pki: Added nextca option to pki --scep

diff --git a/src/pki/commands/scepca.c b/src/pki/commands/scepca.c
index 9ba72d41cf9f1e1381841af3ea222101c1796f2e..d48fa5cd0c870ee035d06813fe3320ba22a6cece 100644 (file)
--- a/src/pki/commands/scepca.c
+++ b/src/pki/commands/scepca.c
@@ -30,7 +30,7 @@ static int scepca()
        cred_encoding_type_t form = CERT_ASN1_DER;
        chunk_t scep_response = chunk_empty;
        char *arg, *url = NULL, *caout = NULL, *raout = NULL;
-       bool force = FALSE, success;
+       bool force = FALSE, success, next_ca = FALSE;
        u_int http_code = 0;
 
        while (TRUE)
@@ -48,6 +48,9 @@ static int scepca()
                        case 'r':       /* --raout */
                                raout = arg;
                                continue;
+                       case 'n':       /* --nextca */
+                               next_ca = TRUE;
+                               continue;
                        case 'f':       /* --form */
                                if (!get_form(arg, &form, CRED_CERTIFICATE))
                                {
@@ -70,8 +73,8 @@ static int scepca()
                return command_usage("--url is required");
        }
 
-       if (!scep_http_request(url, SCEP_GET_CA_CERT, FALSE, chunk_empty,
-                                                  &scep_response, &http_code))
+       if (!scep_http_request(url, next_ca ? SCEP_GET_NEXT_CA_CERT : SCEP_GET_CA_CERT,
+                                                  FALSE, chunk_empty, &scep_response, &http_code))
        {
                DBG1(DBG_APP, "did not receive a valid SCEP response: HTTP %u", http_code);
                return 1;
@@ -92,12 +95,13 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t) {
                scepca, 'C', "scepca",
                "get CA [and RA] certificate[s] from a SCEP server",
-               {"--url url [--caout file] [--raout file] [--outform der|pem] [--force]"},
+               {"--url url [--caout file] [--raout file] [--nextca] [--outform der|pem] [--force]"},
                {
                        {"help",    'h', 0, "show usage information"},
                        {"url",     'u', 1, "URL of the SCEP server"},
                        {"caout",   'c', 1, "CA certificate [template]"},
                        {"raout",   'r', 1, "RA certificate [template]"},
+                       {"nextca",  'n', 0, "get next CA if available"},
                        {"outform", 'f', 1, "encoding of stored certificates, default: der"},
                        {"force",   'F', 0, "force overwrite of existing files"},
                }

diff --git a/src/pki/scep/scep.c b/src/pki/scep/scep.c
index 7bbef72eecaa519a0b223712f18aad25b0d9b1aa..24a32830c99ac8e8ad11dd08059ac607170ebeb5 100644 (file)
--- a/src/pki/scep/scep.c
+++ b/src/pki/scep/scep.c
@@ -33,7 +33,8 @@
 static const char *operations[] = {
        "PKIOperation",
        "GetCACert",
-       "GetCACaps"
+       "GetCACaps",
+       "GetNextCACert"
 };
 
 static const char *pkiStatus_values[] = { "0", "2", "3" };
@@ -373,6 +374,7 @@ bool scep_http_request(const char *url, scep_op_t op, bool http_post,
                        break;
                case SCEP_GET_CA_CERT:
                case SCEP_GET_CA_CAPS:
+               case SCEP_GET_NEXT_CA_CERT:
                {
                        /* form complete url */
                        len = strlen(url) + 11 + strlen(operation)  + 1;

diff --git a/src/pki/scep/scep.h b/src/pki/scep/scep.h
index 4e9711013647056b748b5d5bc84c842e907085e9..185b73a3f9e56f2a843a8903bd0ba1e00cab3ede 100644 (file)
--- a/src/pki/scep/scep.h
+++ b/src/pki/scep/scep.h
@@ -31,7 +31,8 @@
 typedef enum {
        SCEP_PKI_OPERATION,
        SCEP_GET_CA_CERT,
-       SCEP_GET_CA_CAPS
+       SCEP_GET_CA_CAPS,
+       SCEP_GET_NEXT_CA_CERT
 } scep_op_t;
 
 /* SCEP pkiStatus values */