Added PKCS #7 support to certtool utility.

7 files changed, 169 insertions, 53 deletions

diff --git a/NEWS b/NEWS
index fc81466b34..b5de615f49 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Version 1.1.1
+- Added PKCS #7 support to certtool utility.
+
 Version 1.1.0 (21/12/2003)
 - The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
   are no longer returned by the handshake function. Ciphersuites that
diff --git a/configure.in b/configure.in
index 2faae17509..dd5c286b9d 100644
--- a/configure.in
+++ b/configure.in
@@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name])
 dnl Gnutls Version
 GNUTLS_MAJOR_VERSION=1
 GNUTLS_MINOR_VERSION=1
-GNUTLS_MICRO_VERSION=0
+GNUTLS_MICRO_VERSION=1
 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION
 
 AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls])
@@ -30,7 +30,7 @@ AM_MAINTAINER_MODE
 dnl This is the library version
 GNUTLS_MOST_RECENT_INTERFACE=12
 GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER=$GNUTLS_MICRO_VERSION
-GNUTLS_OLDEST_INTERFACE=10
+GNUTLS_OLDEST_INTERFACE=11
 
 
 AC_SUBST(GNUTLS_MAJOR_VERSION)
diff --git a/doc/TODO b/doc/TODO
index 1772e3590a..bb36ca853f 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -12,7 +12,6 @@ Current list:
 * Add function to verify an openpgp key against a plain key.
 * Add support for extracting CRL distribution points.
 * Add support for generating CRLs.
-* Add PKCS #7 support to certtool utility.
 * Add support for TLS 1.1
 * Drop the compatibility functions.
 * Convert documentation to texinfo format
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index cad74aa731..64609465f4 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -146,6 +146,7 @@ void gaa_help(void)
 	__gaa_helpsingle('i', "certificate-info", "", "Print information on a certificate.");
 	__gaa_helpsingle('l', "crl-info", "", "Print information on a CRL.");
 	__gaa_helpsingle(0, "p12-info", "", "Print information on a PKCS #12 structure.");
+	__gaa_helpsingle(0, "p7-info", "", "Print information on a PKCS #7 structure.");
 	__gaa_helpsingle('k', "key-info", "", "Print information on a private key.");
 	__gaa_helpsingle(0, "to-p12", "", "Generate a PKCS #12 structure.");
 	__gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys.");
@@ -174,23 +175,23 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 84 "certtool.gaa"
+#line 86 "certtool.gaa"
 	int debug;
-#line 81 "certtool.gaa"
+#line 83 "certtool.gaa"
 	char *infile;
-#line 78 "certtool.gaa"
+#line 80 "certtool.gaa"
 	char *outfile;
-#line 75 "certtool.gaa"
+#line 77 "certtool.gaa"
 	int bits;
-#line 72 "certtool.gaa"
+#line 74 "certtool.gaa"
 	int outcert_format;
-#line 69 "certtool.gaa"
+#line 71 "certtool.gaa"
 	int incert_format;
-#line 66 "certtool.gaa"
+#line 68 "certtool.gaa"
 	int export;
-#line 63 "certtool.gaa"
+#line 65 "certtool.gaa"
 	int dsa;
-#line 60 "certtool.gaa"
+#line 62 "certtool.gaa"
 	int pkcs8;
 #line 47 "certtool.gaa"
 	char *pass;
@@ -260,7 +261,7 @@ int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           30
+#define GAA_NB_OPTION           31
 #define GAAOPTID_copyright	1
 #define GAAOPTID_version	2
 #define GAAOPTID_help	3
@@ -275,22 +276,23 @@ int gaa_error = 0;
 #define GAAOPTID_pkcs8	12
 #define GAAOPTID_to_p12	13
 #define GAAOPTID_key_info	14
-#define GAAOPTID_p12_info	15
-#define GAAOPTID_crl_info	16
-#define GAAOPTID_certificate_info	17
-#define GAAOPTID_password	18
-#define GAAOPTID_load_ca_certificate	19
-#define GAAOPTID_load_ca_privkey	20
-#define GAAOPTID_load_certificate	21
-#define GAAOPTID_load_request	22
-#define GAAOPTID_load_privkey	23
-#define GAAOPTID_generate_dh_params	24
-#define GAAOPTID_verify_chain	25
-#define GAAOPTID_generate_request	26
-#define GAAOPTID_generate_privkey	27
-#define GAAOPTID_update_certificate	28
-#define GAAOPTID_generate_certificate	29
-#define GAAOPTID_generate_self_signed	30
+#define GAAOPTID_p7_info	15
+#define GAAOPTID_p12_info	16
+#define GAAOPTID_crl_info	17
+#define GAAOPTID_certificate_info	18
+#define GAAOPTID_password	19
+#define GAAOPTID_load_ca_certificate	20
+#define GAAOPTID_load_ca_privkey	21
+#define GAAOPTID_load_certificate	22
+#define GAAOPTID_load_request	23
+#define GAAOPTID_load_privkey	24
+#define GAAOPTID_generate_dh_params	25
+#define GAAOPTID_verify_chain	26
+#define GAAOPTID_generate_request	27
+#define GAAOPTID_generate_privkey	28
+#define GAAOPTID_update_certificate	29
+#define GAAOPTID_generate_certificate	30
+#define GAAOPTID_generate_self_signed	31
 
 #line 168 "gaa.skel"
 
@@ -588,6 +590,7 @@ int gaa_get_option_num(char *str, int status)
 			GAA_CHECK1STR("8", GAAOPTID_pkcs8);
 			GAA_CHECK1STR("", GAAOPTID_to_p12);
 			GAA_CHECK1STR("k", GAAOPTID_key_info);
+			GAA_CHECK1STR("", GAAOPTID_p7_info);
 			GAA_CHECK1STR("", GAAOPTID_p12_info);
 			GAA_CHECK1STR("l", GAAOPTID_crl_info);
 			GAA_CHECK1STR("i", GAAOPTID_certificate_info);
@@ -616,6 +619,7 @@ int gaa_get_option_num(char *str, int status)
 			GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8);
 			GAA_CHECKSTR("to-p12", GAAOPTID_to_p12);
 			GAA_CHECKSTR("key-info", GAAOPTID_key_info);
+			GAA_CHECKSTR("p7-info", GAAOPTID_p7_info);
 			GAA_CHECKSTR("p12-info", GAAOPTID_p12_info);
 			GAA_CHECKSTR("crl-info", GAAOPTID_crl_info);
 			GAA_CHECKSTR("certificate-info", GAAOPTID_certificate_info);
@@ -676,21 +680,21 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
 	case GAAOPTID_copyright:
 	OK = 0;
-#line 90 "certtool.gaa"
+#line 92 "certtool.gaa"
 { print_license(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_version:
 	OK = 0;
-#line 89 "certtool.gaa"
+#line 91 "certtool.gaa"
 { certtool_version(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_help:
 	OK = 0;
-#line 87 "certtool.gaa"
+#line 89 "certtool.gaa"
 { gaa_help(); exit(0); ;};
 
 		return GAA_OK;
@@ -700,7 +704,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
 		gaa_index++;
-#line 85 "certtool.gaa"
+#line 87 "certtool.gaa"
 { gaaval->debug = GAATMP_debug.arg1 ;};
 
 		return GAA_OK;
@@ -710,7 +714,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
 		gaa_index++;
-#line 82 "certtool.gaa"
+#line 84 "certtool.gaa"
 { gaaval->infile = GAATMP_infile.arg1 ;};
 
 		return GAA_OK;
@@ -720,7 +724,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
 		gaa_index++;
-#line 79 "certtool.gaa"
+#line 81 "certtool.gaa"
 { gaaval->outfile = GAATMP_outfile.arg1 ;};
 
 		return GAA_OK;
@@ -730,60 +734,67 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
 		gaa_index++;
-#line 76 "certtool.gaa"
+#line 78 "certtool.gaa"
 { gaaval->bits = GAATMP_bits.arg1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_outder:
 	OK = 0;
-#line 73 "certtool.gaa"
+#line 75 "certtool.gaa"
 { gaaval->outcert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_inder:
 	OK = 0;
-#line 70 "certtool.gaa"
+#line 72 "certtool.gaa"
 { gaaval->incert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_export_ciphers:
 	OK = 0;
-#line 67 "certtool.gaa"
+#line 69 "certtool.gaa"
 { gaaval->export=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_dsa:
 	OK = 0;
-#line 64 "certtool.gaa"
+#line 66 "certtool.gaa"
 { gaaval->dsa=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_pkcs8:
 	OK = 0;
-#line 61 "certtool.gaa"
+#line 63 "certtool.gaa"
 { gaaval->pkcs8=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_to_p12:
 	OK = 0;
-#line 58 "certtool.gaa"
+#line 60 "certtool.gaa"
 { gaaval->action = 8; ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_key_info:
 	OK = 0;
-#line 56 "certtool.gaa"
+#line 58 "certtool.gaa"
 { gaaval->action = 6; ;};
 
 		return GAA_OK;
 		break;
+	case GAAOPTID_p7_info:
+	OK = 0;
+#line 56 "certtool.gaa"
+{ gaaval->action = 12; ;};
+
+		return GAA_OK;
+		break;
 	case GAAOPTID_p12_info:
 	OK = 0;
 #line 54 "certtool.gaa"
@@ -938,7 +949,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 92 "certtool.gaa"
+#line 94 "certtool.gaa"
 { gaaval->bits = 1024; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; 
 	gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; 
 	gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; 
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index 8d353e49dc..9a289ed0ee 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,23 +8,23 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 84 "certtool.gaa"
+#line 86 "certtool.gaa"
 	int debug;
-#line 81 "certtool.gaa"
+#line 83 "certtool.gaa"
 	char *infile;
-#line 78 "certtool.gaa"
+#line 80 "certtool.gaa"
 	char *outfile;
-#line 75 "certtool.gaa"
+#line 77 "certtool.gaa"
 	int bits;
-#line 72 "certtool.gaa"
+#line 74 "certtool.gaa"
 	int outcert_format;
-#line 69 "certtool.gaa"
+#line 71 "certtool.gaa"
 	int incert_format;
-#line 66 "certtool.gaa"
+#line 68 "certtool.gaa"
 	int export;
-#line 63 "certtool.gaa"
+#line 65 "certtool.gaa"
 	int dsa;
-#line 60 "certtool.gaa"
+#line 62 "certtool.gaa"
 	int pkcs8;
 #line 47 "certtool.gaa"
 	char *pass;
diff --git a/src/certtool.c b/src/certtool.c
index 60c4b4d451..9fdc2663b9 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -33,6 +33,7 @@
 #include <unistd.h>
 
 int generate_prime(int bits);
+void pkcs7_info( void);
 void pkcs12_info( void);
 void generate_pkcs12( void);
 void verify_chain(void);
@@ -659,6 +660,9 @@ int ret;
 		case 11:
 			crl_info();
 			break;
+		case 12:
+			pkcs7_info();
+			break;
 		default:
 			fprintf(stderr, "GnuTLS' certtool utility.\n");
 			fprintf(stderr, "Please use the --help to get help on this program.\n");
@@ -2113,6 +2117,103 @@ void pkcs12_info( void)
 	
 }
 
+void pkcs7_info( void)
+{
+	gnutls_pkcs7 pkcs7;
+	int result;
+	size_t size;
+	gnutls_datum data, b64;
+	int index, count;
+	
+	size = fread( buffer, 1, sizeof(buffer)-1, infile);
+	buffer[size] = 0;
+	
+	data.data = buffer;
+	data.size = size;
+
+	result = gnutls_pkcs7_init(&pkcs7);
+	if (result < 0) {
+		fprintf(stderr, "p7_init: %s\n", gnutls_strerror(result));
+		exit(1);
+	}
+
+	result = gnutls_pkcs7_import( pkcs7, &data, in_cert_format);
+	if (result < 0) {
+		fprintf(stderr, "p7_import: %s\n", gnutls_strerror(result));
+		exit(1);
+	}
+
+	/* Read and print the certificates.
+	 */
+	result = gnutls_pkcs7_get_crt_count( pkcs7);
+	if (result < 0) {
+		fprintf(stderr, "p7_count: %s\n", gnutls_strerror(result));
+		exit(1);
+	}
+	
+	count = result;
+	
+	if (count > 0)
+		fprintf(outfile, "Certificates: %u\n", count);
+	
+	for (index = 0;index < count;index++) {
+		size = sizeof(buffer);
+		result = gnutls_pkcs7_get_crt_raw( pkcs7, index, buffer, &size);
+		if (result < 0) {
+			break;
+		}
+
+		data.data = buffer;
+		data.size = size;
+
+		result = gnutls_pem_base64_encode_alloc( "CERTIFICATE", &data, &b64);
+		if (result < 0) {
+			fprintf(stderr, "error encoding: %s\n", gnutls_strerror(result));
+			exit(1);
+		}
+		
+		fputs( b64.data, outfile);
+		fputs( "\n", outfile);
+		gnutls_free( b64.data);
+	}
+
+	/* Read the CRLs now.
+	 */
+	result = gnutls_pkcs7_get_crl_count( pkcs7);
+	if (result < 0) {
+		fprintf(stderr, "p7_count: %s\n", gnutls_strerror(result));
+		exit(1);
+	}
+	
+	count = result;
+	
+	if (count > 0)
+		fprintf(outfile, "\nCRLs: %u\n", count);
+	
+	for (index = 0;index < count;index++) {
+		size = sizeof(buffer);
+		result = gnutls_pkcs7_get_crl_raw( pkcs7, index, buffer, &size);
+		if (result < 0) {
+			break;
+		}
+
+		data.data = buffer;
+		data.size = size;
+
+		result = gnutls_pem_base64_encode_alloc( "X509 CRL", &data, &b64);
+		if (result < 0) {
+			fprintf(stderr, "error encoding: %s\n", gnutls_strerror(result));
+			exit(1);
+		}
+		
+		fputs( b64.data, outfile);
+		fputs( "\n", outfile);
+		gnutls_free( b64.data);
+	}
+
+	
+}
+
 #else /* ENABLE_PKI */
 
 #include <stdio.h>
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 79a192b0ab..67176fe6ff 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -53,6 +53,8 @@ option (l, crl-info) { $action = 11; } "Print information on a CRL."
 
 option (p12-info) { $action = 9; } "Print information on a PKCS #12 structure."
 
+option (p7-info) { $action = 12; } "Print information on a PKCS #7 structure."
+
 option (k, key-info) { $action = 6; } "Print information on a private key."
 
 option (to-p12) { $action = 8; } "Generate a PKCS #12 structure."