src/Makefile
src/Makefile.in
src/benchmark
+src/libcmd-p11tool.la
+src/p11tool
src/certtool
src/cfg/Makefile
src/cfg/Makefile.in
noinst_PROGRAMS = benchmark
bin_PROGRAMS = gnutls-serv gnutls-cli psktool gnutls-cli-debug
if ENABLE_PKI
-bin_PROGRAMS += certtool
+bin_PROGRAMS += certtool p11tool
endif
if ENABLE_SRP
bin_PROGRAMS += srptool
libcmd_cli_debug_la_CFLAGS =
libcmd_cli_debug_la_SOURCES = tls_test.gaa tls_test-gaa.h tls_test-gaa.c
-certtool_SOURCES = certtool.c prime.c pkcs11.c
+#certtool
+
+certtool_SOURCES = certtool.c prime.c certtool-common.c
certtool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la
certtool_LDADD += $(LTLIBGCRYPT)
endif
noinst_LTLIBRARIES += libcmd-certtool.la
libcmd_certtool_la_CFLAGS =
-libcmd_certtool_la_SOURCES = certtool.gaa certtool-gaa.h \
- certtool-gaa.c certtool-cfg.h certtool-cfg.c
+libcmd_certtool_la_SOURCES = certtool-gaa.c certtool.gaa certtool-gaa.h \
+ certtool-cfg.h certtool-cfg.c
libcmd_certtool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE)
libcmd_certtool_la_LIBADD += ../lib/libgnutls.la ../libextra/libgnutls-extra.la
libcmd_certtool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
+# p11 tool
+p11tool_gaa_CFLAGS =
+p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c
+p11tool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
+p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la
+p11tool_LDADD += $(LTLIBGCRYPT)
+
+if HAVE_LIBCFG
+p11tool_LDADD += -lcfg+
+else
+p11tool_LDADD += libcfg.la
+endif
+noinst_LTLIBRARIES += libcmd-p11tool.la
+libcmd_p11tool_la_CFLAGS =
+libcmd_p11tool_la_SOURCES = p11tool-gaa.c p11tool.gaa p11tool-gaa.h \
+ certtool-cfg.h certtool-cfg.c
+libcmd_p11tool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE)
+libcmd_p11tool_la_LIBADD += ../lib/libgnutls.la
+libcmd_p11tool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
+
+
+
psk-gaa.c: $(srcdir)/psk.gaa
-$(GAA) $< -o psk-gaa.c -i psk-gaa.h
crypt-gaa.c: $(srcdir)/crypt.gaa
-$(GAA) $< -o crypt-gaa.c -i crypt-gaa.h
+p11tool-gaa.c: $(srcdir)/p11tool.gaa
+ -$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h
certtool-gaa.c: $(srcdir)/certtool.gaa
-$(GAA) $< -o certtool-gaa.c -i certtool-gaa.h
cli-gaa.c: $(srcdir)/cli.gaa
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/extra.h>
+#include <gnutls/x509.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/abstract.h>
+
+#include <gcrypt.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <error.h>
+#include "certtool-common.h"
+#include "certtool-cfg.h"
+
+/* Gnulib portability files. */
+#include <read-file.h>
+
+unsigned char buffer[64 * 1024];
+const int buffer_size = sizeof (buffer);
+
+
+FILE *
+safe_open_rw (const char *file, int privkey_op)
+{
+ mode_t omask = 0;
+ FILE *fh;
+
+ if (privkey_op != 0)
+ {
+ omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+ }
+
+ fh = fopen (file, "wb");
+
+ if (privkey_op != 0)
+ {
+ umask (omask);
+ }
+
+ return fh;
+}
+
+gnutls_datum_t *
+load_secret_key (int mand, common_info_st* info)
+{
+ unsigned char raw_key[64];
+ size_t raw_key_size = sizeof(raw_key);
+ static gnutls_datum_t key;
+ gnutls_datum_t hex_key;
+ int ret;
+
+ fprintf (stderr, "Loading secret key...\n");
+
+ if (info->secret_key == NULL)
+ {
+ if (mand)
+ error (EXIT_FAILURE, 0, "missing --secret-key");
+ else
+ return NULL;
+ }
+
+ hex_key.data = (char*)info->secret_key;
+ hex_key.size = strlen(info->secret_key);
+
+ ret = gnutls_hex_decode( &hex_key, raw_key, &raw_key_size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
+
+ key.data = raw_key;
+ key.size = raw_key_size;
+
+ return &key;
+}
+
+/* Load the private key.
+ * @mand should be non zero if it is required to read a private key.
+ */
+gnutls_x509_privkey_t
+load_private_key (int mand, common_info_st* info)
+{
+ gnutls_x509_privkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->privkey && !mand)
+ return NULL;
+
+ if (info->privkey == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-privkey");
+
+ ret = gnutls_x509_privkey_init (&key);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->privkey, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
+
+ if (info->pkcs8)
+ {
+ const char *pass = get_pass ();
+ ret =
+ gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+ pass, 0);
+ }
+ else
+ ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
+
+ free (dat.data);
+
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ error (EXIT_FAILURE, 0,
+ "import error: could not find a valid PEM header; "
+ "check if your key is PKCS #8 or PKCS #12 encoded");
+ }
+
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
+ info->privkey, gnutls_strerror (ret));
+
+ return key;
+}
+
+/* Loads the certificate
+ * If mand is non zero then a certificate is mandatory. Otherwise
+ * null will be returned if the certificate loading fails.
+ */
+gnutls_x509_crt_t
+load_cert (int mand, common_info_st* info)
+{
+ gnutls_x509_crt_t *crt;
+ size_t size;
+
+ crt = load_cert_list (mand, &size, info);
+
+ return crt ? crt[0] : NULL;
+}
+
+#define MAX_CERTS 256
+
+/* Loads a certificate list
+ */
+gnutls_x509_crt_t *
+load_cert_list (int mand, size_t * crt_size, common_info_st* info)
+{
+ FILE *fd;
+ static gnutls_x509_crt_t crt[MAX_CERTS];
+ char *ptr;
+ int ret, i;
+ gnutls_datum_t dat;
+ size_t size;
+ int ptr_size;
+
+ *crt_size = 0;
+ fprintf (stderr, "Loading certificate list...\n");
+
+ if (info->cert == NULL)
+ {
+ if (mand)
+ error (EXIT_FAILURE, 0, "missing --load-certificate");
+ else
+ return NULL;
+ }
+
+ fd = fopen (info->cert, "r");
+ if (fd == NULL)
+ error (EXIT_FAILURE, errno, "%s", info->cert);
+
+ size = fread (buffer, 1, sizeof (buffer) - 1, fd);
+ buffer[size] = 0;
+
+ fclose (fd);
+
+ ptr = buffer;
+ ptr_size = size;
+
+ for (i = 0; i < MAX_CERTS; i++)
+ {
+ ret = gnutls_x509_crt_init (&crt[i]);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+
+ dat.data = ptr;
+ dat.size = ptr_size;
+
+ ret = gnutls_x509_crt_import (crt[i], &dat, info->incert_format);
+ if (ret < 0 && *crt_size > 0)
+ break;
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
+
+ ptr = strstr (ptr, "---END");
+ if (ptr == NULL)
+ break;
+ ptr++;
+
+ ptr_size = size;
+ ptr_size -=
+ (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
+
+ if (ptr_size < 0)
+ break;
+
+ (*crt_size)++;
+ }
+ fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
+
+ return crt;
+}
+
+/* Load the Certificate Request.
+ */
+gnutls_x509_crq_t
+load_request (common_info_st* info)
+{
+ gnutls_x509_crq_t crq;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->request)
+ return NULL;
+
+ ret = gnutls_x509_crq_init (&crq);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->request, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-request: %s", info->request);
+
+ ret = gnutls_x509_crq_import (crq, &dat, info->incert_format);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ error (EXIT_FAILURE, 0,
+ "import error: could not find a valid PEM header");
+ }
+
+ free (dat.data);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
+ info->request, gnutls_strerror (ret));
+
+ return crq;
+}
+
+/* Load the CA's private key.
+ */
+gnutls_x509_privkey_t
+load_ca_private_key (common_info_st* info)
+{
+ gnutls_x509_privkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (info->ca_privkey == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
+
+ ret = gnutls_x509_privkey_init (&key);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->ca_privkey, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
+ info->ca_privkey);
+
+ if (info->pkcs8)
+ {
+ const char *pass = get_pass ();
+ ret =
+ gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+ pass, 0);
+ }
+ else
+ ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
+ free (dat.data);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
+ info->ca_privkey, gnutls_strerror (ret));
+
+ return key;
+}
+
+/* Loads the CA's certificate
+ */
+gnutls_x509_crt_t
+load_ca_cert (common_info_st* info)
+{
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (info->ca == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
+
+ ret = gnutls_x509_crt_init (&crt);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->ca, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info->ca);
+
+ ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
+ free (dat.data);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
+ info->ca, gnutls_strerror (ret));
+
+ return crt;
+}
+
+/* Load a public key.
+ * @mand should be non zero if it is required to read a public key.
+ */
+gnutls_pubkey_t
+load_pubkey (int mand, common_info_st* info)
+{
+ gnutls_pubkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->pubkey && !mand)
+ return NULL;
+
+ if (info->pubkey == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-pubkey");
+
+ ret = gnutls_pubkey_init (&key);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->pubkey, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info->pubkey);
+
+ ret = gnutls_pubkey_import (key, &dat, info->incert_format);
+
+ free (dat.data);
+
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ error (EXIT_FAILURE, 0,
+ "import error: could not find a valid PEM header; "
+ "check if your key has the PUBLIC KEY header");
+ }
+
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
+ info->pubkey, gnutls_strerror (ret));
+
+ return key;
+}
+#ifndef CERTTOOL_COMMON_H
+# define CERTTOOL_COMMON_H
+
#include <gnutls/x509.h>
#include <stdio.h>
ACTION_PGP_PRIVKEY_INFO,
ACTION_RING_INFO,
ACTION_REQUEST,
- ACTION_PKCS11_LIST,
- ACTION_PKCS11_TOKENS,
- ACTION_PKCS11_EXPORT_URL,
- ACTION_PKCS11_WRITE_URL,
- ACTION_PKCS11_DELETE_URL,
ACTION_PUBKEY_INFO,
ACTION_CERT_PUBKEY,
};
#define TYPE_CRQ 2
void certtool_version (void);
-void pkcs11_list (FILE * outfile, const char *url, int type,
- unsigned int login, unsigned int detailed);
-void pkcs11_export (FILE * outfile, const char *pkcs11_url,
- unsigned int login);
-void pkcs11_token_list (FILE * outfile, unsigned int detailed);
-void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
- int trusted, unsigned int login);
-void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
- unsigned int login);
-
-#define PKCS11_TYPE_CRT_ALL 1
-#define PKCS11_TYPE_TRUSTED 2
-#define PKCS11_TYPE_PK 3
-#define PKCS11_TYPE_ALL 4
-#define PKCS11_TYPE_PRIVKEY 5
-
-extern unsigned char buffer[];
-extern const int buffer_size;
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
-gnutls_x509_privkey_t load_private_key (int mand);
-gnutls_x509_crq_t load_request (void);
-gnutls_x509_privkey_t load_ca_private_key (void);
-gnutls_x509_crt_t load_ca_cert (void);
-gnutls_x509_crt_t load_cert (int mand);
-gnutls_pubkey_t load_pubkey (int mand);
+typedef struct common_info {
+ const char* secret_key;
+ const char* privkey;
+ const char* pubkey;
+ int pkcs8;
+ int incert_format;
+ const char* cert;
+
+ const char* request;
+ const char* ca;
+ const char* ca_privkey;
+} common_info_st;
+
+gnutls_x509_privkey_t load_private_key (int mand, common_info_st* info);
+gnutls_x509_crq_t load_request (common_info_st* info);
+gnutls_x509_privkey_t load_ca_private_key (common_info_st* info);
+gnutls_x509_crt_t load_ca_cert (common_info_st* info);
+gnutls_x509_crt_t load_cert (int mand, common_info_st* info);
+gnutls_datum* load_secret_key (int mand, common_info_st* info);
+gnutls_pubkey_t load_pubkey (int mand, common_info_st* info);
+gnutls_x509_crt_t *load_cert_list (int mand, size_t * size, common_info_st* info);
/* returns the bits specified in cmd */
int get_bits (gnutls_pk_algorithm_t);
/* prime.c */
int generate_prime (int how);
+
+FILE * safe_open_rw (const char *file, int privkey_op);
+
+extern unsigned char buffer[];
+extern const int buffer_size;
+
+
+#endif
#endif
#include "certtool-common.h"
-#include <gnutls/pkcs11.h>
#include <stdio.h>
#include <string.h>
__gaa_helpsingle(0, "infile", "FILE ", "Input file.");
__gaa_helpsingle(0, "template", "FILE ", "Template file to use for non interactive operation.");
__gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour).");
- __gaa_helpsingle(0, "p11-provider", "Library ", "Specify the pkcs11 provider library");
- __gaa_helpsingle(0, "p11-export-url", "URL ", "Export data specified a pkcs11 URL");
- __gaa_helpsingle(0, "p11-list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-privkeys", "", "List private keys specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-trusted", "", "List certificates marked as trusted, specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-all-certs", "", "List all certificates specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-all", "", "List all objects specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-tokens", "", "List all available tokens");
- __gaa_helpsingle(0, "p11-login", "", "Force login to token");
- __gaa_helpsingle(0, "p11-write", "URL ", "Writes loaded certificates or private keys to a PKCS11 token.");
- __gaa_helpsingle(0, "p11-write-label", "label ", "Sets a label for the write operation.");
- __gaa_helpsingle(0, "p11-write-trusted", "", "Marks the certificate to be imported as trusted.");
- __gaa_helpsingle(0, "p11-detailed-url", "", "Export detailed URLs.");
- __gaa_helpsingle(0, "p11-delete-url", "URL ", "Deletes objects matching the URL.");
__gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1.");
__gaa_helpsingle('h', "help", "", "shows this help text");
__gaa_helpsingle('v', "version", "", "shows the program's version");
struct _gaainfo
{
-#line 169 "certtool.gaa"
+#line 140 "certtool.gaa"
int debug;
-#line 164 "certtool.gaa"
- int pkcs11_detailed_url;
-#line 161 "certtool.gaa"
- int pkcs11_trusted;
-#line 158 "certtool.gaa"
- char* pkcs11_label;
-#line 155 "certtool.gaa"
- int pkcs11_login;
-#line 147 "certtool.gaa"
- int pkcs11_type;
-#line 144 "certtool.gaa"
- char* pkcs11_url;
-#line 141 "certtool.gaa"
- char* pkcs11_provider;
-#line 138 "certtool.gaa"
+#line 137 "certtool.gaa"
char *pkcs_cipher;
-#line 135 "certtool.gaa"
+#line 134 "certtool.gaa"
char *template;
-#line 132 "certtool.gaa"
+#line 131 "certtool.gaa"
char *infile;
-#line 129 "certtool.gaa"
+#line 128 "certtool.gaa"
char *outfile;
-#line 126 "certtool.gaa"
+#line 125 "certtool.gaa"
int quick_random;
-#line 123 "certtool.gaa"
+#line 122 "certtool.gaa"
char* sec_param;
-#line 120 "certtool.gaa"
+#line 119 "certtool.gaa"
int bits;
-#line 116 "certtool.gaa"
+#line 115 "certtool.gaa"
int outcert_format;
-#line 112 "certtool.gaa"
+#line 111 "certtool.gaa"
int incert_format;
-#line 109 "certtool.gaa"
+#line 108 "certtool.gaa"
int export;
-#line 106 "certtool.gaa"
+#line 105 "certtool.gaa"
char *hash;
-#line 103 "certtool.gaa"
+#line 102 "certtool.gaa"
int dsa;
-#line 100 "certtool.gaa"
+#line 99 "certtool.gaa"
int pkcs8;
-#line 93 "certtool.gaa"
+#line 92 "certtool.gaa"
int v1_cert;
-#line 90 "certtool.gaa"
+#line 89 "certtool.gaa"
int fix_key;
-#line 73 "certtool.gaa"
+#line 72 "certtool.gaa"
int crq_extensions;
-#line 58 "certtool.gaa"
+#line 57 "certtool.gaa"
char *pass;
-#line 55 "certtool.gaa"
+#line 54 "certtool.gaa"
char *ca;
-#line 52 "certtool.gaa"
+#line 51 "certtool.gaa"
char *ca_privkey;
-#line 49 "certtool.gaa"
+#line 48 "certtool.gaa"
char *cert;
-#line 46 "certtool.gaa"
+#line 45 "certtool.gaa"
char *request;
-#line 43 "certtool.gaa"
+#line 42 "certtool.gaa"
char *pubkey;
-#line 40 "certtool.gaa"
+#line 39 "certtool.gaa"
char *privkey;
-#line 18 "certtool.gaa"
- int action;
#line 17 "certtool.gaa"
+ int action;
+#line 16 "certtool.gaa"
int privkey_op;
#line 114 "gaa.skel"
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 67
+#define GAA_NB_OPTION 53
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_debug 3
-#define GAAOPTID_p11_delete_url 4
-#define GAAOPTID_p11_detailed_url 5
-#define GAAOPTID_p11_write_trusted 6
-#define GAAOPTID_p11_write_label 7
-#define GAAOPTID_p11_write 8
-#define GAAOPTID_p11_login 9
-#define GAAOPTID_p11_list_tokens 10
-#define GAAOPTID_p11_list_all 11
-#define GAAOPTID_p11_list_all_certs 12
-#define GAAOPTID_p11_list_trusted 13
-#define GAAOPTID_p11_list_privkeys 14
-#define GAAOPTID_p11_list_certs 15
-#define GAAOPTID_p11_export_url 16
-#define GAAOPTID_p11_provider 17
-#define GAAOPTID_pkcs_cipher 18
-#define GAAOPTID_template 19
-#define GAAOPTID_infile 20
-#define GAAOPTID_outfile 21
-#define GAAOPTID_disable_quick_random 22
-#define GAAOPTID_sec_param 23
-#define GAAOPTID_bits 24
-#define GAAOPTID_outraw 25
-#define GAAOPTID_outder 26
-#define GAAOPTID_inraw 27
-#define GAAOPTID_inder 28
-#define GAAOPTID_export_ciphers 29
-#define GAAOPTID_hash 30
-#define GAAOPTID_dsa 31
-#define GAAOPTID_pkcs8 32
-#define GAAOPTID_to_p8 33
-#define GAAOPTID_to_p12 34
-#define GAAOPTID_v1 35
-#define GAAOPTID_fix_key 36
-#define GAAOPTID_pubkey_info 37
-#define GAAOPTID_pgp_key_info 38
-#define GAAOPTID_key_info 39
-#define GAAOPTID_smime_to_p7 40
-#define GAAOPTID_p7_info 41
-#define GAAOPTID_p12_info 42
-#define GAAOPTID_no_crq_extensions 43
-#define GAAOPTID_crq_info 44
-#define GAAOPTID_crl_info 45
-#define GAAOPTID_pgp_ring_info 46
-#define GAAOPTID_pgp_certificate_info 47
-#define GAAOPTID_certificate_pubkey 48
-#define GAAOPTID_certificate_info 49
-#define GAAOPTID_password 50
-#define GAAOPTID_load_ca_certificate 51
-#define GAAOPTID_load_ca_privkey 52
-#define GAAOPTID_load_certificate 53
-#define GAAOPTID_load_request 54
-#define GAAOPTID_load_pubkey 55
-#define GAAOPTID_load_privkey 56
-#define GAAOPTID_get_dh_params 57
-#define GAAOPTID_generate_dh_params 58
-#define GAAOPTID_verify_crl 59
-#define GAAOPTID_verify_chain 60
-#define GAAOPTID_generate_request 61
-#define GAAOPTID_generate_privkey 62
-#define GAAOPTID_update_certificate 63
-#define GAAOPTID_generate_crl 64
-#define GAAOPTID_generate_proxy 65
-#define GAAOPTID_generate_certificate 66
-#define GAAOPTID_generate_self_signed 67
+#define GAAOPTID_pkcs_cipher 4
+#define GAAOPTID_template 5
+#define GAAOPTID_infile 6
+#define GAAOPTID_outfile 7
+#define GAAOPTID_disable_quick_random 8
+#define GAAOPTID_sec_param 9
+#define GAAOPTID_bits 10
+#define GAAOPTID_outraw 11
+#define GAAOPTID_outder 12
+#define GAAOPTID_inraw 13
+#define GAAOPTID_inder 14
+#define GAAOPTID_export_ciphers 15
+#define GAAOPTID_hash 16
+#define GAAOPTID_dsa 17
+#define GAAOPTID_pkcs8 18
+#define GAAOPTID_to_p8 19
+#define GAAOPTID_to_p12 20
+#define GAAOPTID_v1 21
+#define GAAOPTID_fix_key 22
+#define GAAOPTID_pubkey_info 23
+#define GAAOPTID_pgp_key_info 24
+#define GAAOPTID_key_info 25
+#define GAAOPTID_smime_to_p7 26
+#define GAAOPTID_p7_info 27
+#define GAAOPTID_p12_info 28
+#define GAAOPTID_no_crq_extensions 29
+#define GAAOPTID_crq_info 30
+#define GAAOPTID_crl_info 31
+#define GAAOPTID_pgp_ring_info 32
+#define GAAOPTID_pgp_certificate_info 33
+#define GAAOPTID_certificate_pubkey 34
+#define GAAOPTID_certificate_info 35
+#define GAAOPTID_password 36
+#define GAAOPTID_load_ca_certificate 37
+#define GAAOPTID_load_ca_privkey 38
+#define GAAOPTID_load_certificate 39
+#define GAAOPTID_load_request 40
+#define GAAOPTID_load_pubkey 41
+#define GAAOPTID_load_privkey 42
+#define GAAOPTID_get_dh_params 43
+#define GAAOPTID_generate_dh_params 44
+#define GAAOPTID_verify_crl 45
+#define GAAOPTID_verify_chain 46
+#define GAAOPTID_generate_request 47
+#define GAAOPTID_generate_privkey 48
+#define GAAOPTID_update_certificate 49
+#define GAAOPTID_generate_crl 50
+#define GAAOPTID_generate_proxy 51
+#define GAAOPTID_generate_certificate 52
+#define GAAOPTID_generate_self_signed 53
#line 168 "gaa.skel"
int size1;
};
-struct GAAOPTION_p11_delete_url
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_write_label
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_write
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_export_url
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_provider
-{
- char* arg1;
- int size1;
-};
-
struct GAAOPTION_pkcs_cipher
{
char* arg1;
{
case GAA_LETTER_OPTION:
GAA_CHECK1STR("d", GAAOPTID_debug);
- GAA_CHECK1STR("", GAAOPTID_p11_delete_url);
- GAA_CHECK1STR("", GAAOPTID_p11_write_label);
- GAA_CHECK1STR("", GAAOPTID_p11_write);
- GAA_CHECK1STR("", GAAOPTID_p11_export_url);
- GAA_CHECK1STR("", GAAOPTID_p11_provider);
GAA_CHECK1STR("", GAAOPTID_pkcs_cipher);
GAA_CHECK1STR("", GAAOPTID_template);
GAA_CHECK1STR("", GAAOPTID_infile);
#line 375 "gaa.skel"
GAA_CHECK1STR("v", GAAOPTID_version);
GAA_CHECK1STR("h", GAAOPTID_help);
- GAA_CHECK1STR("", GAAOPTID_p11_detailed_url);
- GAA_CHECK1STR("", GAAOPTID_p11_write_trusted);
- GAA_CHECK1STR("", GAAOPTID_p11_login);
- GAA_CHECK1STR("", GAAOPTID_p11_list_tokens);
- GAA_CHECK1STR("", GAAOPTID_p11_list_all);
- GAA_CHECK1STR("", GAAOPTID_p11_list_all_certs);
- GAA_CHECK1STR("", GAAOPTID_p11_list_trusted);
- GAA_CHECK1STR("", GAAOPTID_p11_list_privkeys);
- GAA_CHECK1STR("", GAAOPTID_p11_list_certs);
GAA_CHECK1STR("", GAAOPTID_disable_quick_random);
GAA_CHECK1STR("", GAAOPTID_outraw);
GAA_CHECK1STR("", GAAOPTID_outder);
GAA_CHECKSTR("version", GAAOPTID_version);
GAA_CHECKSTR("help", GAAOPTID_help);
GAA_CHECKSTR("debug", GAAOPTID_debug);
- GAA_CHECKSTR("p11-delete-url", GAAOPTID_p11_delete_url);
- GAA_CHECKSTR("p11-detailed-url", GAAOPTID_p11_detailed_url);
- GAA_CHECKSTR("p11-write-trusted", GAAOPTID_p11_write_trusted);
- GAA_CHECKSTR("p11-write-label", GAAOPTID_p11_write_label);
- GAA_CHECKSTR("p11-write", GAAOPTID_p11_write);
- GAA_CHECKSTR("p11-login", GAAOPTID_p11_login);
- GAA_CHECKSTR("p11-list-tokens", GAAOPTID_p11_list_tokens);
- GAA_CHECKSTR("p11-list-all", GAAOPTID_p11_list_all);
- GAA_CHECKSTR("p11-list-all-certs", GAAOPTID_p11_list_all_certs);
- GAA_CHECKSTR("p11-list-trusted", GAAOPTID_p11_list_trusted);
- GAA_CHECKSTR("p11-list-privkeys", GAAOPTID_p11_list_privkeys);
- GAA_CHECKSTR("p11-list-certs", GAAOPTID_p11_list_certs);
- GAA_CHECKSTR("p11-export-url", GAAOPTID_p11_export_url);
- GAA_CHECKSTR("p11-provider", GAAOPTID_p11_provider);
GAA_CHECKSTR("pkcs-cipher", GAAOPTID_pkcs_cipher);
GAA_CHECKSTR("template", GAAOPTID_template);
GAA_CHECKSTR("infile", GAAOPTID_infile);
int OK = 0;
int gaa_last_non_option;
struct GAAOPTION_debug GAATMP_debug;
- struct GAAOPTION_p11_delete_url GAATMP_p11_delete_url;
- struct GAAOPTION_p11_write_label GAATMP_p11_write_label;
- struct GAAOPTION_p11_write GAATMP_p11_write;
- struct GAAOPTION_p11_export_url GAATMP_p11_export_url;
- struct GAAOPTION_p11_provider GAATMP_p11_provider;
struct GAAOPTION_pkcs_cipher GAATMP_pkcs_cipher;
struct GAAOPTION_template GAATMP_template;
struct GAAOPTION_infile GAATMP_infile;
{
case GAAOPTID_version:
OK = 0;
-#line 174 "certtool.gaa"
+#line 145 "certtool.gaa"
{ certtool_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 172 "certtool.gaa"
+#line 143 "certtool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 170 "certtool.gaa"
+#line 141 "certtool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
- return GAA_OK;
- break;
- case GAAOPTID_p11_delete_url:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_delete_url.arg1, gaa_getstr, GAATMP_p11_delete_url.size1);
- gaa_index++;
-#line 167 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_p11_delete_url.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_detailed_url:
- OK = 0;
-#line 165 "certtool.gaa"
-{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_write_trusted:
- OK = 0;
-#line 162 "certtool.gaa"
-{ gaaval->pkcs11_trusted = 1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_write_label:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_write_label.arg1, gaa_getstr, GAATMP_p11_write_label.size1);
- gaa_index++;
-#line 160 "certtool.gaa"
-{ gaaval->pkcs11_label = GAATMP_p11_write_label.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_write:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_write.arg1, gaa_getstr, GAATMP_p11_write.size1);
- gaa_index++;
-#line 159 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_p11_write.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_login:
- OK = 0;
-#line 156 "certtool.gaa"
-{ gaaval->pkcs11_login = 1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_tokens:
- OK = 0;
-#line 153 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_TOKENS; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_all:
- OK = 0;
-#line 152 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_all_certs:
- OK = 0;
-#line 151 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_trusted:
- OK = 0;
-#line 150 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_privkeys:
- OK = 0;
-#line 149 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_certs:
- OK = 0;
-#line 148 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_export_url:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_export_url.arg1, gaa_getstr, GAATMP_p11_export_url.size1);
- gaa_index++;
-#line 145 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url = GAATMP_p11_export_url.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_provider:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_provider.arg1, gaa_getstr, GAATMP_p11_provider.size1);
- gaa_index++;
-#line 142 "certtool.gaa"
-{ gaaval->pkcs11_provider = GAATMP_p11_provider.arg1 ;};
-
return GAA_OK;
break;
case GAAOPTID_pkcs_cipher:
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr, GAATMP_pkcs_cipher.size1);
gaa_index++;
-#line 139 "certtool.gaa"
+#line 138 "certtool.gaa"
{ gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_template.arg1, gaa_getstr, GAATMP_template.size1);
gaa_index++;
-#line 136 "certtool.gaa"
+#line 135 "certtool.gaa"
{ gaaval->template = GAATMP_template.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
gaa_index++;
-#line 133 "certtool.gaa"
+#line 132 "certtool.gaa"
{ gaaval->infile = GAATMP_infile.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
gaa_index++;
-#line 130 "certtool.gaa"
+#line 129 "certtool.gaa"
{ gaaval->outfile = GAATMP_outfile.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_disable_quick_random:
OK = 0;
-#line 127 "certtool.gaa"
+#line 126 "certtool.gaa"
{ gaaval->quick_random = 0; ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr, GAATMP_sec_param.size1);
gaa_index++;
-#line 124 "certtool.gaa"
+#line 123 "certtool.gaa"
{ gaaval->sec_param = GAATMP_sec_param.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
gaa_index++;
-#line 121 "certtool.gaa"
+#line 120 "certtool.gaa"
{ gaaval->bits = GAATMP_bits.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_outraw:
OK = 0;
-#line 118 "certtool.gaa"
+#line 117 "certtool.gaa"
{ gaaval->outcert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_outder:
OK = 0;
-#line 117 "certtool.gaa"
+#line 116 "certtool.gaa"
{ gaaval->outcert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inraw:
OK = 0;
-#line 114 "certtool.gaa"
+#line 113 "certtool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inder:
OK = 0;
-#line 113 "certtool.gaa"
+#line 112 "certtool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_export_ciphers:
OK = 0;
-#line 110 "certtool.gaa"
+#line 109 "certtool.gaa"
{ gaaval->export=1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1);
gaa_index++;
-#line 107 "certtool.gaa"
+#line 106 "certtool.gaa"
{ gaaval->hash = GAATMP_hash.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_dsa:
OK = 0;
-#line 104 "certtool.gaa"
+#line 103 "certtool.gaa"
{ gaaval->dsa=1 ;};
return GAA_OK;
break;
case GAAOPTID_pkcs8:
OK = 0;
-#line 101 "certtool.gaa"
+#line 100 "certtool.gaa"
{ gaaval->pkcs8=1 ;};
return GAA_OK;
break;
case GAAOPTID_to_p8:
OK = 0;
-#line 98 "certtool.gaa"
+#line 97 "certtool.gaa"
{ gaaval->action = ACTION_GENERATE_PKCS8; ;};
return GAA_OK;
break;
case GAAOPTID_to_p12:
OK = 0;
-#line 96 "certtool.gaa"
+#line 95 "certtool.gaa"
{ gaaval->action = ACTION_TO_PKCS12; ;};
return GAA_OK;
break;
case GAAOPTID_v1:
OK = 0;
-#line 94 "certtool.gaa"
+#line 93 "certtool.gaa"
{ gaaval->v1_cert = 1; ;};
return GAA_OK;
break;
case GAAOPTID_fix_key:
OK = 0;
-#line 91 "certtool.gaa"
+#line 90 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->fix_key = 1; ;};
return GAA_OK;
break;
case GAAOPTID_pubkey_info:
OK = 0;
-#line 88 "certtool.gaa"
+#line 87 "certtool.gaa"
{ gaaval->action = ACTION_PUBKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_key_info:
OK = 0;
-#line 86 "certtool.gaa"
+#line 85 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action = ACTION_PGP_PRIVKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_key_info:
OK = 0;
-#line 84 "certtool.gaa"
+#line 83 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action = ACTION_PRIVKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_smime_to_p7:
OK = 0;
-#line 80 "certtool.gaa"
+#line 79 "certtool.gaa"
{ gaaval->action = ACTION_SMIME_TO_P7; ;};
return GAA_OK;
break;
case GAAOPTID_p7_info:
OK = 0;
-#line 78 "certtool.gaa"
+#line 77 "certtool.gaa"
{ gaaval->action = ACTION_P7_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_p12_info:
OK = 0;
-#line 76 "certtool.gaa"
+#line 75 "certtool.gaa"
{ gaaval->action = ACTION_PKCS12_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_no_crq_extensions:
OK = 0;
-#line 74 "certtool.gaa"
+#line 73 "certtool.gaa"
{ gaaval->crq_extensions = 0; ;};
return GAA_OK;
break;
case GAAOPTID_crq_info:
OK = 0;
-#line 71 "certtool.gaa"
+#line 70 "certtool.gaa"
{ gaaval->action = ACTION_REQUEST; ;};
return GAA_OK;
break;
case GAAOPTID_crl_info:
OK = 0;
-#line 69 "certtool.gaa"
+#line 68 "certtool.gaa"
{ gaaval->action = ACTION_CRL_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_ring_info:
OK = 0;
-#line 67 "certtool.gaa"
+#line 66 "certtool.gaa"
{ gaaval->action = ACTION_RING_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_certificate_info:
OK = 0;
-#line 65 "certtool.gaa"
+#line 64 "certtool.gaa"
{ gaaval->action = ACTION_PGP_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_certificate_pubkey:
OK = 0;
-#line 63 "certtool.gaa"
+#line 62 "certtool.gaa"
{ gaaval->action = ACTION_CERT_PUBKEY; ;};
return GAA_OK;
break;
case GAAOPTID_certificate_info:
OK = 0;
-#line 61 "certtool.gaa"
+#line 60 "certtool.gaa"
{ gaaval->action = ACTION_CERT_INFO; ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_password.arg1, gaa_getstr, GAATMP_password.size1);
gaa_index++;
-#line 59 "certtool.gaa"
+#line 58 "certtool.gaa"
{ gaaval->pass = GAATMP_password.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_certificate.arg1, gaa_getstr, GAATMP_load_ca_certificate.size1);
gaa_index++;
-#line 56 "certtool.gaa"
+#line 55 "certtool.gaa"
{ gaaval->ca = GAATMP_load_ca_certificate.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_privkey.arg1, gaa_getstr, GAATMP_load_ca_privkey.size1);
gaa_index++;
-#line 53 "certtool.gaa"
+#line 52 "certtool.gaa"
{ gaaval->ca_privkey = GAATMP_load_ca_privkey.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1);
gaa_index++;
-#line 50 "certtool.gaa"
+#line 49 "certtool.gaa"
{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_request.arg1, gaa_getstr, GAATMP_load_request.size1);
gaa_index++;
-#line 47 "certtool.gaa"
+#line 46 "certtool.gaa"
{ gaaval->request = GAATMP_load_request.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, GAATMP_load_pubkey.size1);
gaa_index++;
-#line 44 "certtool.gaa"
+#line 43 "certtool.gaa"
{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1);
gaa_index++;
-#line 41 "certtool.gaa"
+#line 40 "certtool.gaa"
{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_get_dh_params:
OK = 0;
-#line 38 "certtool.gaa"
+#line 37 "certtool.gaa"
{ gaaval->action=ACTION_GET_DH; ;};
return GAA_OK;
break;
case GAAOPTID_generate_dh_params:
OK = 0;
-#line 37 "certtool.gaa"
+#line 36 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_DH; ;};
return GAA_OK;
break;
case GAAOPTID_verify_crl:
OK = 0;
-#line 35 "certtool.gaa"
+#line 34 "certtool.gaa"
{ gaaval->action=ACTION_VERIFY_CRL; ;};
return GAA_OK;
break;
case GAAOPTID_verify_chain:
OK = 0;
-#line 33 "certtool.gaa"
+#line 32 "certtool.gaa"
{ gaaval->action=ACTION_VERIFY_CHAIN; ;};
return GAA_OK;
break;
case GAAOPTID_generate_request:
OK = 0;
-#line 31 "certtool.gaa"
+#line 30 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_REQUEST; ;};
return GAA_OK;
break;
case GAAOPTID_generate_privkey:
OK = 0;
-#line 29 "certtool.gaa"
+#line 28 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action=ACTION_GENERATE_PRIVKEY; ;};
return GAA_OK;
break;
case GAAOPTID_update_certificate:
OK = 0;
-#line 27 "certtool.gaa"
+#line 26 "certtool.gaa"
{ gaaval->action=ACTION_UPDATE_CERTIFICATE; ;};
return GAA_OK;
break;
case GAAOPTID_generate_crl:
OK = 0;
-#line 25 "certtool.gaa"
+#line 24 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_CRL; ;};
return GAA_OK;
break;
case GAAOPTID_generate_proxy:
OK = 0;
-#line 23 "certtool.gaa"
+#line 22 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_PROXY; ;};
return GAA_OK;
break;
case GAAOPTID_generate_certificate:
OK = 0;
-#line 21 "certtool.gaa"
+#line 20 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_CERTIFICATE; ;};
return GAA_OK;
break;
case GAAOPTID_generate_self_signed:
OK = 0;
-#line 19 "certtool.gaa"
+#line 18 "certtool.gaa"
{ gaaval->action=ACTION_SELF_SIGNED; ;};
return GAA_OK;
if(inited == 0)
{
-#line 176 "certtool.gaa"
+#line 147 "certtool.gaa"
{ gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL;
gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL;
gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1;
- gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
- gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
- gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; ;};
+ gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; ;};
}
inited = 1;
struct _gaainfo
{
-#line 169 "certtool.gaa"
+#line 140 "certtool.gaa"
int debug;
-#line 164 "certtool.gaa"
- int pkcs11_detailed_url;
-#line 161 "certtool.gaa"
- int pkcs11_trusted;
-#line 158 "certtool.gaa"
- char* pkcs11_label;
-#line 155 "certtool.gaa"
- int pkcs11_login;
-#line 147 "certtool.gaa"
- int pkcs11_type;
-#line 144 "certtool.gaa"
- char* pkcs11_url;
-#line 141 "certtool.gaa"
- char* pkcs11_provider;
-#line 138 "certtool.gaa"
+#line 137 "certtool.gaa"
char *pkcs_cipher;
-#line 135 "certtool.gaa"
+#line 134 "certtool.gaa"
char *template;
-#line 132 "certtool.gaa"
+#line 131 "certtool.gaa"
char *infile;
-#line 129 "certtool.gaa"
+#line 128 "certtool.gaa"
char *outfile;
-#line 126 "certtool.gaa"
+#line 125 "certtool.gaa"
int quick_random;
-#line 123 "certtool.gaa"
+#line 122 "certtool.gaa"
char* sec_param;
-#line 120 "certtool.gaa"
+#line 119 "certtool.gaa"
int bits;
-#line 116 "certtool.gaa"
+#line 115 "certtool.gaa"
int outcert_format;
-#line 112 "certtool.gaa"
+#line 111 "certtool.gaa"
int incert_format;
-#line 109 "certtool.gaa"
+#line 108 "certtool.gaa"
int export;
-#line 106 "certtool.gaa"
+#line 105 "certtool.gaa"
char *hash;
-#line 103 "certtool.gaa"
+#line 102 "certtool.gaa"
int dsa;
-#line 100 "certtool.gaa"
+#line 99 "certtool.gaa"
int pkcs8;
-#line 93 "certtool.gaa"
+#line 92 "certtool.gaa"
int v1_cert;
-#line 90 "certtool.gaa"
+#line 89 "certtool.gaa"
int fix_key;
-#line 73 "certtool.gaa"
+#line 72 "certtool.gaa"
int crq_extensions;
-#line 58 "certtool.gaa"
+#line 57 "certtool.gaa"
char *pass;
-#line 55 "certtool.gaa"
+#line 54 "certtool.gaa"
char *ca;
-#line 52 "certtool.gaa"
+#line 51 "certtool.gaa"
char *ca_privkey;
-#line 49 "certtool.gaa"
+#line 48 "certtool.gaa"
char *cert;
-#line 46 "certtool.gaa"
+#line 45 "certtool.gaa"
char *request;
-#line 43 "certtool.gaa"
+#line 42 "certtool.gaa"
char *pubkey;
-#line 40 "certtool.gaa"
+#line 39 "certtool.gaa"
char *privkey;
-#line 18 "certtool.gaa"
- int action;
#line 17 "certtool.gaa"
+ int action;
+#line 16 "certtool.gaa"
int privkey_op;
#line 114 "gaa.skel"
void crq_info (void);
void smime_to_pkcs7 (void);
void pkcs12_info (void);
-void generate_pkcs12 (void);
-void generate_pkcs8 (void);
+void generate_pkcs12 (common_info_st*);
+void generate_pkcs8 (common_info_st*);
void verify_chain (void);
-void verify_crl (void);
-void pubkey_info (gnutls_x509_crt crt);
+void verify_crl (common_info_st* cinfo);
+void pubkey_info (gnutls_x509_crt crt, common_info_st*);
void pgp_privkey_info (void);
void pgp_ring_info (void);
-void certificate_info (int);
+void certificate_info (int, common_info_st*);
void pgp_certificate_info (void);
void crl_info (void);
void privkey_info (void);
static void gaa_parser (int argc, char **argv);
-void generate_self_signed (void);
-void generate_request (void);
-gnutls_x509_crt_t *load_cert_list (int mand, size_t * size);
+void generate_self_signed (common_info_st*);
+void generate_request (common_info_st* );
static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
unsigned int all);
*/
int batch;
-unsigned char buffer[64 * 1024];
-const int buffer_size = sizeof (buffer);
static void
tls_log_func (int level, const char *str)
if (!info.pkcs8)
{
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_privkey_export (key, info.outcert_format,
buffer, &size);
if (ret < 0)
if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0')
flags = GNUTLS_PKCS_PLAIN;
- size = sizeof (buffer);
+ size = buffer_size;
ret =
gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass,
flags, buffer, &size);
static gnutls_x509_crt_t
generate_certificate (gnutls_x509_privkey_t * ret_key,
- gnutls_x509_crt_t ca_crt, int proxy)
+ gnutls_x509_crt_t ca_crt, int proxy, common_info_st* cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key = NULL;
if (ret < 0)
error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
- crq = load_request ();
+ crq = load_request (cinfo);
if (crq == NULL)
{
- key = load_private_key (1);
+ key = load_private_key (1, cinfo);
if (!batch)
fprintf (stderr,
/* Subject Key ID.
*/
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size);
if (result >= 0)
{
*/
if (ca_crt != NULL)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
&size, NULL);
if (result < 0)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
}
if (result >= 0)
}
static gnutls_x509_crl_t
-generate_crl (gnutls_x509_crt_t ca_crt)
+generate_crl (gnutls_x509_crt_t ca_crt, common_info_st* cinfo)
{
gnutls_x509_crl_t crl;
gnutls_x509_crt_t *crts;
if (result < 0)
error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (result));
- crts = load_cert_list (0, &size);
+ crts = load_cert_list (0, &size, cinfo);
for (i = 0; i < size; i++)
{
*/
if (ca_crt != NULL)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
&size, NULL);
if (result < 0)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
}
if (result >= 0)
}
void
-generate_self_signed (void)
+generate_self_signed (common_info_st* cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;
fprintf (stderr, "Generating a self signed certificate...\n");
- crt = generate_certificate (&key, NULL, 0);
+ crt = generate_certificate (&key, NULL, 0, cinfo);
if (!key)
- key = load_private_key (1);
+ key = load_private_key (1, cinfo);
uri = get_crl_dist_point_url ();
if (uri)
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
}
static void
-generate_signed_certificate (void)
+generate_signed_certificate (common_info_st* cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;
fprintf (stderr, "Generating a signed certificate...\n");
- ca_key = load_ca_private_key ();
- ca_crt = load_ca_cert ();
+ ca_key = load_ca_private_key (cinfo);
+ ca_crt = load_ca_cert (cinfo);
- crt = generate_certificate (&key, ca_crt, 0);
+ crt = generate_certificate (&key, ca_crt, 0, cinfo);
/* Copy the CRL distribution points.
*/
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
}
static void
-generate_proxy_certificate (void)
+generate_proxy_certificate (common_info_st* cinfo)
{
gnutls_x509_crt_t crt, eecrt;
gnutls_x509_privkey_t key, eekey;
fprintf (stderr, "Generating a proxy certificate...\n");
- eekey = load_ca_private_key ();
- eecrt = load_cert (1);
+ eekey = load_ca_private_key (cinfo);
+ eecrt = load_cert (1, cinfo);
- crt = generate_certificate (&key, eecrt, 1);
+ crt = generate_certificate (&key, eecrt, 1, cinfo);
print_certificate_info (crt, stderr, 0);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
}
static void
-generate_signed_crl (void)
+generate_signed_crl (common_info_st* cinfo)
{
gnutls_x509_crl_t crl;
int result;
fprintf (stderr, "Generating a signed CRL...\n");
- ca_key = load_ca_private_key ();
- ca_crt = load_ca_cert ();
- crl = generate_crl (ca_crt);
+ ca_key = load_ca_private_key (cinfo);
+ ca_crt = load_ca_cert (cinfo);
+ crl = generate_crl (ca_crt, cinfo);
fprintf (stderr, "\n");
}
static void
-update_signed_certificate (void)
+update_signed_certificate (common_info_st* cinfo)
{
gnutls_x509_crt_t crt;
size_t size;
fprintf (stderr, "Generating a signed certificate...\n");
- ca_key = load_ca_private_key ();
- ca_crt = load_ca_cert ();
- crt = load_cert (1);
+ ca_key = load_ca_private_key (cinfo);
+ ca_crt = load_ca_cert (cinfo);
+ crt = load_cert (1, cinfo);
fprintf (stderr, "Activation/Expiration time.\n");
gnutls_x509_crt_set_activation_time (crt, tim);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
gnutls_x509_crt_deinit (crt);
}
-static FILE *
-safe_open_rw (const char *file)
-{
- mode_t omask = 0;
- FILE *fh;
-
- if (info.privkey_op != 0)
- {
- omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
- }
-
- fh = fopen (file, "wb");
-
- if (info.privkey_op != 0)
- {
- umask (omask);
- }
-
- return fh;
-}
-
void
gaa_parser (int argc, char **argv)
{
int ret;
+ common_info_st cinfo;
if (gaa (argc, argv, &info) != -1)
{
if (info.outfile)
{
- outfile = safe_open_rw (info.outfile);
+ outfile = safe_open_rw (info.outfile, info.privkey_op);
if (outfile == NULL)
error (EXIT_FAILURE, errno, "%s", info.outfile);
}
if ((ret = gnutls_global_init ()) < 0)
error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
- if (info.pkcs11_provider != NULL)
- {
- ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
- if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
- else
- {
- ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
- gnutls_strerror (ret));
- }
- }
- else
- {
- ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
- if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
- }
-
-
if ((ret = gnutls_global_init_extra ()) < 0)
error (EXIT_FAILURE, 0, "global_init_extra: %s", gnutls_strerror (ret));
+ memset(&cinfo, 0, sizeof(cinfo));
+ cinfo.privkey = info.privkey;
+ cinfo.pubkey = info.pubkey;
+ cinfo.pkcs8 = info.pkcs8;
+ cinfo.incert_format = info.incert_format;
+ cinfo.cert = info.cert;
+ cinfo.request = info.request;
+ cinfo.ca = info.ca;
+ cinfo.ca_privkey = info.ca_privkey;
+
switch (info.action)
{
case ACTION_SELF_SIGNED:
- generate_self_signed ();
+ generate_self_signed (&cinfo);
break;
case ACTION_GENERATE_PRIVKEY:
generate_private_key ();
break;
case ACTION_CERT_INFO:
- certificate_info (0);
+ certificate_info (0, &cinfo);
break;
case ACTION_CERT_PUBKEY:
- certificate_info (1);
+ certificate_info (1, &cinfo);
break;
case ACTION_GENERATE_REQUEST:
- generate_request ();
+ generate_request (&cinfo);
break;
case ACTION_GENERATE_CERTIFICATE:
- generate_signed_certificate ();
+ generate_signed_certificate (&cinfo);
break;
case ACTION_VERIFY_CHAIN:
verify_chain ();
privkey_info ();
break;
case ACTION_PUBKEY_INFO:
- pubkey_info (NULL);
+ pubkey_info (NULL, &cinfo);
break;
case ACTION_UPDATE_CERTIFICATE:
- update_signed_certificate ();
+ update_signed_certificate (&cinfo);
break;
case ACTION_TO_PKCS12:
- generate_pkcs12 ();
+ generate_pkcs12 (&cinfo);
break;
case ACTION_PKCS12_INFO:
pkcs12_info ();
pkcs7_info ();
break;
case ACTION_GENERATE_CRL:
- generate_signed_crl ();
+ generate_signed_crl (&cinfo);
break;
case ACTION_VERIFY_CRL:
- verify_crl ();
+ verify_crl (&cinfo);
break;
case ACTION_SMIME_TO_P7:
smime_to_pkcs7 ();
break;
case ACTION_GENERATE_PROXY:
- generate_proxy_certificate ();
+ generate_proxy_certificate (&cinfo);
break;
case ACTION_GENERATE_PKCS8:
- generate_pkcs8 ();
- break;
- case ACTION_PKCS11_LIST:
- pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
- info.pkcs11_login, info.pkcs11_detailed_url);
- break;
- case ACTION_PKCS11_TOKENS:
- pkcs11_token_list (outfile, info.pkcs11_detailed_url);
- break;
- case ACTION_PKCS11_EXPORT_URL:
- pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login);
- break;
- case ACTION_PKCS11_WRITE_URL:
- pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
- info.pkcs11_trusted, info.pkcs11_login);
- break;
- case ACTION_PKCS11_DELETE_URL:
- pkcs11_delete (outfile, info.pkcs11_url, batch, info.pkcs11_login);
+ generate_pkcs8 (&cinfo);
break;
#ifdef ENABLE_OPENPGP
case ACTION_PGP_INFO:
#define MAX_CRTS 500
void
-certificate_info (int pubkey)
+certificate_info (int pubkey, common_info_st* cinfo)
{
gnutls_x509_crt_t crt[MAX_CRTS];
size_t size;
if (info.outcert_format == GNUTLS_X509_FMT_PEM)
print_certificate_info (crt[i], outfile, 1);
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer,
&size);
if (ret < 0)
fwrite (buffer, 1, size, outfile);
if (pubkey)
- pubkey_info (crt[i]);
+ pubkey_info (crt[i], cinfo);
gnutls_x509_crt_deinit (crt[i]);
}
verify_status);
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_openpgp_crt_export (crt, info.outcert_format, buffer, &size);
if (ret < 0)
{
gnutls_datum_t pem;
const char *cprint;
- size = fread (buffer, 1, sizeof (buffer) - 1, infile);
+ size = fread (buffer, 1, buffer_size - 1, infile);
buffer[size] = 0;
gnutls_openpgp_privkey_init (&key);
fprintf (outfile, "\n");
- size = sizeof (buffer);
+ size = buffer_size;
if (i == -1)
ret = gnutls_openpgp_privkey_get_key_id (key, keyid);
else
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64,
NULL, 0, buffer, &size);
if (ret < 0)
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_openpgp_crt_export (crt, info.outcert_format,
buffer, &size);
if (ret < 0)
gnutls_free (cinfo.data);
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "crl_export: %s", gnutls_strerror (ret));
gnutls_free (cinfo.data);
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_crq_export (crq, info.outcert_format, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "crq_export: %s", gnutls_strerror (ret));
const char *cprint;
const char *pass;
- size = fread (buffer, 1, sizeof (buffer) - 1, infile);
+ size = fread (buffer, 1, buffer_size - 1, infile);
buffer[size] = 0;
gnutls_x509_privkey_init (&key);
fprintf (outfile, "\n");
- size = sizeof (buffer);
+ size = buffer_size;
if ((ret = gnutls_x509_privkey_get_key_id (key, 0, buffer, &size)) < 0)
{
fprintf (stderr, "Error in key id calculation: %s\n",
error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret));
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
gnutls_x509_privkey_deinit (key);
}
-/* Load a public key.
- * @mand should be non zero if it is required to read a public key.
- */
-gnutls_pubkey_t
-load_pubkey (int mand)
-{
- gnutls_pubkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info.pubkey && !mand)
- return NULL;
-
- if (info.pubkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-pubkey");
-
- ret = gnutls_pubkey_init (&key);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.pubkey, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info.pubkey);
-
- ret = gnutls_pubkey_import (key, &dat, info.incert_format);
-
- free (dat.data);
-
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header; "
- "check if your key has the PUBLIC KEY header");
- }
-
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
- info.pubkey, gnutls_strerror (ret));
-
- return key;
-}
-
-
-/* Load the private key.
- * @mand should be non zero if it is required to read a private key.
- */
-gnutls_x509_privkey_t
-load_private_key (int mand)
-{
- gnutls_x509_privkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info.privkey && !mand)
- return NULL;
-
- if (info.privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
-
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.privkey, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info.privkey);
-
- if (info.pkcs8)
- {
- const char *pass = get_pass ();
- ret =
- gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
- pass, 0);
- }
- else
- ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
-
- free (dat.data);
-
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header; "
- "check if your key is PKCS #8 or PKCS #12 encoded");
- }
-
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
- info.privkey, gnutls_strerror (ret));
-
- return key;
-}
-
-/* Load the Certificate Request.
- */
-gnutls_x509_crq_t
-load_request (void)
-{
- gnutls_x509_crq_t crq;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info.request)
- return NULL;
-
- ret = gnutls_x509_crq_init (&crq);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.request, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-request: %s", info.request);
-
- ret = gnutls_x509_crq_import (crq, &dat, info.incert_format);
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header");
- }
-
- free (dat.data);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
- info.request, gnutls_strerror (ret));
-
- return crq;
-}
-
-/* Load the CA's private key.
- */
-gnutls_x509_privkey_t
-load_ca_private_key (void)
-{
- gnutls_x509_privkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (info.ca_privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
-
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.ca_privkey, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
- info.ca_privkey);
-
- if (info.pkcs8)
- {
- const char *pass = get_pass ();
- ret =
- gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
- pass, 0);
- }
- else
- ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
- free (dat.data);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
- info.ca_privkey, gnutls_strerror (ret));
-
- return key;
-}
-
-/* Loads the CA's certificate
- */
-gnutls_x509_crt_t
-load_ca_cert (void)
-{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (info.ca == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.ca, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info.ca);
-
- ret = gnutls_x509_crt_import (crt, &dat, info.incert_format);
- free (dat.data);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
- info.ca, gnutls_strerror (ret));
-
- return crt;
-}
-
-/* Loads the certificate
- * If mand is non zero then a certificate is mandatory. Otherwise
- * null will be returned if the certificate loading fails.
- */
-gnutls_x509_crt_t
-load_cert (int mand)
-{
- gnutls_x509_crt_t *crt;
- size_t size;
-
- crt = load_cert_list (mand, &size);
-
- return crt ? crt[0] : NULL;
-}
-
-#define MAX_CERTS 256
-
-/* Loads a certificate list
- */
-gnutls_x509_crt_t *
-load_cert_list (int mand, size_t * crt_size)
-{
- FILE *fd;
- static gnutls_x509_crt_t crt[MAX_CERTS];
- char *ptr;
- int ret, i;
- gnutls_datum_t dat;
- size_t size;
- int ptr_size;
-
- *crt_size = 0;
- fprintf (stderr, "Loading certificate list...\n");
-
- if (info.cert == NULL)
- {
- if (mand)
- error (EXIT_FAILURE, 0, "missing --load-certificate");
- else
- return NULL;
- }
-
- fd = fopen (info.cert, "r");
- if (fd == NULL)
- error (EXIT_FAILURE, errno, "%s", info.cert);
-
- size = fread (buffer, 1, sizeof (buffer) - 1, fd);
- buffer[size] = 0;
-
- fclose (fd);
-
- ptr = buffer;
- ptr_size = size;
-
- for (i = 0; i < MAX_CERTS; i++)
- {
- ret = gnutls_x509_crt_init (&crt[i]);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-
- dat.data = ptr;
- dat.size = ptr_size;
-
- ret = gnutls_x509_crt_import (crt[i], &dat, info.incert_format);
- if (ret < 0 && *crt_size > 0)
- break;
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
-
- ptr = strstr (ptr, "---END");
- if (ptr == NULL)
- break;
- ptr++;
-
- ptr_size = size;
- ptr_size -=
- (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
-
- if (ptr_size < 0)
- break;
-
- (*crt_size)++;
- }
- fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
-
- return crt;
-}
-
/* Generate a PKCS #10 certificate request.
*/
void
-generate_request (void)
+generate_request (common_info_st* cinfo)
{
gnutls_x509_crq_t crq;
gnutls_x509_privkey_t key;
/* Load the private key.
*/
- key = load_private_key (0);
+ key = load_private_key (0, cinfo);
if (!key)
{
key = generate_private_key_int ();
}
void
-verify_crl (void)
+verify_crl (common_info_st* cinfo)
{
size_t size, dn_size;
char dn[128];
time_t now = time (0);
gnutls_x509_crt_t issuer;
- issuer = load_ca_cert ();
+ issuer = load_ca_cert (cinfo);
fprintf (outfile, "\nCA certificate:\n");
void
-generate_pkcs8 (void)
+generate_pkcs8 (common_info_st* cinfo)
{
gnutls_x509_privkey_t key;
int result;
fprintf (stderr, "Generating a PKCS #8 key structure...\n");
- key = load_private_key (1);
+ key = load_private_key (1, cinfo);
if (info.pass)
password = info.pass;
flags = GNUTLS_PKCS_PLAIN;
}
- size = sizeof (buffer);
+ size = buffer_size;
result =
gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format,
password, flags, buffer, &size);
#include <unistd.h>
void
-generate_pkcs12 (void)
+generate_pkcs12 (common_info_st* cinfo)
{
gnutls_pkcs12_t pkcs12;
gnutls_x509_crt_t *crts;
fprintf (stderr, "Generating a PKCS #12 structure...\n");
- key = load_private_key (0);
- crts = load_cert_list (0, &ncrts);
+ key = load_private_key (0, cinfo);
+ crts = load_cert_list (0, &ncrts, cinfo);
name = get_pkcs12_key_name ();
else
flags = cipher_to_flags (info.pkcs_cipher);
- size = sizeof (buffer);
+ size = buffer_size;
result =
gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER,
pass, flags, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "generate_mac: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_pkcs12_export (pkcs12, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "pkcs12_export: %s", gnutls_strerror (result));
{
fputs ("\n", outfile);
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, buffer, &size);
if (result < 0)
break;
{
fputs ("\n", outfile);
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_pkcs7_get_crl_raw (pkcs7, indx, buffer, &size);
if (result < 0)
break;
}
void
-pubkey_info (gnutls_x509_crt crt)
+pubkey_info (gnutls_x509_crt crt, common_info_st* cinfo)
{
gnutls_pubkey_t pubkey;
unsigned int bits, usage;
if (crt == NULL)
{
- crt = load_cert (0);
+ crt = load_cert (0, cinfo);
}
if (crt != NULL)
}
else
{
- pubkey = load_pubkey (1);
+ pubkey = load_pubkey (1, cinfo);
}
fprintf (outfile, "Public Key Info:\n\n");
fprintf (outfile, "\n");
- size = sizeof (buffer);
+ size = buffer_size;
if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0)
{
fprintf (stderr, "Error in key id calculation: %s\n",
fprintf (outfile, "Public Key ID: %s\n", raw_to_string (buffer, size));
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
#endif
#include "certtool-common.h"
-#include <gnutls/pkcs11.h>
#}
#char *pkcs_cipher;
option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."
-#char* pkcs11_provider;
-option (p11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library"
-
-#char* pkcs11_url;
-option (p11-export-url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Export data specified a pkcs11 URL"
-
-#int pkcs11_type;
-option (p11-list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL"
-option (p11-list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL"
-option (p11-list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL"
-option (p11-list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL"
-option (p11-list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
-option (p11-list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens"
-
-#int pkcs11_login;
-option (p11-login) { $pkcs11_login = 1; } "Force login to token"
-
-#char* pkcs11_label;
-option (p11-write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates or private keys to a PKCS11 token."
-option (p11-write-label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation."
-#int pkcs11_trusted;
-option (p11-write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted."
-
-#int pkcs11_detailed_url;
-option (p11-detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs."
-
-option (p11-delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL."
-
#int debug;
option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1."
$debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL;
$incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0;
$export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1;
- $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $pkcs11_provider= NULL;
- $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL;
- $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; $pkcs11_detailed_url = 0; }
+ $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; }
--- /dev/null
+/* File generated by GAA 1.6.6
+ */
+#define GAA_NO_WIN32
+#line 1 "p11tool.gaa"
+
+
+/* C declarations */
+
+#include <config.h>
+#ifdef _WIN32
+# include <io.h>
+#endif
+
+#include "certtool-common.h"
+#include "p11tool.h"
+#include <gnutls/pkcs11.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifndef GAA_NO_WIN32
+#if defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(WINDOWS)
+#define GAA_WIN32
+#endif
+#endif
+
+static void* gaa_malloc( size_t size) {
+void* ret;
+ ret = malloc(size);
+ if (ret==NULL) {
+ fprintf(stderr, "gaa: could not allocate memory");
+ exit(1);
+ }
+ return ret;
+}
+
+static void __gaa_helpsingle(char short_name, char *name,
+ char *arg_desc, char *opt_help)
+{
+ int col1, col3, col4, tabsize = 3, curr;
+ int i;
+
+ col1 = 5; /* Default values */
+ col3 = 30;
+ col4 = 70;
+
+ curr = 0;
+ for(i = 0; i < col1; i++)
+ {
+ printf(" ");
+ curr++;
+ }
+ if(short_name)
+ {
+ if(name && *name)
+ {
+ printf("-%c, ", short_name);
+ curr += 4;
+ }
+ else
+ {
+ printf("-%c ", short_name);
+ curr += 3;
+ }
+ }
+ if(name && *name)
+ {
+ printf("--%s ", name);
+ curr += 3 + strlen(name);
+ }
+ if(arg_desc && *arg_desc)
+ {
+ printf("%s ", arg_desc);
+ curr += 1 + strlen(arg_desc);
+ }
+ if(curr >= col3)
+ {
+ printf("\n");
+ curr = 0;
+ }
+ if(opt_help) /* let's print the option's help body */
+ {
+ const char *str = opt_help;
+ while(*str)
+ {
+ while(curr < col3)
+ {
+ printf(" ");
+ curr++;
+ }
+ switch(*str)
+ {
+ case '\n':
+ printf("\n");
+ curr = 0;
+ break;
+ case '\t':
+ do
+ {
+ printf(" ");
+ curr++;
+ }
+ while((curr - col3) % tabsize != 0 && curr < col4);
+ case ' ':
+ if(*str == ' ')
+ {
+ curr++;
+ printf(" ");
+ }
+ for(i = 1; str[i] && str[i] != ' ' && str[i] != '\n'
+ && str[i] != '\t'; i++);
+ if(curr + i - 1 >= col4)
+ curr = col4;
+ break;
+ default:
+ printf("%c", *str);
+ curr++;
+ }
+ if(curr >= col4)
+ {
+ printf("\n");
+ curr = 0;
+ }
+ str++;
+ }
+ }
+ printf("\n");
+}
+
+void gaa_help(void)
+{
+ printf("p11tool help\nUsage: p11tool [options]\n");
+ printf("Usage: p11tool --list-tokens\n");
+ printf("Usage: p11tool --list-all\n");
+ printf("Usage: p11tool --url 'pkcs11:...'\n\n");
+ __gaa_helpsingle(0, "url", "URL ", "Specify a pkcs11 URL");
+ __gaa_helpsingle(0, "list-tokens", "", "List all available tokens");
+ __gaa_helpsingle(0, "list-all", "", "List all objects specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "list-all-certs", "", "List all certificates specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "list-privkeys", "", "List private keys specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "list-trusted", "", "List certificates marked as trusted, specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "initialize", "URL ", "Initializes a PKCS11 token.");
+ __gaa_helpsingle(0, "write", "URL ", "Writes loaded certificates, private or secret keys to a PKCS11 token.");
+ __gaa_helpsingle(0, "secret-key", "HEX_KEY ", "Provide a hex encoded secret key.");
+ __gaa_helpsingle(0, "label", "label ", "Sets a label for the write operation.");
+ __gaa_helpsingle(0, "write-trusted", "", "Marks the certificate to be imported as trusted.");
+ __gaa_helpsingle(0, "login", "", "Force login to token");
+ __gaa_helpsingle(0, "detailed-url", "", "Export detailed URLs.");
+ __gaa_helpsingle(0, "delete-url", "URL ", "Deletes objects matching the URL.");
+ __gaa_helpsingle(0, "load-privkey", "FILE ", "Private key file to use.");
+ __gaa_helpsingle(0, "load-pubkey", "FILE ", "Private key file to use.");
+ __gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to use.");
+ __gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys.");
+ __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys.");
+ __gaa_helpsingle(0, "inraw", "", "Use RAW/DER format for input certificates and private keys.");
+ __gaa_helpsingle(0, "provider", "Library ", "Specify the pkcs11 provider library");
+ __gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
+ __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1.");
+ __gaa_helpsingle('h', "help", "", "shows this help text");
+
+#line 100 "gaa.skel"
+}
+/* Copy of C area */
+
+#line 104 "gaa.skel"
+/* GAA HEADER */
+#ifndef GAA_HEADER_POKY
+#define GAA_HEADER_POKY
+
+typedef struct _gaainfo gaainfo;
+
+struct _gaainfo
+{
+#line 75 "p11tool.gaa"
+ int debug;
+#line 70 "p11tool.gaa"
+ char *outfile;
+#line 67 "p11tool.gaa"
+ int action;
+#line 66 "p11tool.gaa"
+ char* pkcs11_provider;
+#line 62 "p11tool.gaa"
+ int incert_format;
+#line 59 "p11tool.gaa"
+ int pkcs8;
+#line 56 "p11tool.gaa"
+ char *cert;
+#line 53 "p11tool.gaa"
+ char *pubkey;
+#line 50 "p11tool.gaa"
+ char *privkey;
+#line 45 "p11tool.gaa"
+ int pkcs11_detailed_url;
+#line 42 "p11tool.gaa"
+ int pkcs11_login;
+#line 39 "p11tool.gaa"
+ int pkcs11_trusted;
+#line 36 "p11tool.gaa"
+ char* secret_key;
+#line 32 "p11tool.gaa"
+ char* pkcs11_label;
+#line 24 "p11tool.gaa"
+ int pkcs11_type;
+#line 21 "p11tool.gaa"
+ char* pkcs11_url;
+
+#line 114 "gaa.skel"
+};
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ int gaa(int argc, char *argv[], gaainfo *gaaval);
+
+ void gaa_help(void);
+
+ int gaa_file(const char *name, gaainfo *gaaval);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif
+
+#line 135 "gaa.skel"
+
+/* C declarations */
+
+#define GAAERROR(x) \
+{ \
+gaa_error = 1; \
+return x; \
+}
+
+static char *gaa_current_option;
+static int gaa_error = 0;
+
+/* Generated by gaa */
+
+#include <string.h>
+#include <stdlib.h>
+
+
+#define GAA_OK -1
+
+#define GAA_ERROR_NOMATCH 0
+#define GAA_ERROR_NOTENOUGH_ARGS 1
+#define GAA_ERROR_INVALID_ARG 2
+#define GAA_ERROR_UNKNOWN 3
+
+#define GAA_NOT_AN_OPTION 0
+#define GAA_WORD_OPTION 1
+#define GAA_LETTER_OPTION 2
+#define GAA_MULTIPLE_OPTION 3
+
+#define GAA_REST 0
+#define GAA_NB_OPTION 25
+#define GAAOPTID_help 1
+#define GAAOPTID_debug 2
+#define GAAOPTID_outfile 3
+#define GAAOPTID_provider 4
+#define GAAOPTID_inraw 5
+#define GAAOPTID_inder 6
+#define GAAOPTID_pkcs8 7
+#define GAAOPTID_load_certificate 8
+#define GAAOPTID_load_pubkey 9
+#define GAAOPTID_load_privkey 10
+#define GAAOPTID_delete_url 11
+#define GAAOPTID_detailed_url 12
+#define GAAOPTID_login 13
+#define GAAOPTID_write_trusted 14
+#define GAAOPTID_label 15
+#define GAAOPTID_secret_key 16
+#define GAAOPTID_write 17
+#define GAAOPTID_initialize 18
+#define GAAOPTID_list_trusted 19
+#define GAAOPTID_list_privkeys 20
+#define GAAOPTID_list_certs 21
+#define GAAOPTID_list_all_certs 22
+#define GAAOPTID_list_all 23
+#define GAAOPTID_list_tokens 24
+#define GAAOPTID_url 25
+
+#line 168 "gaa.skel"
+
+#define GAA_CHECK1STR(a,b) \
+if(a[0] == str[0]) \
+{ \
+ gaa_current_option = a; \
+ return b; \
+}
+
+#define GAA_CHECKSTR(a,b) \
+if(strcmp(a,str) == 0) \
+{ \
+ gaa_current_option = a; \
+ return b; \
+}
+
+#define GAA_TESTMOREARGS \
+if(!OK) \
+{ \
+while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \
+ gaa_index++; \
+if(gaa_last_non_option == gaa_index) \
+ return GAA_ERROR_NOTENOUGH_ARGS; \
+}
+
+#define GAA_TESTMOREOPTIONALARGS \
+if(!OK) \
+{ \
+while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \
+ gaa_index++; \
+if(gaa_last_non_option == gaa_index) \
+ OK = 1; \
+}
+
+#define GAA_FILL_2ARGS(target, func) \
+target = func(GAAargv[gaa_index]); \
+gaa_arg_used[gaa_index] = 1; \
+if(gaa_error == 1) \
+{ \
+ gaa_error = 0; \
+ return GAA_ERROR_INVALID_ARG; \
+}
+
+
+
+#define GAA_FILL(target, func, num) \
+if(!OK) \
+{ \
+target = func(GAAargv[gaa_index]); \
+gaa_arg_used[gaa_index] = 1; \
+if(gaa_error == 1) \
+{ \
+ gaa_error = 0; \
+ return GAA_ERROR_INVALID_ARG; \
+} \
+num = 1; \
+} \
+else \
+{ \
+num = 0; \
+}
+
+#define GAA_LIST_FILL(target, func, type ,num) \
+if(!OK) \
+{ \
+num = 0; \
+target = NULL; \
+if ( gaa_last_non_option - gaa_index > 0) \
+ target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\
+for(; gaa_index < gaa_last_non_option; gaa_index++) \
+{ \
+ if(gaa_arg_used[gaa_index] == 0) \
+ { \
+ GAA_FILL_2ARGS(target[num], func); \
+ num++; \
+ } \
+} \
+if(num == 0) \
+ return GAA_ERROR_NOTENOUGH_ARGS; \
+}
+
+#define GAA_OPTIONALLIST_FILL(target, func, type ,num) \
+if(!OK) \
+{ \
+num = 0; \
+target = NULL; \
+if ( gaa_last_non_option - gaa_index > 0) \
+ target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\
+for(; gaa_index < gaa_last_non_option; gaa_index++) \
+{ \
+ if(gaa_arg_used[gaa_index] == 0) \
+ { \
+ GAA_FILL_2ARGS(target[num], func); \
+ num++; \
+ } \
+} \
+}
+
+#define GAA_OBLIGAT(str) \
+k = 0; \
+for(i = 0; i < strlen(str); i++) \
+{ \
+ j = gaa_get_option_num(str + i, GAA_LETTER_OPTION); \
+ if(j == GAA_ERROR_NOMATCH) \
+ { \
+ printf("Error: invalid 'obligat' set\n"); \
+ exit(-1); \
+ } \
+ if(opt_list[j] == 1) \
+ k = 1; \
+} \
+if(k == 0) \
+{ \
+ if(strlen(str) == 1) \
+ printf("You must give the -%s option\n", str); \
+ else \
+ printf("You must give at least one option of '%s'\n", str); \
+ return 0; \
+}
+
+#define GAA_INCOMP(str) \
+k = 0; \
+for(i = 0; i < strlen(str); i++) \
+{ \
+ j = gaa_get_option_num(str + i, GAA_LETTER_OPTION); \
+ if(j == GAA_ERROR_NOMATCH) \
+ { \
+ printf("Error: invalid 'obligat' set\n"); \
+ exit(-1); \
+ } \
+ if(opt_list[j] == 1) \
+ k++; \
+} \
+if(k > 1) \
+{ \
+ printf("The options '%s' are incompatible\n", str); \
+ return 0; \
+}
+
+
+static char **GAAargv;
+static int GAAargc;
+static char *gaa_arg_used;
+static int gaa_processing_file = 0;
+static int inited = 0;
+
+static int gaa_getint(char *arg)
+{
+ int tmp;
+ char a;
+ if(sscanf(arg, "%d%c", &tmp, &a) < 1)
+ {
+ printf("Option %s: '%s' isn't an integer\n", gaa_current_option, arg);
+ GAAERROR(-1);
+ }
+ return tmp;
+}
+
+static char gaa_getchar(char *arg)
+{
+ if(strlen(arg) != 1)
+ {
+ printf("Option %s: '%s' isn't an character\n", gaa_current_option, arg);
+ GAAERROR(-1);
+ }
+ return arg[0];
+}
+
+static char* gaa_getstr(char *arg)
+{
+ return arg;
+}
+static float gaa_getfloat(char *arg)
+{
+ float tmp;
+ char a;
+ if(sscanf(arg, "%f%c", &tmp, &a) < 1)
+ {
+ printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg);
+ GAAERROR(-1);
+ }
+ return tmp;
+}
+/* option structures */
+
+struct GAAOPTION_debug
+{
+ int arg1;
+ int size1;
+};
+
+struct GAAOPTION_outfile
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_provider
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_load_certificate
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_load_pubkey
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_load_privkey
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_delete_url
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_label
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_secret_key
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_write
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_initialize
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_url
+{
+ char* arg1;
+ int size1;
+};
+
+#line 349 "gaa.skel"
+static int gaa_is_an_argument(char *str)
+{
+#ifdef GAA_WIN32
+ if(str[0] == '/' && str[1] != 0)
+ return GAA_MULTIPLE_OPTION;
+#endif
+ if(str[0] != '-')
+ return GAA_NOT_AN_OPTION;
+ if(str[1] == 0)
+ return GAA_NOT_AN_OPTION;
+ if(str[1] == '-')
+ {
+ if(str[2] != 0)
+ return GAA_WORD_OPTION;
+ else
+ return GAA_NOT_AN_OPTION;
+ }
+ if(str[2] == 0)
+ return GAA_LETTER_OPTION;
+ else
+ return GAA_MULTIPLE_OPTION;
+}
+
+static int gaa_get_option_num(char *str, int status)
+{
+ switch(status)
+ {
+ case GAA_LETTER_OPTION:
+ GAA_CHECK1STR("d", GAAOPTID_debug);
+ GAA_CHECK1STR("", GAAOPTID_outfile);
+ GAA_CHECK1STR("", GAAOPTID_provider);
+ GAA_CHECK1STR("", GAAOPTID_load_certificate);
+ GAA_CHECK1STR("", GAAOPTID_load_pubkey);
+ GAA_CHECK1STR("", GAAOPTID_load_privkey);
+ GAA_CHECK1STR("", GAAOPTID_delete_url);
+ GAA_CHECK1STR("", GAAOPTID_label);
+ GAA_CHECK1STR("", GAAOPTID_secret_key);
+ GAA_CHECK1STR("", GAAOPTID_write);
+ GAA_CHECK1STR("", GAAOPTID_initialize);
+ GAA_CHECK1STR("", GAAOPTID_url);
+ case GAA_MULTIPLE_OPTION:
+#line 375 "gaa.skel"
+ GAA_CHECK1STR("h", GAAOPTID_help);
+ GAA_CHECK1STR("", GAAOPTID_inraw);
+ GAA_CHECK1STR("", GAAOPTID_inder);
+ GAA_CHECK1STR("8", GAAOPTID_pkcs8);
+ GAA_CHECK1STR("", GAAOPTID_detailed_url);
+ GAA_CHECK1STR("", GAAOPTID_login);
+ GAA_CHECK1STR("", GAAOPTID_write_trusted);
+ GAA_CHECK1STR("", GAAOPTID_list_trusted);
+ GAA_CHECK1STR("", GAAOPTID_list_privkeys);
+ GAA_CHECK1STR("", GAAOPTID_list_certs);
+ GAA_CHECK1STR("", GAAOPTID_list_all_certs);
+ GAA_CHECK1STR("", GAAOPTID_list_all);
+ GAA_CHECK1STR("", GAAOPTID_list_tokens);
+
+#line 277 "gaa.skel"
+ break;
+ case GAA_WORD_OPTION:
+ GAA_CHECKSTR("help", GAAOPTID_help);
+ GAA_CHECKSTR("debug", GAAOPTID_debug);
+ GAA_CHECKSTR("outfile", GAAOPTID_outfile);
+ GAA_CHECKSTR("provider", GAAOPTID_provider);
+ GAA_CHECKSTR("inraw", GAAOPTID_inraw);
+ GAA_CHECKSTR("inder", GAAOPTID_inder);
+ GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8);
+ GAA_CHECKSTR("load-certificate", GAAOPTID_load_certificate);
+ GAA_CHECKSTR("load-pubkey", GAAOPTID_load_pubkey);
+ GAA_CHECKSTR("load-privkey", GAAOPTID_load_privkey);
+ GAA_CHECKSTR("delete-url", GAAOPTID_delete_url);
+ GAA_CHECKSTR("detailed-url", GAAOPTID_detailed_url);
+ GAA_CHECKSTR("login", GAAOPTID_login);
+ GAA_CHECKSTR("write-trusted", GAAOPTID_write_trusted);
+ GAA_CHECKSTR("label", GAAOPTID_label);
+ GAA_CHECKSTR("secret-key", GAAOPTID_secret_key);
+ GAA_CHECKSTR("write", GAAOPTID_write);
+ GAA_CHECKSTR("initialize", GAAOPTID_initialize);
+ GAA_CHECKSTR("list-trusted", GAAOPTID_list_trusted);
+ GAA_CHECKSTR("list-privkeys", GAAOPTID_list_privkeys);
+ GAA_CHECKSTR("list-certs", GAAOPTID_list_certs);
+ GAA_CHECKSTR("list-all-certs", GAAOPTID_list_all_certs);
+ GAA_CHECKSTR("list-all", GAAOPTID_list_all);
+ GAA_CHECKSTR("list-tokens", GAAOPTID_list_tokens);
+ GAA_CHECKSTR("url", GAAOPTID_url);
+
+#line 281 "gaa.skel"
+ break;
+ default: break;
+ }
+ return GAA_ERROR_NOMATCH;
+}
+
+static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
+{
+ int OK = 0;
+ int gaa_last_non_option;
+ struct GAAOPTION_debug GAATMP_debug;
+ struct GAAOPTION_outfile GAATMP_outfile;
+ struct GAAOPTION_provider GAATMP_provider;
+ struct GAAOPTION_load_certificate GAATMP_load_certificate;
+ struct GAAOPTION_load_pubkey GAATMP_load_pubkey;
+ struct GAAOPTION_load_privkey GAATMP_load_privkey;
+ struct GAAOPTION_delete_url GAATMP_delete_url;
+ struct GAAOPTION_label GAATMP_label;
+ struct GAAOPTION_secret_key GAATMP_secret_key;
+ struct GAAOPTION_write GAATMP_write;
+ struct GAAOPTION_initialize GAATMP_initialize;
+ struct GAAOPTION_url GAATMP_url;
+
+#line 393 "gaa.skel"
+#ifdef GAA_REST_EXISTS
+ struct GAAREST GAAREST_tmp;
+#endif
+
+ opt_list[gaa_num] = 1;
+
+ for(gaa_last_non_option = gaa_index;
+ (gaa_last_non_option != GAAargc) && (gaa_is_an_argument(GAAargv[gaa_last_non_option]) == GAA_NOT_AN_OPTION);
+ gaa_last_non_option++);
+
+ if(gaa_num == GAA_REST)
+ {
+ gaa_index = 1;
+ gaa_last_non_option = GAAargc;
+ }
+
+ switch(gaa_num)
+ {
+ case GAAOPTID_help:
+ OK = 0;
+#line 78 "p11tool.gaa"
+{ gaa_help(); exit(0); ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_debug:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
+ gaa_index++;
+#line 76 "p11tool.gaa"
+{ gaaval->debug = GAATMP_debug.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_outfile:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
+ gaa_index++;
+#line 71 "p11tool.gaa"
+{ gaaval->outfile = GAATMP_outfile.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_provider:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_provider.arg1, gaa_getstr, GAATMP_provider.size1);
+ gaa_index++;
+#line 68 "p11tool.gaa"
+{ gaaval->pkcs11_provider = GAATMP_provider.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_inraw:
+ OK = 0;
+#line 64 "p11tool.gaa"
+{ gaaval->incert_format=1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_inder:
+ OK = 0;
+#line 63 "p11tool.gaa"
+{ gaaval->incert_format=1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_pkcs8:
+ OK = 0;
+#line 60 "p11tool.gaa"
+{ gaaval->pkcs8=1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_load_certificate:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1);
+ gaa_index++;
+#line 57 "p11tool.gaa"
+{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_load_pubkey:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, GAATMP_load_pubkey.size1);
+ gaa_index++;
+#line 54 "p11tool.gaa"
+{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_load_privkey:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1);
+ gaa_index++;
+#line 51 "p11tool.gaa"
+{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_delete_url:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_delete_url.arg1, gaa_getstr, GAATMP_delete_url.size1);
+ gaa_index++;
+#line 48 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_delete_url.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_detailed_url:
+ OK = 0;
+#line 46 "p11tool.gaa"
+{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_login:
+ OK = 0;
+#line 43 "p11tool.gaa"
+{ gaaval->pkcs11_login = 1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_write_trusted:
+ OK = 0;
+#line 40 "p11tool.gaa"
+{ gaaval->pkcs11_trusted = 1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_label:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_label.arg1, gaa_getstr, GAATMP_label.size1);
+ gaa_index++;
+#line 38 "p11tool.gaa"
+{ gaaval->pkcs11_label = GAATMP_label.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_secret_key:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr, GAATMP_secret_key.size1);
+ gaa_index++;
+#line 37 "p11tool.gaa"
+{ gaaval->secret_key = GAATMP_secret_key.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_write:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_write.arg1, gaa_getstr, GAATMP_write.size1);
+ gaa_index++;
+#line 34 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_write.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_initialize:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_initialize.arg1, gaa_getstr, GAATMP_initialize.size1);
+ gaa_index++;
+#line 33 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_TOKEN_INIT; gaaval->pkcs11_url = GAATMP_initialize.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_trusted:
+ OK = 0;
+#line 30 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_privkeys:
+ OK = 0;
+#line 29 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_certs:
+ OK = 0;
+#line 28 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_all_certs:
+ OK = 0;
+#line 27 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_all:
+ OK = 0;
+#line 26 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_tokens:
+ OK = 0;
+#line 25 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_TOKENS; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_url:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_url.arg1, gaa_getstr, GAATMP_url.size1);
+ gaa_index++;
+#line 22 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url = GAATMP_url.arg1; ;};
+
+ return GAA_OK;
+ break;
+
+#line 413 "gaa.skel"
+ default: break;
+ }
+ return GAA_ERROR_UNKNOWN;
+}
+
+int gaa(int argc, char **argv, gaainfo *gaaval)
+{
+ int tmp1, tmp2;
+ int i, j;
+ char *opt_list;
+
+ GAAargv = argv;
+ GAAargc = argc;
+
+ opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1);
+
+ for(i = 0; i < GAA_NB_OPTION + 1; i++)
+ opt_list[i] = 0;
+ /* initialization */
+ if(inited == 0)
+ {
+
+#line 80 "p11tool.gaa"
+{ gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile = NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL;
+ gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
+ gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0;
+ gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; ;};
+
+ }
+ inited = 1;
+#line 438 "gaa.skel"
+ gaa_arg_used = NULL;
+
+ if (argc > 0) {
+ gaa_arg_used = gaa_malloc(argc * sizeof(char));
+ }
+
+ for(i = 1; i < argc; i++)
+ gaa_arg_used[i] = 0;
+ for(i = 1; i < argc; i++)
+ {
+ if(gaa_arg_used[i] == 0)
+ {
+ j = 0;
+ tmp1 = gaa_is_an_argument(GAAargv[i]);
+ switch(tmp1)
+ {
+ case GAA_WORD_OPTION:
+ j++;
+ case GAA_LETTER_OPTION:
+ j++;
+ tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
+ if(tmp2 == GAA_ERROR_NOMATCH)
+ {
+ printf("Invalid option '%s'\n", argv[i]+j);
+ return 0;
+ }
+ switch(gaa_try(tmp2, i+1, gaaval, opt_list))
+ {
+ case GAA_ERROR_NOTENOUGH_ARGS:
+ printf("'%s': not enough arguments\n",gaa_current_option);
+ return 0;
+ case GAA_ERROR_INVALID_ARG:
+ printf("Invalid arguments\n");
+ return 0;
+ case GAA_OK:
+ break;
+ default:
+ printf("Unknown error\n");
+ }
+ gaa_arg_used[i] = 1;
+ break;
+ case GAA_MULTIPLE_OPTION:
+ for(j = 1; j < strlen(argv[i]); j++)
+ {
+ tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
+ if(tmp2 == GAA_ERROR_NOMATCH)
+ {
+ printf("Invalid option '%c'\n", *(argv[i]+j));
+ return 0;
+ }
+ switch(gaa_try(tmp2, i+1, gaaval, opt_list))
+ {
+ case GAA_ERROR_NOTENOUGH_ARGS:
+ printf("'%s': not enough arguments\n",gaa_current_option);
+ return 0;
+ case GAA_ERROR_INVALID_ARG:
+ printf("Invalid arguments\n");
+ return 0;
+ case GAA_OK:
+ break;
+ default:
+ printf("Unknown error\n");
+ }
+ }
+ gaa_arg_used[i] = 1;
+ break;
+ default: break;
+ }
+ }
+ }
+if(gaa_processing_file == 0)
+{
+
+#line 507 "gaa.skel"
+#ifdef GAA_REST_EXISTS
+ switch(gaa_try(GAA_REST, 1, gaaval, opt_list))
+ {
+ case GAA_ERROR_NOTENOUGH_ARGS:
+ printf("Rest: not enough arguments\n");
+ return 0;
+ case GAA_ERROR_INVALID_ARG:
+ printf("Invalid arguments\n");
+ return 0;
+ case GAA_OK:
+ break;
+ default:
+ printf("Unknown error\n");
+ }
+#endif
+}
+ for(i = 1; i < argc; i++)
+ {
+ if(gaa_arg_used[i] == 0)
+ {
+ printf("Too many arguments\n");
+ return 0;
+ }
+ }
+ free(gaa_arg_used);
+ free(opt_list);
+ return -1;
+}
+
+struct gaastrnode
+{
+ char *str;
+ struct gaastrnode *next;
+};
+
+typedef struct gaastrnode gaa_str_node;
+
+static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc)
+{
+ int pos_ini;
+ int a;
+ int i = 0, len = 0, newline = 0;
+
+ if(argc == 1) {
+ newline = 1;
+ len = 2;
+ }
+
+ a = fgetc( file);
+ if (a == EOF) return 0;
+
+ while(a == ' ' || a == 9 || a == '\n')
+ {
+ if(a == '\n')
+ {
+ newline=1;
+ len = 2;
+ }
+ a = fgetc( file);
+ if (a == EOF) return 0;
+ }
+
+ pos_ini = ftell(file) - 1;
+
+ while(a != ' ' && a != 9 && a != '\n')
+ {
+
+ len++;
+ a = fgetc( file);
+ if(a==EOF) return 0; //a = ' ';
+ }
+
+ len += 1;
+ tmp_str->str = gaa_malloc((len) * sizeof(char));
+
+ if(newline == 1)
+ {
+ tmp_str->str[0] = '-';
+ tmp_str->str[1] = '-';
+ i = 2;
+ }
+ else
+ {
+ i = 0;
+ }
+
+ fseek(file,pos_ini, SEEK_SET);
+ do
+ {
+ a = fgetc( file);
+
+ if (a == EOF) {
+ i+=2;
+ break;
+ }
+ tmp_str->str[i] = a;
+ i++;
+ }
+ while(a != ' ' && a != 9 && a != '\n' && i < len);
+
+ tmp_str->str[i - 1] = 0;
+
+ fseek(file,- 1, SEEK_CUR);
+/* printf("%d\n", ftell(file)); */
+
+ return -1;
+}
+
+int gaa_file(const char *name, gaainfo *gaaval)
+{
+ gaa_str_node *first_str, **tmp_str, *tmp_str2;
+ int rval, i;
+ char **argv;
+ int argc = 0;
+ FILE *file;
+
+ gaa_processing_file = 1;
+
+ if((file = fopen(name, "r")) == NULL)
+ {
+ printf("Couldn't open '%s' configuration file for reading\n", name);
+ return 1;
+ }
+
+ tmp_str = &first_str;
+ do
+ {
+ argc++;
+ *tmp_str = gaa_malloc(sizeof(gaa_str_node));
+
+ (*tmp_str)->str = NULL;
+ (*tmp_str)->next = NULL;
+
+ rval = gaa_internal_get_next_str(file, *tmp_str, argc);
+ tmp_str = &((*tmp_str)->next);
+ }
+ while(rval == -1);
+
+ if(rval == 1)
+ return 0;
+
+ argv = gaa_malloc((1 + argc) * sizeof(char*));
+
+ tmp_str2 = first_str;
+ argv[0] = "cfg";
+ for(i = 1; i < argc; i++)
+ {
+ argv[i] = tmp_str2->str;
+ tmp_str2 = tmp_str2->next;
+ }
+
+ rval = gaa(argc, argv, gaaval);
+ gaa_processing_file = 0;
+ return rval;
+}
--- /dev/null
+
+#line 104 "gaa.skel"
+/* GAA HEADER */
+#ifndef GAA_HEADER_POKY
+#define GAA_HEADER_POKY
+
+typedef struct _gaainfo gaainfo;
+
+struct _gaainfo
+{
+#line 75 "p11tool.gaa"
+ int debug;
+#line 70 "p11tool.gaa"
+ char *outfile;
+#line 67 "p11tool.gaa"
+ int action;
+#line 66 "p11tool.gaa"
+ char* pkcs11_provider;
+#line 62 "p11tool.gaa"
+ int incert_format;
+#line 59 "p11tool.gaa"
+ int pkcs8;
+#line 56 "p11tool.gaa"
+ char *cert;
+#line 53 "p11tool.gaa"
+ char *pubkey;
+#line 50 "p11tool.gaa"
+ char *privkey;
+#line 45 "p11tool.gaa"
+ int pkcs11_detailed_url;
+#line 42 "p11tool.gaa"
+ int pkcs11_login;
+#line 39 "p11tool.gaa"
+ int pkcs11_trusted;
+#line 36 "p11tool.gaa"
+ char* secret_key;
+#line 32 "p11tool.gaa"
+ char* pkcs11_label;
+#line 24 "p11tool.gaa"
+ int pkcs11_type;
+#line 21 "p11tool.gaa"
+ char* pkcs11_url;
+
+#line 114 "gaa.skel"
+};
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ int gaa(int argc, char *argv[], gaainfo *gaaval);
+
+ void gaa_help(void);
+
+ int gaa_file(const char *name, gaainfo *gaaval);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/extra.h>
+#include <gnutls/x509.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/abstract.h>
+
+#include <gcrypt.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <error.h>
+
+/* Gnulib portability files. */
+#include <read-file.h>
+#include <progname.h>
+#include <version-etc.h>
+
+#include "p11tool-gaa.h"
+#include "p11tool.h"
+#include "certtool-common.h"
+
+static void gaa_parser (int argc, char **argv);
+
+static gaainfo info;
+static FILE *outfile;
+int batch = 0;
+
+static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ set_program_name (argv[0]);
+ gaa_parser (argc, argv);
+
+ return 0;
+}
+
+static void
+gaa_parser (int argc, char **argv)
+{
+ int ret;
+ common_info_st cinfo;
+
+ if (gaa (argc, argv, &info) != -1)
+ {
+ fprintf (stderr, "Try `%s --help' for more information.\n",
+ program_name);
+ exit (1);
+ }
+
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (info.debug);
+ if (info.debug > 1)
+ printf ("Setting log level to %d\n", info.debug);
+
+ if ((ret = gnutls_global_init ()) < 0)
+ error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+
+ if (info.pkcs11_provider != NULL)
+ {
+ ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+ if (ret < 0)
+ fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+ else
+ {
+ ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
+ gnutls_strerror (ret));
+ }
+ }
+ else
+ {
+ ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
+ if (ret < 0)
+ fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+ }
+
+ if (info.outfile)
+ {
+ outfile = safe_open_rw (info.outfile, 0);
+ if (outfile == NULL)
+ error (EXIT_FAILURE, errno, "%s", info.outfile);
+ }
+ else
+ outfile = stdout;
+
+ memset(&cinfo, 0, sizeof(cinfo));
+ cinfo.secret_key = info.secret_key;
+ cinfo.privkey = info.privkey;
+ cinfo.pkcs8 = info.pkcs8;
+ cinfo.incert_format = info.incert_format;
+ cinfo.cert = info.cert;
+
+ switch (info.action)
+ {
+ case ACTION_PKCS11_LIST:
+ pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
+ info.pkcs11_login, info.pkcs11_detailed_url, &cinfo);
+ break;
+ case ACTION_PKCS11_TOKENS:
+ pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
+ break;
+ case ACTION_PKCS11_EXPORT_URL:
+ pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
+ break;
+ case ACTION_PKCS11_WRITE_URL:
+ pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
+ info.pkcs11_trusted, info.pkcs11_login, &cinfo);
+ break;
+ case ACTION_PKCS11_TOKEN_INIT:
+ pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
+ break;
+ case ACTION_PKCS11_DELETE_URL:
+ pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo);
+ break;
+ default:
+ gaa_help ();
+ exit (0);
+ }
+ fclose (outfile);
+
+ gnutls_pkcs11_deinit ();
+ gnutls_global_deinit ();
+}
+
--- /dev/null
+#{
+
+/* C declarations */
+
+#include <config.h>
+#ifdef _WIN32
+# include <io.h>
+#endif
+
+#include "certtool-common.h"
+#include "p11tool.h"
+#include <gnutls/pkcs11.h>
+
+#}
+
+helpnode "p11tool help\nUsage: p11tool [options]"
+helpnode "Usage: p11tool --list-tokens"
+helpnode "Usage: p11tool --list-all"
+helpnode "Usage: p11tool --url 'pkcs11:...'\n"
+
+#char* pkcs11_url;
+option (url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Specify a pkcs11 URL"
+
+#int pkcs11_type;
+option (list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens"
+option (list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
+option (list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL"
+option (list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL"
+option (list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL"
+option (list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL"
+
+#char* pkcs11_label;
+option (initialize) STR "URL" { $action = ACTION_PKCS11_TOKEN_INIT; $pkcs11_url = $1; } "Initializes a PKCS11 token."
+option (write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates, private or secret keys to a PKCS11 token."
+
+#char* secret_key;
+option (secret-key) STR "HEX_KEY" { $secret_key = $1; } "Provide a hex encoded secret key."
+option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation."
+#int pkcs11_trusted;
+option (write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted."
+
+#int pkcs11_login;
+option (login) { $pkcs11_login = 1; } "Force login to token"
+
+#int pkcs11_detailed_url;
+option (detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs."
+
+option (delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL."
+
+#char *privkey;
+option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use."
+
+#char *pubkey;
+option (load-pubkey) STR "FILE" { $pubkey = $1 } "Private key file to use."
+
+#char *cert;
+option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use."
+
+#int pkcs8;
+option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."
+
+#int incert_format;
+option (inder) { $incert_format=1 } "Use DER format for input certificates and private keys."
+option (inraw) { $incert_format=1 } "Use RAW/DER format for input certificates and private keys."
+
+#char* pkcs11_provider;
+#int action;
+option (provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library"
+
+#char *outfile;
+option (outfile) STR "FILE" { $outfile = $1 } "Output file."
+
+
+
+#int debug;
+option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1."
+
+option (h, help) { gaa_help(); exit(0); } "shows this help text"
+
+init { $action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey = NULL; $privkey = NULL;
+ $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL;
+ $pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url = 0;
+ $secret_key = NULL; $cert = NULL; $incert_format = 0; }
--- /dev/null
+#ifndef P11TOOL_H
+# define P11TOOL_H
+
+#include "certtool-common.h"
+
+void pkcs11_list (FILE * outfile, const char *url, int type,
+ unsigned int login, unsigned int detailed, common_info_st*);
+void pkcs11_export (FILE * outfile, const char *pkcs11_url,
+ unsigned int login, common_info_st*);
+void pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st*);
+void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
+ int trusted, unsigned int login, common_info_st*);
+void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
+ unsigned int login, common_info_st*);
+void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char* label, common_info_st*);
+
+#define PKCS11_TYPE_CRT_ALL 1
+#define PKCS11_TYPE_TRUSTED 2
+#define PKCS11_TYPE_PK 3
+#define PKCS11_TYPE_ALL 4
+#define PKCS11_TYPE_PRIVKEY 5
+
+
+enum
+{
+ ACTION_PKCS11_LIST,
+ ACTION_PKCS11_TOKENS,
+ ACTION_PKCS11_EXPORT_URL,
+ ACTION_PKCS11_WRITE_URL,
+ ACTION_PKCS11_DELETE_URL,
+ ACTION_PKCS11_TOKEN_INIT,
+};
+
+#endif
#include <gnutls/abstract.h>
#include <stdio.h>
#include <stdlib.h>
-#include "certtool-common.h"
+#include "p11tool.h"
#include "certtool-cfg.h"
+#include "certtool-common.h"
#include <unistd.h>
#include <string.h>
}
void
-pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login)
+pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, common_info_st* info)
{
int ret;
unsigned int obj_flags = 0;
if (!batch)
{
pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login,
- GNUTLS_PKCS11_URL_LIB);
+ GNUTLS_PKCS11_URL_LIB, info);
ret =
read_yesno ("Are you sure you want to delete those objects? (y/N): ");
if (ret == 0)
*/
void
pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
- unsigned int detailed)
+ unsigned int detailed, common_info_st* info)
{
gnutls_pkcs11_obj_t *crt_list;
gnutls_x509_crt_t xcrt;
}
void
-pkcs11_export (FILE * outfile, const char *url, unsigned int login)
+pkcs11_export (FILE * outfile, const char *url, unsigned int login, common_info_st* info)
{
gnutls_pkcs11_obj_t crt;
gnutls_x509_crt_t xcrt;
}
void
-pkcs11_token_list (FILE * outfile, unsigned int detailed)
+pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st* info)
{
int ret;
int i;
void
pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
- unsigned int login)
+ unsigned int login, common_info_st* info)
{
gnutls_x509_crt_t xcrt;
gnutls_x509_privkey_t xkey;
int ret;
unsigned int flags = 0;
- unsigned int key_usage;
+ unsigned int key_usage = 0;
+ gnutls_datum_t* secret_key;
if (login)
flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
if (url == NULL)
url = "pkcs11:";
- xcrt = load_cert (0);
+ secret_key = load_secret_key(0, info);
+ if (secret_key != NULL)
+ {
+ ret =
+ gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
+ flags |
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
+ }
+
+ xcrt = load_cert (0, info);
if (xcrt != NULL)
{
if (trusted)
gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL);
}
- xkey = load_private_key (0);
+ xkey = load_private_key (0, info);
if (xkey != NULL)
{
ret =
}
}
- if (xkey == NULL && xcrt == NULL)
+ if (xkey == NULL && xcrt == NULL && secret_key != NULL)
{
fprintf (stderr,
- "You must use --load-privkey or --load-certificate to load the file to be copied\n");
+ "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
+ exit (1);
+ }
+
+ return;
+}
+
+void
+pkcs11_init (FILE * outfile, const char *url, const char *label, common_info_st* info)
+{
+ int ret;
+ char * pin;
+ char so_pin[32];
+
+ pkcs11_common ();
+
+ if (url == NULL)
+ {
+ fprintf(stderr, "No token URL given to initialize!\n");
+ exit(1);
+ }
+
+ pin = getpass ("Enter Security Officer's PIN: ");
+ if (pin == NULL)
+ exit(0);
+
+ strcpy(so_pin, pin);
+
+ pin = getpass ("Enter new User's PIN: ");
+ if (pin == NULL)
+ exit(0);
+
+ ret =
+ gnutls_pkcs11_token_init (url, so_pin, pin, label);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
exit (1);
}