certtool: allow specifying the friendly name on the command line and use the load...

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 26 Jun 2014 07:30:32 +0000 (09:30 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 26 Jun 2014 07:47:27 +0000 (09:47 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 26 Jun 2014 07:30:32 +0000 (09:30 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 26 Jun 2014 07:47:27 +0000 (09:47 +0200)
diff --git a/src/certtool-args.def b/src/certtool-args.def

index f7969bc50da4ba8e75cba2383969c10d6ed353f1..903830e69510ffa46f6b8593958048eb73d13935 100644 (file)
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -226,6 +226,13 @@ flag = {
      doc       = "";
  };
  
+flag = {
+    name      = p12-name;
+    arg-type  = string;
+    descrip   = "The PKCS #12 friendly name to use";
+    doc = "The name to be used for the primary certificate and private key in a PKCS #12 file.";
+};
+
  flag = {
      name      = p7-info;
      descrip   = "Print information on a PKCS #7 structure";
diff --git a/src/certtool-common.c b/src/certtool-common.c

index aa27f2590e065a068e3dcb4314d2af8da231d247..ece0652c55bed9a45e929975e5d8187ef99f37f5 100644 (file)
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -515,13 +515,17 @@ gnutls_privkey_t load_ca_private_key(common_info_st * info)
  
  /* Loads the CA's certificate
   */
-gnutls_x509_crt_t load_ca_cert(common_info_st * info)
+gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info)
  {
         gnutls_x509_crt_t crt;
         int ret;
         gnutls_datum_t dat;
         size_t size;
  
+       if (mand == 0 && info->ca == NULL) {
+               return NULL;
+       }
+
         if (info->ca == NULL) {
                 fprintf(stderr, "missing --load-ca-certificate\n");
                 exit(1);
@@ -537,7 +541,7 @@ gnutls_x509_crt_t load_ca_cert(common_info_st * info)
         dat.size = size;
  
         if (!dat.data) {
-               fprintf(stderr, "reading --load-ca-certificate: %s\n",
+               fprintf(stderr, "error reading --load-ca-certificate: %s\n",
                         info->ca);
                 exit(1);
         }
diff --git a/src/certtool-common.h b/src/certtool-common.h

index 2a9965da754d7e509aab4b3eebaa69382f228304..c347d2740068678e2bb845ddc170e835ad75c156 100644 (file)
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -68,7 +68,7 @@ gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
                                          common_info_st * info);
  gnutls_x509_crq_t load_request(common_info_st * info);
  gnutls_privkey_t load_ca_private_key(common_info_st * info);
-gnutls_x509_crt_t load_ca_cert(common_info_st * info);
+gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info);
  gnutls_x509_crt_t load_cert(int mand, common_info_st * info);
  gnutls_datum_t *load_secret_key(int mand, common_info_st * info);
  gnutls_pubkey_t load_pubkey(int mand, common_info_st * info);
diff --git a/src/certtool.c b/src/certtool.c

index ad5f8dde44e92777fb8f29d90cfa0fada15d0000..a3aeab58c5ae4bd6e10b4b5c302afdcadef94898 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -808,7 +808,7 @@ static void generate_signed_certificate(common_info_st * cinfo)
         fprintf(stdlog, "Generating a signed certificate...\n");
  
         ca_key = load_ca_private_key(cinfo);
-       ca_crt = load_ca_cert(cinfo);
+       ca_crt = load_ca_cert(1, cinfo);
  
         crt = generate_certificate(&key, ca_crt, 0, cinfo);
  
@@ -897,7 +897,7 @@ static void generate_signed_crl(common_info_st * cinfo)
         fprintf(stdlog, "Generating a signed CRL...\n");
  
         ca_key = load_ca_private_key(cinfo);
-       ca_crt = load_ca_cert(cinfo);
+       ca_crt = load_ca_cert(1, cinfo);
         crl = generate_crl(ca_crt, cinfo);
  
         fprintf(stdlog, "\n");
@@ -928,7 +928,7 @@ static void update_signed_certificate(common_info_st * cinfo)
         fprintf(stdlog, "Generating a signed certificate...\n");
  
         ca_key = load_ca_private_key(cinfo);
-       ca_crt = load_ca_cert(cinfo);
+       ca_crt = load_ca_cert(1, cinfo);
         crt = load_cert(1, cinfo);
  
         fprintf(stderr, "Activation/Expiration time.\n");
@@ -2488,7 +2488,7 @@ void verify_crl(common_info_st * cinfo)
         gnutls_x509_crl_t crl;
         gnutls_x509_crt_t issuer;
  
-       issuer = load_ca_cert(cinfo);
+       issuer = load_ca_cert(1, cinfo);
  
         fprintf(outfile, "\nCA certificate:\n");
  
@@ -2588,7 +2588,7 @@ void generate_pkcs8(common_info_st * cinfo)
  void generate_pkcs12(common_info_st * cinfo)
  {
         gnutls_pkcs12_t pkcs12;
-       gnutls_x509_crt_t *crts;
+       gnutls_x509_crt_t *crts, ca_crt;
         gnutls_x509_privkey_t *keys;
         int result;
         size_t size;
@@ -2606,8 +2606,13 @@ void generate_pkcs12(common_info_st * cinfo)
  
         keys = load_privkey_list(0, &nkeys, cinfo);
         crts = load_cert_list(0, &ncrts, cinfo);
+       ca_crt = load_ca_cert(0, cinfo);
  
-       name = get_pkcs12_key_name();
+       if (HAVE_OPT(P12_NAME)) {
+               name = OPT_ARG(P12_NAME);
+       } else {
+               name = get_pkcs12_key_name();
+       }
  
         result = gnutls_pkcs12_init(&pkcs12);
         if (result < 0) {
@@ -2684,6 +2689,39 @@ void generate_pkcs12(common_info_st * cinfo)
                 }
         }
  
+       /* Add the ca cert, if any */
+       if (ca_crt) {
+               gnutls_pkcs12_bag_t bag;
+
+               result = gnutls_pkcs12_bag_init(&bag);
+               if (result < 0) {
+                       fprintf(stderr, "bag_init: %s\n",
+                               gnutls_strerror(result));
+                       exit(1);
+               }
+
+               result = gnutls_pkcs12_bag_set_crt(bag, ca_crt);
+               if (result < 0) {
+                       fprintf(stderr, "set_crt[%d]: %s\n", i,
+                               gnutls_strerror(result));
+                       exit(1);
+               }
+
+               result = gnutls_pkcs12_bag_encrypt(bag, pass, flags);
+               if (result < 0) {
+                       fprintf(stderr, "bag_encrypt: %s\n",
+                               gnutls_strerror(result));
+                       exit(1);
+               }
+
+               result = gnutls_pkcs12_set_bag(pkcs12, bag);
+               if (result < 0) {
+                       fprintf(stderr, "set_bag: %s\n",
+                               gnutls_strerror(result));
+                       exit(1);
+               }
+       }
+
         for (i = 0; i < nkeys; i++) {
                 gnutls_pkcs12_bag_t kbag;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 26 Jun 2014 07:30:32 +0000 (09:30 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 26 Jun 2014 07:47:27 +0000 (09:47 +0200)
src/certtool-args.def		patch \| blob \| blame \| history
src/certtool-common.c		patch \| blob \| blame \| history
src/certtool-common.h		patch \| blob \| blame \| history
src/certtool.c		patch \| blob \| blame \| history