]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Introduced p11tool to separate PKCS #11 functionality from certtool.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 7 Nov 2010 04:22:22 +0000 (05:22 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 7 Nov 2010 04:22:22 +0000 (05:22 +0100)
14 files changed:
.gitignore
src/Makefile.am
src/certtool-common.c [new file with mode: 0644]
src/certtool-common.h
src/certtool-gaa.c
src/certtool-gaa.h
src/certtool.c
src/certtool.gaa
src/p11tool-gaa.c [new file with mode: 0644]
src/p11tool-gaa.h [new file with mode: 0644]
src/p11tool.c [new file with mode: 0644]
src/p11tool.gaa [new file with mode: 0644]
src/p11tool.h [new file with mode: 0644]
src/pkcs11.c

index 1279db551c1bfe21822bc88ede2a04162a530a5f..f17c4a874fb17c378a0b04237043449d3cf70af9 100644 (file)
@@ -379,6 +379,8 @@ m4/lt~obsolete.m4
 src/Makefile
 src/Makefile.in
 src/benchmark
+src/libcmd-p11tool.la
+src/p11tool
 src/certtool
 src/cfg/Makefile
 src/cfg/Makefile.in
index edd72231b0a90591594665f32a8d187f1e3b9c7c..8607f8208d25611142ac7252ca2b8e3103af8cdd 100644 (file)
@@ -32,7 +32,7 @@ AM_CPPFLAGS = \
 noinst_PROGRAMS = benchmark
 bin_PROGRAMS = gnutls-serv gnutls-cli psktool gnutls-cli-debug
 if ENABLE_PKI
-bin_PROGRAMS += certtool
+bin_PROGRAMS += certtool p11tool
 endif
 if ENABLE_SRP
 bin_PROGRAMS += srptool
@@ -80,7 +80,9 @@ noinst_LTLIBRARIES += libcmd-cli-debug.la
 libcmd_cli_debug_la_CFLAGS =
 libcmd_cli_debug_la_SOURCES = tls_test.gaa tls_test-gaa.h tls_test-gaa.c
 
-certtool_SOURCES = certtool.c prime.c pkcs11.c
+#certtool
+
+certtool_SOURCES = certtool.c prime.c certtool-common.c
 certtool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
 certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la
 certtool_LDADD += $(LTLIBGCRYPT)
@@ -97,16 +99,40 @@ certtool_LDADD += libcfg.la
 endif
 noinst_LTLIBRARIES += libcmd-certtool.la
 libcmd_certtool_la_CFLAGS =
-libcmd_certtool_la_SOURCES = certtool.gaa certtool-gaa.h       \
-       certtool-gaa.c certtool-cfg.h certtool-cfg.c
+libcmd_certtool_la_SOURCES = certtool-gaa.c certtool.gaa certtool-gaa.h        \
+       certtool-cfg.h certtool-cfg.c
 libcmd_certtool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE)
 libcmd_certtool_la_LIBADD += ../lib/libgnutls.la ../libextra/libgnutls-extra.la
 libcmd_certtool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
 
+# p11 tool
+p11tool_gaa_CFLAGS =
+p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c
+p11tool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
+p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la
+p11tool_LDADD += $(LTLIBGCRYPT)
+
+if HAVE_LIBCFG
+p11tool_LDADD += -lcfg+
+else
+p11tool_LDADD += libcfg.la
+endif
+noinst_LTLIBRARIES += libcmd-p11tool.la
+libcmd_p11tool_la_CFLAGS =
+libcmd_p11tool_la_SOURCES = p11tool-gaa.c p11tool.gaa p11tool-gaa.h    \
+       certtool-cfg.h certtool-cfg.c
+libcmd_p11tool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE)
+libcmd_p11tool_la_LIBADD += ../lib/libgnutls.la
+libcmd_p11tool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
+
+
+
 psk-gaa.c: $(srcdir)/psk.gaa
        -$(GAA) $< -o psk-gaa.c -i psk-gaa.h
 crypt-gaa.c: $(srcdir)/crypt.gaa
        -$(GAA) $< -o crypt-gaa.c -i crypt-gaa.h
+p11tool-gaa.c: $(srcdir)/p11tool.gaa
+       -$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h
 certtool-gaa.c: $(srcdir)/certtool.gaa
        -$(GAA) $< -o certtool-gaa.c -i certtool-gaa.h
 cli-gaa.c: $(srcdir)/cli.gaa
diff --git a/src/certtool-common.c b/src/certtool-common.c
new file mode 100644 (file)
index 0000000..0c96f47
--- /dev/null
@@ -0,0 +1,401 @@
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/extra.h>
+#include <gnutls/x509.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/abstract.h>
+
+#include <gcrypt.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <error.h>
+#include "certtool-common.h"
+#include "certtool-cfg.h"
+
+/* Gnulib portability files. */
+#include <read-file.h>
+
+unsigned char buffer[64 * 1024];
+const int buffer_size = sizeof (buffer);
+
+
+FILE *
+safe_open_rw (const char *file, int privkey_op)
+{
+  mode_t omask = 0;
+  FILE *fh;
+
+  if (privkey_op != 0)
+    {
+      omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+    }
+
+  fh = fopen (file, "wb");
+
+  if (privkey_op != 0)
+    {
+      umask (omask);
+    }
+
+  return fh;
+}
+
+gnutls_datum_t *
+load_secret_key (int mand, common_info_st* info)
+{
+  unsigned char raw_key[64];
+  size_t raw_key_size = sizeof(raw_key);
+  static gnutls_datum_t key;
+  gnutls_datum_t hex_key;
+  int ret;
+
+  fprintf (stderr, "Loading secret key...\n");
+
+  if (info->secret_key == NULL)
+    {
+      if (mand)
+       error (EXIT_FAILURE, 0, "missing --secret-key");
+      else
+       return NULL;
+    }
+
+  hex_key.data = (char*)info->secret_key;
+  hex_key.size = strlen(info->secret_key);
+  
+  ret = gnutls_hex_decode( &hex_key, raw_key, &raw_key_size);
+  if (ret < 0)
+       error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
+
+  key.data = raw_key;
+  key.size = raw_key_size;
+  
+  return &key;
+}
+
+/* Load the private key.
+ * @mand should be non zero if it is required to read a private key.
+ */
+gnutls_x509_privkey_t
+load_private_key (int mand, common_info_st* info)
+{
+  gnutls_x509_privkey_t key;
+  int ret;
+  gnutls_datum_t dat;
+  size_t size;
+
+  if (!info->privkey && !mand)
+    return NULL;
+
+  if (info->privkey == NULL)
+    error (EXIT_FAILURE, 0, "missing --load-privkey");
+
+  ret = gnutls_x509_privkey_init (&key);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+  dat.data = read_binary_file (info->privkey, &size);
+  dat.size = size;
+
+  if (!dat.data)
+    error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
+
+  if (info->pkcs8)
+    {
+      const char *pass = get_pass ();
+      ret =
+       gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+                                         pass, 0);
+    }
+  else
+    ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
+
+  free (dat.data);
+
+  if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+    {
+      error (EXIT_FAILURE, 0,
+            "import error: could not find a valid PEM header; "
+            "check if your key is PKCS #8 or PKCS #12 encoded");
+    }
+
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
+          info->privkey, gnutls_strerror (ret));
+
+  return key;
+}
+
+/* Loads the certificate
+ * If mand is non zero then a certificate is mandatory. Otherwise
+ * null will be returned if the certificate loading fails.
+ */
+gnutls_x509_crt_t
+load_cert (int mand, common_info_st* info)
+{
+  gnutls_x509_crt_t *crt;
+  size_t size;
+
+  crt = load_cert_list (mand, &size, info);
+
+  return crt ? crt[0] : NULL;
+}
+
+#define MAX_CERTS 256
+
+/* Loads a certificate list
+ */
+gnutls_x509_crt_t *
+load_cert_list (int mand, size_t * crt_size, common_info_st* info)
+{
+  FILE *fd;
+  static gnutls_x509_crt_t crt[MAX_CERTS];
+  char *ptr;
+  int ret, i;
+  gnutls_datum_t dat;
+  size_t size;
+  int ptr_size;
+
+  *crt_size = 0;
+  fprintf (stderr, "Loading certificate list...\n");
+
+  if (info->cert == NULL)
+    {
+      if (mand)
+       error (EXIT_FAILURE, 0, "missing --load-certificate");
+      else
+       return NULL;
+    }
+
+  fd = fopen (info->cert, "r");
+  if (fd == NULL)
+    error (EXIT_FAILURE, errno, "%s", info->cert);
+
+  size = fread (buffer, 1, sizeof (buffer) - 1, fd);
+  buffer[size] = 0;
+
+  fclose (fd);
+
+  ptr = buffer;
+  ptr_size = size;
+
+  for (i = 0; i < MAX_CERTS; i++)
+    {
+      ret = gnutls_x509_crt_init (&crt[i]);
+      if (ret < 0)
+       error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+
+      dat.data = ptr;
+      dat.size = ptr_size;
+
+      ret = gnutls_x509_crt_import (crt[i], &dat, info->incert_format);
+      if (ret < 0 && *crt_size > 0)
+       break;
+      if (ret < 0)
+       error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
+
+      ptr = strstr (ptr, "---END");
+      if (ptr == NULL)
+       break;
+      ptr++;
+
+      ptr_size = size;
+      ptr_size -=
+       (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
+
+      if (ptr_size < 0)
+       break;
+
+      (*crt_size)++;
+    }
+  fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
+
+  return crt;
+}
+
+/* Load the Certificate Request.
+ */
+gnutls_x509_crq_t
+load_request (common_info_st* info)
+{
+  gnutls_x509_crq_t crq;
+  int ret;
+  gnutls_datum_t dat;
+  size_t size;
+
+  if (!info->request)
+    return NULL;
+
+  ret = gnutls_x509_crq_init (&crq);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
+
+  dat.data = read_binary_file (info->request, &size);
+  dat.size = size;
+
+  if (!dat.data)
+    error (EXIT_FAILURE, errno, "reading --load-request: %s", info->request);
+
+  ret = gnutls_x509_crq_import (crq, &dat, info->incert_format);
+  if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+    {
+      error (EXIT_FAILURE, 0,
+            "import error: could not find a valid PEM header");
+    }
+
+  free (dat.data);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
+          info->request, gnutls_strerror (ret));
+
+  return crq;
+}
+
+/* Load the CA's private key.
+ */
+gnutls_x509_privkey_t
+load_ca_private_key (common_info_st* info)
+{
+  gnutls_x509_privkey_t key;
+  int ret;
+  gnutls_datum_t dat;
+  size_t size;
+
+  if (info->ca_privkey == NULL)
+    error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
+
+  ret = gnutls_x509_privkey_init (&key);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+  dat.data = read_binary_file (info->ca_privkey, &size);
+  dat.size = size;
+
+  if (!dat.data)
+    error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
+          info->ca_privkey);
+
+  if (info->pkcs8)
+    {
+      const char *pass = get_pass ();
+      ret =
+       gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+                                         pass, 0);
+    }
+  else
+    ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
+  free (dat.data);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
+          info->ca_privkey, gnutls_strerror (ret));
+
+  return key;
+}
+
+/* Loads the CA's certificate
+ */
+gnutls_x509_crt_t
+load_ca_cert (common_info_st* info)
+{
+  gnutls_x509_crt_t crt;
+  int ret;
+  gnutls_datum_t dat;
+  size_t size;
+
+  if (info->ca == NULL)
+    error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
+
+  ret = gnutls_x509_crt_init (&crt);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+
+  dat.data = read_binary_file (info->ca, &size);
+  dat.size = size;
+
+  if (!dat.data)
+    error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info->ca);
+
+  ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
+  free (dat.data);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
+          info->ca, gnutls_strerror (ret));
+
+  return crt;
+}
+
+/* Load a public key.
+ * @mand should be non zero if it is required to read a public key.
+ */
+gnutls_pubkey_t
+load_pubkey (int mand, common_info_st* info)
+{
+  gnutls_pubkey_t key;
+  int ret;
+  gnutls_datum_t dat;
+  size_t size;
+
+  if (!info->pubkey && !mand)
+    return NULL;
+
+  if (info->pubkey == NULL)
+    error (EXIT_FAILURE, 0, "missing --load-pubkey");
+
+  ret = gnutls_pubkey_init (&key);
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+  dat.data = read_binary_file (info->pubkey, &size);
+  dat.size = size;
+
+  if (!dat.data)
+    error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info->pubkey);
+
+  ret = gnutls_pubkey_import (key, &dat, info->incert_format);
+
+  free (dat.data);
+
+  if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+    {
+      error (EXIT_FAILURE, 0,
+            "import error: could not find a valid PEM header; "
+            "check if your key has the PUBLIC KEY header");
+    }
+
+  if (ret < 0)
+    error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
+          info->pubkey, gnutls_strerror (ret));
+
+  return key;
+}
index 1a2d881884ce779e1a1858ef2d366bb0e63e0979..4d384df956c7bb6b9826682cae7c560b4fc165c6 100644 (file)
@@ -1,3 +1,6 @@
+#ifndef CERTTOOL_COMMON_H
+# define CERTTOOL_COMMON_H
+
 #include <gnutls/x509.h>
 #include <stdio.h>
 
@@ -26,11 +29,6 @@ enum
   ACTION_PGP_PRIVKEY_INFO,
   ACTION_RING_INFO,
   ACTION_REQUEST,
-  ACTION_PKCS11_LIST,
-  ACTION_PKCS11_TOKENS,
-  ACTION_PKCS11_EXPORT_URL,
-  ACTION_PKCS11_WRITE_URL,
-  ACTION_PKCS11_DELETE_URL,
   ACTION_PUBKEY_INFO,
   ACTION_CERT_PUBKEY,
 };
@@ -39,37 +37,42 @@ enum
 #define TYPE_CRQ 2
 
 void certtool_version (void);
-void pkcs11_list (FILE * outfile, const char *url, int type,
-                 unsigned int login, unsigned int detailed);
-void pkcs11_export (FILE * outfile, const char *pkcs11_url,
-                   unsigned int login);
-void pkcs11_token_list (FILE * outfile, unsigned int detailed);
-void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
-                  int trusted, unsigned int login);
-void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
-                   unsigned int login);
-
-#define PKCS11_TYPE_CRT_ALL 1
-#define PKCS11_TYPE_TRUSTED 2
-#define PKCS11_TYPE_PK 3
-#define PKCS11_TYPE_ALL 4
-#define PKCS11_TYPE_PRIVKEY 5
-
-extern unsigned char buffer[];
-extern const int buffer_size;
 
 #include <gnutls/x509.h>
 #include <gnutls/abstract.h>
 
-gnutls_x509_privkey_t load_private_key (int mand);
-gnutls_x509_crq_t load_request (void);
-gnutls_x509_privkey_t load_ca_private_key (void);
-gnutls_x509_crt_t load_ca_cert (void);
-gnutls_x509_crt_t load_cert (int mand);
-gnutls_pubkey_t load_pubkey (int mand);
+typedef struct common_info {
+  const char* secret_key;
+  const char* privkey;
+  const char* pubkey;
+  int pkcs8;
+  int incert_format;
+  const char* cert;
+  
+  const char* request;
+  const char* ca;
+  const char* ca_privkey;
+} common_info_st;
+
+gnutls_x509_privkey_t load_private_key (int mand, common_info_st* info);
+gnutls_x509_crq_t load_request (common_info_st* info);
+gnutls_x509_privkey_t load_ca_private_key (common_info_st* info);
+gnutls_x509_crt_t load_ca_cert (common_info_st* info);
+gnutls_x509_crt_t load_cert (int mand, common_info_st* info);
+gnutls_datum* load_secret_key (int mand, common_info_st* info);
+gnutls_pubkey_t load_pubkey (int mand, common_info_st* info);
+gnutls_x509_crt_t *load_cert_list (int mand, size_t * size, common_info_st* info);
 
 /* returns the bits specified in cmd */
 int get_bits (gnutls_pk_algorithm_t);
 
 /* prime.c */
 int generate_prime (int how);
+
+FILE * safe_open_rw (const char *file, int privkey_op);
+
+extern unsigned char buffer[];
+extern const int buffer_size;
+
+
+#endif
index ec3dfc012ce6aca3ea86be505959924ae0513117..8ae957ace59ac55eb14da636b0aa2c15c94eb02d 100644 (file)
@@ -12,7 +12,6 @@
 #endif
 
 #include "certtool-common.h"
-#include <gnutls/pkcs11.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -180,20 +179,6 @@ void gaa_help(void)
        __gaa_helpsingle(0, "infile", "FILE ", "Input file.");
        __gaa_helpsingle(0, "template", "FILE ", "Template file to use for non interactive operation.");
        __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour).");
-       __gaa_helpsingle(0, "p11-provider", "Library ", "Specify the pkcs11 provider library");
-       __gaa_helpsingle(0, "p11-export-url", "URL ", "Export data specified a pkcs11 URL");
-       __gaa_helpsingle(0, "p11-list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL");
-       __gaa_helpsingle(0, "p11-list-privkeys", "", "List private keys specified by a PKCS#11 URL");
-       __gaa_helpsingle(0, "p11-list-trusted", "", "List certificates marked as trusted, specified by a PKCS#11 URL");
-       __gaa_helpsingle(0, "p11-list-all-certs", "", "List all certificates specified by a PKCS#11 URL");
-       __gaa_helpsingle(0, "p11-list-all", "", "List all objects specified by a PKCS#11 URL");
-       __gaa_helpsingle(0, "p11-list-tokens", "", "List all available tokens");
-       __gaa_helpsingle(0, "p11-login", "", "Force login to token");
-       __gaa_helpsingle(0, "p11-write", "URL ", "Writes loaded certificates or private keys to a PKCS11 token.");
-       __gaa_helpsingle(0, "p11-write-label", "label ", "Sets a label for the write operation.");
-       __gaa_helpsingle(0, "p11-write-trusted", "", "Marks the certificate to be imported as trusted.");
-       __gaa_helpsingle(0, "p11-detailed-url", "", "Export detailed URLs.");
-       __gaa_helpsingle(0, "p11-delete-url", "URL ", "Deletes objects matching the URL.");
        __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1.");
        __gaa_helpsingle('h', "help", "", "shows this help text");
        __gaa_helpsingle('v', "version", "", "shows the program's version");
@@ -211,71 +196,57 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 169 "certtool.gaa"
+#line 140 "certtool.gaa"
        int debug;
-#line 164 "certtool.gaa"
-       int pkcs11_detailed_url;
-#line 161 "certtool.gaa"
-       int pkcs11_trusted;
-#line 158 "certtool.gaa"
-       char* pkcs11_label;
-#line 155 "certtool.gaa"
-       int pkcs11_login;
-#line 147 "certtool.gaa"
-       int pkcs11_type;
-#line 144 "certtool.gaa"
-       char* pkcs11_url;
-#line 141 "certtool.gaa"
-       char* pkcs11_provider;
-#line 138 "certtool.gaa"
+#line 137 "certtool.gaa"
        char *pkcs_cipher;
-#line 135 "certtool.gaa"
+#line 134 "certtool.gaa"
        char *template;
-#line 132 "certtool.gaa"
+#line 131 "certtool.gaa"
        char *infile;
-#line 129 "certtool.gaa"
+#line 128 "certtool.gaa"
        char *outfile;
-#line 126 "certtool.gaa"
+#line 125 "certtool.gaa"
        int quick_random;
-#line 123 "certtool.gaa"
+#line 122 "certtool.gaa"
        char* sec_param;
-#line 120 "certtool.gaa"
+#line 119 "certtool.gaa"
        int bits;
-#line 116 "certtool.gaa"
+#line 115 "certtool.gaa"
        int outcert_format;
-#line 112 "certtool.gaa"
+#line 111 "certtool.gaa"
        int incert_format;
-#line 109 "certtool.gaa"
+#line 108 "certtool.gaa"
        int export;
-#line 106 "certtool.gaa"
+#line 105 "certtool.gaa"
        char *hash;
-#line 103 "certtool.gaa"
+#line 102 "certtool.gaa"
        int dsa;
-#line 100 "certtool.gaa"
+#line 99 "certtool.gaa"
        int pkcs8;
-#line 93 "certtool.gaa"
+#line 92 "certtool.gaa"
        int v1_cert;
-#line 90 "certtool.gaa"
+#line 89 "certtool.gaa"
        int fix_key;
-#line 73 "certtool.gaa"
+#line 72 "certtool.gaa"
        int crq_extensions;
-#line 58 "certtool.gaa"
+#line 57 "certtool.gaa"
        char *pass;
-#line 55 "certtool.gaa"
+#line 54 "certtool.gaa"
        char *ca;
-#line 52 "certtool.gaa"
+#line 51 "certtool.gaa"
        char *ca_privkey;
-#line 49 "certtool.gaa"
+#line 48 "certtool.gaa"
        char *cert;
-#line 46 "certtool.gaa"
+#line 45 "certtool.gaa"
        char *request;
-#line 43 "certtool.gaa"
+#line 42 "certtool.gaa"
        char *pubkey;
-#line 40 "certtool.gaa"
+#line 39 "certtool.gaa"
        char *privkey;
-#line 18 "certtool.gaa"
-       int action;
 #line 17 "certtool.gaa"
+       int action;
+#line 16 "certtool.gaa"
        int privkey_op;
 
 #line 114 "gaa.skel"
@@ -331,74 +302,60 @@ static int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           67
+#define GAA_NB_OPTION           53
 #define GAAOPTID_version       1
 #define GAAOPTID_help  2
 #define GAAOPTID_debug 3
-#define GAAOPTID_p11_delete_url        4
-#define GAAOPTID_p11_detailed_url      5
-#define GAAOPTID_p11_write_trusted     6
-#define GAAOPTID_p11_write_label       7
-#define GAAOPTID_p11_write     8
-#define GAAOPTID_p11_login     9
-#define GAAOPTID_p11_list_tokens       10
-#define GAAOPTID_p11_list_all  11
-#define GAAOPTID_p11_list_all_certs    12
-#define GAAOPTID_p11_list_trusted      13
-#define GAAOPTID_p11_list_privkeys     14
-#define GAAOPTID_p11_list_certs        15
-#define GAAOPTID_p11_export_url        16
-#define GAAOPTID_p11_provider  17
-#define GAAOPTID_pkcs_cipher   18
-#define GAAOPTID_template      19
-#define GAAOPTID_infile        20
-#define GAAOPTID_outfile       21
-#define GAAOPTID_disable_quick_random  22
-#define GAAOPTID_sec_param     23
-#define GAAOPTID_bits  24
-#define GAAOPTID_outraw        25
-#define GAAOPTID_outder        26
-#define GAAOPTID_inraw 27
-#define GAAOPTID_inder 28
-#define GAAOPTID_export_ciphers        29
-#define GAAOPTID_hash  30
-#define GAAOPTID_dsa   31
-#define GAAOPTID_pkcs8 32
-#define GAAOPTID_to_p8 33
-#define GAAOPTID_to_p12        34
-#define GAAOPTID_v1    35
-#define GAAOPTID_fix_key       36
-#define GAAOPTID_pubkey_info   37
-#define GAAOPTID_pgp_key_info  38
-#define GAAOPTID_key_info      39
-#define GAAOPTID_smime_to_p7   40
-#define GAAOPTID_p7_info       41
-#define GAAOPTID_p12_info      42
-#define GAAOPTID_no_crq_extensions     43
-#define GAAOPTID_crq_info      44
-#define GAAOPTID_crl_info      45
-#define GAAOPTID_pgp_ring_info 46
-#define GAAOPTID_pgp_certificate_info  47
-#define GAAOPTID_certificate_pubkey    48
-#define GAAOPTID_certificate_info      49
-#define GAAOPTID_password      50
-#define GAAOPTID_load_ca_certificate   51
-#define GAAOPTID_load_ca_privkey       52
-#define GAAOPTID_load_certificate      53
-#define GAAOPTID_load_request  54
-#define GAAOPTID_load_pubkey   55
-#define GAAOPTID_load_privkey  56
-#define GAAOPTID_get_dh_params 57
-#define GAAOPTID_generate_dh_params    58
-#define GAAOPTID_verify_crl    59
-#define GAAOPTID_verify_chain  60
-#define GAAOPTID_generate_request      61
-#define GAAOPTID_generate_privkey      62
-#define GAAOPTID_update_certificate    63
-#define GAAOPTID_generate_crl  64
-#define GAAOPTID_generate_proxy        65
-#define GAAOPTID_generate_certificate  66
-#define GAAOPTID_generate_self_signed  67
+#define GAAOPTID_pkcs_cipher   4
+#define GAAOPTID_template      5
+#define GAAOPTID_infile        6
+#define GAAOPTID_outfile       7
+#define GAAOPTID_disable_quick_random  8
+#define GAAOPTID_sec_param     9
+#define GAAOPTID_bits  10
+#define GAAOPTID_outraw        11
+#define GAAOPTID_outder        12
+#define GAAOPTID_inraw 13
+#define GAAOPTID_inder 14
+#define GAAOPTID_export_ciphers        15
+#define GAAOPTID_hash  16
+#define GAAOPTID_dsa   17
+#define GAAOPTID_pkcs8 18
+#define GAAOPTID_to_p8 19
+#define GAAOPTID_to_p12        20
+#define GAAOPTID_v1    21
+#define GAAOPTID_fix_key       22
+#define GAAOPTID_pubkey_info   23
+#define GAAOPTID_pgp_key_info  24
+#define GAAOPTID_key_info      25
+#define GAAOPTID_smime_to_p7   26
+#define GAAOPTID_p7_info       27
+#define GAAOPTID_p12_info      28
+#define GAAOPTID_no_crq_extensions     29
+#define GAAOPTID_crq_info      30
+#define GAAOPTID_crl_info      31
+#define GAAOPTID_pgp_ring_info 32
+#define GAAOPTID_pgp_certificate_info  33
+#define GAAOPTID_certificate_pubkey    34
+#define GAAOPTID_certificate_info      35
+#define GAAOPTID_password      36
+#define GAAOPTID_load_ca_certificate   37
+#define GAAOPTID_load_ca_privkey       38
+#define GAAOPTID_load_certificate      39
+#define GAAOPTID_load_request  40
+#define GAAOPTID_load_pubkey   41
+#define GAAOPTID_load_privkey  42
+#define GAAOPTID_get_dh_params 43
+#define GAAOPTID_generate_dh_params    44
+#define GAAOPTID_verify_crl    45
+#define GAAOPTID_verify_chain  46
+#define GAAOPTID_generate_request      47
+#define GAAOPTID_generate_privkey      48
+#define GAAOPTID_update_certificate    49
+#define GAAOPTID_generate_crl  50
+#define GAAOPTID_generate_proxy        51
+#define GAAOPTID_generate_certificate  52
+#define GAAOPTID_generate_self_signed  53
 
 #line 168 "gaa.skel"
 
@@ -591,36 +548,6 @@ struct GAAOPTION_debug
        int size1;
 };
 
-struct GAAOPTION_p11_delete_url 
-{
-       char* arg1;
-       int size1;
-};
-
-struct GAAOPTION_p11_write_label 
-{
-       char* arg1;
-       int size1;
-};
-
-struct GAAOPTION_p11_write 
-{
-       char* arg1;
-       int size1;
-};
-
-struct GAAOPTION_p11_export_url 
-{
-       char* arg1;
-       int size1;
-};
-
-struct GAAOPTION_p11_provider 
-{
-       char* arg1;
-       int size1;
-};
-
 struct GAAOPTION_pkcs_cipher 
 {
        char* arg1;
@@ -735,11 +662,6 @@ static int gaa_get_option_num(char *str, int status)
         {
         case GAA_LETTER_OPTION:
                        GAA_CHECK1STR("d", GAAOPTID_debug);
-                       GAA_CHECK1STR("", GAAOPTID_p11_delete_url);
-                       GAA_CHECK1STR("", GAAOPTID_p11_write_label);
-                       GAA_CHECK1STR("", GAAOPTID_p11_write);
-                       GAA_CHECK1STR("", GAAOPTID_p11_export_url);
-                       GAA_CHECK1STR("", GAAOPTID_p11_provider);
                        GAA_CHECK1STR("", GAAOPTID_pkcs_cipher);
                        GAA_CHECK1STR("", GAAOPTID_template);
                        GAA_CHECK1STR("", GAAOPTID_infile);
@@ -758,15 +680,6 @@ static int gaa_get_option_num(char *str, int status)
 #line 375 "gaa.skel"
                        GAA_CHECK1STR("v", GAAOPTID_version);
                        GAA_CHECK1STR("h", GAAOPTID_help);
-                       GAA_CHECK1STR("", GAAOPTID_p11_detailed_url);
-                       GAA_CHECK1STR("", GAAOPTID_p11_write_trusted);
-                       GAA_CHECK1STR("", GAAOPTID_p11_login);
-                       GAA_CHECK1STR("", GAAOPTID_p11_list_tokens);
-                       GAA_CHECK1STR("", GAAOPTID_p11_list_all);
-                       GAA_CHECK1STR("", GAAOPTID_p11_list_all_certs);
-                       GAA_CHECK1STR("", GAAOPTID_p11_list_trusted);
-                       GAA_CHECK1STR("", GAAOPTID_p11_list_privkeys);
-                       GAA_CHECK1STR("", GAAOPTID_p11_list_certs);
                        GAA_CHECK1STR("", GAAOPTID_disable_quick_random);
                        GAA_CHECK1STR("", GAAOPTID_outraw);
                        GAA_CHECK1STR("", GAAOPTID_outder);
@@ -810,20 +723,6 @@ static int gaa_get_option_num(char *str, int status)
                        GAA_CHECKSTR("version", GAAOPTID_version);
                        GAA_CHECKSTR("help", GAAOPTID_help);
                        GAA_CHECKSTR("debug", GAAOPTID_debug);
-                       GAA_CHECKSTR("p11-delete-url", GAAOPTID_p11_delete_url);
-                       GAA_CHECKSTR("p11-detailed-url", GAAOPTID_p11_detailed_url);
-                       GAA_CHECKSTR("p11-write-trusted", GAAOPTID_p11_write_trusted);
-                       GAA_CHECKSTR("p11-write-label", GAAOPTID_p11_write_label);
-                       GAA_CHECKSTR("p11-write", GAAOPTID_p11_write);
-                       GAA_CHECKSTR("p11-login", GAAOPTID_p11_login);
-                       GAA_CHECKSTR("p11-list-tokens", GAAOPTID_p11_list_tokens);
-                       GAA_CHECKSTR("p11-list-all", GAAOPTID_p11_list_all);
-                       GAA_CHECKSTR("p11-list-all-certs", GAAOPTID_p11_list_all_certs);
-                       GAA_CHECKSTR("p11-list-trusted", GAAOPTID_p11_list_trusted);
-                       GAA_CHECKSTR("p11-list-privkeys", GAAOPTID_p11_list_privkeys);
-                       GAA_CHECKSTR("p11-list-certs", GAAOPTID_p11_list_certs);
-                       GAA_CHECKSTR("p11-export-url", GAAOPTID_p11_export_url);
-                       GAA_CHECKSTR("p11-provider", GAAOPTID_p11_provider);
                        GAA_CHECKSTR("pkcs-cipher", GAAOPTID_pkcs_cipher);
                        GAA_CHECKSTR("template", GAAOPTID_template);
                        GAA_CHECKSTR("infile", GAAOPTID_infile);
@@ -887,11 +786,6 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     int OK = 0;
     int gaa_last_non_option;
        struct GAAOPTION_debug GAATMP_debug;
-       struct GAAOPTION_p11_delete_url GAATMP_p11_delete_url;
-       struct GAAOPTION_p11_write_label GAATMP_p11_write_label;
-       struct GAAOPTION_p11_write GAATMP_p11_write;
-       struct GAAOPTION_p11_export_url GAATMP_p11_export_url;
-       struct GAAOPTION_p11_provider GAATMP_p11_provider;
        struct GAAOPTION_pkcs_cipher GAATMP_pkcs_cipher;
        struct GAAOPTION_template GAATMP_template;
        struct GAAOPTION_infile GAATMP_infile;
@@ -928,14 +822,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
        case GAAOPTID_version:
        OK = 0;
-#line 174 "certtool.gaa"
+#line 145 "certtool.gaa"
 { certtool_version(); exit(0); ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_help:
        OK = 0;
-#line 172 "certtool.gaa"
+#line 143 "certtool.gaa"
 { gaa_help(); exit(0); ;};
 
                return GAA_OK;
@@ -945,122 +839,9 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
                gaa_index++;
-#line 170 "certtool.gaa"
+#line 141 "certtool.gaa"
 { gaaval->debug = GAATMP_debug.arg1 ;};
 
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_delete_url:
-       OK = 0;
-               GAA_TESTMOREARGS;
-               GAA_FILL(GAATMP_p11_delete_url.arg1, gaa_getstr, GAATMP_p11_delete_url.size1);
-               gaa_index++;
-#line 167 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_p11_delete_url.arg1; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_detailed_url:
-       OK = 0;
-#line 165 "certtool.gaa"
-{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_write_trusted:
-       OK = 0;
-#line 162 "certtool.gaa"
-{ gaaval->pkcs11_trusted = 1; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_write_label:
-       OK = 0;
-               GAA_TESTMOREARGS;
-               GAA_FILL(GAATMP_p11_write_label.arg1, gaa_getstr, GAATMP_p11_write_label.size1);
-               gaa_index++;
-#line 160 "certtool.gaa"
-{ gaaval->pkcs11_label = GAATMP_p11_write_label.arg1; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_write:
-       OK = 0;
-               GAA_TESTMOREARGS;
-               GAA_FILL(GAATMP_p11_write.arg1, gaa_getstr, GAATMP_p11_write.size1);
-               gaa_index++;
-#line 159 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_p11_write.arg1; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_login:
-       OK = 0;
-#line 156 "certtool.gaa"
-{ gaaval->pkcs11_login = 1; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_list_tokens:
-       OK = 0;
-#line 153 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_TOKENS; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_list_all:
-       OK = 0;
-#line 152 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_list_all_certs:
-       OK = 0;
-#line 151 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_list_trusted:
-       OK = 0;
-#line 150 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_list_privkeys:
-       OK = 0;
-#line 149 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_list_certs:
-       OK = 0;
-#line 148 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_export_url:
-       OK = 0;
-               GAA_TESTMOREARGS;
-               GAA_FILL(GAATMP_p11_export_url.arg1, gaa_getstr, GAATMP_p11_export_url.size1);
-               gaa_index++;
-#line 145 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url = GAATMP_p11_export_url.arg1; ;};
-
-               return GAA_OK;
-               break;
-       case GAAOPTID_p11_provider:
-       OK = 0;
-               GAA_TESTMOREARGS;
-               GAA_FILL(GAATMP_p11_provider.arg1, gaa_getstr, GAATMP_p11_provider.size1);
-               gaa_index++;
-#line 142 "certtool.gaa"
-{ gaaval->pkcs11_provider = GAATMP_p11_provider.arg1 ;};
-
                return GAA_OK;
                break;
        case GAAOPTID_pkcs_cipher:
@@ -1068,7 +849,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr, GAATMP_pkcs_cipher.size1);
                gaa_index++;
-#line 139 "certtool.gaa"
+#line 138 "certtool.gaa"
 { gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;};
 
                return GAA_OK;
@@ -1078,7 +859,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_template.arg1, gaa_getstr, GAATMP_template.size1);
                gaa_index++;
-#line 136 "certtool.gaa"
+#line 135 "certtool.gaa"
 { gaaval->template = GAATMP_template.arg1 ;};
 
                return GAA_OK;
@@ -1088,7 +869,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
                gaa_index++;
-#line 133 "certtool.gaa"
+#line 132 "certtool.gaa"
 { gaaval->infile = GAATMP_infile.arg1 ;};
 
                return GAA_OK;
@@ -1098,14 +879,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
                gaa_index++;
-#line 130 "certtool.gaa"
+#line 129 "certtool.gaa"
 { gaaval->outfile = GAATMP_outfile.arg1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_disable_quick_random:
        OK = 0;
-#line 127 "certtool.gaa"
+#line 126 "certtool.gaa"
 { gaaval->quick_random = 0; ;};
 
                return GAA_OK;
@@ -1115,7 +896,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr, GAATMP_sec_param.size1);
                gaa_index++;
-#line 124 "certtool.gaa"
+#line 123 "certtool.gaa"
 { gaaval->sec_param = GAATMP_sec_param.arg1 ;};
 
                return GAA_OK;
@@ -1125,42 +906,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
                gaa_index++;
-#line 121 "certtool.gaa"
+#line 120 "certtool.gaa"
 { gaaval->bits = GAATMP_bits.arg1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_outraw:
        OK = 0;
-#line 118 "certtool.gaa"
+#line 117 "certtool.gaa"
 { gaaval->outcert_format=1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_outder:
        OK = 0;
-#line 117 "certtool.gaa"
+#line 116 "certtool.gaa"
 { gaaval->outcert_format=1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_inraw:
        OK = 0;
-#line 114 "certtool.gaa"
+#line 113 "certtool.gaa"
 { gaaval->incert_format=1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_inder:
        OK = 0;
-#line 113 "certtool.gaa"
+#line 112 "certtool.gaa"
 { gaaval->incert_format=1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_export_ciphers:
        OK = 0;
-#line 110 "certtool.gaa"
+#line 109 "certtool.gaa"
 { gaaval->export=1 ;};
 
                return GAA_OK;
@@ -1170,140 +951,140 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1);
                gaa_index++;
-#line 107 "certtool.gaa"
+#line 106 "certtool.gaa"
 { gaaval->hash = GAATMP_hash.arg1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_dsa:
        OK = 0;
-#line 104 "certtool.gaa"
+#line 103 "certtool.gaa"
 { gaaval->dsa=1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_pkcs8:
        OK = 0;
-#line 101 "certtool.gaa"
+#line 100 "certtool.gaa"
 { gaaval->pkcs8=1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_to_p8:
        OK = 0;
-#line 98 "certtool.gaa"
+#line 97 "certtool.gaa"
 { gaaval->action = ACTION_GENERATE_PKCS8; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_to_p12:
        OK = 0;
-#line 96 "certtool.gaa"
+#line 95 "certtool.gaa"
 { gaaval->action = ACTION_TO_PKCS12; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_v1:
        OK = 0;
-#line 94 "certtool.gaa"
+#line 93 "certtool.gaa"
 { gaaval->v1_cert = 1; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_fix_key:
        OK = 0;
-#line 91 "certtool.gaa"
+#line 90 "certtool.gaa"
 { gaaval->privkey_op=1; gaaval->fix_key = 1; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_pubkey_info:
        OK = 0;
-#line 88 "certtool.gaa"
+#line 87 "certtool.gaa"
 { gaaval->action = ACTION_PUBKEY_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_pgp_key_info:
        OK = 0;
-#line 86 "certtool.gaa"
+#line 85 "certtool.gaa"
 { gaaval->privkey_op=1; gaaval->action = ACTION_PGP_PRIVKEY_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_key_info:
        OK = 0;
-#line 84 "certtool.gaa"
+#line 83 "certtool.gaa"
 { gaaval->privkey_op=1; gaaval->action = ACTION_PRIVKEY_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_smime_to_p7:
        OK = 0;
-#line 80 "certtool.gaa"
+#line 79 "certtool.gaa"
 { gaaval->action = ACTION_SMIME_TO_P7; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_p7_info:
        OK = 0;
-#line 78 "certtool.gaa"
+#line 77 "certtool.gaa"
 { gaaval->action = ACTION_P7_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_p12_info:
        OK = 0;
-#line 76 "certtool.gaa"
+#line 75 "certtool.gaa"
 { gaaval->action = ACTION_PKCS12_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_no_crq_extensions:
        OK = 0;
-#line 74 "certtool.gaa"
+#line 73 "certtool.gaa"
 { gaaval->crq_extensions = 0; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_crq_info:
        OK = 0;
-#line 71 "certtool.gaa"
+#line 70 "certtool.gaa"
 { gaaval->action = ACTION_REQUEST; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_crl_info:
        OK = 0;
-#line 69 "certtool.gaa"
+#line 68 "certtool.gaa"
 { gaaval->action = ACTION_CRL_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_pgp_ring_info:
        OK = 0;
-#line 67 "certtool.gaa"
+#line 66 "certtool.gaa"
 { gaaval->action = ACTION_RING_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_pgp_certificate_info:
        OK = 0;
-#line 65 "certtool.gaa"
+#line 64 "certtool.gaa"
 { gaaval->action = ACTION_PGP_INFO; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_certificate_pubkey:
        OK = 0;
-#line 63 "certtool.gaa"
+#line 62 "certtool.gaa"
 { gaaval->action = ACTION_CERT_PUBKEY; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_certificate_info:
        OK = 0;
-#line 61 "certtool.gaa"
+#line 60 "certtool.gaa"
 { gaaval->action = ACTION_CERT_INFO; ;};
 
                return GAA_OK;
@@ -1313,7 +1094,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_password.arg1, gaa_getstr, GAATMP_password.size1);
                gaa_index++;
-#line 59 "certtool.gaa"
+#line 58 "certtool.gaa"
 { gaaval->pass = GAATMP_password.arg1 ;};
 
                return GAA_OK;
@@ -1323,7 +1104,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_ca_certificate.arg1, gaa_getstr, GAATMP_load_ca_certificate.size1);
                gaa_index++;
-#line 56 "certtool.gaa"
+#line 55 "certtool.gaa"
 { gaaval->ca = GAATMP_load_ca_certificate.arg1 ;};
 
                return GAA_OK;
@@ -1333,7 +1114,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_ca_privkey.arg1, gaa_getstr, GAATMP_load_ca_privkey.size1);
                gaa_index++;
-#line 53 "certtool.gaa"
+#line 52 "certtool.gaa"
 { gaaval->ca_privkey = GAATMP_load_ca_privkey.arg1 ;};
 
                return GAA_OK;
@@ -1343,7 +1124,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1);
                gaa_index++;
-#line 50 "certtool.gaa"
+#line 49 "certtool.gaa"
 { gaaval->cert = GAATMP_load_certificate.arg1 ;};
 
                return GAA_OK;
@@ -1353,7 +1134,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_request.arg1, gaa_getstr, GAATMP_load_request.size1);
                gaa_index++;
-#line 47 "certtool.gaa"
+#line 46 "certtool.gaa"
 { gaaval->request = GAATMP_load_request.arg1 ;};
 
                return GAA_OK;
@@ -1363,7 +1144,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, GAATMP_load_pubkey.size1);
                gaa_index++;
-#line 44 "certtool.gaa"
+#line 43 "certtool.gaa"
 { gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
 
                return GAA_OK;
@@ -1373,84 +1154,84 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1);
                gaa_index++;
-#line 41 "certtool.gaa"
+#line 40 "certtool.gaa"
 { gaaval->privkey = GAATMP_load_privkey.arg1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_get_dh_params:
        OK = 0;
-#line 38 "certtool.gaa"
+#line 37 "certtool.gaa"
 { gaaval->action=ACTION_GET_DH; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_generate_dh_params:
        OK = 0;
-#line 37 "certtool.gaa"
+#line 36 "certtool.gaa"
 { gaaval->action=ACTION_GENERATE_DH; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_verify_crl:
        OK = 0;
-#line 35 "certtool.gaa"
+#line 34 "certtool.gaa"
 { gaaval->action=ACTION_VERIFY_CRL; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_verify_chain:
        OK = 0;
-#line 33 "certtool.gaa"
+#line 32 "certtool.gaa"
 { gaaval->action=ACTION_VERIFY_CHAIN; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_generate_request:
        OK = 0;
-#line 31 "certtool.gaa"
+#line 30 "certtool.gaa"
 { gaaval->action=ACTION_GENERATE_REQUEST; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_generate_privkey:
        OK = 0;
-#line 29 "certtool.gaa"
+#line 28 "certtool.gaa"
 { gaaval->privkey_op=1; gaaval->action=ACTION_GENERATE_PRIVKEY; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_update_certificate:
        OK = 0;
-#line 27 "certtool.gaa"
+#line 26 "certtool.gaa"
 { gaaval->action=ACTION_UPDATE_CERTIFICATE; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_generate_crl:
        OK = 0;
-#line 25 "certtool.gaa"
+#line 24 "certtool.gaa"
 { gaaval->action=ACTION_GENERATE_CRL; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_generate_proxy:
        OK = 0;
-#line 23 "certtool.gaa"
+#line 22 "certtool.gaa"
 { gaaval->action=ACTION_GENERATE_PROXY; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_generate_certificate:
        OK = 0;
-#line 21 "certtool.gaa"
+#line 20 "certtool.gaa"
 { gaaval->action=ACTION_GENERATE_CERTIFICATE; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_generate_self_signed:
        OK = 0;
-#line 19 "certtool.gaa"
+#line 18 "certtool.gaa"
 { gaaval->action=ACTION_SELF_SIGNED; ;};
 
                return GAA_OK;
@@ -1479,14 +1260,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 176 "certtool.gaa"
+#line 147 "certtool.gaa"
 { gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL;
        gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; 
        gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
        gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; 
-       gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
-       gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; 
-       gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; ;};
+       gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; ;};
 
     }
     inited = 1;
index 49cb22519f155bc7606e8a8b1e4600ffc9d96044..4e02a41dff245569a1e5c4935ed0dba22b4a0054 100644 (file)
@@ -8,71 +8,57 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 169 "certtool.gaa"
+#line 140 "certtool.gaa"
        int debug;
-#line 164 "certtool.gaa"
-       int pkcs11_detailed_url;
-#line 161 "certtool.gaa"
-       int pkcs11_trusted;
-#line 158 "certtool.gaa"
-       char* pkcs11_label;
-#line 155 "certtool.gaa"
-       int pkcs11_login;
-#line 147 "certtool.gaa"
-       int pkcs11_type;
-#line 144 "certtool.gaa"
-       char* pkcs11_url;
-#line 141 "certtool.gaa"
-       char* pkcs11_provider;
-#line 138 "certtool.gaa"
+#line 137 "certtool.gaa"
        char *pkcs_cipher;
-#line 135 "certtool.gaa"
+#line 134 "certtool.gaa"
        char *template;
-#line 132 "certtool.gaa"
+#line 131 "certtool.gaa"
        char *infile;
-#line 129 "certtool.gaa"
+#line 128 "certtool.gaa"
        char *outfile;
-#line 126 "certtool.gaa"
+#line 125 "certtool.gaa"
        int quick_random;
-#line 123 "certtool.gaa"
+#line 122 "certtool.gaa"
        char* sec_param;
-#line 120 "certtool.gaa"
+#line 119 "certtool.gaa"
        int bits;
-#line 116 "certtool.gaa"
+#line 115 "certtool.gaa"
        int outcert_format;
-#line 112 "certtool.gaa"
+#line 111 "certtool.gaa"
        int incert_format;
-#line 109 "certtool.gaa"
+#line 108 "certtool.gaa"
        int export;
-#line 106 "certtool.gaa"
+#line 105 "certtool.gaa"
        char *hash;
-#line 103 "certtool.gaa"
+#line 102 "certtool.gaa"
        int dsa;
-#line 100 "certtool.gaa"
+#line 99 "certtool.gaa"
        int pkcs8;
-#line 93 "certtool.gaa"
+#line 92 "certtool.gaa"
        int v1_cert;
-#line 90 "certtool.gaa"
+#line 89 "certtool.gaa"
        int fix_key;
-#line 73 "certtool.gaa"
+#line 72 "certtool.gaa"
        int crq_extensions;
-#line 58 "certtool.gaa"
+#line 57 "certtool.gaa"
        char *pass;
-#line 55 "certtool.gaa"
+#line 54 "certtool.gaa"
        char *ca;
-#line 52 "certtool.gaa"
+#line 51 "certtool.gaa"
        char *ca_privkey;
-#line 49 "certtool.gaa"
+#line 48 "certtool.gaa"
        char *cert;
-#line 46 "certtool.gaa"
+#line 45 "certtool.gaa"
        char *request;
-#line 43 "certtool.gaa"
+#line 42 "certtool.gaa"
        char *pubkey;
-#line 40 "certtool.gaa"
+#line 39 "certtool.gaa"
        char *privkey;
-#line 18 "certtool.gaa"
-       int action;
 #line 17 "certtool.gaa"
+       int action;
+#line 16 "certtool.gaa"
        int privkey_op;
 
 #line 114 "gaa.skel"
index a4376980086918b2da3017d65c2ff293467713f8..5669195a4808b38788a3879c4d9aa5c574a5c169 100644 (file)
@@ -56,21 +56,20 @@ void pkcs7_info (void);
 void crq_info (void);
 void smime_to_pkcs7 (void);
 void pkcs12_info (void);
-void generate_pkcs12 (void);
-void generate_pkcs8 (void);
+void generate_pkcs12 (common_info_st*);
+void generate_pkcs8 (common_info_st*);
 void verify_chain (void);
-void verify_crl (void);
-void pubkey_info (gnutls_x509_crt crt);
+void verify_crl (common_info_st* cinfo);
+void pubkey_info (gnutls_x509_crt crt, common_info_st*);
 void pgp_privkey_info (void);
 void pgp_ring_info (void);
-void certificate_info (int);
+void certificate_info (int, common_info_st*);
 void pgp_certificate_info (void);
 void crl_info (void);
 void privkey_info (void);
 static void gaa_parser (int argc, char **argv);
-void generate_self_signed (void);
-void generate_request (void);
-gnutls_x509_crt_t *load_cert_list (int mand, size_t * size);
+void generate_self_signed (common_info_st*);
+void generate_request (common_info_st* );
 static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
                                    unsigned int all);
 
@@ -85,8 +84,6 @@ gnutls_digest_algorithm_t default_dig;
  */
 int batch;
 
-unsigned char buffer[64 * 1024];
-const int buffer_size = sizeof (buffer);
 
 static void
 tls_log_func (int level, const char *str)
@@ -316,7 +313,7 @@ print_private_key (gnutls_x509_privkey_t key)
 
   if (!info.pkcs8)
     {
-      size = sizeof (buffer);
+      size = buffer_size;
       ret = gnutls_x509_privkey_export (key, info.outcert_format,
                                        buffer, &size);
       if (ret < 0)
@@ -335,7 +332,7 @@ print_private_key (gnutls_x509_privkey_t key)
       if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0')
        flags = GNUTLS_PKCS_PLAIN;
 
-      size = sizeof (buffer);
+      size = buffer_size;
       ret =
        gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass,
                                          flags, buffer, &size);
@@ -362,7 +359,7 @@ generate_private_key (void)
 
 static gnutls_x509_crt_t
 generate_certificate (gnutls_x509_privkey_t * ret_key,
-                     gnutls_x509_crt_t ca_crt, int proxy)
+                     gnutls_x509_crt_t ca_crt, int proxy, common_info_st* cinfo)
 {
   gnutls_x509_crt_t crt;
   gnutls_x509_privkey_t key = NULL;
@@ -378,12 +375,12 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
   if (ret < 0)
     error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
 
-  crq = load_request ();
+  crq = load_request (cinfo);
 
   if (crq == NULL)
     {
 
-      key = load_private_key (1);
+      key = load_private_key (1, cinfo);
 
       if (!batch)
        fprintf (stderr,
@@ -639,7 +636,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
 
       /* Subject Key ID.
        */
-      size = sizeof (buffer);
+      size = buffer_size;
       result = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size);
       if (result >= 0)
        {
@@ -653,12 +650,12 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
        */
       if (ca_crt != NULL)
        {
-         size = sizeof (buffer);
+         size = buffer_size;
          result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
                                                       &size, NULL);
          if (result < 0)
            {
-             size = sizeof (buffer);
+             size = buffer_size;
              result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
            }
          if (result >= 0)
@@ -688,7 +685,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
 }
 
 static gnutls_x509_crl_t
-generate_crl (gnutls_x509_crt_t ca_crt)
+generate_crl (gnutls_x509_crt_t ca_crt, common_info_st* cinfo)
 {
   gnutls_x509_crl_t crl;
   gnutls_x509_crt_t *crts;
@@ -701,7 +698,7 @@ generate_crl (gnutls_x509_crt_t ca_crt)
   if (result < 0)
     error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (result));
 
-  crts = load_cert_list (0, &size);
+  crts = load_cert_list (0, &size, cinfo);
 
   for (i = 0; i < size; i++)
     {
@@ -729,12 +726,12 @@ generate_crl (gnutls_x509_crt_t ca_crt)
    */
   if (ca_crt != NULL)
     {
-      size = sizeof (buffer);
+      size = buffer_size;
       result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
                                                   &size, NULL);
       if (result < 0)
        {
-         size = sizeof (buffer);
+         size = buffer_size;
          result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
        }
       if (result >= 0)
@@ -786,7 +783,7 @@ get_dig (gnutls_x509_crt crt)
 }
 
 void
-generate_self_signed (void)
+generate_self_signed (common_info_st* cinfo)
 {
   gnutls_x509_crt_t crt;
   gnutls_x509_privkey_t key;
@@ -796,10 +793,10 @@ generate_self_signed (void)
 
   fprintf (stderr, "Generating a self signed certificate...\n");
 
-  crt = generate_certificate (&key, NULL, 0);
+  crt = generate_certificate (&key, NULL, 0, cinfo);
 
   if (!key)
-    key = load_private_key (1);
+    key = load_private_key (1, cinfo);
 
   uri = get_crl_dist_point_url ();
   if (uri)
@@ -820,7 +817,7 @@ generate_self_signed (void)
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
 
-  size = sizeof (buffer);
+  size = buffer_size;
   result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -832,7 +829,7 @@ generate_self_signed (void)
 }
 
 static void
-generate_signed_certificate (void)
+generate_signed_certificate (common_info_st* cinfo)
 {
   gnutls_x509_crt_t crt;
   gnutls_x509_privkey_t key;
@@ -843,10 +840,10 @@ generate_signed_certificate (void)
 
   fprintf (stderr, "Generating a signed certificate...\n");
 
-  ca_key = load_ca_private_key ();
-  ca_crt = load_ca_cert ();
+  ca_key = load_ca_private_key (cinfo);
+  ca_crt = load_ca_cert (cinfo);
 
-  crt = generate_certificate (&key, ca_crt, 0);
+  crt = generate_certificate (&key, ca_crt, 0, cinfo);
 
   /* Copy the CRL distribution points.
    */
@@ -862,7 +859,7 @@ generate_signed_certificate (void)
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
 
-  size = sizeof (buffer);
+  size = buffer_size;
   result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -874,7 +871,7 @@ generate_signed_certificate (void)
 }
 
 static void
-generate_proxy_certificate (void)
+generate_proxy_certificate (common_info_st* cinfo)
 {
   gnutls_x509_crt_t crt, eecrt;
   gnutls_x509_privkey_t key, eekey;
@@ -883,10 +880,10 @@ generate_proxy_certificate (void)
 
   fprintf (stderr, "Generating a proxy certificate...\n");
 
-  eekey = load_ca_private_key ();
-  eecrt = load_cert (1);
+  eekey = load_ca_private_key (cinfo);
+  eecrt = load_cert (1, cinfo);
 
-  crt = generate_certificate (&key, eecrt, 1);
+  crt = generate_certificate (&key, eecrt, 1, cinfo);
 
   print_certificate_info (crt, stderr, 0);
 
@@ -896,7 +893,7 @@ generate_proxy_certificate (void)
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
 
-  size = sizeof (buffer);
+  size = buffer_size;
   result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -908,7 +905,7 @@ generate_proxy_certificate (void)
 }
 
 static void
-generate_signed_crl (void)
+generate_signed_crl (common_info_st* cinfo)
 {
   gnutls_x509_crl_t crl;
   int result;
@@ -917,9 +914,9 @@ generate_signed_crl (void)
 
   fprintf (stderr, "Generating a signed CRL...\n");
 
-  ca_key = load_ca_private_key ();
-  ca_crt = load_ca_cert ();
-  crl = generate_crl (ca_crt);
+  ca_key = load_ca_private_key (cinfo);
+  ca_crt = load_ca_cert (cinfo);
+  crl = generate_crl (ca_crt, cinfo);
 
   fprintf (stderr, "\n");
 
@@ -933,7 +930,7 @@ generate_signed_crl (void)
 }
 
 static void
-update_signed_certificate (void)
+update_signed_certificate (common_info_st* cinfo)
 {
   gnutls_x509_crt_t crt;
   size_t size;
@@ -945,9 +942,9 @@ update_signed_certificate (void)
 
   fprintf (stderr, "Generating a signed certificate...\n");
 
-  ca_key = load_ca_private_key ();
-  ca_crt = load_ca_cert ();
-  crt = load_cert (1);
+  ca_key = load_ca_private_key (cinfo);
+  ca_crt = load_ca_cert (cinfo);
+  crt = load_cert (1, cinfo);
 
   fprintf (stderr, "Activation/Expiration time.\n");
   gnutls_x509_crt_set_activation_time (crt, tim);
@@ -965,7 +962,7 @@ update_signed_certificate (void)
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
 
-  size = sizeof (buffer);
+  size = buffer_size;
   result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
   if (result < 0)
     error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -975,31 +972,11 @@ update_signed_certificate (void)
   gnutls_x509_crt_deinit (crt);
 }
 
-static FILE *
-safe_open_rw (const char *file)
-{
-  mode_t omask = 0;
-  FILE *fh;
-
-  if (info.privkey_op != 0)
-    {
-      omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
-    }
-
-  fh = fopen (file, "wb");
-
-  if (info.privkey_op != 0)
-    {
-      umask (omask);
-    }
-
-  return fh;
-}
-
 void
 gaa_parser (int argc, char **argv)
 {
   int ret;
+  common_info_st cinfo;
 
   if (gaa (argc, argv, &info) != -1)
     {
@@ -1010,7 +987,7 @@ gaa_parser (int argc, char **argv)
 
   if (info.outfile)
     {
-      outfile = safe_open_rw (info.outfile);
+      outfile = safe_open_rw (info.outfile, info.privkey_op);
       if (outfile == NULL)
        error (EXIT_FAILURE, errno, "%s", info.outfile);
     }
@@ -1076,49 +1053,38 @@ gaa_parser (int argc, char **argv)
   if ((ret = gnutls_global_init ()) < 0)
     error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
 
-  if (info.pkcs11_provider != NULL)
-    {
-      ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
-      if (ret < 0)
-       fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
-      else
-       {
-         ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
-         if (ret < 0)
-           error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
-                  gnutls_strerror (ret));
-       }
-    }
-  else
-    {
-      ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
-      if (ret < 0)
-       fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
-    }
-
-
   if ((ret = gnutls_global_init_extra ()) < 0)
     error (EXIT_FAILURE, 0, "global_init_extra: %s", gnutls_strerror (ret));
 
+  memset(&cinfo, 0, sizeof(cinfo));
+  cinfo.privkey = info.privkey;
+  cinfo.pubkey = info.pubkey;
+  cinfo.pkcs8 = info.pkcs8;
+  cinfo.incert_format = info.incert_format;
+  cinfo.cert = info.cert;
+  cinfo.request = info.request;
+  cinfo.ca = info.ca;
+  cinfo.ca_privkey = info.ca_privkey;
+
   switch (info.action)
     {
     case ACTION_SELF_SIGNED:
-      generate_self_signed ();
+      generate_self_signed (&cinfo);
       break;
     case ACTION_GENERATE_PRIVKEY:
       generate_private_key ();
       break;
     case ACTION_CERT_INFO:
-      certificate_info (0);
+      certificate_info (0, &cinfo);
       break;
     case ACTION_CERT_PUBKEY:
-      certificate_info (1);
+      certificate_info (1, &cinfo);
       break;
     case ACTION_GENERATE_REQUEST:
-      generate_request ();
+      generate_request (&cinfo);
       break;
     case ACTION_GENERATE_CERTIFICATE:
-      generate_signed_certificate ();
+      generate_signed_certificate (&cinfo);
       break;
     case ACTION_VERIFY_CHAIN:
       verify_chain ();
@@ -1127,13 +1093,13 @@ gaa_parser (int argc, char **argv)
       privkey_info ();
       break;
     case ACTION_PUBKEY_INFO:
-      pubkey_info (NULL);
+      pubkey_info (NULL, &cinfo);
       break;
     case ACTION_UPDATE_CERTIFICATE:
-      update_signed_certificate ();
+      update_signed_certificate (&cinfo);
       break;
     case ACTION_TO_PKCS12:
-      generate_pkcs12 ();
+      generate_pkcs12 (&cinfo);
       break;
     case ACTION_PKCS12_INFO:
       pkcs12_info ();
@@ -1151,36 +1117,19 @@ gaa_parser (int argc, char **argv)
       pkcs7_info ();
       break;
     case ACTION_GENERATE_CRL:
-      generate_signed_crl ();
+      generate_signed_crl (&cinfo);
       break;
     case ACTION_VERIFY_CRL:
-      verify_crl ();
+      verify_crl (&cinfo);
       break;
     case ACTION_SMIME_TO_P7:
       smime_to_pkcs7 ();
       break;
     case ACTION_GENERATE_PROXY:
-      generate_proxy_certificate ();
+      generate_proxy_certificate (&cinfo);
       break;
     case ACTION_GENERATE_PKCS8:
-      generate_pkcs8 ();
-      break;
-    case ACTION_PKCS11_LIST:
-      pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
-                  info.pkcs11_login, info.pkcs11_detailed_url);
-      break;
-    case ACTION_PKCS11_TOKENS:
-      pkcs11_token_list (outfile, info.pkcs11_detailed_url);
-      break;
-    case ACTION_PKCS11_EXPORT_URL:
-      pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login);
-      break;
-    case ACTION_PKCS11_WRITE_URL:
-      pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
-                   info.pkcs11_trusted, info.pkcs11_login);
-      break;
-    case ACTION_PKCS11_DELETE_URL:
-      pkcs11_delete (outfile, info.pkcs11_url, batch, info.pkcs11_login);
+      generate_pkcs8 (&cinfo);
       break;
 #ifdef ENABLE_OPENPGP
     case ACTION_PGP_INFO:
@@ -1208,7 +1157,7 @@ gaa_parser (int argc, char **argv)
 
 #define MAX_CRTS 500
 void
-certificate_info (int pubkey)
+certificate_info (int pubkey, common_info_st* cinfo)
 {
   gnutls_x509_crt_t crt[MAX_CRTS];
   size_t size;
@@ -1253,7 +1202,7 @@ certificate_info (int pubkey)
       if (info.outcert_format == GNUTLS_X509_FMT_PEM)
        print_certificate_info (crt[i], outfile, 1);
 
-      size = sizeof (buffer);
+      size = buffer_size;
       ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer,
                                    &size);
       if (ret < 0)
@@ -1262,7 +1211,7 @@ certificate_info (int pubkey)
       fwrite (buffer, 1, size, outfile);
 
       if (pubkey)
-       pubkey_info (crt[i]);
+       pubkey_info (crt[i], cinfo);
 
       gnutls_x509_crt_deinit (crt[i]);
     }
@@ -1322,7 +1271,7 @@ pgp_certificate_info (void)
               verify_status);
     }
 
-  size = sizeof (buffer);
+  size = buffer_size;
   ret = gnutls_openpgp_crt_export (crt, info.outcert_format, buffer, &size);
   if (ret < 0)
     {
@@ -1344,7 +1293,7 @@ pgp_privkey_info (void)
   gnutls_datum_t pem;
   const char *cprint;
 
-  size = fread (buffer, 1, sizeof (buffer) - 1, infile);
+  size = fread (buffer, 1, buffer_size - 1, infile);
   buffer[size] = 0;
 
   gnutls_openpgp_privkey_init (&key);
@@ -1428,7 +1377,7 @@ pgp_privkey_info (void)
 
       fprintf (outfile, "\n");
 
-      size = sizeof (buffer);
+      size = buffer_size;
       if (i == -1)
        ret = gnutls_openpgp_privkey_get_key_id (key, keyid);
       else
@@ -1446,7 +1395,7 @@ pgp_privkey_info (void)
 
     }
 
-  size = sizeof (buffer);
+  size = buffer_size;
   ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64,
                                       NULL, 0, buffer, &size);
   if (ret < 0)
@@ -1493,7 +1442,7 @@ pgp_ring_info (void)
       if (ret < 0)
        error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
 
-      size = sizeof (buffer);
+      size = buffer_size;
       ret = gnutls_openpgp_crt_export (crt, info.outcert_format,
                                       buffer, &size);
       if (ret < 0)
@@ -1567,7 +1516,7 @@ print_crl_info (gnutls_x509_crl_t crl, FILE * out)
 
   gnutls_free (cinfo.data);
 
-  size = sizeof (buffer);
+  size = buffer_size;
   ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "crl_export: %s", gnutls_strerror (ret));
@@ -1623,7 +1572,7 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out)
       gnutls_free (cinfo.data);
     }
 
-  size = sizeof (buffer);
+  size = buffer_size;
   ret = gnutls_x509_crq_export (crq, info.outcert_format, buffer, &size);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "crq_export: %s", gnutls_strerror (ret));
@@ -1671,7 +1620,7 @@ privkey_info (void)
   const char *cprint;
   const char *pass;
 
-  size = fread (buffer, 1, sizeof (buffer) - 1, infile);
+  size = fread (buffer, 1, buffer_size - 1, infile);
   buffer[size] = 0;
 
   gnutls_x509_privkey_init (&key);
@@ -1753,7 +1702,7 @@ privkey_info (void)
 
   fprintf (outfile, "\n");
 
-  size = sizeof (buffer);
+  size = buffer_size;
   if ((ret = gnutls_x509_privkey_get_key_id (key, 0, buffer, &size)) < 0)
     {
       fprintf (stderr, "Error in key id calculation: %s\n",
@@ -1771,7 +1720,7 @@ privkey_info (void)
        error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret));
     }
 
-  size = sizeof (buffer);
+  size = buffer_size;
   ret = gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &size);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
@@ -1781,308 +1730,11 @@ privkey_info (void)
   gnutls_x509_privkey_deinit (key);
 }
 
-/* Load a public key.
- * @mand should be non zero if it is required to read a public key.
- */
-gnutls_pubkey_t
-load_pubkey (int mand)
-{
-  gnutls_pubkey_t key;
-  int ret;
-  gnutls_datum_t dat;
-  size_t size;
-
-  if (!info.pubkey && !mand)
-    return NULL;
-
-  if (info.pubkey == NULL)
-    error (EXIT_FAILURE, 0, "missing --load-pubkey");
-
-  ret = gnutls_pubkey_init (&key);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
-  dat.data = read_binary_file (info.pubkey, &size);
-  dat.size = size;
-
-  if (!dat.data)
-    error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info.pubkey);
-
-  ret = gnutls_pubkey_import (key, &dat, info.incert_format);
-
-  free (dat.data);
-
-  if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
-    {
-      error (EXIT_FAILURE, 0,
-            "import error: could not find a valid PEM header; "
-            "check if your key has the PUBLIC KEY header");
-    }
-
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
-          info.pubkey, gnutls_strerror (ret));
-
-  return key;
-}
-
-
-/* Load the private key.
- * @mand should be non zero if it is required to read a private key.
- */
-gnutls_x509_privkey_t
-load_private_key (int mand)
-{
-  gnutls_x509_privkey_t key;
-  int ret;
-  gnutls_datum_t dat;
-  size_t size;
-
-  if (!info.privkey && !mand)
-    return NULL;
-
-  if (info.privkey == NULL)
-    error (EXIT_FAILURE, 0, "missing --load-privkey");
-
-  ret = gnutls_x509_privkey_init (&key);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
-  dat.data = read_binary_file (info.privkey, &size);
-  dat.size = size;
-
-  if (!dat.data)
-    error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info.privkey);
-
-  if (info.pkcs8)
-    {
-      const char *pass = get_pass ();
-      ret =
-       gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
-                                         pass, 0);
-    }
-  else
-    ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
-
-  free (dat.data);
-
-  if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
-    {
-      error (EXIT_FAILURE, 0,
-            "import error: could not find a valid PEM header; "
-            "check if your key is PKCS #8 or PKCS #12 encoded");
-    }
-
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
-          info.privkey, gnutls_strerror (ret));
-
-  return key;
-}
-
-/* Load the Certificate Request.
- */
-gnutls_x509_crq_t
-load_request (void)
-{
-  gnutls_x509_crq_t crq;
-  int ret;
-  gnutls_datum_t dat;
-  size_t size;
-
-  if (!info.request)
-    return NULL;
-
-  ret = gnutls_x509_crq_init (&crq);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
-
-  dat.data = read_binary_file (info.request, &size);
-  dat.size = size;
-
-  if (!dat.data)
-    error (EXIT_FAILURE, errno, "reading --load-request: %s", info.request);
-
-  ret = gnutls_x509_crq_import (crq, &dat, info.incert_format);
-  if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
-    {
-      error (EXIT_FAILURE, 0,
-            "import error: could not find a valid PEM header");
-    }
-
-  free (dat.data);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
-          info.request, gnutls_strerror (ret));
-
-  return crq;
-}
-
-/* Load the CA's private key.
- */
-gnutls_x509_privkey_t
-load_ca_private_key (void)
-{
-  gnutls_x509_privkey_t key;
-  int ret;
-  gnutls_datum_t dat;
-  size_t size;
-
-  if (info.ca_privkey == NULL)
-    error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
-
-  ret = gnutls_x509_privkey_init (&key);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
-  dat.data = read_binary_file (info.ca_privkey, &size);
-  dat.size = size;
-
-  if (!dat.data)
-    error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
-          info.ca_privkey);
-
-  if (info.pkcs8)
-    {
-      const char *pass = get_pass ();
-      ret =
-       gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
-                                         pass, 0);
-    }
-  else
-    ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
-  free (dat.data);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
-          info.ca_privkey, gnutls_strerror (ret));
-
-  return key;
-}
-
-/* Loads the CA's certificate
- */
-gnutls_x509_crt_t
-load_ca_cert (void)
-{
-  gnutls_x509_crt_t crt;
-  int ret;
-  gnutls_datum_t dat;
-  size_t size;
-
-  if (info.ca == NULL)
-    error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
-
-  ret = gnutls_x509_crt_init (&crt);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-
-  dat.data = read_binary_file (info.ca, &size);
-  dat.size = size;
-
-  if (!dat.data)
-    error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info.ca);
-
-  ret = gnutls_x509_crt_import (crt, &dat, info.incert_format);
-  free (dat.data);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
-          info.ca, gnutls_strerror (ret));
-
-  return crt;
-}
-
-/* Loads the certificate
- * If mand is non zero then a certificate is mandatory. Otherwise
- * null will be returned if the certificate loading fails.
- */
-gnutls_x509_crt_t
-load_cert (int mand)
-{
-  gnutls_x509_crt_t *crt;
-  size_t size;
-
-  crt = load_cert_list (mand, &size);
-
-  return crt ? crt[0] : NULL;
-}
-
-#define MAX_CERTS 256
-
-/* Loads a certificate list
- */
-gnutls_x509_crt_t *
-load_cert_list (int mand, size_t * crt_size)
-{
-  FILE *fd;
-  static gnutls_x509_crt_t crt[MAX_CERTS];
-  char *ptr;
-  int ret, i;
-  gnutls_datum_t dat;
-  size_t size;
-  int ptr_size;
-
-  *crt_size = 0;
-  fprintf (stderr, "Loading certificate list...\n");
-
-  if (info.cert == NULL)
-    {
-      if (mand)
-       error (EXIT_FAILURE, 0, "missing --load-certificate");
-      else
-       return NULL;
-    }
-
-  fd = fopen (info.cert, "r");
-  if (fd == NULL)
-    error (EXIT_FAILURE, errno, "%s", info.cert);
-
-  size = fread (buffer, 1, sizeof (buffer) - 1, fd);
-  buffer[size] = 0;
-
-  fclose (fd);
-
-  ptr = buffer;
-  ptr_size = size;
-
-  for (i = 0; i < MAX_CERTS; i++)
-    {
-      ret = gnutls_x509_crt_init (&crt[i]);
-      if (ret < 0)
-       error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-
-      dat.data = ptr;
-      dat.size = ptr_size;
-
-      ret = gnutls_x509_crt_import (crt[i], &dat, info.incert_format);
-      if (ret < 0 && *crt_size > 0)
-       break;
-      if (ret < 0)
-       error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
-
-      ptr = strstr (ptr, "---END");
-      if (ptr == NULL)
-       break;
-      ptr++;
-
-      ptr_size = size;
-      ptr_size -=
-       (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
-
-      if (ptr_size < 0)
-       break;
-
-      (*crt_size)++;
-    }
-  fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
-
-  return crt;
-}
-
 
 /* Generate a PKCS #10 certificate request.
  */
 void
-generate_request (void)
+generate_request (common_info_st* cinfo)
 {
   gnutls_x509_crq_t crq;
   gnutls_x509_privkey_t key;
@@ -2098,7 +1750,7 @@ generate_request (void)
 
   /* Load the private key.
    */
-  key = load_private_key (0);
+  key = load_private_key (0, cinfo);
   if (!key)
     {
       key = generate_private_key_int ();
@@ -2583,7 +2235,7 @@ verify_chain (void)
 }
 
 void
-verify_crl (void)
+verify_crl (common_info_st* cinfo)
 {
   size_t size, dn_size;
   char dn[128];
@@ -2595,7 +2247,7 @@ verify_crl (void)
   time_t now = time (0);
   gnutls_x509_crt_t issuer;
 
-  issuer = load_ca_cert ();
+  issuer = load_ca_cert (cinfo);
 
   fprintf (outfile, "\nCA certificate:\n");
 
@@ -2676,7 +2328,7 @@ verify_crl (void)
 
 
 void
-generate_pkcs8 (void)
+generate_pkcs8 (common_info_st* cinfo)
 {
   gnutls_x509_privkey_t key;
   int result;
@@ -2686,7 +2338,7 @@ generate_pkcs8 (void)
 
   fprintf (stderr, "Generating a PKCS #8 key structure...\n");
 
-  key = load_private_key (1);
+  key = load_private_key (1, cinfo);
 
   if (info.pass)
     password = info.pass;
@@ -2703,7 +2355,7 @@ generate_pkcs8 (void)
       flags = GNUTLS_PKCS_PLAIN;
     }
 
-  size = sizeof (buffer);
+  size = buffer_size;
   result =
     gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format,
                                      password, flags, buffer, &size);
@@ -2720,7 +2372,7 @@ generate_pkcs8 (void)
 #include <unistd.h>
 
 void
-generate_pkcs12 (void)
+generate_pkcs12 (common_info_st* cinfo)
 {
   gnutls_pkcs12_t pkcs12;
   gnutls_x509_crt_t *crts;
@@ -2738,8 +2390,8 @@ generate_pkcs12 (void)
 
   fprintf (stderr, "Generating a PKCS #12 structure...\n");
 
-  key = load_private_key (0);
-  crts = load_cert_list (0, &ncrts);
+  key = load_private_key (0, cinfo);
+  crts = load_cert_list (0, &ncrts, cinfo);
 
   name = get_pkcs12_key_name ();
 
@@ -2813,7 +2465,7 @@ generate_pkcs12 (void)
       else
        flags = cipher_to_flags (info.pkcs_cipher);
 
-      size = sizeof (buffer);
+      size = buffer_size;
       result =
        gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER,
                                          pass, flags, buffer, &size);
@@ -2857,7 +2509,7 @@ generate_pkcs12 (void)
   if (result < 0)
     error (EXIT_FAILURE, 0, "generate_mac: %s", gnutls_strerror (result));
 
-  size = sizeof (buffer);
+  size = buffer_size;
   result = gnutls_pkcs12_export (pkcs12, info.outcert_format, buffer, &size);
   if (result < 0)
     error (EXIT_FAILURE, 0, "pkcs12_export: %s", gnutls_strerror (result));
@@ -3076,7 +2728,7 @@ pkcs7_info (void)
     {
       fputs ("\n", outfile);
 
-      size = sizeof (buffer);
+      size = buffer_size;
       result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, buffer, &size);
       if (result < 0)
        break;
@@ -3107,7 +2759,7 @@ pkcs7_info (void)
     {
       fputs ("\n", outfile);
 
-      size = sizeof (buffer);
+      size = buffer_size;
       result = gnutls_pkcs7_get_crl_raw (pkcs7, indx, buffer, &size);
       if (result < 0)
        break;
@@ -3227,7 +2879,7 @@ print_key_usage (FILE * outfile, unsigned int usage)
 }
 
 void
-pubkey_info (gnutls_x509_crt crt)
+pubkey_info (gnutls_x509_crt crt, common_info_st* cinfo)
 {
   gnutls_pubkey_t pubkey;
   unsigned int bits, usage;
@@ -3243,7 +2895,7 @@ pubkey_info (gnutls_x509_crt crt)
 
   if (crt == NULL)
     {
-      crt = load_cert (0);
+      crt = load_cert (0, cinfo);
     }
 
   if (crt != NULL)
@@ -3257,7 +2909,7 @@ pubkey_info (gnutls_x509_crt crt)
     }
   else
     {
-      pubkey = load_pubkey (1);
+      pubkey = load_pubkey (1, cinfo);
     }
 
   fprintf (outfile, "Public Key Info:\n\n");
@@ -3315,7 +2967,7 @@ pubkey_info (gnutls_x509_crt crt)
 
   fprintf (outfile, "\n");
 
-  size = sizeof (buffer);
+  size = buffer_size;
   if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0)
     {
       fprintf (stderr, "Error in key id calculation: %s\n",
@@ -3326,7 +2978,7 @@ pubkey_info (gnutls_x509_crt crt)
       fprintf (outfile, "Public Key ID: %s\n", raw_to_string (buffer, size));
     }
 
-  size = sizeof (buffer);
+  size = buffer_size;
   ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
index 6b1be3d98f28f908d14c6999bce8d12162eb358f..e3e9f1c62061d8e8710df16ef37982546a41cd03 100644 (file)
@@ -8,7 +8,6 @@
 #endif
 
 #include "certtool-common.h"
-#include <gnutls/pkcs11.h>
 
 #}
 
@@ -138,34 +137,6 @@ option (template) STR "FILE" { $template = $1 } "Template file to use for non in
 #char *pkcs_cipher;
 option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."
 
-#char* pkcs11_provider;
-option (p11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library"
-
-#char* pkcs11_url;
-option (p11-export-url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Export data specified a pkcs11 URL"
-
-#int pkcs11_type;
-option (p11-list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL"
-option (p11-list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL"
-option (p11-list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL"
-option (p11-list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL"
-option (p11-list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
-option (p11-list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens"
-
-#int pkcs11_login;
-option (p11-login) { $pkcs11_login = 1; } "Force login to token"
-
-#char* pkcs11_label;
-option (p11-write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates or private keys to a PKCS11 token."
-option (p11-write-label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation."
-#int pkcs11_trusted;
-option (p11-write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted."
-
-#int pkcs11_detailed_url;
-option (p11-detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs."
-
-option (p11-delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL."
-
 #int debug;
 option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1."
 
@@ -177,6 +148,4 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL;
        $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; 
        $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0;
        $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; 
-       $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $pkcs11_provider= NULL;
-       $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; 
-       $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; $pkcs11_detailed_url = 0; }
+       $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; }
diff --git a/src/p11tool-gaa.c b/src/p11tool-gaa.c
new file mode 100644 (file)
index 0000000..f29d25d
--- /dev/null
@@ -0,0 +1,1147 @@
+/* File generated by GAA 1.6.6
+ */
+#define GAA_NO_WIN32
+#line 1 "p11tool.gaa"
+
+
+/* C declarations */
+
+#include <config.h>
+#ifdef _WIN32
+# include <io.h>
+#endif
+
+#include "certtool-common.h"
+#include "p11tool.h"
+#include <gnutls/pkcs11.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifndef GAA_NO_WIN32
+#if defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(WINDOWS)
+#define GAA_WIN32
+#endif
+#endif
+
+static void* gaa_malloc( size_t size) {
+void* ret;
+       ret = malloc(size);
+       if (ret==NULL) {
+               fprintf(stderr, "gaa: could not allocate memory");
+               exit(1);
+       }
+       return ret;
+}
+
+static void __gaa_helpsingle(char short_name, char *name, 
+       char *arg_desc, char *opt_help)
+{
+     int col1, col3, col4, tabsize = 3, curr;
+     int i;
+
+     col1 = 5; /* Default values */
+     col3 = 30;
+     col4 = 70;
+
+     curr = 0;
+     for(i = 0; i < col1; i++)
+        {
+        printf(" ");
+        curr++;
+        }
+     if(short_name)
+        {
+        if(name && *name)
+          {
+            printf("-%c, ", short_name);
+            curr += 4;
+          }
+        else
+          {
+            printf("-%c ", short_name);
+            curr += 3;
+          }
+        }
+     if(name && *name)
+        {
+          printf("--%s ", name);
+          curr += 3 + strlen(name);
+        }
+     if(arg_desc && *arg_desc)
+        {
+          printf("%s ", arg_desc);
+          curr += 1 + strlen(arg_desc);
+        }
+     if(curr >= col3)
+        {
+          printf("\n");
+          curr = 0;
+        }
+     if(opt_help) /* let's print the option's help body */
+        {
+        const char *str = opt_help;
+        while(*str)
+          {
+             while(curr < col3)
+               {
+                 printf(" ");
+                 curr++;
+               }
+             switch(*str)
+               {
+                 case '\n':
+                     printf("\n");
+                     curr = 0;
+                     break;
+                 case '\t':
+                     do
+                        {
+                        printf(" ");
+                        curr++;
+                        }
+                     while((curr - col3) % tabsize != 0 && curr < col4);
+                 case ' ':
+                     if(*str == ' ')
+                        {
+                        curr++;
+                        printf(" ");
+                        }
+                     for(i = 1; str[i] && str[i] != ' ' && str[i] != '\n'
+                        && str[i] != '\t'; i++);
+                     if(curr + i - 1 >= col4)
+                        curr = col4;
+                     break;
+                default:
+                     printf("%c", *str);
+                     curr++;
+               }
+             if(curr >= col4)
+               {
+                 printf("\n");
+                 curr = 0;
+               }
+             str++;
+          }
+        }
+     printf("\n");
+}
+
+void gaa_help(void)
+{
+       printf("p11tool help\nUsage: p11tool [options]\n");
+       printf("Usage: p11tool --list-tokens\n");
+       printf("Usage: p11tool --list-all\n");
+       printf("Usage: p11tool --url 'pkcs11:...'\n\n");
+       __gaa_helpsingle(0, "url", "URL ", "Specify a pkcs11 URL");
+       __gaa_helpsingle(0, "list-tokens", "", "List all available tokens");
+       __gaa_helpsingle(0, "list-all", "", "List all objects specified by a PKCS#11 URL");
+       __gaa_helpsingle(0, "list-all-certs", "", "List all certificates specified by a PKCS#11 URL");
+       __gaa_helpsingle(0, "list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL");
+       __gaa_helpsingle(0, "list-privkeys", "", "List private keys specified by a PKCS#11 URL");
+       __gaa_helpsingle(0, "list-trusted", "", "List certificates marked as trusted, specified by a PKCS#11 URL");
+       __gaa_helpsingle(0, "initialize", "URL ", "Initializes a PKCS11 token.");
+       __gaa_helpsingle(0, "write", "URL ", "Writes loaded certificates, private or secret keys to a PKCS11 token.");
+       __gaa_helpsingle(0, "secret-key", "HEX_KEY ", "Provide a hex encoded secret key.");
+       __gaa_helpsingle(0, "label", "label ", "Sets a label for the write operation.");
+       __gaa_helpsingle(0, "write-trusted", "", "Marks the certificate to be imported as trusted.");
+       __gaa_helpsingle(0, "login", "", "Force login to token");
+       __gaa_helpsingle(0, "detailed-url", "", "Export detailed URLs.");
+       __gaa_helpsingle(0, "delete-url", "URL ", "Deletes objects matching the URL.");
+       __gaa_helpsingle(0, "load-privkey", "FILE ", "Private key file to use.");
+       __gaa_helpsingle(0, "load-pubkey", "FILE ", "Private key file to use.");
+       __gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to use.");
+       __gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys.");
+       __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys.");
+       __gaa_helpsingle(0, "inraw", "", "Use RAW/DER format for input certificates and private keys.");
+       __gaa_helpsingle(0, "provider", "Library ", "Specify the pkcs11 provider library");
+       __gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
+       __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1.");
+       __gaa_helpsingle('h', "help", "", "shows this help text");
+
+#line 100 "gaa.skel"
+}
+/* Copy of C area */
+
+#line 104 "gaa.skel"
+/* GAA HEADER */
+#ifndef GAA_HEADER_POKY
+#define GAA_HEADER_POKY
+
+typedef struct _gaainfo gaainfo;
+
+struct _gaainfo
+{
+#line 75 "p11tool.gaa"
+       int debug;
+#line 70 "p11tool.gaa"
+       char *outfile;
+#line 67 "p11tool.gaa"
+       int action;
+#line 66 "p11tool.gaa"
+       char* pkcs11_provider;
+#line 62 "p11tool.gaa"
+       int incert_format;
+#line 59 "p11tool.gaa"
+       int pkcs8;
+#line 56 "p11tool.gaa"
+       char *cert;
+#line 53 "p11tool.gaa"
+       char *pubkey;
+#line 50 "p11tool.gaa"
+       char *privkey;
+#line 45 "p11tool.gaa"
+       int pkcs11_detailed_url;
+#line 42 "p11tool.gaa"
+       int pkcs11_login;
+#line 39 "p11tool.gaa"
+       int pkcs11_trusted;
+#line 36 "p11tool.gaa"
+       char* secret_key;
+#line 32 "p11tool.gaa"
+       char* pkcs11_label;
+#line 24 "p11tool.gaa"
+       int pkcs11_type;
+#line 21 "p11tool.gaa"
+       char* pkcs11_url;
+
+#line 114 "gaa.skel"
+};
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+    int gaa(int argc, char *argv[], gaainfo *gaaval);
+
+    void gaa_help(void);
+    
+    int gaa_file(const char *name, gaainfo *gaaval);
+    
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif
+
+#line 135 "gaa.skel"
+
+/* C declarations */
+
+#define GAAERROR(x)    \
+{                   \
+gaa_error = 1;      \
+return x;        \
+}
+
+static char *gaa_current_option;
+static int gaa_error = 0;
+
+/* Generated by gaa */
+
+#include <string.h>
+#include <stdlib.h>
+
+
+#define GAA_OK                       -1
+
+#define GAA_ERROR_NOMATCH            0
+#define GAA_ERROR_NOTENOUGH_ARGS     1
+#define GAA_ERROR_INVALID_ARG        2
+#define GAA_ERROR_UNKNOWN            3
+
+#define GAA_NOT_AN_OPTION       0
+#define GAA_WORD_OPTION         1
+#define GAA_LETTER_OPTION       2
+#define GAA_MULTIPLE_OPTION     3
+
+#define GAA_REST                0
+#define GAA_NB_OPTION           25
+#define GAAOPTID_help  1
+#define GAAOPTID_debug 2
+#define GAAOPTID_outfile       3
+#define GAAOPTID_provider      4
+#define GAAOPTID_inraw 5
+#define GAAOPTID_inder 6
+#define GAAOPTID_pkcs8 7
+#define GAAOPTID_load_certificate      8
+#define GAAOPTID_load_pubkey   9
+#define GAAOPTID_load_privkey  10
+#define GAAOPTID_delete_url    11
+#define GAAOPTID_detailed_url  12
+#define GAAOPTID_login 13
+#define GAAOPTID_write_trusted 14
+#define GAAOPTID_label 15
+#define GAAOPTID_secret_key    16
+#define GAAOPTID_write 17
+#define GAAOPTID_initialize    18
+#define GAAOPTID_list_trusted  19
+#define GAAOPTID_list_privkeys 20
+#define GAAOPTID_list_certs    21
+#define GAAOPTID_list_all_certs        22
+#define GAAOPTID_list_all      23
+#define GAAOPTID_list_tokens   24
+#define GAAOPTID_url   25
+
+#line 168 "gaa.skel"
+
+#define GAA_CHECK1STR(a,b)      \
+if(a[0] == str[0])              \
+{                               \
+    gaa_current_option = a;     \
+    return b;                   \
+}
+
+#define GAA_CHECKSTR(a,b)                \
+if(strcmp(a,str) == 0)                   \
+{                                        \
+    gaa_current_option = a;              \
+    return b;                            \
+}
+
+#define GAA_TESTMOREARGS                                                  \
+if(!OK)                                                                     \
+{                                  \
+while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \
+    gaa_index++;                                                            \
+if(gaa_last_non_option == gaa_index)                                        \
+    return GAA_ERROR_NOTENOUGH_ARGS; \
+}
+
+#define GAA_TESTMOREOPTIONALARGS                                                  \
+if(!OK) \
+{ \
+while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \
+    gaa_index++;                                                            \
+if(gaa_last_non_option == gaa_index)                                        \
+    OK = 1; \
+}
+
+#define GAA_FILL_2ARGS(target, func)           \
+target = func(GAAargv[gaa_index]);       \
+gaa_arg_used[gaa_index] = 1;             \
+if(gaa_error == 1)                       \
+{                                        \
+    gaa_error = 0;                       \
+    return GAA_ERROR_INVALID_ARG;        \
+} 
+
+
+
+#define GAA_FILL(target, func, num)           \
+if(!OK) \
+{ \
+target = func(GAAargv[gaa_index]);       \
+gaa_arg_used[gaa_index] = 1;             \
+if(gaa_error == 1)                       \
+{                                        \
+    gaa_error = 0;                       \
+    return GAA_ERROR_INVALID_ARG;        \
+} \
+num = 1;  \
+} \
+else \
+{ \
+num = 0; \
+}
+
+#define GAA_LIST_FILL(target, func, type ,num)                      \
+if(!OK) \
+{ \
+num = 0;                                                            \
+target = NULL;                                                      \
+if ( gaa_last_non_option - gaa_index > 0)                           \
+  target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\
+for(; gaa_index < gaa_last_non_option; gaa_index++)                 \
+{                                                                   \
+    if(gaa_arg_used[gaa_index] == 0)                                \
+    {                                                               \
+        GAA_FILL_2ARGS(target[num], func);                          \
+        num++;                                                      \
+    }                                                               \
+}                                                                   \
+if(num == 0)                                                        \
+    return GAA_ERROR_NOTENOUGH_ARGS; \
+}
+
+#define GAA_OPTIONALLIST_FILL(target, func, type ,num)                      \
+if(!OK) \
+{ \
+num = 0;                                                            \
+target = NULL;                                                      \
+if ( gaa_last_non_option - gaa_index > 0)                           \
+  target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\
+for(; gaa_index < gaa_last_non_option; gaa_index++)                 \
+{                                                                   \
+    if(gaa_arg_used[gaa_index] == 0)                                \
+    {                                                               \
+        GAA_FILL_2ARGS(target[num], func);                                \
+        num++;                                                      \
+    }                                                               \
+} \
+}
+
+#define GAA_OBLIGAT(str)                                            \
+k = 0;                                                              \
+for(i = 0; i < strlen(str); i++)                                    \
+{                                                                   \
+    j = gaa_get_option_num(str + i, GAA_LETTER_OPTION);           \
+    if(j == GAA_ERROR_NOMATCH)                                       \
+    {                                                               \
+        printf("Error: invalid 'obligat' set\n");                  \
+        exit(-1);                                                   \
+    }                                                               \
+    if(opt_list[j] == 1)                                            \
+        k = 1;                                                      \
+}                                                                    \
+if(k == 0)                                                            \
+{                                                                      \
+    if(strlen(str) == 1)                                                \
+        printf("You must give the -%s option\n", str);                     \
+    else                                                                  \
+        printf("You must give at least one option of '%s'\n", str);          \
+    return 0;         \
+}
+        
+#define GAA_INCOMP(str)                                                \
+k = 0;                                                              \
+for(i = 0; i < strlen(str); i++)                                    \
+{                                                                   \
+    j = gaa_get_option_num(str + i, GAA_LETTER_OPTION);           \
+    if(j == GAA_ERROR_NOMATCH)                                      \
+    {                                                               \
+        printf("Error: invalid 'obligat' set\n");                  \
+        exit(-1);                                                   \
+    }                                                               \
+    if(opt_list[j] == 1)                                            \
+        k++;                                                      \
+}                   \
+if(k > 1)                                                            \
+{                                                                      \
+    printf("The options '%s' are incompatible\n", str);              \
+    return 0;                                                          \
+}
+        
+
+static char **GAAargv;
+static int GAAargc;
+static char *gaa_arg_used;
+static int gaa_processing_file = 0;
+static int inited = 0;
+
+static int gaa_getint(char *arg)
+{
+    int tmp;
+    char a;
+    if(sscanf(arg, "%d%c", &tmp, &a) < 1)
+    {
+        printf("Option %s: '%s' isn't an integer\n", gaa_current_option, arg);
+        GAAERROR(-1);
+    }
+    return tmp;
+}
+
+static char gaa_getchar(char *arg)
+{
+    if(strlen(arg) != 1)
+    {
+        printf("Option %s: '%s' isn't an character\n", gaa_current_option, arg);
+        GAAERROR(-1);
+    }
+    return arg[0];
+}
+
+static char* gaa_getstr(char *arg)
+{
+    return arg;
+}
+static float gaa_getfloat(char *arg)
+{
+    float tmp;
+    char a;
+    if(sscanf(arg, "%f%c", &tmp, &a) < 1)
+    {
+        printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg);
+        GAAERROR(-1);
+    }
+    return tmp;
+}
+/* option structures */
+
+struct GAAOPTION_debug 
+{
+       int arg1;
+       int size1;
+};
+
+struct GAAOPTION_outfile 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_provider 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_load_certificate 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_load_pubkey 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_load_privkey 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_delete_url 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_label 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_secret_key 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_write 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_initialize 
+{
+       char* arg1;
+       int size1;
+};
+
+struct GAAOPTION_url 
+{
+       char* arg1;
+       int size1;
+};
+         
+#line 349 "gaa.skel"
+static int gaa_is_an_argument(char *str)
+{
+#ifdef GAA_WIN32
+    if(str[0] == '/' && str[1] != 0)
+       return GAA_MULTIPLE_OPTION;
+#endif
+    if(str[0] != '-')
+        return GAA_NOT_AN_OPTION;
+    if(str[1] == 0)
+        return GAA_NOT_AN_OPTION;
+    if(str[1] == '-')
+    {
+        if(str[2] != 0)
+            return GAA_WORD_OPTION;
+        else
+            return GAA_NOT_AN_OPTION;
+    }
+    if(str[2] == 0)
+        return GAA_LETTER_OPTION;
+    else
+        return GAA_MULTIPLE_OPTION;
+}
+
+static int gaa_get_option_num(char *str, int status)
+{
+    switch(status)
+        {
+        case GAA_LETTER_OPTION:
+                       GAA_CHECK1STR("d", GAAOPTID_debug);
+                       GAA_CHECK1STR("", GAAOPTID_outfile);
+                       GAA_CHECK1STR("", GAAOPTID_provider);
+                       GAA_CHECK1STR("", GAAOPTID_load_certificate);
+                       GAA_CHECK1STR("", GAAOPTID_load_pubkey);
+                       GAA_CHECK1STR("", GAAOPTID_load_privkey);
+                       GAA_CHECK1STR("", GAAOPTID_delete_url);
+                       GAA_CHECK1STR("", GAAOPTID_label);
+                       GAA_CHECK1STR("", GAAOPTID_secret_key);
+                       GAA_CHECK1STR("", GAAOPTID_write);
+                       GAA_CHECK1STR("", GAAOPTID_initialize);
+                       GAA_CHECK1STR("", GAAOPTID_url);
+        case GAA_MULTIPLE_OPTION:
+#line 375 "gaa.skel"
+                       GAA_CHECK1STR("h", GAAOPTID_help);
+                       GAA_CHECK1STR("", GAAOPTID_inraw);
+                       GAA_CHECK1STR("", GAAOPTID_inder);
+                       GAA_CHECK1STR("8", GAAOPTID_pkcs8);
+                       GAA_CHECK1STR("", GAAOPTID_detailed_url);
+                       GAA_CHECK1STR("", GAAOPTID_login);
+                       GAA_CHECK1STR("", GAAOPTID_write_trusted);
+                       GAA_CHECK1STR("", GAAOPTID_list_trusted);
+                       GAA_CHECK1STR("", GAAOPTID_list_privkeys);
+                       GAA_CHECK1STR("", GAAOPTID_list_certs);
+                       GAA_CHECK1STR("", GAAOPTID_list_all_certs);
+                       GAA_CHECK1STR("", GAAOPTID_list_all);
+                       GAA_CHECK1STR("", GAAOPTID_list_tokens);
+
+#line 277 "gaa.skel"
+        break;
+        case GAA_WORD_OPTION:
+                       GAA_CHECKSTR("help", GAAOPTID_help);
+                       GAA_CHECKSTR("debug", GAAOPTID_debug);
+                       GAA_CHECKSTR("outfile", GAAOPTID_outfile);
+                       GAA_CHECKSTR("provider", GAAOPTID_provider);
+                       GAA_CHECKSTR("inraw", GAAOPTID_inraw);
+                       GAA_CHECKSTR("inder", GAAOPTID_inder);
+                       GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8);
+                       GAA_CHECKSTR("load-certificate", GAAOPTID_load_certificate);
+                       GAA_CHECKSTR("load-pubkey", GAAOPTID_load_pubkey);
+                       GAA_CHECKSTR("load-privkey", GAAOPTID_load_privkey);
+                       GAA_CHECKSTR("delete-url", GAAOPTID_delete_url);
+                       GAA_CHECKSTR("detailed-url", GAAOPTID_detailed_url);
+                       GAA_CHECKSTR("login", GAAOPTID_login);
+                       GAA_CHECKSTR("write-trusted", GAAOPTID_write_trusted);
+                       GAA_CHECKSTR("label", GAAOPTID_label);
+                       GAA_CHECKSTR("secret-key", GAAOPTID_secret_key);
+                       GAA_CHECKSTR("write", GAAOPTID_write);
+                       GAA_CHECKSTR("initialize", GAAOPTID_initialize);
+                       GAA_CHECKSTR("list-trusted", GAAOPTID_list_trusted);
+                       GAA_CHECKSTR("list-privkeys", GAAOPTID_list_privkeys);
+                       GAA_CHECKSTR("list-certs", GAAOPTID_list_certs);
+                       GAA_CHECKSTR("list-all-certs", GAAOPTID_list_all_certs);
+                       GAA_CHECKSTR("list-all", GAAOPTID_list_all);
+                       GAA_CHECKSTR("list-tokens", GAAOPTID_list_tokens);
+                       GAA_CHECKSTR("url", GAAOPTID_url);
+
+#line 281 "gaa.skel"
+       break;
+        default: break;
+        }
+    return GAA_ERROR_NOMATCH;
+}
+
+static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
+{
+    int OK = 0;
+    int gaa_last_non_option;
+       struct GAAOPTION_debug GAATMP_debug;
+       struct GAAOPTION_outfile GAATMP_outfile;
+       struct GAAOPTION_provider GAATMP_provider;
+       struct GAAOPTION_load_certificate GAATMP_load_certificate;
+       struct GAAOPTION_load_pubkey GAATMP_load_pubkey;
+       struct GAAOPTION_load_privkey GAATMP_load_privkey;
+       struct GAAOPTION_delete_url GAATMP_delete_url;
+       struct GAAOPTION_label GAATMP_label;
+       struct GAAOPTION_secret_key GAATMP_secret_key;
+       struct GAAOPTION_write GAATMP_write;
+       struct GAAOPTION_initialize GAATMP_initialize;
+       struct GAAOPTION_url GAATMP_url;
+
+#line 393 "gaa.skel"
+#ifdef GAA_REST_EXISTS
+    struct GAAREST GAAREST_tmp;
+#endif
+
+    opt_list[gaa_num] = 1;
+    
+    for(gaa_last_non_option = gaa_index;
+        (gaa_last_non_option != GAAargc) && (gaa_is_an_argument(GAAargv[gaa_last_non_option]) == GAA_NOT_AN_OPTION);
+        gaa_last_non_option++);
+
+    if(gaa_num == GAA_REST)
+    {
+        gaa_index = 1;
+        gaa_last_non_option = GAAargc;
+    }
+    
+    switch(gaa_num)
+    {
+       case GAAOPTID_help:
+       OK = 0;
+#line 78 "p11tool.gaa"
+{ gaa_help(); exit(0); ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_debug:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
+               gaa_index++;
+#line 76 "p11tool.gaa"
+{ gaaval->debug = GAATMP_debug.arg1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_outfile:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
+               gaa_index++;
+#line 71 "p11tool.gaa"
+{ gaaval->outfile = GAATMP_outfile.arg1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_provider:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_provider.arg1, gaa_getstr, GAATMP_provider.size1);
+               gaa_index++;
+#line 68 "p11tool.gaa"
+{ gaaval->pkcs11_provider = GAATMP_provider.arg1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_inraw:
+       OK = 0;
+#line 64 "p11tool.gaa"
+{ gaaval->incert_format=1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_inder:
+       OK = 0;
+#line 63 "p11tool.gaa"
+{ gaaval->incert_format=1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_pkcs8:
+       OK = 0;
+#line 60 "p11tool.gaa"
+{ gaaval->pkcs8=1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_load_certificate:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1);
+               gaa_index++;
+#line 57 "p11tool.gaa"
+{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_load_pubkey:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, GAATMP_load_pubkey.size1);
+               gaa_index++;
+#line 54 "p11tool.gaa"
+{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_load_privkey:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1);
+               gaa_index++;
+#line 51 "p11tool.gaa"
+{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_delete_url:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_delete_url.arg1, gaa_getstr, GAATMP_delete_url.size1);
+               gaa_index++;
+#line 48 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_delete_url.arg1; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_detailed_url:
+       OK = 0;
+#line 46 "p11tool.gaa"
+{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_login:
+       OK = 0;
+#line 43 "p11tool.gaa"
+{ gaaval->pkcs11_login = 1; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_write_trusted:
+       OK = 0;
+#line 40 "p11tool.gaa"
+{ gaaval->pkcs11_trusted = 1; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_label:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_label.arg1, gaa_getstr, GAATMP_label.size1);
+               gaa_index++;
+#line 38 "p11tool.gaa"
+{ gaaval->pkcs11_label = GAATMP_label.arg1; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_secret_key:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr, GAATMP_secret_key.size1);
+               gaa_index++;
+#line 37 "p11tool.gaa"
+{ gaaval->secret_key = GAATMP_secret_key.arg1; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_write:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_write.arg1, gaa_getstr, GAATMP_write.size1);
+               gaa_index++;
+#line 34 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_write.arg1; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_initialize:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_initialize.arg1, gaa_getstr, GAATMP_initialize.size1);
+               gaa_index++;
+#line 33 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_TOKEN_INIT; gaaval->pkcs11_url = GAATMP_initialize.arg1; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_list_trusted:
+       OK = 0;
+#line 30 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_list_privkeys:
+       OK = 0;
+#line 29 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_list_certs:
+       OK = 0;
+#line 28 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_list_all_certs:
+       OK = 0;
+#line 27 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_list_all:
+       OK = 0;
+#line 26 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_list_tokens:
+       OK = 0;
+#line 25 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_TOKENS; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_url:
+       OK = 0;
+               GAA_TESTMOREARGS;
+               GAA_FILL(GAATMP_url.arg1, gaa_getstr, GAATMP_url.size1);
+               gaa_index++;
+#line 22 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url = GAATMP_url.arg1; ;};
+
+               return GAA_OK;
+               break;
+
+#line 413 "gaa.skel"
+    default: break;
+    }
+    return GAA_ERROR_UNKNOWN;
+}
+
+int gaa(int argc, char **argv, gaainfo *gaaval)
+{
+    int tmp1, tmp2;
+    int i, j;
+    char *opt_list;
+
+    GAAargv = argv;
+    GAAargc = argc;
+
+    opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1);
+
+    for(i = 0; i < GAA_NB_OPTION + 1; i++)
+        opt_list[i] = 0;
+    /* initialization */
+    if(inited == 0)
+    {
+
+#line 80 "p11tool.gaa"
+{      gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile = NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL;
+       gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; 
+       gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; 
+       gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; ;};
+
+    }
+    inited = 1;
+#line 438 "gaa.skel"
+    gaa_arg_used = NULL;
+
+    if (argc > 0) {
+      gaa_arg_used = gaa_malloc(argc * sizeof(char));
+    }
+
+    for(i = 1; i < argc; i++)
+        gaa_arg_used[i] = 0;
+    for(i = 1; i < argc; i++)
+    {
+        if(gaa_arg_used[i] == 0)
+        {
+            j = 0;
+            tmp1 = gaa_is_an_argument(GAAargv[i]);
+            switch(tmp1)
+            {
+            case GAA_WORD_OPTION:
+                j++;
+            case GAA_LETTER_OPTION:
+                j++;
+                tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
+                if(tmp2 == GAA_ERROR_NOMATCH)
+                {
+                    printf("Invalid option '%s'\n", argv[i]+j);
+                    return 0;
+                }
+                switch(gaa_try(tmp2, i+1, gaaval, opt_list))
+                {
+                case GAA_ERROR_NOTENOUGH_ARGS:
+                    printf("'%s': not enough arguments\n",gaa_current_option);
+                    return 0;
+                case GAA_ERROR_INVALID_ARG:
+                    printf("Invalid arguments\n");
+                    return 0;
+                case GAA_OK:
+                    break;
+                default:
+                    printf("Unknown error\n");
+                }
+                gaa_arg_used[i] = 1;
+                break;
+            case GAA_MULTIPLE_OPTION:
+                for(j = 1; j < strlen(argv[i]); j++)
+                {
+                    tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
+                    if(tmp2 == GAA_ERROR_NOMATCH)
+                    {
+                        printf("Invalid option '%c'\n", *(argv[i]+j));
+                        return 0;
+                    }
+                    switch(gaa_try(tmp2, i+1, gaaval, opt_list))
+                    {
+                    case GAA_ERROR_NOTENOUGH_ARGS:
+                        printf("'%s': not enough arguments\n",gaa_current_option);
+                        return 0;
+                    case GAA_ERROR_INVALID_ARG:
+                        printf("Invalid arguments\n");
+                        return 0;
+                    case GAA_OK:
+                        break;
+                    default:
+                        printf("Unknown error\n");
+                    }
+                }
+                gaa_arg_used[i] = 1;
+                break;
+            default: break;
+            }
+        }
+    }
+if(gaa_processing_file == 0)
+{
+
+#line 507 "gaa.skel"
+#ifdef GAA_REST_EXISTS
+    switch(gaa_try(GAA_REST, 1, gaaval, opt_list))
+    {
+    case GAA_ERROR_NOTENOUGH_ARGS:
+        printf("Rest: not enough arguments\n");
+        return 0;
+    case GAA_ERROR_INVALID_ARG:
+        printf("Invalid arguments\n");
+        return 0;
+    case GAA_OK:
+        break;
+    default:
+        printf("Unknown error\n");
+    }
+#endif
+}
+    for(i = 1; i < argc; i++)
+    {
+        if(gaa_arg_used[i] == 0)
+        {
+            printf("Too many arguments\n");
+            return 0;
+        }
+    }
+    free(gaa_arg_used);
+    free(opt_list);
+    return -1;
+}
+
+struct gaastrnode
+{
+    char *str;
+    struct gaastrnode *next;
+};
+
+typedef struct gaastrnode gaa_str_node;
+
+static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc)
+{
+    int pos_ini;
+    int a;
+    int i = 0, len = 0, newline = 0;
+
+    if(argc == 1) {
+        newline = 1;
+        len = 2;
+    }
+    
+    a = fgetc( file);
+    if (a == EOF) return 0;
+
+    while(a == ' ' || a == 9 || a == '\n')
+    {
+        if(a == '\n')
+        {
+            newline=1;
+            len = 2;
+        }
+        a = fgetc( file);
+        if (a == EOF) return 0;
+    }
+
+    pos_ini = ftell(file) - 1;
+
+    while(a != ' ' && a != 9 && a != '\n')
+    {
+
+        len++;
+        a = fgetc( file);
+        if(a==EOF) return 0; //a = ' ';
+    }
+
+    len += 1;
+    tmp_str->str = gaa_malloc((len) * sizeof(char));
+
+    if(newline == 1)
+    {
+        tmp_str->str[0] = '-';
+        tmp_str->str[1] = '-';
+        i = 2;
+    }
+    else
+    {
+        i = 0;
+    }
+
+    fseek(file,pos_ini, SEEK_SET);
+    do
+    {
+        a = fgetc( file);
+
+        if (a == EOF) {
+            i+=2;
+            break;
+        }
+        tmp_str->str[i] = a;
+        i++;
+    }
+    while(a != ' ' && a != 9 && a != '\n' && i < len);
+
+    tmp_str->str[i - 1] = 0;
+
+    fseek(file,- 1, SEEK_CUR);
+/*    printf("%d\n", ftell(file)); */
+    
+    return -1;
+}
+
+int gaa_file(const char *name, gaainfo *gaaval)
+{
+    gaa_str_node *first_str, **tmp_str, *tmp_str2;
+    int rval, i;
+    char **argv;
+    int argc = 0;
+    FILE *file;
+
+    gaa_processing_file = 1;
+    
+    if((file = fopen(name, "r")) == NULL)
+    {
+        printf("Couldn't open '%s' configuration file for reading\n", name);
+        return 1;
+    }
+    
+    tmp_str = &first_str;
+    do
+    {
+        argc++;
+        *tmp_str = gaa_malloc(sizeof(gaa_str_node));
+
+        (*tmp_str)->str = NULL;
+        (*tmp_str)->next = NULL;
+
+        rval = gaa_internal_get_next_str(file, *tmp_str, argc);
+        tmp_str = &((*tmp_str)->next);
+    }
+    while(rval == -1);
+    
+    if(rval == 1)
+        return 0;
+    
+    argv = gaa_malloc((1 + argc) * sizeof(char*));
+
+    tmp_str2 = first_str;
+    argv[0] = "cfg";
+    for(i = 1; i < argc; i++)
+    {
+        argv[i] = tmp_str2->str;
+        tmp_str2 = tmp_str2->next;
+    }
+
+    rval = gaa(argc, argv, gaaval);
+    gaa_processing_file = 0;
+    return rval;
+}
diff --git a/src/p11tool-gaa.h b/src/p11tool-gaa.h
new file mode 100644 (file)
index 0000000..000ca1a
--- /dev/null
@@ -0,0 +1,63 @@
+
+#line 104 "gaa.skel"
+/* GAA HEADER */
+#ifndef GAA_HEADER_POKY
+#define GAA_HEADER_POKY
+
+typedef struct _gaainfo gaainfo;
+
+struct _gaainfo
+{
+#line 75 "p11tool.gaa"
+       int debug;
+#line 70 "p11tool.gaa"
+       char *outfile;
+#line 67 "p11tool.gaa"
+       int action;
+#line 66 "p11tool.gaa"
+       char* pkcs11_provider;
+#line 62 "p11tool.gaa"
+       int incert_format;
+#line 59 "p11tool.gaa"
+       int pkcs8;
+#line 56 "p11tool.gaa"
+       char *cert;
+#line 53 "p11tool.gaa"
+       char *pubkey;
+#line 50 "p11tool.gaa"
+       char *privkey;
+#line 45 "p11tool.gaa"
+       int pkcs11_detailed_url;
+#line 42 "p11tool.gaa"
+       int pkcs11_login;
+#line 39 "p11tool.gaa"
+       int pkcs11_trusted;
+#line 36 "p11tool.gaa"
+       char* secret_key;
+#line 32 "p11tool.gaa"
+       char* pkcs11_label;
+#line 24 "p11tool.gaa"
+       int pkcs11_type;
+#line 21 "p11tool.gaa"
+       char* pkcs11_url;
+
+#line 114 "gaa.skel"
+};
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+    int gaa(int argc, char *argv[], gaainfo *gaaval);
+
+    void gaa_help(void);
+    
+    int gaa_file(const char *name, gaainfo *gaaval);
+    
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif
diff --git a/src/p11tool.c b/src/p11tool.c
new file mode 100644 (file)
index 0000000..5502737
--- /dev/null
@@ -0,0 +1,166 @@
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/extra.h>
+#include <gnutls/x509.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/abstract.h>
+
+#include <gcrypt.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <error.h>
+
+/* Gnulib portability files. */
+#include <read-file.h>
+#include <progname.h>
+#include <version-etc.h>
+
+#include "p11tool-gaa.h"
+#include "p11tool.h"
+#include "certtool-common.h"
+
+static void gaa_parser (int argc, char **argv);
+
+static gaainfo info;
+static FILE *outfile;
+int batch = 0;
+
+static void
+tls_log_func (int level, const char *str)
+{
+  fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+
+int
+main (int argc, char **argv)
+{
+  set_program_name (argv[0]);
+  gaa_parser (argc, argv);
+
+  return 0;
+}
+
+static void
+gaa_parser (int argc, char **argv)
+{
+  int ret;
+  common_info_st cinfo;
+
+  if (gaa (argc, argv, &info) != -1)
+    {
+      fprintf (stderr, "Try `%s --help' for more information.\n",
+              program_name);
+      exit (1);
+    }
+
+  gnutls_global_set_log_function (tls_log_func);
+  gnutls_global_set_log_level (info.debug);
+  if (info.debug > 1)
+    printf ("Setting log level to %d\n", info.debug);
+
+  if ((ret = gnutls_global_init ()) < 0)
+    error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+
+  if (info.pkcs11_provider != NULL)
+    {
+      ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+      if (ret < 0)
+       fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+      else
+       {
+         ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
+         if (ret < 0)
+           error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
+                  gnutls_strerror (ret));
+       }
+    }
+  else
+    {
+      ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
+      if (ret < 0)
+       fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+    }
+
+  if (info.outfile)
+    {
+      outfile = safe_open_rw (info.outfile, 0);
+      if (outfile == NULL)
+       error (EXIT_FAILURE, errno, "%s", info.outfile);
+    }
+  else
+    outfile = stdout;
+
+  memset(&cinfo, 0, sizeof(cinfo));
+  cinfo.secret_key = info.secret_key;
+  cinfo.privkey = info.privkey;
+  cinfo.pkcs8 = info.pkcs8;
+  cinfo.incert_format = info.incert_format;
+  cinfo.cert = info.cert;
+
+  switch (info.action)
+    {
+    case ACTION_PKCS11_LIST:
+      pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
+                  info.pkcs11_login, info.pkcs11_detailed_url, &cinfo);
+      break;
+    case ACTION_PKCS11_TOKENS:
+      pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
+      break;
+    case ACTION_PKCS11_EXPORT_URL:
+      pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
+      break;
+    case ACTION_PKCS11_WRITE_URL:
+      pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
+                   info.pkcs11_trusted, info.pkcs11_login, &cinfo);
+      break;
+    case ACTION_PKCS11_TOKEN_INIT:
+      pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
+      break;
+    case ACTION_PKCS11_DELETE_URL:
+      pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo);
+      break;
+    default:
+      gaa_help ();
+      exit (0);
+    }
+  fclose (outfile);
+
+  gnutls_pkcs11_deinit ();
+  gnutls_global_deinit ();
+}
+
diff --git a/src/p11tool.gaa b/src/p11tool.gaa
new file mode 100644 (file)
index 0000000..cdc5def
--- /dev/null
@@ -0,0 +1,83 @@
+#{
+
+/* C declarations */
+
+#include <config.h>
+#ifdef _WIN32
+# include <io.h>
+#endif
+
+#include "certtool-common.h"
+#include "p11tool.h"
+#include <gnutls/pkcs11.h>
+
+#}
+
+helpnode "p11tool help\nUsage: p11tool [options]"
+helpnode "Usage: p11tool --list-tokens"
+helpnode "Usage: p11tool --list-all"
+helpnode "Usage: p11tool --url 'pkcs11:...'\n"
+
+#char* pkcs11_url;
+option (url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Specify a pkcs11 URL"
+
+#int pkcs11_type;
+option (list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens"
+option (list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
+option (list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL"
+option (list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL"
+option (list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL"
+option (list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL"
+
+#char* pkcs11_label;
+option (initialize) STR "URL" { $action = ACTION_PKCS11_TOKEN_INIT; $pkcs11_url = $1; } "Initializes a PKCS11 token."
+option (write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates, private or secret keys to a PKCS11 token."
+
+#char* secret_key;
+option (secret-key) STR "HEX_KEY" { $secret_key = $1; } "Provide a hex encoded secret key."
+option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation."
+#int pkcs11_trusted;
+option (write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted."
+
+#int pkcs11_login;
+option (login) { $pkcs11_login = 1; } "Force login to token"
+
+#int pkcs11_detailed_url;
+option (detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs."
+
+option (delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL."
+
+#char *privkey;
+option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use."
+
+#char *pubkey;
+option (load-pubkey) STR "FILE" { $pubkey = $1 } "Private key file to use."
+
+#char *cert;
+option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use."
+
+#int pkcs8;
+option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."
+
+#int incert_format;
+option (inder) { $incert_format=1 } "Use DER format for input certificates and private keys."
+option (inraw) { $incert_format=1 } "Use RAW/DER format for input certificates and private keys."
+
+#char* pkcs11_provider;
+#int action;
+option (provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library"
+
+#char *outfile;
+option (outfile) STR "FILE" { $outfile = $1 } "Output file."
+
+
+
+#int debug;
+option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1."
+
+option (h, help) { gaa_help(); exit(0); } "shows this help text"
+
+init {         $action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey = NULL; $privkey = NULL;
+       $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; 
+       $pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url = 0; 
+       $secret_key = NULL; $cert = NULL; $incert_format = 0; }
diff --git a/src/p11tool.h b/src/p11tool.h
new file mode 100644 (file)
index 0000000..023e355
--- /dev/null
@@ -0,0 +1,34 @@
+#ifndef P11TOOL_H
+# define P11TOOL_H
+
+#include "certtool-common.h"
+
+void pkcs11_list (FILE * outfile, const char *url, int type,
+                 unsigned int login, unsigned int detailed, common_info_st*);
+void pkcs11_export (FILE * outfile, const char *pkcs11_url,
+                   unsigned int login, common_info_st*);
+void pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st*);
+void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
+                  int trusted, unsigned int login, common_info_st*);
+void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
+                   unsigned int login, common_info_st*);
+void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char* label, common_info_st*);
+
+#define PKCS11_TYPE_CRT_ALL 1
+#define PKCS11_TYPE_TRUSTED 2
+#define PKCS11_TYPE_PK 3
+#define PKCS11_TYPE_ALL 4
+#define PKCS11_TYPE_PRIVKEY 5
+
+
+enum
+{
+  ACTION_PKCS11_LIST,
+  ACTION_PKCS11_TOKENS,
+  ACTION_PKCS11_EXPORT_URL,
+  ACTION_PKCS11_WRITE_URL,
+  ACTION_PKCS11_DELETE_URL,
+  ACTION_PKCS11_TOKEN_INIT,
+};
+
+#endif
index 364f5735d34c9ed57b9c3c88ab72ee7f9ffd5f4a..9a5de9fd0b84526ea16e7f27468eb4c0657a05c2 100644 (file)
@@ -25,8 +25,9 @@
 #include <gnutls/abstract.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include "certtool-common.h"
+#include "p11tool.h"
 #include "certtool-cfg.h"
+#include "certtool-common.h"
 #include <unistd.h>
 #include <string.h>
 
@@ -87,7 +88,7 @@ pkcs11_common (void)
 }
 
 void
-pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login)
+pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, common_info_st* info)
 {
   int ret;
   unsigned int obj_flags = 0;
@@ -98,7 +99,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login)
   if (!batch)
     {
       pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login,
-                  GNUTLS_PKCS11_URL_LIB);
+                  GNUTLS_PKCS11_URL_LIB, info);
       ret =
        read_yesno ("Are you sure you want to delete those objects? (y/N): ");
       if (ret == 0)
@@ -124,7 +125,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login)
  */
 void
 pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
-            unsigned int detailed)
+            unsigned int detailed, common_info_st* info)
 {
   gnutls_pkcs11_obj_t *crt_list;
   gnutls_x509_crt_t xcrt;
@@ -296,7 +297,7 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
 }
 
 void
-pkcs11_export (FILE * outfile, const char *url, unsigned int login)
+pkcs11_export (FILE * outfile, const char *url, unsigned int login, common_info_st* info)
 {
   gnutls_pkcs11_obj_t crt;
   gnutls_x509_crt_t xcrt;
@@ -427,7 +428,7 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login)
 }
 
 void
-pkcs11_token_list (FILE * outfile, unsigned int detailed)
+pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st* info)
 {
   int ret;
   int i;
@@ -514,13 +515,14 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed)
 
 void
 pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
-             unsigned int login)
+             unsigned int login, common_info_st* info)
 {
   gnutls_x509_crt_t xcrt;
   gnutls_x509_privkey_t xkey;
   int ret;
   unsigned int flags = 0;
-  unsigned int key_usage;
+  unsigned int key_usage = 0;
+  gnutls_datum_t* secret_key;
 
   if (login)
     flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
@@ -530,7 +532,22 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
   if (url == NULL)
     url = "pkcs11:";
 
-  xcrt = load_cert (0);
+  secret_key = load_secret_key(0, info);
+  if (secret_key != NULL)
+    {
+      ret =
+       gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
+                                        flags |
+                                        GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+      if (ret < 0)
+       {
+         fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+                  gnutls_strerror (ret));
+         exit (1);
+       }
+    }
+
+  xcrt = load_cert (0, info);
   if (xcrt != NULL)
     {
       if (trusted)
@@ -546,7 +563,7 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
       gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL);
     }
 
-  xkey = load_private_key (0);
+  xkey = load_private_key (0, info);
   if (xkey != NULL)
     {
       ret =
@@ -561,10 +578,47 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
        }
     }
 
-  if (xkey == NULL && xcrt == NULL)
+  if (xkey == NULL && xcrt == NULL && secret_key != NULL)
     {
       fprintf (stderr,
-              "You must use --load-privkey or --load-certificate to load the file to be copied\n");
+              "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
+      exit (1);
+    }
+
+  return;
+}
+
+void
+pkcs11_init (FILE * outfile, const char *url, const char *label, common_info_st* info)
+{
+  int ret;
+  char * pin;
+  char so_pin[32];
+
+  pkcs11_common ();
+
+  if (url == NULL)
+    {
+      fprintf(stderr, "No token URL given to initialize!\n");
+      exit(1);
+    }
+
+  pin = getpass ("Enter Security Officer's PIN: ");
+  if (pin == NULL)
+    exit(0);
+  
+  strcpy(so_pin, pin);
+
+  pin = getpass ("Enter new User's PIN: ");
+  if (pin == NULL)
+    exit(0);
+  
+  ret =
+    gnutls_pkcs11_token_init (url, so_pin, pin, label);
+  if (ret < 0)
+    {
+      fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+                  gnutls_strerror (ret));
       exit (1);
     }