Now in the URL the pkcs11 provider library (module) can be specified thus restricting
objects within a single provider.
int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char * url,
unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
-int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t, char** url);
+int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t, int detailed, char** url);
void gnutls_pkcs11_obj_deinit ( gnutls_pkcs11_obj_t);
int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
GNUTLS_PKCS11_OBJ_ID,
+ /* the pkcs11 provider library info */
+ GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER,
} gnutls_pkcs11_obj_info_t;
int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt, gnutls_pkcs11_obj_info_t itype, void* output, size_t* output_size);
GNUTLS_PKCS11_OBJ_DATA,
} gnutls_pkcs11_obj_type_t;
-int gnutls_pkcs11_token_get_url (unsigned int seq, char** url);
+int gnutls_pkcs11_token_get_url (unsigned int seq, int detailed, char** url);
int gnutls_pkcs11_token_get_info(const char* url, gnutls_pkcs11_token_info_t, void* output, size_t *output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1
gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
unsigned int flags, const gnutls_datum_t * ciphertext,
gnutls_datum_t * plaintext);
-int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, char ** url);
+int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, int detailed, char ** url);
/** @} */
#define MAX_PROVIDERS 16
+static void terminate_string(unsigned char *str, size_t len);
+
/* XXX: try to eliminate this */
#define MAX_CERT_SIZE 8*1024
pakchois_module_t *module;
unsigned long nslots;
ck_slot_id_t *slots;
+ struct ck_info info;
};
struct flags_find_data_st {
gnutls_free(providers[active_providers - 1].slots);
goto fail;
}
+
+ memset( &providers[active_providers-1].info, 0, sizeof(providers[active_providers-1].info));
+ pakchois_get_info(providers[active_providers - 1].module, &providers[active_providers-1].info);
+
+ terminate_string(providers[active_providers-1].info.manufacturer_id,
+ sizeof(providers[active_providers-1].info.manufacturer_id));
+ terminate_string(providers[active_providers-1].info.library_description,
+ sizeof(providers[active_providers-1].info.library_description));
_gnutls_debug_log("p11: loaded provider '%s' with %d slots\n",
name,
case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
str = info->model;
break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
+ str = info->lib_desc;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
+ str = info->lib_version;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
+ str = info->lib_manufacturer;
+ break;
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
goto cleanup;
}
- if ((p1 = strstr(url, "manufacturer=")) != NULL) {
- p1 += sizeof("manufacturer=") - 1;
+ if ((p1 = strstr(url, "library-manufacturer=")) != NULL) {
+ p1 += sizeof("library-manufacturer=") - 1;
+ l = sizeof(info->lib_manufacturer);
+
+ ret = unescape_string(info->lib_manufacturer, p1, &l, ';');
+ if (ret < 0) {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr(url, "library-description=")) != NULL) {
+ p1 += sizeof("library-description=") - 1;
+ l = sizeof(info->lib_desc);
+
+ ret = unescape_string(info->lib_desc, p1, &l, ';');
+ if (ret < 0) {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr(url, "library-version=")) != NULL) {
+ p1 += sizeof("library-version=") - 1;
+ l = sizeof(info->lib_version);
+
+ ret = unescape_string(info->lib_version, p1, &l, ';');
+ if (ret < 0) {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr(url, ";manufacturer=")) != NULL ||
+ (p1 = strstr(url, ":manufacturer=")) != NULL) {
+
+ p1 += sizeof(";manufacturer=") - 1;
l = sizeof(info->manufacturer);
ret = unescape_string(info->manufacturer, p1, &l, ';');
}
-int pkcs11_info_to_url(const struct pkcs11_url_info *info, char **url)
+int pkcs11_info_to_url(const struct pkcs11_url_info *info, int detailed, char **url)
{
gnutls_buffer_st str;
int init = 0;
init = 1;
}
+ if (detailed) {
+ if (info->lib_manufacturer[0]) {
+ ret = append(&str, info->lib_manufacturer, "library-manufacturer", init);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->lib_version[0]) {
+ ret = append(&str, info->lib_version, "library-version", init);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->lib_desc[0]) {
+ ret = append(&str, info->lib_desc, "library-description", init);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ init = 1;
+ }
+ }
+
if (info->id[0] != 0) {
ret =
_gnutls_buffer_append_printf(&str, ";id=%s", info->id);
/* XXX make wrapper for token_info? */
fix_strings(&tinfo);
- if (pkcs11_token_matches_info(info, &tinfo.tinfo) <
+ if (pkcs11_token_matches_info(info, &tinfo.tinfo,
+ &providers[x].info) <
0) {
goto next;
}
}
}
- ret = find_func(pks, &info, input);
+ ret = find_func(pks, &info, &providers[x].info, input);
next:
/* final call */
if (found == 0) {
- ret = find_func(pks, NULL, input);
+ ret = find_func(pks, NULL, NULL, input);
} else {
ret = 0;
}
/* imports a raw certificate from a token to a pkcs11_obj_t structure.
*/
-static int pkcs11_obj_import(unsigned int class, gnutls_pkcs11_obj_t crt,
+static int pkcs11_obj_import(unsigned int class, gnutls_pkcs11_obj_t obj,
const gnutls_datum_t * data,
const gnutls_datum_t * id,
const gnutls_datum_t * label,
- struct ck_token_info *tinfo)
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
{
char *s;
int ret;
switch (class) {
case CKO_CERTIFICATE:
- crt->type = GNUTLS_PKCS11_OBJ_X509_CRT;
+ obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
break;
case CKO_PUBLIC_KEY:
- crt->type = GNUTLS_PKCS11_OBJ_PUBKEY;
+ obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
break;
case CKO_PRIVATE_KEY:
- crt->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
+ obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
break;
case CKO_SECRET_KEY:
- crt->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
+ obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
break;
case CKO_DATA:
- crt->type = GNUTLS_PKCS11_OBJ_DATA;
+ obj->type = GNUTLS_PKCS11_OBJ_DATA;
break;
default:
- crt->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
+ obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
}
- if (crt->type != GNUTLS_PKCS11_OBJ_UNKNOWN)
- strcpy(crt->info.type, pkcs11_obj_type_to_str(crt->type));
+ if (obj->type != GNUTLS_PKCS11_OBJ_UNKNOWN)
+ strcpy(obj->info.type, pkcs11_obj_type_to_str(obj->type));
if (data && data->data) {
- ret = _gnutls_set_datum(&crt->raw, data->data, data->size);
+ ret = _gnutls_set_datum(&obj->raw, data->data, data->size);
if (ret < 0) {
gnutls_assert();
return ret;
sizeof tinfo->serial_number);
/* write data */
- snprintf(crt->info.manufacturer, sizeof(crt->info.manufacturer),
+ snprintf(obj->info.manufacturer, sizeof(obj->info.manufacturer),
"%s", tinfo->manufacturer_id);
- snprintf(crt->info.token, sizeof(crt->info.token), "%s",
+ snprintf(obj->info.token, sizeof(obj->info.token), "%s",
tinfo->label);
- snprintf(crt->info.model, sizeof(crt->info.model), "%s",
+ snprintf(obj->info.model, sizeof(obj->info.model), "%s",
tinfo->model);
- snprintf(crt->info.serial, sizeof(crt->info.serial), "%s",
+ snprintf(obj->info.serial, sizeof(obj->info.serial), "%s",
tinfo->serial_number);
+ snprintf(obj->info.lib_manufacturer, sizeof(obj->info.lib_manufacturer), "%s",
+ lib_info->manufacturer_id);
+ snprintf(obj->info.lib_desc, sizeof(obj->info.lib_desc), "%s",
+ lib_info->library_description);
+ snprintf(obj->info.lib_version, sizeof(obj->info.lib_version),
+ "%u.%u", (unsigned int)lib_info->library_version.major,
+ (unsigned int)lib_info->library_version.minor);
+
+
+
if (label && label->data) {
- memcpy(crt->info.label, label->data, label->size);
- crt->info.label[label->size] = 0;
+ memcpy(obj->info.label, label->data, label->size);
+ obj->info.label[label->size] = 0;
}
if (id && id->data) {
- s = _gnutls_bin2hex(id->data, id->size, crt->info.id,
- sizeof(crt->info.id), ":");
+ s = _gnutls_bin2hex(id->data, id->size, obj->info.id,
+ sizeof(obj->info.id), ":");
if (s == NULL) {
gnutls_assert();
return GNUTLS_E_PKCS11_ERROR;
}
- memmove(crt->info.certid_raw, id->data, id->size);
- crt->info.certid_raw_size = id->size;
+ memmove(obj->info.certid_raw, id->data, id->size);
+ obj->info.certid_raw_size = id->size;
}
return 0;
gnutls_pkcs11_obj_t crt,
const gnutls_datum_t * id,
const gnutls_datum_t * label,
- struct ck_token_info *tinfo)
+ struct ck_token_info *tinfo,
+ struct ck_info* lib_info)
{
struct ck_attribute a[4];
}
return pkcs11_obj_import(CKO_PUBLIC_KEY, crt, NULL, id, label,
- tinfo);
+ tinfo, lib_info);
}
ck_object_class_t pkcs11_strtype_to_class(const char *type)
static int find_obj_url(pakchois_session_t * pks, struct token_info *info,
- void *input)
+ struct ck_info* lib_info, void *input)
{
struct url_find_data_st *find_data = input;
struct ck_attribute a[4];
/* do not bother reading the token if basic fields do not match
*/
- if (pkcs11_token_matches_info(&find_data->crt->info, &info->tinfo)
+ if (pkcs11_token_matches_info(&find_data->crt->info, &info->tinfo, lib_info)
< 0) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
pkcs11_obj_import_pubkey(pks, obj,
find_data->crt,
&id, &label,
- &info->tinfo);
+ &info->tinfo,
+ lib_info);
} else {
ret =
pkcs11_obj_import(class,
find_data->crt,
&data, &id, &label,
- &info->tinfo);
+ &info->tinfo, lib_info);
}
if (ret < 0) {
gnutls_assert();
};
static int find_token_num(pakchois_session_t * pks,
- struct token_info *tinfo, void *input)
+ struct token_info *tinfo,
+ struct ck_info* lib_info,
+ void *input)
{
struct token_num *find_data = input;
strcpy(find_data->info.model, tinfo->tinfo.model);
strcpy(find_data->info.serial, tinfo->tinfo.serial_number);
+ strcpy(find_data->info.lib_manufacturer, lib_info->manufacturer_id);
+ strcpy(find_data->info.lib_desc, lib_info->library_description);
+ snprintf(find_data->info.lib_version, sizeof(find_data->info.lib_version),
+ "%u.%u", (unsigned int)lib_info->library_version.major,
+ (unsigned int)lib_info->library_version.minor);
+
return 0;
}
/**
* gnutls_pkcs11_token_get_url:
* @seq: sequence number starting from 0
+ * @detailed: non zero if a detailed URL is required
* @url: will contain an allocated url
*
* This function will return the URL for each token available
* if the sequence number exceeds the available tokens, otherwise a negative error value.
**/
-int gnutls_pkcs11_token_get_url(unsigned int seq, char **url)
+int gnutls_pkcs11_token_get_url(unsigned int seq, int detailed, char **url)
{
int ret;
struct token_num tn;
return ret;
}
- ret = pkcs11_info_to_url(&tn.info, url);
+ ret = pkcs11_info_to_url(&tn.info, detailed, url);
if (ret < 0) {
gnutls_assert();
return ret;
/**
* gnutls_pkcs11_obj_export_url:
* @crt: Holds the PKCS 11 certificate
+ * @detailed: non zero if a detailed URL is required
* @url: will contain an allocated url
*
* This function will export a URL identifying the given certificate.
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t cert, char **url)
+int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t cert, int detailed, char **url)
{
int ret;
- ret = pkcs11_info_to_url(&cert->info, url);
+ ret = pkcs11_info_to_url(&cert->info, detailed, url);
if (ret < 0) {
gnutls_assert();
return ret;
strcpy(uinfo.token, info->tinfo.label);
strcpy(uinfo.model, info->tinfo.model);
strcpy(uinfo.serial, info->tinfo.serial_number);
- ret = pkcs11_info_to_url(&uinfo, &token_url);
+ ret = pkcs11_info_to_url(&uinfo, 1, &token_url);
if (ret < 0) {
gnutls_assert();
return ret;
static int find_objs(pakchois_session_t * pks, struct token_info *info,
- void *input)
+ struct ck_info* lib_info, void *input)
{
struct crt_find_data_st *find_data = input;
struct ck_attribute a[4];
/* do not bother reading the token if basic fields do not match
*/
- if (pkcs11_token_matches_info(&find_data->info, &info->tinfo) < 0) {
+ if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
find_data->p_list
[find_data->current],
&id, &label,
- &info->tinfo);
+ &info->tinfo,
+ lib_info);
} else {
ret =
pkcs11_obj_import(class,
find_data->p_list
[find_data->current],
&value, &id, &label,
- &info->tinfo);
+ &info->tinfo, lib_info);
}
if (ret < 0) {
gnutls_assert();
}
static int find_flags(pakchois_session_t * pks, struct token_info *info,
- void *input)
+ struct ck_info* lib_info, void *input)
{
struct flags_find_data_st *find_data = input;
/* do not bother reading the token if basic fields do not match
*/
- if (pkcs11_token_matches_info(&find_data->info, &info->tinfo) < 0) {
+ if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
}
int pkcs11_token_matches_info(struct pkcs11_url_info *info,
- struct ck_token_info *tinfo)
+ struct ck_token_info *tinfo, struct ck_info *lib_info)
{
if (info->manufacturer[0] != 0) {
if (strcmp(info->manufacturer, tinfo->manufacturer_id) !=
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
+ if (info->lib_manufacturer[0] != 0) {
+ if (strcmp(info->lib_manufacturer, lib_info->manufacturer_id) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->lib_desc[0] != 0) {
+ if (strcmp(info->lib_desc, lib_info->library_description) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->lib_version[0] != 0) {
+ char version[16];
+
+ snprintf(version, sizeof(version), "%u.%u",
+ (unsigned int)lib_info->library_version.major,
+ (unsigned int)lib_info->library_version.minor);
+ if (strcmp(info->lib_version, version) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
return 0;
}
/* everything here is null terminated strings */
opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
opaque type[16]; /* cert/key etc. */
+
+ opaque lib_manufacturer[sizeof
+ (((struct ck_info *) NULL)->
+ manufacturer_id) + 1];
+ opaque lib_desc[sizeof
+ (((struct ck_info *) NULL)->
+ library_description) + 1];
+ opaque lib_version[12];
+
opaque manufacturer[sizeof
(((struct ck_token_info *) NULL)->
manufacturer_id) + 1];
* It should return 0 if found what it was looking for.
*/
typedef int (*find_func_t) (pakchois_session_t * pks,
- struct token_info * tinfo, void *input);
+ struct token_info * tinfo, struct ck_info*, void *input);
int pkcs11_rv_to_err(ck_rv_t rv);
int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info);
extern void *token_data;
void pkcs11_rescan_slots(void);
-int pkcs11_info_to_url(const struct pkcs11_url_info *info, char **url);
+int pkcs11_info_to_url(const struct pkcs11_url_info *info, int detailed, char **url);
#define SESSION_WRITE 1
#define SESSION_LOGIN 2
ck_object_class_t pkcs11_strtype_to_class(const char *type);
int pkcs11_token_matches_info(struct pkcs11_url_info *info,
- struct ck_token_info *tinfo);
+ struct ck_token_info *tinfo, struct ck_info *lib_info);
/* flags are SESSION_* */
int pkcs11_find_object(pakchois_session_t ** _pks,
/**
* gnutls_pkcs11_privkey_export_url:
* @key: Holds the PKCS 11 key
+ * @detailed: non zero if a detailed URL is required
* @url: will contain an allocated url
*
* This function will export a URL identifying the given key.
* negative error value.
**/
int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
- char **url)
+ int detailed, char **url)
{
int ret;
- ret = pkcs11_info_to_url(&key->info, url);
+ ret = pkcs11_info_to_url(&key->info, detailed, url);
if (ret < 0) {
gnutls_assert();
return ret;
};
static int delete_obj_url(pakchois_session_t * pks,
- struct token_info *info, void *input)
+ struct token_info *info,
+ struct ck_info * lib_info,
+ void *input)
{
struct delete_data_st *find_data = input;
struct ck_attribute a[4];
/* do not bother reading the token if basic fields do not match
*/
- if (pkcs11_token_matches_info(&find_data->info, &info->tinfo) < 0) {
+ if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
#define TYPE_CRQ 2
void certtool_version (void);
-void pkcs11_list( FILE*outfile, const char* url, int type, unsigned int login);
+void pkcs11_list( FILE*outfile, const char* url, int type, unsigned int login, unsigned int detailed);
void pkcs11_export(FILE* outfile, const char *pkcs11_url, unsigned int login);
-void pkcs11_token_list(FILE* outfile);
+void pkcs11_token_list(FILE* outfile, unsigned int detailed);
void pkcs11_write(FILE* outfile, const char *pkcs11_url, const char* label, int trusted, unsigned int login);
void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int batch, unsigned int login);
__gaa_helpsingle(0, "pkcs11-write", "URL ", "Writes loaded certificates or private keys to a PKCS11 token.");
__gaa_helpsingle(0, "pkcs11-write-label", "label ", "Sets a label for the write operation.");
__gaa_helpsingle(0, "pkcs11-write-trusted", "", "Marks the certificate to be imported as trusted.");
+ __gaa_helpsingle(0, "pkcs11-detailed-url", "", "Export detailed URLs.");
__gaa_helpsingle(0, "pkcs11-delete-url", "URL ", "Deletes objects matching the URL.");
__gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1.");
__gaa_helpsingle('h', "help", "", "shows this help text");
struct _gaainfo
{
-#line 165 "certtool.gaa"
+#line 168 "certtool.gaa"
int debug;
+#line 163 "certtool.gaa"
+ int pkcs11_detailed_url;
#line 160 "certtool.gaa"
int pkcs11_trusted;
#line 157 "certtool.gaa"
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 66
+#define GAA_NB_OPTION 67
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_debug 3
#define GAAOPTID_pkcs11_delete_url 4
-#define GAAOPTID_pkcs11_write_trusted 5
-#define GAAOPTID_pkcs11_write_label 6
-#define GAAOPTID_pkcs11_write 7
-#define GAAOPTID_pkcs11_login 8
-#define GAAOPTID_pkcs11_list_tokens 9
-#define GAAOPTID_pkcs11_list_all 10
-#define GAAOPTID_pkcs11_list_all_certs 11
-#define GAAOPTID_pkcs11_list_trusted 12
-#define GAAOPTID_pkcs11_list_privkeys 13
-#define GAAOPTID_pkcs11_list_certs 14
-#define GAAOPTID_pkcs11_export_url 15
-#define GAAOPTID_pkcs11_provider 16
-#define GAAOPTID_pkcs_cipher 17
-#define GAAOPTID_template 18
-#define GAAOPTID_infile 19
-#define GAAOPTID_outfile 20
-#define GAAOPTID_disable_quick_random 21
-#define GAAOPTID_sec_param 22
-#define GAAOPTID_bits 23
-#define GAAOPTID_outraw 24
-#define GAAOPTID_outder 25
-#define GAAOPTID_inraw 26
-#define GAAOPTID_inder 27
-#define GAAOPTID_export_ciphers 28
-#define GAAOPTID_hash 29
-#define GAAOPTID_dsa 30
-#define GAAOPTID_pkcs8 31
-#define GAAOPTID_to_p8 32
-#define GAAOPTID_to_p12 33
-#define GAAOPTID_v1 34
-#define GAAOPTID_fix_key 35
-#define GAAOPTID_pubkey_info 36
-#define GAAOPTID_pgp_key_info 37
-#define GAAOPTID_key_info 38
-#define GAAOPTID_smime_to_p7 39
-#define GAAOPTID_p7_info 40
-#define GAAOPTID_p12_info 41
-#define GAAOPTID_no_crq_extensions 42
-#define GAAOPTID_crq_info 43
-#define GAAOPTID_crl_info 44
-#define GAAOPTID_pgp_ring_info 45
-#define GAAOPTID_pgp_certificate_info 46
-#define GAAOPTID_certificate_pubkey 47
-#define GAAOPTID_certificate_info 48
-#define GAAOPTID_password 49
-#define GAAOPTID_load_ca_certificate 50
-#define GAAOPTID_load_ca_privkey 51
-#define GAAOPTID_load_certificate 52
-#define GAAOPTID_load_request 53
-#define GAAOPTID_load_pubkey 54
-#define GAAOPTID_load_privkey 55
-#define GAAOPTID_get_dh_params 56
-#define GAAOPTID_generate_dh_params 57
-#define GAAOPTID_verify_crl 58
-#define GAAOPTID_verify_chain 59
-#define GAAOPTID_generate_request 60
-#define GAAOPTID_generate_privkey 61
-#define GAAOPTID_update_certificate 62
-#define GAAOPTID_generate_crl 63
-#define GAAOPTID_generate_proxy 64
-#define GAAOPTID_generate_certificate 65
-#define GAAOPTID_generate_self_signed 66
+#define GAAOPTID_pkcs11_detailed_url 5
+#define GAAOPTID_pkcs11_write_trusted 6
+#define GAAOPTID_pkcs11_write_label 7
+#define GAAOPTID_pkcs11_write 8
+#define GAAOPTID_pkcs11_login 9
+#define GAAOPTID_pkcs11_list_tokens 10
+#define GAAOPTID_pkcs11_list_all 11
+#define GAAOPTID_pkcs11_list_all_certs 12
+#define GAAOPTID_pkcs11_list_trusted 13
+#define GAAOPTID_pkcs11_list_privkeys 14
+#define GAAOPTID_pkcs11_list_certs 15
+#define GAAOPTID_pkcs11_export_url 16
+#define GAAOPTID_pkcs11_provider 17
+#define GAAOPTID_pkcs_cipher 18
+#define GAAOPTID_template 19
+#define GAAOPTID_infile 20
+#define GAAOPTID_outfile 21
+#define GAAOPTID_disable_quick_random 22
+#define GAAOPTID_sec_param 23
+#define GAAOPTID_bits 24
+#define GAAOPTID_outraw 25
+#define GAAOPTID_outder 26
+#define GAAOPTID_inraw 27
+#define GAAOPTID_inder 28
+#define GAAOPTID_export_ciphers 29
+#define GAAOPTID_hash 30
+#define GAAOPTID_dsa 31
+#define GAAOPTID_pkcs8 32
+#define GAAOPTID_to_p8 33
+#define GAAOPTID_to_p12 34
+#define GAAOPTID_v1 35
+#define GAAOPTID_fix_key 36
+#define GAAOPTID_pubkey_info 37
+#define GAAOPTID_pgp_key_info 38
+#define GAAOPTID_key_info 39
+#define GAAOPTID_smime_to_p7 40
+#define GAAOPTID_p7_info 41
+#define GAAOPTID_p12_info 42
+#define GAAOPTID_no_crq_extensions 43
+#define GAAOPTID_crq_info 44
+#define GAAOPTID_crl_info 45
+#define GAAOPTID_pgp_ring_info 46
+#define GAAOPTID_pgp_certificate_info 47
+#define GAAOPTID_certificate_pubkey 48
+#define GAAOPTID_certificate_info 49
+#define GAAOPTID_password 50
+#define GAAOPTID_load_ca_certificate 51
+#define GAAOPTID_load_ca_privkey 52
+#define GAAOPTID_load_certificate 53
+#define GAAOPTID_load_request 54
+#define GAAOPTID_load_pubkey 55
+#define GAAOPTID_load_privkey 56
+#define GAAOPTID_get_dh_params 57
+#define GAAOPTID_generate_dh_params 58
+#define GAAOPTID_verify_crl 59
+#define GAAOPTID_verify_chain 60
+#define GAAOPTID_generate_request 61
+#define GAAOPTID_generate_privkey 62
+#define GAAOPTID_update_certificate 63
+#define GAAOPTID_generate_crl 64
+#define GAAOPTID_generate_proxy 65
+#define GAAOPTID_generate_certificate 66
+#define GAAOPTID_generate_self_signed 67
#line 168 "gaa.skel"
#line 375 "gaa.skel"
GAA_CHECK1STR("v", GAAOPTID_version);
GAA_CHECK1STR("h", GAAOPTID_help);
+ GAA_CHECK1STR("", GAAOPTID_pkcs11_detailed_url);
GAA_CHECK1STR("", GAAOPTID_pkcs11_write_trusted);
GAA_CHECK1STR("", GAAOPTID_pkcs11_login);
GAA_CHECK1STR("", GAAOPTID_pkcs11_list_tokens);
GAA_CHECKSTR("help", GAAOPTID_help);
GAA_CHECKSTR("debug", GAAOPTID_debug);
GAA_CHECKSTR("pkcs11-delete-url", GAAOPTID_pkcs11_delete_url);
+ GAA_CHECKSTR("pkcs11-detailed-url", GAAOPTID_pkcs11_detailed_url);
GAA_CHECKSTR("pkcs11-write-trusted", GAAOPTID_pkcs11_write_trusted);
GAA_CHECKSTR("pkcs11-write-label", GAAOPTID_pkcs11_write_label);
GAA_CHECKSTR("pkcs11-write", GAAOPTID_pkcs11_write);
{
case GAAOPTID_version:
OK = 0;
-#line 170 "certtool.gaa"
+#line 173 "certtool.gaa"
{ certtool_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 168 "certtool.gaa"
+#line 171 "certtool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 166 "certtool.gaa"
+#line 169 "certtool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pkcs11_delete_url.arg1, gaa_getstr, GAATMP_pkcs11_delete_url.size1);
gaa_index++;
-#line 163 "certtool.gaa"
+#line 166 "certtool.gaa"
{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_pkcs11_delete_url.arg1; ;};
+ return GAA_OK;
+ break;
+ case GAAOPTID_pkcs11_detailed_url:
+ OK = 0;
+#line 164 "certtool.gaa"
+{ gaaval->pkcs11_detailed_url = 1; ;};
+
return GAA_OK;
break;
case GAAOPTID_pkcs11_write_trusted:
if(inited == 0)
{
-#line 172 "certtool.gaa"
+#line 175 "certtool.gaa"
{ gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL;
gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL;
gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1;
gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
- gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; gaaval->pkcs11_login = 0; ;};
+ gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; ;};
}
inited = 1;
struct _gaainfo
{
-#line 165 "certtool.gaa"
+#line 168 "certtool.gaa"
int debug;
+#line 163 "certtool.gaa"
+ int pkcs11_detailed_url;
#line 160 "certtool.gaa"
int pkcs11_trusted;
#line 157 "certtool.gaa"
generate_pkcs8 ();
break;
case ACTION_PKCS11_LIST:
- pkcs11_list(outfile, info.pkcs11_url, info.pkcs11_type, info.pkcs11_login);
+ pkcs11_list(outfile, info.pkcs11_url, info.pkcs11_type, info.pkcs11_login, info.pkcs11_detailed_url);
break;
case ACTION_PKCS11_TOKENS:
- pkcs11_token_list(outfile);
+ pkcs11_token_list(outfile, info.pkcs11_detailed_url);
break;
case ACTION_PKCS11_EXPORT_URL:
pkcs11_export(outfile, info.pkcs11_url, info.pkcs11_login);
#int pkcs11_trusted;
option (pkcs11-write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted."
+#int pkcs11_detailed_url;
+option (pkcs11-detailed-url) { $pkcs11_detailed_url = 1; } "Export detailed URLs."
+
option (pkcs11-delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL."
#int debug;
$export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1;
$privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $pkcs11_provider= NULL;
$pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL;
- $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; }
+ $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; $pkcs11_detailed_url = 0; }
obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
if (!batch) {
- pkcs11_list(outfile, url, PKCS11_TYPE_ALL, login);
+ pkcs11_list(outfile, url, PKCS11_TYPE_ALL, login, 1);
ret = read_yesno("Are you sure you want to delete those objects? (y/N): ");
if (ret == 0) {
exit(1);
/* lists certificates from a token
*/
-void pkcs11_list( FILE* outfile, const char* url, int type, unsigned int login)
+void pkcs11_list( FILE* outfile, const char* url, int type, unsigned int login, unsigned int detailed)
{
gnutls_pkcs11_obj_t *crt_list;
gnutls_x509_crt_t xcrt;
char buf[128];
size_t size;
- ret = gnutls_pkcs11_obj_export_url(crt_list[i], &output);
+ ret = gnutls_pkcs11_obj_export_url(crt_list[i], detailed, &output);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret));
exit(1);
}
-void pkcs11_token_list(FILE* outfile)
+void pkcs11_token_list(FILE* outfile, unsigned int detailed)
{
int ret;
int i;
pkcs11_common();
for (i=0;;i++) {
- ret = gnutls_pkcs11_token_get_url(i, &url);
+ ret = gnutls_pkcs11_token_get_url(i, detailed, &url);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;