diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-15 10:53:00 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-15 10:53:00 +0000 |
| commit | cdbfb60fb5011fc45d2f6176c11bc3adcbd70b7a (patch) | |
| tree | 84aef70c0f96a79812af4653d2520a91a5a426d6 | |
| parent | b54272bf973a0932f370fa88ec8ce094f77c1520 (diff) | |
| download | gnutls-cdbfb60fb5011fc45d2f6176c11bc3adcbd70b7a.tar.gz | |
some cleanups in the parsing code.
| -rw-r--r-- | src/certtool-cfg.c | 624 | ||||
| -rw-r--r-- | src/certtool-cfg.h | 47 | ||||
| -rw-r--r-- | src/certtool.c | 523 |
3 files changed, 635 insertions, 559 deletions
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index 843ad687f3..20b567e26a 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -20,18 +20,52 @@ #include <stdio.h> #include <stdlib.h> - +#include <certtool-cfg.h> +#include <getpass.h> #include <cfg+.h> +#include <gnutls/x509.h> +#include <string.h> + +extern int batch; + +typedef struct _cfg_ctx +{ + char *organization; + char *unit; + char *locality; + char *state; + char *cn; + char *challenge_password; + char *pkcs9_email; + char *country; + char *dns_name; + char *email; + char *crl_dist_points; + char *password; + char *pkcs12_key_name; + int serial; + int expiration_days; + int ca; + int tls_www_client; + int tls_www_server; + int signing_key; + int encryption_key; + int cert_sign_key; + int crl_sign_key; + int code_sign_key; + int ocsp_sign_key; + int time_stamping_key; + int crl_next_update; +} cfg_ctx; -char *organization = NULL, *unit = NULL, *locality = NULL, *state = NULL; -char *cn = NULL, *challenge_password = NULL, *pkcs9_email = NULL, *country = NULL; -char *dns_name = NULL, *email = NULL, *crl_dist_points = NULL, *password= NULL; -char *pkcs12_key_name = NULL; -int serial = 0, expiration_days=0, ca=0, tls_www_client=0, tls_www_server=0, signing_key=0; -int encryption_key=0, cert_sign_key=0, crl_sign_key=0, code_sign_key=0, ocsp_sign_key=0; -int time_stamping_key=0, crl_next_update=0; +cfg_ctx cfg; + +void cfg_init(void) +{ + memset( &cfg, 0, sizeof(cfg)); +} -int parse_template(const char *template) +int template_parse(const char *template) { /* libcfg+ parsing context */ CFG_CONTEXT con; @@ -43,35 +77,35 @@ int parse_template(const char *template) /* Option set */ struct cfg_option options[] = { - {NULL, '\0', "organization", CFG_STR, (void *) &organization, 0}, - {NULL, '\0', "unit", CFG_STR, (void *) &unit, 0}, - {NULL, '\0', "locality", CFG_STR, (void *) &locality, 0}, - {NULL, '\0', "state", CFG_STR, (void *) &state, 0}, - {NULL, '\0', "cn", CFG_STR, (void *) &cn, 0}, - {NULL, '\0', "challenge_password", CFG_STR, (void *) &challenge_password, 0}, - {NULL, '\0', "password", CFG_STR, (void *) &password, 0}, - {NULL, '\0', "pkcs9_email", CFG_STR, (void *) &pkcs9_email, 0}, - {NULL, '\0', "country", CFG_STR, (void *) &country, 0}, - {NULL, '\0', "dns_name", CFG_STR, (void *) &dns_name, 0}, - {NULL, '\0', "email", CFG_STR, (void *) &email, 0}, - {NULL, '\0', "crl_dist_points", CFG_STR, (void *) &crl_dist_points, 0}, - {NULL, '\0', "pkcs12_key_name", CFG_STR, (void *) &pkcs12_key_name, 0}, - - {NULL, '\0', "serial", CFG_INT, (void *) &serial, 0}, - {NULL, '\0', "expiration_days", CFG_INT, (void *) &expiration_days, 0}, - - {NULL, '\0', "crl_next_update", CFG_INT, (void *) &crl_next_update, 0}, - - {NULL, '\0', "ca", CFG_BOOL, (void *) &ca, 0}, - {NULL, '\0', "tls_www_client", CFG_BOOL, (void *) &tls_www_client, 0}, - {NULL, '\0', "tls_www_server", CFG_BOOL, (void *) &tls_www_server, 0}, - {NULL, '\0', "signing_key", CFG_BOOL, (void *) &signing_key, 0}, - {NULL, '\0', "encryption_key", CFG_BOOL, (void *) &encryption_key, 0}, - {NULL, '\0', "cert_signing_key", CFG_BOOL, (void *) &cert_sign_key, 0}, - {NULL, '\0', "crl_signing_key", CFG_BOOL, (void *) &crl_sign_key, 0}, - {NULL, '\0', "code_signing_key", CFG_BOOL, (void *) &code_sign_key, 0}, - {NULL, '\0', "ocsp_signing_key", CFG_BOOL, (void *) &ocsp_sign_key, 0}, - {NULL, '\0', "time_stamping_key", CFG_BOOL, (void *) &time_stamping_key, 0}, + {NULL, '\0', "organization", CFG_STR, (void *) &cfg.organization, 0}, + {NULL, '\0', "unit", CFG_STR, (void *) &cfg.unit, 0}, + {NULL, '\0', "locality", CFG_STR, (void *) &cfg.locality, 0}, + {NULL, '\0', "state", CFG_STR, (void *) &cfg.state, 0}, + {NULL, '\0', "cn", CFG_STR, (void *) &cfg.cn, 0}, + {NULL, '\0', "challenge_password", CFG_STR, (void *) &cfg.challenge_password, 0}, + {NULL, '\0', "password", CFG_STR, (void *) &cfg.password, 0}, + {NULL, '\0', "pkcs9_email", CFG_STR, (void *) &cfg.pkcs9_email, 0}, + {NULL, '\0', "country", CFG_STR, (void *) &cfg.country, 0}, + {NULL, '\0', "dns_name", CFG_STR, (void *) &cfg.dns_name, 0}, + {NULL, '\0', "email", CFG_STR, (void *) &cfg.email, 0}, + {NULL, '\0', "crl_dist_points", CFG_STR, (void *) &cfg.crl_dist_points, 0}, + {NULL, '\0', "pkcs12_key_name", CFG_STR, (void *) &cfg.pkcs12_key_name, 0}, + + {NULL, '\0', "serial", CFG_INT, (void *) &cfg.serial, 0}, + {NULL, '\0', "expiration_days", CFG_INT, (void *) &cfg.expiration_days, 0}, + + {NULL, '\0', "crl_next_update", CFG_INT, (void *) &cfg.crl_next_update, 0}, + + {NULL, '\0', "ca", CFG_BOOL, (void *) &cfg.ca, 0}, + {NULL, '\0', "tls_www_client", CFG_BOOL, (void *) &cfg.tls_www_client, 0}, + {NULL, '\0', "tls_www_server", CFG_BOOL, (void *) &cfg.tls_www_server, 0}, + {NULL, '\0', "signing_key", CFG_BOOL, (void *) &cfg.signing_key, 0}, + {NULL, '\0', "encryption_key", CFG_BOOL, (void *) &cfg.encryption_key, 0}, + {NULL, '\0', "cert_signing_key", CFG_BOOL, (void *) &cfg.cert_sign_key, 0}, + {NULL, '\0', "crl_signing_key", CFG_BOOL, (void *) &cfg.crl_sign_key, 0}, + {NULL, '\0', "code_signing_key", CFG_BOOL, (void *) &cfg.code_sign_key, 0}, + {NULL, '\0', "ocsp_signing_key", CFG_BOOL, (void *) &cfg.ocsp_sign_key, 0}, + {NULL, '\0', "time_stamping_key", CFG_BOOL, (void *) &cfg.time_stamping_key, 0}, CFG_END_OF_LIST }; @@ -96,3 +130,517 @@ int parse_template(const char *template) return 0; } + +void read_crt_set( gnutls_x509_crt crt, const char* input_str, const char* oid) +{ +char input[128]; +int ret; + + fputs( input_str, stderr); + fgets( input, sizeof(input), stdin); + + if (strlen(input)==1) /* only newline */ return; + + ret = gnutls_x509_crt_set_dn_by_oid(crt, oid, 0, input, strlen(input)-1); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } +} + +void read_crq_set( gnutls_x509_crq crq, const char* input_str, const char* oid) +{ +char input[128]; +int ret; + + fputs( input_str, stderr); + fgets( input, sizeof(input), stdin); + + if (strlen(input)==1) /* only newline */ return; + + ret = gnutls_x509_crq_set_dn_by_oid(crq, oid, 0, input, strlen(input)-1); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } +} + +int read_int( const char* input_str) +{ +char input[128]; + + fputs( input_str, stderr); + fgets( input, sizeof(input), stdin); + + if (strlen(input)==1) /* only newline */ return 0; + + return atoi(input); +} + +const char* read_str( const char* input_str) +{ +static char input[128]; +int len; + + fputs( input_str, stderr); + if (fgets( input, sizeof(input), stdin) == NULL) return NULL; + + len = strlen(input); + if ( (len > 0) && (input[len-1] == '\n') ) input[len-1] = 0; + if (input[0] == 0) return NULL; + + return input; +} + +int read_yesno( const char* input_str) +{ +char input[128]; + + fputs( input_str, stderr); + fgets( input, sizeof(input), stdin); + + if (strlen(input)==1) /* only newline */ return 0; + + if (input[0] == 'y' || input[0] == 'Y') return 1; + + return 0; +} + + +/* Wrapper functions for non-interactive mode. + */ +const char* get_pass(void) +{ + if (batch) + return cfg.password; + else + return read_pass("Enter password: "); +} + +const char* get_challenge_pass(void) +{ + if (batch) + return cfg.challenge_password; + else + return read_pass("Enter a challenge password: "); +} + +const char* get_crl_dist_point_url(void) +{ + if (batch) + return cfg.crl_dist_points; + else + return read_str( "Enter the URI of the CRL distribution point: "); +} + +void get_country_crt_set( gnutls_x509_crt crt) +{ +int ret; + + if (batch) { + if (!cfg.country) return; + ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0, + cfg.country, strlen(cfg.country)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crt_set( crt, "Country name (2 chars): ", GNUTLS_OID_X520_COUNTRY_NAME); + } + +} + +void get_organization_crt_set( gnutls_x509_crt crt) +{ +int ret; + + if (batch) { + if (!cfg.organization) return; + + ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, + cfg.organization, strlen(cfg.organization)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crt_set( crt, "Organization name: ", GNUTLS_OID_X520_ORGANIZATION_NAME); + } + +} + +void get_unit_crt_set( gnutls_x509_crt crt) +{ +int ret; + + if (batch) { + if (!cfg.unit) return; + + ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, + cfg.unit, strlen(cfg.unit)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crt_set( crt, "Organizational unit name: ", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); + } + +} + +void get_state_crt_set( gnutls_x509_crt crt) +{ +int ret; + + if (batch) { + if (!cfg.state) return; + ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, + cfg.state, strlen(cfg.state)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crt_set( crt, "State or province name: ", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); + } + +} + +void get_locality_crt_set( gnutls_x509_crt crt) +{ +int ret; + + if (batch) { + if (!cfg.locality) return; + ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_LOCALITY_NAME, 0, + cfg.locality, strlen(cfg.locality)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crt_set( crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME); + } + +} + +void get_cn_crt_set( gnutls_x509_crt crt) +{ +int ret; + + if (batch) { + if (!cfg.cn) return; + ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0, + cfg.cn, strlen(cfg.cn)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crt_set( crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME); + } + +} + +void get_pkcs9_email_crt_set( gnutls_x509_crt crt) +{ +int ret; + + if (batch) { + if (!cfg.pkcs9_email) return; + ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_PKCS9_EMAIL, 0, + cfg.pkcs9_email, strlen(cfg.pkcs9_email)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crt_set( crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL); + } + +} + +int get_serial( void) +{ + if (batch) { + if (cfg.serial < 0) return 0; + return cfg.serial; + } else { + return read_int( "Enter the certificate's serial number (decimal): "); + } +} + +int get_days( void) +{ +int days; + + if (batch) { + if (cfg.expiration_days <= 0) return 365; + else return cfg.expiration_days; + } else { + do { + days = read_int( "The certificate will expire in (days): "); + } while( days==0); + return days; + } +} + +int get_ca_status( void) +{ + if (batch) { + return cfg.ca; + } else { + return read_yesno( "Does the certificate belong to an authority? (Y/N): "); + } +} + +const char* get_pkcs12_key_name( void) +{ +const char* name; + + if (batch) { + if (!cfg.pkcs12_key_name) return "Anonymous"; + return cfg.pkcs12_key_name; + } else { + do { + name = read_str("Enter a name for the key: "); + } while( name == NULL); + } + return name; +} + +int get_tls_client_status( void) +{ + if (batch) { + return cfg.tls_www_client; + } else { + return read_yesno( "Is this a TLS web client certificate? (Y/N): "); + } +} + +int get_tls_server_status( void) +{ + if (batch) { + return cfg.tls_www_server; + } else { + return read_yesno( "Is this also a TLS web server certificate? (Y/N): "); + } +} + +const char* get_dns_name( void) +{ + if (batch) { + return cfg.dns_name; + } else { + return read_str( "Enter the dnsName of the subject of the certificate: "); + } +} + +const char* get_email( void) +{ + if (batch) { + return cfg.email; + } else { + return read_str( "Enter the e-mail of the subject of the certificate: "); + } +} + +int get_sign_status( int server) +{ +const char* msg; + + if (batch) { + return cfg.signing_key; + } else { + if (server) msg = "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/N): "; + else msg = "Will the certificate be used for signing (required for TLS)? (Y/N): "; + return read_yesno( msg); + } +} + +int get_encrypt_status( int server) +{ +const char* msg; + + if (batch) { + return cfg.encryption_key; + } else { + if (server) msg = "Will the certificate be used for encryption (RSA ciphersuites)? (Y/N): "; + else msg = "Will the certificate be used for encryption (not required for TLS)? (Y/N): "; + return read_yesno( msg); + } +} + +int get_cert_sign_status(void) +{ + if (batch) { + return cfg.cert_sign_key; + } else { + return read_yesno( "Will the certificate be used to sign other certificates? (Y/N): "); + } +} + +int get_crl_sign_status(void) +{ + if (batch) { + return cfg.crl_sign_key; + } else { + return read_yesno( "Will the certificate be used to sign CRLs? (Y/N): "); + } +} + +int get_code_sign_status(void) +{ + if (batch) { + return cfg.code_sign_key; + } else { + return read_yesno( "Will the certificate be used to sign code? (Y/N): "); + } +} + +int get_ocsp_sign_status(void) +{ + if (batch) { + return cfg.ocsp_sign_key; + } else { + return read_yesno( "Will the certificate be used to sign OCSP requests? (Y/N): "); + } +} + +int get_time_stamp_status( void) +{ + if (batch) { + return cfg.time_stamping_key; + } else { + return read_yesno( "Will the certificate be used for time stamping? (Y/N): "); + } +} + +int get_crl_next_update( void) +{ +int days; + + if (batch) { + if (cfg.crl_next_update <= 0) return 365; + else return cfg.crl_next_update; + } else { + do { + days = read_int( "The next CRL will be issued in (days): "); + } while( days==0); + return days; + } +} + +/* CRQ stuff. + */ +void get_country_crq_set( gnutls_x509_crq crq) +{ +int ret; + + if (batch) { + if (!cfg.country) return; + ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME, 0, + cfg.country, strlen(cfg.country)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crq_set( crq, "Country name (2 chars): ", GNUTLS_OID_X520_COUNTRY_NAME); + } + +} + +void get_organization_crq_set( gnutls_x509_crq crq) +{ +int ret; + + if (batch) { + if (!cfg.organization) return; + + ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, + cfg.organization, strlen(cfg.organization)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crq_set( crq, "Organization name: ", GNUTLS_OID_X520_ORGANIZATION_NAME); + } + +} + +void get_unit_crq_set( gnutls_x509_crq crq) +{ +int ret; + + if (batch) { + if (!cfg.unit) return; + + ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, + cfg.unit, strlen(cfg.unit)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crq_set( crq, "Organizational unit name: ", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); + } + +} + +void get_state_crq_set( gnutls_x509_crq crq) +{ +int ret; + + if (batch) { + if (!cfg.state) return; + ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, + cfg.state, strlen(cfg.state)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crq_set( crq, "State or province name: ", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); + } + +} + +void get_locality_crq_set( gnutls_x509_crq crq) +{ +int ret; + + if (batch) { + if (!cfg.locality) return; + ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_LOCALITY_NAME, 0, + cfg.locality, strlen(cfg.locality)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crq_set( crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME); + } + +} + +void get_cn_crq_set( gnutls_x509_crq crq) +{ +int ret; + + if (batch) { + if (!cfg.cn) return; + ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, 0, + cfg.cn, strlen(cfg.cn)); + if (ret < 0) { + fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + read_crq_set( crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME); + } + +} + diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 168c9bf926..a5c34e5eb5 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -1,3 +1,5 @@ +#include <gnutls/x509.h> + extern char *organization, *unit, *locality, *state; extern char *cn, *challenge_password, *password, *pkcs9_email, *country; extern char *dns_name, *email, *crl_dist_points, *pkcs12_key_name; @@ -5,4 +7,47 @@ extern int serial, expiration_days, ca, tls_www_client, tls_www_server, signing_ extern int encryption_key, cert_sign_key, crl_sign_key, code_sign_key, ocsp_sign_key; extern int time_stamping_key, crl_next_update; -int parse_template(const char *template); +void cfg_init( void); +int template_parse(const char *template); + +void read_crt_set( gnutls_x509_crt crt, const char* input_str, const char* oid); +void read_crq_set( gnutls_x509_crq crq, const char* input_str, const char* oid); +int read_int( const char* input_str); +const char* read_str( const char* input_str); +int read_yesno( const char* input_str); + +const char* get_pass(void); +const char* get_challenge_pass(void); +const char* get_crl_dist_point_url(void); +void get_country_crt_set( gnutls_x509_crt crt); +void get_organization_crt_set( gnutls_x509_crt crt); +void get_unit_crt_set( gnutls_x509_crt crt); +void get_state_crt_set( gnutls_x509_crt crt); +void get_locality_crt_set( gnutls_x509_crt crt); +void get_cn_crt_set( gnutls_x509_crt crt); +void get_pkcs9_email_crt_set( gnutls_x509_crt crt); +int get_serial( void); +int get_days( void); +int get_ca_status( void); +const char* get_pkcs12_key_name( void); +int get_tls_client_status( void); +int get_tls_server_status( void); +int get_crl_next_update( void); +int get_time_stamp_status( void); +int get_ocsp_sign_status(void); +int get_code_sign_status(void); +int get_crl_sign_status(void); +int get_cert_sign_status(void); +int get_encrypt_status( int server); +int get_sign_status( int server); +const char* get_email( void); +const char* get_dns_name( void); + + +void get_cn_crq_set( gnutls_x509_crq crq); +void get_locality_crq_set( gnutls_x509_crq crq); +void get_state_crq_set( gnutls_x509_crq crq); +void get_unit_crq_set( gnutls_x509_crq crq); +void get_organization_crq_set( gnutls_x509_crq crq); +void get_country_crq_set( gnutls_x509_crq crq); + diff --git a/src/certtool.c b/src/certtool.c index 29efbec078..2017c3b5ab 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -64,7 +64,7 @@ static int out_cert_format; /* non interactive operation if set */ -static int batch; +int batch; unsigned char buffer[50*1024]; const int buffer_size = sizeof(buffer); @@ -76,6 +76,7 @@ static void tls_log_func( int level, const char* str) int main(int argc, char** argv) { + cfg_init(); gaa_parser(argc, argv); return 0; @@ -83,81 +84,6 @@ int main(int argc, char** argv) -static void read_crt_set( gnutls_x509_crt crt, const char* input_str, const char* oid) -{ -char input[128]; -int ret; - - fputs( input_str, stderr); - fgets( input, sizeof(input), stdin); - - if (strlen(input)==1) /* only newline */ return; - - ret = gnutls_x509_crt_set_dn_by_oid(crt, oid, 0, input, strlen(input)-1); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } -} - -static void read_crq_set( gnutls_x509_crq crq, const char* input_str, const char* oid) -{ -char input[128]; -int ret; - - fputs( input_str, stderr); - fgets( input, sizeof(input), stdin); - - if (strlen(input)==1) /* only newline */ return; - - ret = gnutls_x509_crq_set_dn_by_oid(crq, oid, 0, input, strlen(input)-1); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } -} - -static int read_int( const char* input_str) -{ -char input[128]; - - fputs( input_str, stderr); - fgets( input, sizeof(input), stdin); - - if (strlen(input)==1) /* only newline */ return 0; - - return atoi(input); -} - -static const char* read_str( const char* input_str) -{ -static char input[128]; -int len; - - fputs( input_str, stderr); - if (fgets( input, sizeof(input), stdin) == NULL) return NULL; - - len = strlen(input); - if ( (len > 0) && (input[len-1] == '\n') ) input[len-1] = 0; - if (input[0] == 0) return NULL; - - return input; -} - -static int read_yesno( const char* input_str) -{ -char input[128]; - - fputs( input_str, stderr); - fgets( input, sizeof(input), stdin); - - if (strlen(input)==1) /* only newline */ return 0; - - if (input[0] == 'y' || input[0] == 'Y') return 1; - - return 0; -} - static gnutls_x509_privkey generate_private_key_int( void) { gnutls_x509_privkey key; @@ -240,449 +166,6 @@ static void print_key_purpose( const char* x, FILE* out) } -/* Wrapper functions for non-interactive mode. - */ -const char* get_pass(void) -{ - if (batch) - return password; - else - return read_pass("Enter password: "); -} - -const char* get_challenge_pass(void) -{ - if (batch) - return challenge_password; - else - return read_pass("Enter a challenge password: "); -} - -const char* get_crl_dist_point_url(void) -{ - if (batch) - return crl_dist_points; - else - return read_str( "Enter the URI of the CRL distribution point: "); -} - -void get_country_crt_set( gnutls_x509_crt crt) -{ -int ret; - - if (batch) { - if (!country) return; - ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0, - country, strlen(country)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crt_set( crt, "Country name (2 chars): ", GNUTLS_OID_X520_COUNTRY_NAME); - } - -} - -void get_organization_crt_set( gnutls_x509_crt crt) -{ -int ret; - - if (batch) { - if (!organization) return; - - ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, - organization, strlen(organization)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crt_set( crt, "Organization name: ", GNUTLS_OID_X520_ORGANIZATION_NAME); - } - -} - -void get_unit_crt_set( gnutls_x509_crt crt) -{ -int ret; - - if (batch) { - if (!unit) return; - - ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, - unit, strlen(unit)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crt_set( crt, "Organizational unit name: ", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); - } - -} - -void get_state_crt_set( gnutls_x509_crt crt) -{ -int ret; - - if (batch) { - if (!state) return; - ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, - state, strlen(state)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crt_set( crt, "State or province name: ", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); - } - -} - -void get_locality_crt_set( gnutls_x509_crt crt) -{ -int ret; - - if (batch) { - if (!locality) return; - ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_LOCALITY_NAME, 0, - locality, strlen(locality)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crt_set( crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME); - } - -} - -void get_cn_crt_set( gnutls_x509_crt crt) -{ -int ret; - - if (batch) { - if (!cn) return; - ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0, - cn, strlen(cn)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crt_set( crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME); - } - -} - -void get_pkcs9_email_crt_set( gnutls_x509_crt crt) -{ -int ret; - - if (batch) { - if (!pkcs9_email) return; - ret = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_PKCS9_EMAIL, 0, - pkcs9_email, strlen(pkcs9_email)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crt_set( crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL); - } - -} - -int get_serial( void) -{ - if (batch) { - if (!serial) return 0; - return serial; - } else { - return read_int( "Enter the certificate's serial number (decimal): "); - } -} - -int get_days( void) -{ -int days; - - if (batch) { - if (expiration_days <= 0) return 365; - else return expiration_days; - } else { - do { - days = read_int( "The certificate will expire in (days): "); - } while( days==0); - return days; - } -} - -int get_ca_status( void) -{ - if (batch) { - return ca; - } else { - return read_yesno( "Does the certificate belong to an authority? (Y/N): "); - } -} - -const char* get_pkcs12_key_name( void) -{ -const char* name; - - if (batch) { - if (!pkcs12_key_name) return "Anonymous"; - return pkcs12_key_name; - } else { - do { - name = read_str("Enter a name for the key: "); - } while( name == NULL); - } - return name; -} - -int get_tls_client_status( void) -{ - if (batch) { - return tls_www_client; - } else { - return read_yesno( "Is this a TLS web client certificate? (Y/N): "); - } -} - -int get_tls_server_status( void) -{ - if (batch) { - return tls_www_server; - } else { - return read_yesno( "Is this also a TLS web server certificate? (Y/N): "); - } -} - -const char* get_dns_name( void) -{ - if (batch) { - return dns_name; - } else { - return read_str( "Enter the dnsName of the subject of the certificate: "); - } -} - -const char* get_email( void) -{ - if (batch) { - return email; - } else { - return read_str( "Enter the e-mail of the subject of the certificate: "); - } -} - -int get_sign_status( int server) -{ -const char* msg; - - if (batch) { - return signing_key; - } else { - if (server) msg = "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/N): "; - else msg = "Will the certificate be used for signing (required for TLS)? (Y/N): "; - return read_yesno( msg); - } -} - -int get_encrypt_status( int server) -{ -const char* msg; - - if (batch) { - return encryption_key; - } else { - if (server) msg = "Will the certificate be used for encryption (RSA ciphersuites)? (Y/N): "; - else msg = "Will the certificate be used for encryption (not required for TLS)? (Y/N): "; - return read_yesno( msg); - } -} - -int get_cert_sign_status(void) -{ - if (batch) { - return cert_sign_key; - } else { - return read_yesno( "Will the certificate be used to sign other certificates? (Y/N): "); - } -} - -int get_crl_sign_status(void) -{ - if (batch) { - return crl_sign_key; - } else { - return read_yesno( "Will the certificate be used to sign CRLs? (Y/N): "); - } -} - -int get_code_sign_status(void) -{ - if (batch) { - return code_sign_key; - } else { - return read_yesno( "Will the certificate be used to sign code? (Y/N): "); - } -} - -int get_ocsp_sign_status(void) -{ - if (batch) { - return ocsp_sign_key; - } else { - return read_yesno( "Will the certificate be used to sign OCSP requests? (Y/N): "); - } -} - -int get_time_stamp_status( void) -{ - if (batch) { - return time_stamping_key; - } else { - return read_yesno( "Will the certificate be used for time stamping? (Y/N): "); - } -} - -int get_crl_next_update( void) -{ -int days; - - if (batch) { - if (crl_next_update <= 0) return 365; - else return crl_next_update; - } else { - do { - days = read_int( "The next CRL will be issued in (days): "); - } while( days==0); - return days; - } -} - -/* CRQ stuff. - */ -void get_country_crq_set( gnutls_x509_crq crq) -{ -int ret; - - if (batch) { - if (!country) return; - ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME, 0, - country, strlen(country)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crq_set( crq, "Country name (2 chars): ", GNUTLS_OID_X520_COUNTRY_NAME); - } - -} - -void get_organization_crq_set( gnutls_x509_crq crq) -{ -int ret; - - if (batch) { - if (!organization) return; - - ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, - organization, strlen(organization)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crq_set( crq, "Organization name: ", GNUTLS_OID_X520_ORGANIZATION_NAME); - } - -} - -void get_unit_crq_set( gnutls_x509_crq crq) -{ -int ret; - - if (batch) { - if (!unit) return; - - ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, - unit, strlen(unit)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crq_set( crq, "Organizational unit name: ", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); - } - -} - -void get_state_crq_set( gnutls_x509_crq crq) -{ -int ret; - - if (batch) { - if (!state) return; - ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, - state, strlen(state)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crq_set( crq, "State or province name: ", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); - } - -} - -void get_locality_crq_set( gnutls_x509_crq crq) -{ -int ret; - - if (batch) { - if (!locality) return; - ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_LOCALITY_NAME, 0, - locality, strlen(locality)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crq_set( crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME); - } - -} - -void get_cn_crq_set( gnutls_x509_crq crq) -{ -int ret; - - if (batch) { - if (!cn) return; - ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, 0, - cn, strlen(cn)); - if (ret < 0) { - fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret)); - exit(1); - } - } else { - read_crq_set( crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME); - } - -} - - - - - - - static void print_private_key( gnutls_x509_privkey key) { @@ -1237,7 +720,7 @@ int ret; batch = 0; if (info.template) { batch = 1; - parse_template( info.template); + template_parse( info.template); } gnutls_global_set_log_function( tls_log_func); |