]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/spkac.c
2 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
20 #include <openssl/x509.h>
21 #include <openssl/pem.h>
23 typedef enum OPTION_choice
{
24 OPT_ERR
= -1, OPT_EOF
= 0, OPT_HELP
,
25 OPT_NOOUT
, OPT_PUBKEY
, OPT_VERIFY
, OPT_IN
, OPT_OUT
,
26 OPT_ENGINE
, OPT_KEY
, OPT_CHALLENGE
, OPT_PASSIN
, OPT_SPKAC
,
27 OPT_SPKSECT
, OPT_KEYFORM
,
31 const OPTIONS spkac_options
[] = {
32 OPT_SECTION("General"),
33 {"help", OPT_HELP
, '-', "Display this summary"},
34 {"spksect", OPT_SPKSECT
, 's',
35 "Specify the name of an SPKAC-dedicated section of configuration"},
36 #ifndef OPENSSL_NO_ENGINE
37 {"engine", OPT_ENGINE
, 's', "Use engine, possibly a hardware device"},
41 {"in", OPT_IN
, '<', "Input file"},
42 {"key", OPT_KEY
, '<', "Create SPKAC using private key"},
43 {"keyform", OPT_KEYFORM
, 'f', "Private key file format - default PEM (PEM, DER, or ENGINE)"},
44 {"passin", OPT_PASSIN
, 's', "Input file pass phrase source"},
45 {"challenge", OPT_CHALLENGE
, 's', "Challenge string"},
46 {"spkac", OPT_SPKAC
, 's', "Alternative SPKAC name"},
48 OPT_SECTION("Output"),
49 {"out", OPT_OUT
, '>', "Output file"},
50 {"noout", OPT_NOOUT
, '-', "Don't print SPKAC"},
51 {"pubkey", OPT_PUBKEY
, '-', "Output public key"},
52 {"verify", OPT_VERIFY
, '-', "Verify SPKAC signature"},
58 int spkac_main(int argc
, char **argv
)
63 EVP_PKEY
*pkey
= NULL
;
64 NETSCAPE_SPKI
*spki
= NULL
;
65 char *challenge
= NULL
, *keyfile
= NULL
;
66 char *infile
= NULL
, *outfile
= NULL
, *passinarg
= NULL
, *passin
= NULL
;
67 char *spkstr
= NULL
, *prog
;
68 const char *spkac
= "SPKAC", *spksect
= "default";
69 int i
, ret
= 1, verify
= 0, noout
= 0, pubkey
= 0;
70 int keyformat
= FORMAT_PEM
;
73 prog
= opt_init(argc
, argv
, spkac_options
);
74 while ((o
= opt_next()) != OPT_EOF
) {
79 BIO_printf(bio_err
, "%s: Use -help for summary.\n", prog
);
82 opt_help(spkac_options
);
101 passinarg
= opt_arg();
107 if (!opt_format(opt_arg(), OPT_FMT_ANY
, &keyformat
))
111 challenge
= opt_arg();
120 e
= setup_engine(opt_arg(), 0);
123 if (!opt_provider(o
))
128 argc
= opt_num_rest();
132 if (!app_passwd(passinarg
, NULL
, &passin
, NULL
)) {
133 BIO_printf(bio_err
, "Error getting password\n");
137 if (keyfile
!= NULL
) {
138 pkey
= load_key(strcmp(keyfile
, "-") ? keyfile
: NULL
,
139 keyformat
, 1, passin
, e
, "private key");
142 spki
= NETSCAPE_SPKI_new();
145 if (challenge
!= NULL
)
146 ASN1_STRING_set(spki
->spkac
->challenge
,
147 challenge
, (int)strlen(challenge
));
148 if (!NETSCAPE_SPKI_set_pubkey(spki
, pkey
)) {
149 BIO_printf(bio_err
, "Error setting public key\n");
152 i
= NETSCAPE_SPKI_sign(spki
, pkey
, EVP_md5());
154 BIO_printf(bio_err
, "Error signing SPKAC\n");
157 spkstr
= NETSCAPE_SPKI_b64_encode(spki
);
161 out
= bio_open_default(outfile
, 'w', FORMAT_TEXT
);
163 OPENSSL_free(spkstr
);
166 BIO_printf(out
, "SPKAC=%s\n", spkstr
);
167 OPENSSL_free(spkstr
);
172 if ((conf
= app_load_config(infile
)) == NULL
)
175 spkstr
= NCONF_get_string(conf
, spksect
, spkac
);
177 if (spkstr
== NULL
) {
178 BIO_printf(bio_err
, "Can't find SPKAC called \"%s\"\n", spkac
);
179 ERR_print_errors(bio_err
);
183 spki
= NETSCAPE_SPKI_b64_decode(spkstr
, -1);
186 BIO_printf(bio_err
, "Error loading SPKAC\n");
187 ERR_print_errors(bio_err
);
191 out
= bio_open_default(outfile
, 'w', FORMAT_TEXT
);
196 NETSCAPE_SPKI_print(out
, spki
);
197 pkey
= NETSCAPE_SPKI_get_pubkey(spki
);
199 i
= NETSCAPE_SPKI_verify(spki
, pkey
);
201 BIO_printf(bio_err
, "Signature OK\n");
203 BIO_printf(bio_err
, "Signature Failure\n");
204 ERR_print_errors(bio_err
);
209 PEM_write_bio_PUBKEY(out
, pkey
);
215 NETSCAPE_SPKI_free(spki
);
219 OPENSSL_free(passin
);