_MULTIPLE_OPTION:
- for(j = 1; j < strlen(argv[i]); j++)
- {
- tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
- if(tmp2 == GAA_ERROR_NOMATCH)
- {
- printf("Invalid option '%c'\n", *(argv[i]+j));
- return 0;
- }
- switch(gaa_try(tmp2, i+1, gaaval, opt_list))
- {
- case GAA_ERROR_NOTENOUGH_ARGS:
- printf("'%s': not enough
arguments\n",gaa_current_option);
- return 0;
- case GAA_ERROR_INVALID_ARG:
- printf("Invalid arguments\n");
- return 0;
- case GAA_OK:
- break;
- default:
- printf("Unknown error\n");
- }
- }
- gaa_arg_used[i] = 1;
- break;
- default: break;
- }
- }
- }
-if(gaa_processing_file == 0)
-{
-
-#line 507 "gaa.skel"
-#ifdef GAA_REST_EXISTS
- switch(gaa_try(GAA_REST, 1, gaaval, opt_list))
- {
- case GAA_ERROR_NOTENOUGH_ARGS:
- printf("Rest: not enough arguments\n");
- return 0;
- case GAA_ERROR_INVALID_ARG:
- printf("Invalid arguments\n");
- return 0;
- case GAA_OK:
- break;
- default:
- printf("Unknown error\n");
- }
-#endif
-}
- for(i = 1; i < argc; i++)
- {
- if(gaa_arg_used[i] == 0)
- {
- printf("Too many arguments\n");
- return 0;
- }
- }
- free(gaa_arg_used);
- free(opt_list);
- return -1;
-}
-
-struct gaastrnode
-{
- char *str;
- struct gaastrnode *next;
-};
-
-typedef struct gaastrnode gaa_str_node;
-
-static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int
argc)
-{
- int pos_ini;
- int a;
- int i = 0, len = 0, newline = 0;
-
- if(argc == 1) {
- newline = 1;
- len = 2;
- }
-
- a = fgetc( file);
- if (a == EOF) return 0;
-
- while(a == ' ' || a == 9 || a == '\n')
- {
- if(a == '\n')
- {
- newline=1;
- len = 2;
- }
- a = fgetc( file);
- if (a == EOF) return 0;
- }
-
- pos_ini = ftell(file) - 1;
-
- while(a != ' ' && a != 9 && a != '\n')
- {
-
- len++;
- a = fgetc( file);
- if(a==EOF) return 0;
- }
-
- len += 1;
- tmp_str->str = gaa_malloc((len) * sizeof(char));
-
- if(newline == 1)
- {
- tmp_str->str[0] = '-';
- tmp_str->str[1] = '-';
- i = 2;
- }
- else
- {
- i = 0;
- }
-
- fseek(file,pos_ini, SEEK_SET);
- do
- {
- a = fgetc( file);
-
- if (a == EOF) {
- i+=2;
- break;
- }
- tmp_str->str[i] = a;
- i++;
- }
- while(a != ' ' && a != 9 && a != '\n' && i < len);
-
- tmp_str->str[i - 1] = 0;
-
- fseek(file,- 1, SEEK_CUR);
-/* printf("%d\n", ftell(file)); */
-
- return -1;
-}
-
-int gaa_file(const char *name, gaainfo *gaaval)
-{
- gaa_str_node *first_str, **tmp_str, *tmp_str2;
- int rval, i;
- char **argv;
- int argc = 0;
- FILE *file;
-
- gaa_processing_file = 1;
-
- if((file = fopen(name, "r")) == NULL)
- {
- printf("Couldn't open '%s' configuration file for reading\n", name);
- return 1;
- }
-
- tmp_str = &first_str;
- do
- {
- argc++;
- *tmp_str = gaa_malloc(sizeof(gaa_str_node));
-
- (*tmp_str)->str = NULL;
- (*tmp_str)->next = NULL;
-
- rval = gaa_internal_get_next_str(file, *tmp_str, argc);
- tmp_str = &((*tmp_str)->next);
- }
- while(rval == -1);
-
- if(rval == 1)
- return 0;
-
- argv = gaa_malloc((1 + argc) * sizeof(char*));
-
- tmp_str2 = first_str;
- argv[0] = "cfg";
- for(i = 1; i < argc; i++)
- {
- argv[i] = tmp_str2->str;
- tmp_str2 = tmp_str2->next;
- }
-
- rval = gaa(argc, argv, gaaval);
- gaa_processing_file = 0;
- return rval;
-}
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
deleted file mode 100644
index 06f9998..0000000
--- a/src/certtool-gaa.h
+++ /dev/null
@@ -1,85 +0,0 @@
-
-#line 104 "gaa.skel"
-/* GAA HEADER */
-#ifndef GAA_HEADER_POKY
-#define GAA_HEADER_POKY
-
-typedef struct _gaainfo gaainfo;
-
-struct _gaainfo
-{
-#line 148 "certtool.gaa"
- int debug;
-#line 145 "certtool.gaa"
- char *pkcs_cipher;
-#line 142 "certtool.gaa"
- char *template;
-#line 139 "certtool.gaa"
- char *infile;
-#line 136 "certtool.gaa"
- char *outfile;
-#line 133 "certtool.gaa"
- int quick_random;
-#line 130 "certtool.gaa"
- char* sec_param;
-#line 127 "certtool.gaa"
- int bits;
-#line 123 "certtool.gaa"
- int outcert_format;
-#line 119 "certtool.gaa"
- int incert_format;
-#line 116 "certtool.gaa"
- int export;
-#line 113 "certtool.gaa"
- char *hash;
-#line 110 "certtool.gaa"
- int ecc;
-#line 105 "certtool.gaa"
- int dsa;
-#line 102 "certtool.gaa"
- int pkcs8;
-#line 95 "certtool.gaa"
- int v1_cert;
-#line 92 "certtool.gaa"
- int fix_key;
-#line 75 "certtool.gaa"
- int crq_extensions;
-#line 60 "certtool.gaa"
- char *pass;
-#line 57 "certtool.gaa"
- char *ca;
-#line 54 "certtool.gaa"
- char *ca_privkey;
-#line 51 "certtool.gaa"
- char *cert;
-#line 48 "certtool.gaa"
- char *request;
-#line 45 "certtool.gaa"
- char *pubkey;
-#line 42 "certtool.gaa"
- char *privkey;
-#line 17 "certtool.gaa"
- int action;
-#line 16 "certtool.gaa"
- int privkey_op;
-
-#line 114 "gaa.skel"
-};
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
- int gaa(int argc, char *argv[], gaainfo *gaaval);
-
- void gaa_help(void);
-
- int gaa_file(const char *name, gaainfo *gaaval);
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif
diff --git a/src/certtool.c b/src/certtool.c
index a409662..c8498e6 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -46,17 +46,17 @@
#include <certtool-cfg.h>
#include <p11common.h>
-#include "certtool-gaa.h"
+#include "certtool-args.h"
#include "certtool-common.h"
#define SIGN_HASH GNUTLS_DIG_SHA256
-static void privkey_info_int (gnutls_x509_privkey_t key);
+static void privkey_info_int (common_info_st*, gnutls_x509_privkey_t key);
static void print_crl_info (gnutls_x509_crl_t crl, FILE * out);
void pkcs7_info (void);
void crq_info (void);
void smime_to_pkcs7 (void);
-void pkcs12_info (void);
+void pkcs12_info (common_info_st*);
void generate_pkcs12 (common_info_st *);
void generate_pkcs8 (common_info_st *);
static void verify_chain (void);
@@ -67,8 +67,8 @@ void pgp_ring_info (void);
void certificate_info (int, common_info_st *);
void pgp_certificate_info (void);
void crl_info (void);
-void privkey_info (void);
-static void gaa_parser (int argc, char **argv);
+void privkey_info (common_info_st*);
+static void cmd_parser (int argc, char **argv);
void generate_self_signed (common_info_st *);
void generate_request (common_info_st *);
static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
@@ -77,10 +77,11 @@ static void verify_certificate (common_info_st * cinfo);
static void print_hex_datum (gnutls_datum_t * dat);
-static gaainfo info;
FILE *outfile;
FILE *infile;
-gnutls_digest_algorithm_t default_dig;
+static gnutls_digest_algorithm_t default_dig;
+static unsigned int incert_format, outcert_format;
+static unsigned int req_key_type;
/* non interactive operation if set
*/
@@ -98,7 +99,7 @@ main (int argc, char **argv)
{
set_program_name (argv[0]);
cfg_init ();
- gaa_parser (argc, argv);
+ cmd_parser (argc, argv);
return 0;
}
@@ -188,32 +189,22 @@ print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e,
gnutls_datum_t * d,
}
static gnutls_x509_privkey_t
-generate_private_key_int (void)
+generate_private_key_int (common_info_st * cinfo)
{
gnutls_x509_privkey_t key;
int ret, key_type, bits;
- if (info.dsa)
- key_type = GNUTLS_PK_DSA;
- else if (info.ecc)
- key_type = GNUTLS_PK_EC;
- else
- key_type = GNUTLS_PK_RSA;
+ key_type = req_key_type;
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
- bits = get_bits (key_type, info.bits, info.sec_param);
+ bits = get_bits (key_type, cinfo->bits, cinfo->sec_param);
fprintf (stderr, "Generating a %d bit %s private key...\n",
bits, gnutls_pk_algorithm_get_name (key_type));
- if (info.quick_random == 0)
- fprintf (stderr,
- "This might take several minutes depending on availability of
randomness"
- " in /dev/random.\n");
-
if (bits > 1024 && key_type == GNUTLS_PK_DSA)
fprintf (stderr,
"Note that DSA keys with size over 1024 can only be used with TLS
1.2 or later.\n\n");
@@ -267,7 +258,7 @@ cipher_to_flags (const char *cipher)
static void
-print_private_key (gnutls_x509_privkey_t key)
+print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key)
{
int ret;
size_t size;
@@ -275,13 +266,13 @@ print_private_key (gnutls_x509_privkey_t key)
if (!key)
return;
- if (info.outcert_format == GNUTLS_X509_FMT_PEM)
- privkey_info_int(key);
+ if (outcert_format == GNUTLS_X509_FMT_PEM)
+ privkey_info_int(cinfo, key);
- if (!info.pkcs8)
+ if (!cinfo->pkcs8)
{
size = buffer_size;
- ret = gnutls_x509_privkey_export (key, info.outcert_format,
+ ret = gnutls_x509_privkey_export (key, outcert_format,
buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_export: %s", gnutls_strerror (ret));
@@ -291,17 +282,14 @@ print_private_key (gnutls_x509_privkey_t key)
unsigned int flags;
const char *pass;
- if (info.export)
- flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
- else
- flags = cipher_to_flags (info.pkcs_cipher);
+ flags = cipher_to_flags (cinfo->pkcs_cipher);
if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0')
flags = GNUTLS_PKCS_PLAIN;
size = buffer_size;
ret =
- gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass,
+ gnutls_x509_privkey_export_pkcs8 (key, outcert_format, pass,
flags, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_export_pkcs8: %s",
@@ -312,13 +300,13 @@ print_private_key (gnutls_x509_privkey_t key)
}
static void
-generate_private_key (void)
+generate_private_key (common_info_st* cinfo)
{
gnutls_x509_privkey_t key;
- key = generate_private_key_int ();
+ key = generate_private_key_int (cinfo);
- print_private_key (key);
+ print_private_key (cinfo, key);
gnutls_x509_privkey_deinit (key);
}
@@ -440,7 +428,7 @@ generate_certificate (gnutls_privkey_t * ret_key,
}
/* append additional extensions */
- if (info.v1_cert == 0)
+ if (cinfo->v1_cert == 0)
{
if (proxy)
@@ -642,7 +630,7 @@ generate_certificate (gnutls_privkey_t * ret_key,
/* Version.
*/
- if (info.v1_cert != 0)
+ if (cinfo->v1_cert != 0)
vers = 1;
else
vers = 3;
@@ -801,7 +789,7 @@ generate_self_signed (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
size = buffer_size;
- result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
+ result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -843,7 +831,7 @@ generate_signed_certificate (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
size = buffer_size;
- result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
+ result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -878,7 +866,7 @@ generate_proxy_certificate (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
size = buffer_size;
- result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
+ result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -949,7 +937,7 @@ update_signed_certificate (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
size = buffer_size;
- result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
+ result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -958,83 +946,92 @@ update_signed_certificate (common_info_st * cinfo)
gnutls_x509_crt_deinit (crt);
}
-void
-gaa_parser (int argc, char **argv)
+static void
+cmd_parser (int argc, char **argv)
{
- int ret;
+ int ret, privkey_op = 0;
common_info_st cinfo;
- if (gaa (argc, argv, &info) != -1)
- {
- fprintf (stderr, "Try `%s --help' for more information.\n",
- program_name);
- exit (1);
- }
+ optionProcess( &certtoolOptions, argc, argv);
+
+ if (HAVE_OPT(GENERATE_PRIVKEY) || HAVE_OPT(GENERATE_REQUEST) ||
+ HAVE_OPT(KEY_INFO) || HAVE_OPT(PGP_KEY_INFO))
+ privkey_op = 1;
- if (info.outfile)
+ if (HAVE_OPT(OUTFILE))
{
- outfile = safe_open_rw (info.outfile, info.privkey_op);
+ outfile = safe_open_rw (OPT_ARG(OUTFILE), privkey_op);
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", info.outfile);
+ error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
}
else
outfile = stdout;
- if (info.infile)
+ if (HAVE_OPT(INFILE))
{
- infile = fopen (info.infile, "rb");
+ infile = fopen (OPT_ARG(INFILE), "rb");
if (infile == NULL)
- error (EXIT_FAILURE, errno, "%s", info.infile);
+ error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
}
else
infile = stdin;
- if (info.incert_format)
- info.incert_format = GNUTLS_X509_FMT_DER;
+ if (HAVE_OPT(INDER))
+ incert_format = GNUTLS_X509_FMT_DER;
+ else
+ incert_format = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(OUTDER))
+ outcert_format = GNUTLS_X509_FMT_DER;
else
- info.incert_format = GNUTLS_X509_FMT_PEM;
+ outcert_format = GNUTLS_X509_FMT_PEM;
- if (info.outcert_format)
- info.outcert_format = GNUTLS_X509_FMT_DER;
+ if (HAVE_OPT(DSA))
+ req_key_type = GNUTLS_PK_DSA;
+ else if (HAVE_OPT(ECC))
+ req_key_type = GNUTLS_PK_ECC;
else
- info.outcert_format = GNUTLS_X509_FMT_PEM;
+ req_key_type = GNUTLS_PK_RSA;
default_dig = GNUTLS_DIG_UNKNOWN;
- if (info.hash != NULL)
+ if (HAVE_OPT(HASH))
{
- if (strcasecmp (info.hash, "md5") == 0)
+ if (strcasecmp (OPT_ARG(HASH), "md5") == 0)
{
fprintf (stderr,
"Warning: MD5 is broken, and should not be used any more
for digital signatures.\n");
default_dig = GNUTLS_DIG_MD5;
}
- else if (strcasecmp (info.hash, "sha1") == 0)
+ else if (strcasecmp (OPT_ARG(HASH), "sha1") == 0)
default_dig = GNUTLS_DIG_SHA1;
- else if (strcasecmp (info.hash, "sha256") == 0)
+ else if (strcasecmp (OPT_ARG(HASH), "sha256") == 0)
default_dig = GNUTLS_DIG_SHA256;
- else if (strcasecmp (info.hash, "sha224") == 0)
+ else if (strcasecmp (OPT_ARG(HASH), "sha224") == 0)
default_dig = GNUTLS_DIG_SHA224;
- else if (strcasecmp (info.hash, "sha384") == 0)
+ else if (strcasecmp (OPT_ARG(HASH), "sha384") == 0)
default_dig = GNUTLS_DIG_SHA384;
- else if (strcasecmp (info.hash, "sha512") == 0)
+ else if (strcasecmp (OPT_ARG(HASH), "sha512") == 0)
default_dig = GNUTLS_DIG_SHA512;
- else if (strcasecmp (info.hash, "rmd160") == 0)
+ else if (strcasecmp (OPT_ARG(HASH), "rmd160") == 0)
default_dig = GNUTLS_DIG_RMD160;
else
- error (EXIT_FAILURE, 0, "invalid hash: %s", info.hash);
+ error (EXIT_FAILURE, 0, "invalid hash: %s", OPT_ARG(HASH));
}
batch = 0;
- if (info.template)
+ if (HAVE_OPT(TEMPLATE))
{
batch = 1;
- template_parse (info.template);
+ template_parse (OPT_ARG(TEMPLATE));
}
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (info.debug);
- if (info.debug > 1)
- printf ("Setting log level to %d\n", info.debug);
+
+ if (HAVE_OPT(DEBUG))
+ {
+ gnutls_global_set_log_level (OPT_VALUE_DEBUG);
+ printf ("Setting log level to %d\n", (int)OPT_VALUE_DEBUG);
+ }
if ((ret = gnutls_global_init ()) < 0)
error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
@@ -1044,106 +1041,104 @@ gaa_parser (int argc, char **argv)
#endif
memset (&cinfo, 0, sizeof (cinfo));
- cinfo.privkey = info.privkey;
- cinfo.pubkey = info.pubkey;
- cinfo.pkcs8 = info.pkcs8;
- cinfo.incert_format = info.incert_format;
- cinfo.cert = info.cert;
- cinfo.request = info.request;
- cinfo.ca = info.ca;
- cinfo.ca_privkey = info.ca_privkey;
- cinfo.bits = info.bits;
- cinfo.sec_param = info.sec_param;
-
- switch (info.action)
- {
- case ACTION_SELF_SIGNED:
- generate_self_signed (&cinfo);
- break;
- case ACTION_GENERATE_PRIVKEY:
- generate_private_key ();
- break;
- case ACTION_CERT_INFO:
- certificate_info (0, &cinfo);
- break;
- case ACTION_DH_INFO:
- dh_info (&cinfo);
- break;
- case ACTION_CERT_PUBKEY:
- certificate_info (1, &cinfo);
- break;
- case ACTION_GENERATE_REQUEST:
- generate_request (&cinfo);
- break;
- case ACTION_GENERATE_CERTIFICATE:
- generate_signed_certificate (&cinfo);
- break;
- case ACTION_VERIFY_CHAIN:
- verify_chain ();
- break;
- case ACTION_VERIFY:
- verify_certificate (&cinfo);
- break;
- case ACTION_PRIVKEY_INFO:
- privkey_info ();
- break;
- case ACTION_PUBKEY_INFO:
- pubkey_info (NULL, &cinfo);
- break;
- case ACTION_UPDATE_CERTIFICATE:
- update_signed_certificate (&cinfo);
- break;
- case ACTION_TO_PKCS12:
- generate_pkcs12 (&cinfo);
- break;
- case ACTION_PKCS12_INFO:
- pkcs12_info ();
- break;
- case ACTION_GENERATE_DH:
- generate_prime (1, &cinfo);
- break;
- case ACTION_GET_DH:
- generate_prime (0, &cinfo);
- break;
- case ACTION_CRL_INFO:
- crl_info ();
- break;
- case ACTION_P7_INFO:
- pkcs7_info ();
- break;
- case ACTION_GENERATE_CRL:
- generate_signed_crl (&cinfo);
- break;
- case ACTION_VERIFY_CRL:
- verify_crl (&cinfo);
- break;
- case ACTION_SMIME_TO_P7:
- smime_to_pkcs7 ();
- break;
- case ACTION_GENERATE_PROXY:
- generate_proxy_certificate (&cinfo);
- break;
- case ACTION_GENERATE_PKCS8:
- generate_pkcs8 (&cinfo);
- break;
+
+ if (HAVE_OPT(LOAD_PRIVKEY))
+ cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
+
+ cinfo.v1_cert = HAVE_OPT(V1);
+ if (HAVE_OPT(NO_CRQ_EXTENSIONS))
+ cinfo.crq_extensions = 0;
+ else cinfo.crq_extensions = 1;
+
+ if (HAVE_OPT(LOAD_PUBKEY))
+ cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
+
+ cinfo.pkcs8 = HAVE_OPT(PKCS8);
+ cinfo.incert_format = incert_format;
+
+ if (HAVE_OPT(LOAD_CERTIFICATE))
+ cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
+
+ if (HAVE_OPT(LOAD_REQUEST))
+ cinfo.request = OPT_ARG(LOAD_REQUEST);
+
+ if (HAVE_OPT(LOAD_CA_CERTIFICATE))
+ cinfo.ca = OPT_ARG(LOAD_CA_CERTIFICATE);
+
+ if (HAVE_OPT(LOAD_CA_PRIVKEY))
+ cinfo.ca_privkey = OPT_ARG(LOAD_CA_PRIVKEY);
+
+ if (HAVE_OPT(BITS))
+ cinfo.bits = OPT_VALUE_BITS;
+
+ if (HAVE_OPT(SEC_PARAM))
+ cinfo.sec_param = OPT_ARG(SEC_PARAM);
+
+ if (HAVE_OPT(PKCS_CIPHER))
+ cinfo.pkcs_cipher = OPT_ARG(PKCS_CIPHER);
+
+ if (HAVE_OPT(PASSWORD))
+ cinfo.password = OPT_ARG(PASSWORD);
+
+ if (HAVE_OPT(GENERATE_SELF_SIGNED))
+ generate_self_signed (&cinfo);
+ else if (HAVE_OPT(GENERATE_CERTIFICATE))
+ generate_signed_certificate (&cinfo);
+ else if (HAVE_OPT(GENERATE_PROXY))
+ generate_proxy_certificate (&cinfo);
+ else if (HAVE_OPT(GENERATE_CRL))
+ generate_signed_crl (&cinfo);
+ else if (HAVE_OPT(UPDATE_CERTIFICATE))
+ update_signed_certificate (&cinfo);
+ else if (HAVE_OPT(GENERATE_PRIVKEY))
+ generate_private_key (&cinfo);
+ else if (HAVE_OPT(GENERATE_REQUEST))
+ generate_request (&cinfo);
+ else if (HAVE_OPT(VERIFY_CHAIN))
+ verify_chain ();
+ else if (HAVE_OPT(VERIFY))
+ verify_certificate (&cinfo);
+ else if (HAVE_OPT(VERIFY_CRL))
+ verify_crl (&cinfo);
+ else if (HAVE_OPT(CERTIFICATE_INFO))
+ certificate_info (0, &cinfo);
+ else if (HAVE_OPT(DH_INFO))
+ dh_info (&cinfo);
+ else if (HAVE_OPT(CERTIFICATE_PUBKEY))
+ certificate_info (1, &cinfo);
+ else if (HAVE_OPT(KEY_INFO))
+ privkey_info (&cinfo);
+ else if (HAVE_OPT(PUBKEY_INFO))
+ pubkey_info (NULL, &cinfo);
+ else if (HAVE_OPT(TO_P12))
+ generate_pkcs12 (&cinfo);
+ else if (HAVE_OPT(P12_INFO))
+ pkcs12_info (&cinfo);
+ else if (HAVE_OPT(GENERATE_DH_PARAMS))
+ generate_prime (1, &cinfo);
+ else if (HAVE_OPT(GET_DH_PARAMS))
+ generate_prime (0, &cinfo);
+ else if (HAVE_OPT(CRL_INFO))
+ crl_info ();
+ else if (HAVE_OPT(P7_INFO))
+ pkcs7_info ();
+ else if (HAVE_OPT(SMIME_TO_P7))
+ smime_to_pkcs7 ();
+ else if (HAVE_OPT(TO_P8))
+ generate_pkcs8 (&cinfo);
#ifdef ENABLE_OPENPGP
- case ACTION_PGP_INFO:
- pgp_certificate_info ();
- break;
- case ACTION_PGP_PRIVKEY_INFO:
- pgp_privkey_info ();
- break;
- case ACTION_RING_INFO:
- pgp_ring_info ();
- break;
+ else if (HAVE_OPT(PGP_CERTIFICATE_INFO))
+ pgp_certificate_info ();
+ else if (HAVE_OPT(PGP_KEY_INFO))
+ pgp_privkey_info ();
+ else if (HAVE_OPT(PGP_RING_INFO))
+ pgp_ring_info ();
#endif
- case ACTION_REQUEST:
- crq_info ();
- break;
- default:
- gaa_help ();
- exit (0);
- }
+ else if (HAVE_OPT(CRQ_INFO))
+ crq_info ();
+ else
+ USAGE(1);
+
fclose (outfile);
#ifdef ENABLE_PKCS11
@@ -1167,7 +1162,7 @@ certificate_info (int pubkey, common_info_st * cinfo)
crt_num = MAX_CRTS;
ret =
- gnutls_x509_crt_list_import (crt, &crt_num, &pem, info.incert_format,
+ gnutls_x509_crt_list_import (crt, &crt_num, &pem, incert_format,
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
@@ -1175,7 +1170,7 @@ certificate_info (int pubkey, common_info_st * cinfo)
"will only read the first %d", crt_num, MAX_CRTS);
crt_num = MAX_CRTS;
ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem,
- info.incert_format, 0);
+ incert_format, 0);
}
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
@@ -1184,11 +1179,11 @@ certificate_info (int pubkey, common_info_st * cinfo)
count = ret;
- if (count > 1 && info.outcert_format == GNUTLS_X509_FMT_DER)
+ if (count > 1 && outcert_format == GNUTLS_X509_FMT_DER)
{
error (0, 0, "cannot output multiple certificates in DER format; "
"using PEM instead");
- info.outcert_format = GNUTLS_X509_FMT_PEM;
+ outcert_format = GNUTLS_X509_FMT_PEM;
}
for (i = 0; i < count; i++)
@@ -1196,7 +1191,7 @@ certificate_info (int pubkey, common_info_st * cinfo)
if (i > 0)
fprintf (outfile, "\n");
- if (info.outcert_format == GNUTLS_X509_FMT_PEM)
+ if (outcert_format == GNUTLS_X509_FMT_PEM)
print_certificate_info (crt[i], outfile, 1);
if (pubkey)
@@ -1204,7 +1199,7 @@ certificate_info (int pubkey, common_info_st * cinfo)
else
{
size = buffer_size;
- ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer,
+ ret = gnutls_x509_crt_export (crt[i], outcert_format, buffer,
&size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
@@ -1234,14 +1229,14 @@ pgp_certificate_info (void)
if (ret < 0)
error (EXIT_FAILURE, 0, "openpgp_crt_init: %s", gnutls_strerror (ret));
- ret = gnutls_openpgp_crt_import (crt, &pem, info.incert_format);
+ ret = gnutls_openpgp_crt_import (crt, &pem, incert_format);
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
free (pem.data);
- if (info.outcert_format == GNUTLS_OPENPGP_FMT_BASE64)
+ if (outcert_format == GNUTLS_OPENPGP_FMT_BASE64)
{
ret = gnutls_openpgp_crt_print (crt, 0, &out_data);
@@ -1271,7 +1266,7 @@ pgp_certificate_info (void)
}
size = buffer_size;
- ret = gnutls_openpgp_crt_export (crt, info.outcert_format, buffer, &size);
+ ret = gnutls_openpgp_crt_export (crt, outcert_format, buffer, &size);
if (ret < 0)
{
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
@@ -1300,7 +1295,7 @@ pgp_privkey_info (void)
pem.data = buffer;
pem.size = size;
- ret = gnutls_openpgp_privkey_import (key, &pem, info.incert_format,
+ ret = gnutls_openpgp_privkey_import (key, &pem, incert_format,
NULL, 0);
if (ret < 0)
@@ -1449,7 +1444,7 @@ pgp_ring_info (void)
error (EXIT_FAILURE, 0, "openpgp_keyring_init: %s",
gnutls_strerror (ret));
- ret = gnutls_openpgp_keyring_import (ring, &pem, info.incert_format);
+ ret = gnutls_openpgp_keyring_import (ring, &pem, incert_format);
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
@@ -1469,7 +1464,7 @@ pgp_ring_info (void)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
size = buffer_size;
- ret = gnutls_openpgp_crt_export (crt, info.outcert_format,
+ ret = gnutls_openpgp_crt_export (crt, outcert_format,
buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
@@ -1507,17 +1502,17 @@ print_hex_datum (gnutls_datum_t * dat)
static void
print_certificate_info (gnutls_x509_crt_t crt, FILE * out, unsigned int all)
{
- gnutls_datum_t cinfo;
+ gnutls_datum_t data;
int ret;
if (all)
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &data);
else
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_UNSIGNED_FULL, &cinfo);
+ ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_UNSIGNED_FULL, &data);
if (ret == 0)
{
- fprintf (out, "%s\n", cinfo.data);
- gnutls_free (cinfo.data);
+ fprintf (out, "%s\n", data.data);
+ gnutls_free (data.data);
}
if (out == stderr && batch == 0) /* interactive */
@@ -1530,17 +1525,17 @@ print_certificate_info (gnutls_x509_crt_t crt, FILE *
out, unsigned int all)
static void
print_crl_info (gnutls_x509_crl_t crl, FILE * out)
{
- gnutls_datum_t cinfo;
+ gnutls_datum_t data;
int ret;
size_t size;
- ret = gnutls_x509_crl_print (crl, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ ret = gnutls_x509_crl_print (crl, GNUTLS_CRT_PRINT_FULL, &data);
if (ret < 0)
error (EXIT_FAILURE, 0, "crl_print: %s", gnutls_strerror (ret));
- fprintf (out, "%s\n", cinfo.data);
+ fprintf (out, "%s\n", data.data);
- gnutls_free (cinfo.data);
+ gnutls_free (data.data);
size = buffer_size;
ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size);
@@ -1566,10 +1561,10 @@ crl_info (void)
pem.size = size;
if (!pem.data)
- error (EXIT_FAILURE, errno, "%s", info.infile ? info.infile :
+ error (EXIT_FAILURE, errno, "%s", infile ? "file" :
"standard input");
- ret = gnutls_x509_crl_import (crl, &pem, info.incert_format);
+ ret = gnutls_x509_crl_import (crl, &pem, incert_format);
free (pem.data);
if (ret < 0)
@@ -1583,19 +1578,19 @@ crl_info (void)
static void
print_crq_info (gnutls_x509_crq_t crq, FILE * out)
{
- gnutls_datum_t cinfo;
+ gnutls_datum_t data;
int ret;
size_t size;
- if (info.outcert_format == GNUTLS_X509_FMT_PEM)
+ if (outcert_format == GNUTLS_X509_FMT_PEM)
{
- ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &data);
if (ret < 0)
error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret));
- fprintf (out, "%s\n", cinfo.data);
+ fprintf (out, "%s\n", data.data);
- gnutls_free (cinfo.data);
+ gnutls_free (data.data);
}
ret = gnutls_x509_crq_verify(crq, 0);
@@ -1609,7 +1604,7 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out)
}
size = buffer_size;
- ret = gnutls_x509_crq_export (crq, info.outcert_format, buffer, &size);
+ ret = gnutls_x509_crq_export (crq, outcert_format, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "crq_export: %s", gnutls_strerror (ret));
@@ -1632,10 +1627,10 @@ crq_info (void)
pem.size = size;
if (!pem.data)
- error (EXIT_FAILURE, errno, "%s", info.infile ? info.infile :
+ error (EXIT_FAILURE, errno, "%s", infile ? "file" :
"standard input");
- ret = gnutls_x509_crq_import (crq, &pem, info.incert_format);
+ ret = gnutls_x509_crq_import (crq, &pem, incert_format);
free (pem.data);
if (ret < 0)
@@ -1646,7 +1641,7 @@ crq_info (void)
gnutls_x509_crq_deinit (crq);
}
-static void privkey_info_int (gnutls_x509_privkey_t key)
+static void privkey_info_int (common_info_st* cinfo, gnutls_x509_privkey_t key)
{
int ret, key_type, bits = 0;
size_t size;
@@ -1758,7 +1753,7 @@ const char *cprint;
}
void
-privkey_info (void)
+privkey_info (common_info_st* cinfo)
{
gnutls_x509_privkey_t key;
size_t size;
@@ -1775,38 +1770,31 @@ privkey_info (void)
pem.size = size;
ret = 0;
- if (!info.pkcs8)
- ret = gnutls_x509_privkey_import (key, &pem, info.incert_format);
+ if (!cinfo->pkcs8)
+ ret = gnutls_x509_privkey_import (key, &pem, incert_format);
/* If we failed to import the certificate previously try PKCS #8 */
- if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ if (cinfo->pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- if (info.pass)
- pass = info.pass;
+ if (cinfo->password)
+ pass = cinfo->password;
else
pass = get_pass ();
ret = gnutls_x509_privkey_import_pkcs8 (key, &pem,
- info.incert_format, pass, 0);
+ incert_format, pass, 0);
}
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
- if (info.outcert_format == GNUTLS_X509_FMT_PEM)
- privkey_info_int (key);
+ if (outcert_format == GNUTLS_X509_FMT_PEM)
+ privkey_info_int (cinfo, key);
ret = gnutls_x509_privkey_verify_params (key);
if (ret < 0)
fprintf (outfile, "\n** Private key parameters validation failed **\n\n");
- if (info.fix_key != 0)
- {
- ret = gnutls_x509_privkey_fix (key);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret));
- }
-
size = buffer_size;
- ret = gnutls_x509_privkey_export (key, info.outcert_format, buffer, &size);
+ ret = gnutls_x509_privkey_export (key, outcert_format, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
@@ -1845,9 +1833,9 @@ generate_request (common_info_st * cinfo)
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
- xkey = generate_private_key_int ();
+ xkey = generate_private_key_int (cinfo);
- print_private_key (xkey);
+ print_private_key (cinfo, xkey);
ret = gnutls_privkey_import_x509(pkey, xkey,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
@@ -1880,7 +1868,7 @@ generate_request (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "set_pass: %s", gnutls_strerror (ret));
}
- if (info.crq_extensions != 0)
+ if (cinfo->crq_extensions != 0)
{
ca_status = get_ca_status ();
if (ca_status)
@@ -2295,7 +2283,7 @@ verify_crl (common_info_st * cinfo)
pem.data = (void*)fread_file (infile, &size);
pem.size = size;
- ret = gnutls_x509_crl_import (crl, &pem, info.incert_format);
+ ret = gnutls_x509_crl_import (crl, &pem, incert_format);
free (pem.data);
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
@@ -2370,15 +2358,12 @@ generate_pkcs8 (common_info_st * cinfo)
key = load_x509_private_key (1, cinfo);
- if (info.pass)
- password = info.pass;
+ if (cinfo->password)
+ password = cinfo->password;
else
password = get_pass ();
- if (info.export)
- flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
- else
- flags = cipher_to_flags (info.pkcs_cipher);
+ flags = cipher_to_flags (cinfo->pkcs_cipher);
if (password == NULL || password[0] == 0)
{
@@ -2387,7 +2372,7 @@ generate_pkcs8 (common_info_st * cinfo)
size = buffer_size;
result =
- gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format,
+ gnutls_x509_privkey_export_pkcs8 (key, outcert_format,
password, flags, buffer, &size);
if (result < 0)
@@ -2429,8 +2414,8 @@ generate_pkcs12 (common_info_st * cinfo)
if (result < 0)
error (EXIT_FAILURE, 0, "pkcs12_init: %s", gnutls_strerror (result));
- if (info.pass)
- pass = info.pass;
+ if (cinfo->password)
+ pass = cinfo->password;
else
pass = get_pass ();
@@ -2475,10 +2460,7 @@ generate_pkcs12 (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
gnutls_strerror (result));
- if (info.export)
- flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
- else
- flags = cipher_to_flags (info.pkcs_cipher);
+ flags = cipher_to_flags (cinfo->pkcs_cipher);
result = gnutls_pkcs12_bag_encrypt (bag, pass, flags);
if (result < 0)
@@ -2497,10 +2479,7 @@ generate_pkcs12 (common_info_st * cinfo)
if (result < 0)
error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
- if (info.export)
- flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
- else
- flags = cipher_to_flags (info.pkcs_cipher);
+ flags = cipher_to_flags (cinfo->pkcs_cipher);
size = buffer_size;
result =
@@ -2547,7 +2526,7 @@ generate_pkcs12 (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "generate_mac: %s", gnutls_strerror (result));
size = buffer_size;
- result = gnutls_pkcs12_export (pkcs12, info.outcert_format, buffer, &size);
+ result = gnutls_pkcs12_export (pkcs12, outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "pkcs12_export: %s", gnutls_strerror (result));
@@ -2653,7 +2632,7 @@ print_bag_data (gnutls_pkcs12_bag_t bag)
}
void
-pkcs12_info (void)
+pkcs12_info (common_info_st* cinfo)
{
gnutls_pkcs12_t pkcs12;
gnutls_pkcs12_bag_t bag;
@@ -2670,13 +2649,13 @@ pkcs12_info (void)
data.data = (void*)fread_file (infile, &size);
data.size = size;
- result = gnutls_pkcs12_import (pkcs12, &data, info.incert_format, 0);
+ result = gnutls_pkcs12_import (pkcs12, &data, incert_format, 0);
free (data.data);
if (result < 0)
error (EXIT_FAILURE, 0, "p12_import: %s", gnutls_strerror (result));
- if (info.pass)
- pass = info.pass;
+ if (cinfo->password)
+ pass = cinfo->password;
else
pass = get_pass ();
@@ -2745,7 +2724,7 @@ pkcs7_info (void)
data.data = (void*)fread_file (infile, &size);
data.size = size;
- result = gnutls_pkcs7_import (pkcs7, &data, info.incert_format);
+ result = gnutls_pkcs7_import (pkcs7, &data, incert_format);
free (data.data);
if (result < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (result));
@@ -2949,10 +2928,10 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st *
cinfo)
pubkey = load_pubkey (1, cinfo);
}
- if (info.outcert_format == GNUTLS_X509_FMT_DER)
+ if (outcert_format == GNUTLS_X509_FMT_DER)
{
size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, info.outcert_format, buffer, &size);
+ ret = gnutls_pubkey_export (pubkey, outcert_format, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
diff --git a/src/certtool.gaa b/src/certtool.gaa
deleted file mode 100644
index 89d53ea..0000000
--- a/src/certtool.gaa
+++ /dev/null
@@ -1,160 +0,0 @@
-#{
-
-/* C declarations */
-
-#include <config.h>
-#ifdef _WIN32
-# include <io.h>
-#endif
-
-#include "certtool-common.h"
-
-#}
-
-helpnode "Certtool help\nUsage: certtool [options]"
-
-#int privkey_op;
-#int action;
-option (s, generate-self-signed) { $action=ACTION_SELF_SIGNED; } "Generate a
self-signed certificate."
-
-option (c, generate-certificate) { $action=ACTION_GENERATE_CERTIFICATE; }
"Generate a signed certificate."
-
-option (generate-proxy) { $action=ACTION_GENERATE_PROXY; } "Generate a proxy
certificate."
-
-option (generate-crl) { $action=ACTION_GENERATE_CRL; } "Generate a CRL."
-
-option (u, update-certificate) { $action=ACTION_UPDATE_CERTIFICATE; } "Update
a signed certificate."
-
-option (p, generate-privkey) { $privkey_op=1; $action=ACTION_GENERATE_PRIVKEY;
} "Generate a private key."
-
-option (q, generate-request) { $privkey_op=1; $action=ACTION_GENERATE_REQUEST;
} "Generate a PKCS #10 certificate request."
-
-option (e, verify-chain) { $action=ACTION_VERIFY_CHAIN; } "Verify a PEM
encoded certificate chain. The last certificate in the chain must be a self
signed one."
-
-option (verify) { $action=ACTION_VERIFY; } "Verify a PEM encoded certificate
chain. CA certificates must be loaded with --load-ca-certificate."
-
-option (verify-crl) { $action=ACTION_VERIFY_CRL; } "Verify a CRL."
-
-option (generate-dh-params) { $action=ACTION_GENERATE_DH; } "Generate PKCS #3
encoded Diffie-Hellman parameters."
-option (get-dh-params) { $action=ACTION_GET_DH; } "Get the included PKCS #3
encoded Diffie-Hellman parameters."
-option (dh-info) { $action = ACTION_DH_INFO; } "Print information on
Diffie-Hellman parameters."
-
-#char *privkey;
-option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use."
-
-#char *pubkey;
-option (load-pubkey) STR "FILE" { $pubkey = $1 } "Public key file to use."
-
-#char *request;
-option (load-request) STR "FILE" { $request = $1 } "Certificate request file
to use."
-
-#char *cert;
-option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use."
-
-#char *ca_privkey;
-option (load-ca-privkey) STR "FILE" { $ca_privkey = $1 } "Certificate
authority's private key file to use."
-
-#char *ca;
-option (load-ca-certificate) STR "FILE" { $ca = $1 } "Certificate authority's
certificate file to use."
-
-#char *pass;
-option (password) STR "PASSWORD" { $pass = $1 } "Password to use."
-
-option (i, certificate-info) { $action = ACTION_CERT_INFO; } "Print
information on a certificate."
-
-option (certificate-pubkey) { $action = ACTION_CERT_PUBKEY; } "Print
certificate public key."
-
-option (pgp-certificate-info) { $action = ACTION_PGP_INFO; } "Print
information on a OpenPGP certificate."
-
-option (pgp-ring-info) { $action = ACTION_RING_INFO; } "Print information on a
keyring structure."
-
-option (l, crl-info) { $action = ACTION_CRL_INFO; } "Print information on a
CRL."
-
-option (crq-info) { $action = ACTION_REQUEST; } "Print information on a
Certificate Request."
-
-#int crq_extensions;
-option (no-crq-extensions) { $crq_extensions = 0; } "Do not use extensions in
certificate requests."
-
-option (p12-info) { $action = ACTION_PKCS12_INFO; } "Print information on a
PKCS #12 structure."
-
-option (p7-info) { $action = ACTION_P7_INFO; } "Print information on a PKCS #7
structure."
-
-option (smime-to-p7) { $action = ACTION_SMIME_TO_P7; } "Convert S/MIME to PKCS
#7 structure."
-
-/* on private key operations set $privkey_op to != 0
- */
-option (k, key-info) { $privkey_op=1; $action = ACTION_PRIVKEY_INFO; } "Print
information on a private key."
-
-option (pgp-key-info) { $privkey_op=1; $action = ACTION_PGP_PRIVKEY_INFO; }
"Print information on a OpenPGP private key."
-
-option (pubkey-info) { $action = ACTION_PUBKEY_INFO; } "Print information on a
public key."
-
-#int fix_key;
-option (fix-key) { $privkey_op=1; $fix_key = 1; } "Regenerate the parameters
in a private key."
-
-#int v1_cert;
-option (v1) { $v1_cert = 1; } "Generate an X.509 version 1 certificate (no
extensions)."
-
-option (to-p12) { $action = ACTION_TO_PKCS12; } "Generate a PKCS #12
structure."
-
-option (to-p8) { $action = ACTION_GENERATE_PKCS8; } "Generate a PKCS #8 key
structure."
-
-#int pkcs8;
-option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."
-
-#int dsa;
-option (dsa) { $dsa=1 } "Use DSA keys."
-
-option (rsa) { } "Use RSA keys."
-
-#int ecc;
-option (ecc) { $ecc=1 } "Use ECC (ECDSA) keys."
-
-#char *hash;
-option (hash) STR "STR" { $hash = $1 } "Hash algorithm to use for signing
(MD5,SHA1,RMD160,SHA256,SHA384,SHA512)."
-
-#int export;
-option (export-ciphers) { $export=1 } "Use weak encryption algorithms."
-
-#int incert_format;
-option (inder) { $incert_format=1 } "Use DER format for input certificates and
private keys."
-option (inraw) { $incert_format=1 } "Use RAW/DER format for input certificates
and private keys."
-
-#int outcert_format;
-option (outder) { $outcert_format=1 } "Use DER format for output certificates
and private keys."
-option (outraw) { $outcert_format=1 } "Use RAW/DER format for output
certificates and private keys."
-
-#int bits;
-option (bits) INT "BITS" { $bits = $1 } "specify the number of bits for key
generation."
-
-#char* sec_param;
-option (sec-param) STR "PARAM" { $sec_param = $1 } "specify the security level
[low|normal|high|ultra]."
-
-#int quick_random;
-option (disable-quick-random) { $quick_random = 0; } "Use /dev/random for key
generationg, thus increasing the quality of randomness used."
-
-#char *outfile;
-option (outfile) STR "FILE" { $outfile = $1 } "Output file."
-
-#char *infile;
-option (infile) STR "FILE" { $infile = $1 } "Input file."
-
-#char *template;
-option (template) STR "FILE" { $template = $1 } "Template file to use for non
interactive operation."
-
-#char *pkcs_cipher;
-option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for
pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."
-
-#int debug;
-option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level.
Default is 1."
-
-option (h, help) { gaa_help(); exit(0); } "shows this help text"
-
-option (v, version) { certtool_version(); exit(0); } "shows the program's
version"
-
-init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL;
- $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert =
NULL;
- $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL;
$v1_cert = 0;
- $export = 0; $template = NULL; $hash=NULL; $fix_key = 0;
$quick_random=1;
- $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $ecc=0;
- $sec_param = NULL; }
diff --git a/src/p11tool-args.def.in b/src/p11tool-args.def.in
index b1cbabe..a27765f 100644
--- a/src/p11tool-args.def.in
+++ b/src/p11tool-args.def.in
@@ -125,6 +125,7 @@ flag = {
flag = {
name = label;
+ arg-type = string;
descrip = "Sets a label for the write operation";
doc = "";
};
diff --git a/src/p11tool.c b/src/p11tool.c
index d800e46..beeaa5a 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -76,7 +76,7 @@ cmd_parser (int argc, char **argv)
{
int ret, debug = 0;
common_info_st cinfo;
- unsigned int action = 1, pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
+ unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
const char* url = NULL;
unsigned int detailed_url = 0, optct;
unsigned int login = 0, bits = 0;
@@ -150,128 +150,111 @@ cmd_parser (int argc, char **argv)
if (HAVE_OPT(LOAD_PUBKEY))
cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
+
+ if (ENABLED_OPT(DETAILED_URL))
+ detailed_url = 1;
+
+ if (ENABLED_OPT(LOGIN))
+ login = 1;
+
+ if (HAVE_OPT(LABEL))
+ {
+ label = OPT_ARG(LABEL);
+ }
+
+ if (HAVE_OPT(BITS))
+ {
+ bits = OPT_VALUE_BITS;
+ }
+
+ if (HAVE_OPT(SEC_PARAM))
+ {
+ sec_param = OPT_ARG(SEC_PARAM);
+ }
+
+ if (debug > 0)
+ {
+ fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no");
+ fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no");
+ fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no");
+ fprintf(stderr, "Detailed URLs: %s\n",
ENABLED_OPT(DETAILED_URL)?"yes":"no");
+ fprintf(stderr, "\n");
+ }
+ /* handle actions
+ */
if (HAVE_OPT(LIST_TOKENS))
- action = ACTION_PKCS11_TOKENS;
+ pkcs11_token_list (outfile, detailed_url, &cinfo);
else if (HAVE_OPT(LIST_MECHANISMS))
- action = ACTION_PKCS11_MECHANISMS;
+ pkcs11_mechanism_list (outfile, url, login,
+ &cinfo);
else if (HAVE_OPT(LIST_ALL))
{
pkcs11_type = PKCS11_TYPE_ALL;
- action = ACTION_PKCS11_LIST;
+ pkcs11_list (outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_ALL_CERTS))
{
pkcs11_type = PKCS11_TYPE_CRT_ALL;
- action = ACTION_PKCS11_LIST;
+ pkcs11_list (outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_CERTS))
{
pkcs11_type = PKCS11_TYPE_PK;
- action = ACTION_PKCS11_LIST;
+ pkcs11_list (outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_ALL_PRIVKEYS))
{
pkcs11_type = PKCS11_TYPE_PRIVKEY;
- action = ACTION_PKCS11_LIST;
+ pkcs11_list (outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_ALL_TRUSTED))
{
pkcs11_type = PKCS11_TYPE_TRUSTED;
- action = ACTION_PKCS11_LIST;
+ pkcs11_list (outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
}
else if (HAVE_OPT(EXPORT))
{
- action = ACTION_PKCS11_EXPORT_URL;
+ pkcs11_export (outfile, url, login, &cinfo);
}
else if (HAVE_OPT(WRITE))
- action = ACTION_PKCS11_WRITE_URL;
+ pkcs11_write (outfile, url, label,
+ ENABLED_OPT(TRUSTED), ENABLED_OPT(PRIVATE), login, &cinfo);
else if (HAVE_OPT(INITIALIZE))
- action = ACTION_PKCS11_TOKEN_INIT;
+ pkcs11_init (outfile, url, label, &cinfo);
else if (HAVE_OPT(DELETE))
- action = ACTION_PKCS11_DELETE_URL;
+ pkcs11_delete (outfile, url, 0, login, &cinfo);
else if (HAVE_OPT(GENERATE_ECC))
{
key_type = GNUTLS_PK_EC;
- action = ACTION_PKCS11_GENERATE;
+ pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits,
sec_param),
+ label, ENABLED_OPT(PRIVATE), detailed_url, login,
+ &cinfo);
}
else if (HAVE_OPT(GENERATE_RSA))
{
key_type = GNUTLS_PK_RSA;
- action = ACTION_PKCS11_GENERATE;
+ pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits,
sec_param),
+ label, ENABLED_OPT(PRIVATE), detailed_url, login,
+ &cinfo);
}
else if (HAVE_OPT(GENERATE_DSA))
{
key_type = GNUTLS_PK_DSA;
- action = ACTION_PKCS11_GENERATE;
+ pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits,
sec_param),
+ label, ENABLED_OPT(PRIVATE), detailed_url, login,
+ &cinfo);
}
else
{
USAGE(1);
}
- if (ENABLED_OPT(DETAILED_URL))
- detailed_url = 1;
-
- if (ENABLED_OPT(LOGIN))
- login = 1;
-
- if (HAVE_OPT(LABEL))
- {
- label = OPT_ARG(LABEL);
- }
-
- if (HAVE_OPT(BITS))
- {
- bits = OPT_VALUE_BITS;
- }
-
- if (HAVE_OPT(SEC_PARAM))
- {
- sec_param = OPT_ARG(SEC_PARAM);
- }
-
- if (debug > 0)
- {
- fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no");
- fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no");
- fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no");
- fprintf(stderr, "Detailed URLs: %s\n",
ENABLED_OPT(DETAILED_URL)?"yes":"no");
- fprintf(stderr, "\n");
- }
-
- switch (action)
- {
- case ACTION_PKCS11_LIST:
- pkcs11_list (outfile, url, pkcs11_type,
- login, detailed_url, &cinfo);
- break;
- case ACTION_PKCS11_TOKENS:
- pkcs11_token_list (outfile, detailed_url, &cinfo);
- break;
- case ACTION_PKCS11_MECHANISMS:
- pkcs11_mechanism_list (outfile, url, login,
- &cinfo);
- break;
- case ACTION_PKCS11_EXPORT_URL:
- pkcs11_export (outfile, url, login, &cinfo);
- break;
- case ACTION_PKCS11_WRITE_URL:
- pkcs11_write (outfile, url, label,
- ENABLED_OPT(TRUSTED), ENABLED_OPT(PRIVATE), login, &cinfo);
- break;
- case ACTION_PKCS11_TOKEN_INIT:
- pkcs11_init (outfile, url, label, &cinfo);
- break;
- case ACTION_PKCS11_DELETE_URL:
- pkcs11_delete (outfile, url, 0, login, &cinfo);
- break;
- case ACTION_PKCS11_GENERATE:
- pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits,
sec_param),
- label, ENABLED_OPT(PRIVATE), detailed_url, login,
- &cinfo);
- break;
- }
fclose (outfile);
#ifdef ENABLE_PKCS11
diff --git a/src/p11tool.h b/src/p11tool.h
index 7506751..d8de31e 100644
--- a/src/p11tool.h
+++ b/src/p11tool.h
@@ -30,17 +30,4 @@ pkcs11_generate (FILE * outfile, const char *url,
gnutls_pk_algorithm_t type,
#define PKCS11_TYPE_ALL 4
#define PKCS11_TYPE_PRIVKEY 5
-
-enum
-{
- ACTION_PKCS11_LIST,
- ACTION_PKCS11_TOKENS,
- ACTION_PKCS11_EXPORT_URL,
- ACTION_PKCS11_WRITE_URL,
- ACTION_PKCS11_DELETE_URL,
- ACTION_PKCS11_TOKEN_INIT,
- ACTION_PKCS11_MECHANISMS,
- ACTION_PKCS11_GENERATE,
-};
-
#endif
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-43-gc69f729,
Nikos Mavrogiannopoulos <=