ocsptool uses libopts

4 files changed, 222 insertions, 163 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 11cdfcbb5a..6f1e4c9ca7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -73,10 +73,10 @@ endif
 
 if ENABLE_OCSP
 ocsptool_SOURCES = ocsptool.c ocsptool-common.h
-ocsptool_LDADD = ../lib/libgnutls.la libcmd-ocsp.la ../gl/libgnu.la
+ocsptool_LDADD = ../lib/libgnutls.la libcmd-ocsp.la ../gl/libgnu.la $(LIBOPTS_LDADD)
 noinst_LTLIBRARIES += libcmd-ocsp.la
 libcmd_ocsp_la_CFLAGS =
-libcmd_ocsp_la_SOURCES = ocsptool.gaa ocsptool-gaa.h ocsptool-gaa.c
+libcmd_ocsp_la_SOURCES = ocsptool-args.def ocsptool-args.h ocsptool-args.c
 endif
 
 psktool_SOURCES = psk.c
@@ -134,13 +134,11 @@ libcmd_p11tool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
 
 endif # ENABLE_PKCS11
 
-psk-gaa.c: $(srcdir)/psk.gaa
-	-$(GAA) $< -o psk-gaa.c -i psk-gaa.h
-ocsptool-gaa.c: $(srcdir)/ocsptool.gaa
-	-$(GAA) $< -o ocsptool-gaa.c -i ocsptool-gaa.h
+ocsptool-args.c: $(srcdir)/ocsptool-args.def
+	-autogen $<
 if ENABLE_PKCS11
-p11tool-gaa.c: $(srcdir)/p11tool.gaa
-	-$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h
+p11tool-args.c: $(srcdir)/p11tool-args.def
+	-autogen $<
 endif
 psk-args.c: $(srcdir)/psk-args.def
 	-autogen $<
@@ -152,7 +150,5 @@ serv-args.c: $(srcdir)/serv-args.def
 	-autogen $<
 srptool-args.c: $(srcdir)/srptool-args.def
 	-autogen $<
-p11tool-args.c: $(srcdir)/p11tool-args.def
-	-autogen $<
 certtool-args.c: $(srcdir)/certtool-args.def
 	-autogen $<
diff --git a/src/ocsptool-args.def.in b/src/ocsptool-args.def.in
new file mode 100644
index 0000000000..70182b6310
--- /dev/null
+++ b/src/ocsptool-args.def.in
@@ -0,0 +1,164 @@
+AutoGen Definitions options;
+prog-name     = ocsptool;
+prog-title    = "GnuTLS OCSP tool";
+prog-desc     = "Program to handle OCSP request/responses.";
+help-value = "h";
+detail    = "Ocsptool can parse OCSP request/responses, generate OCSP requests and  verify OCSP responses.";
+
+short-usage   = "ocsptool [options]\nocsptool --help for usage instructions.\n";
+prog-group    = "GnuTLS";
+explain       = "";
+gnu-usage;
+no-xlate = opt;
+no-misuse-usage;
+disable-save;
+long-opts;
+config-header = 'config.h';
+export = '#include <gettext.h>';
+
+copyright = {
+    date  = "2012";
+    owner = "Free Software Foundation";
+    author = "Simon Josefsson and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.";
+    eaddr  = "bug-gnutls@gnu.org";
+    type  = gpl;
+};
+version = "@VERSION@";
+
+flag = {
+    name      = debug;
+    value     = d;
+    arg-type  = number;
+    arg-default = 0;
+    arg-range = "0 -> 9999";
+    descrip   = "Enable debugging.";
+    doc       = "Specifies the debug level.";
+};
+
+flag = {
+    name      = verify-response;
+    value     = e;
+    descrip   = "Verify response";
+    doc = "";
+};
+
+flag = {
+    name      = request-info;
+    value     = i;
+    descrip   = "Print information on a OCSP request";
+    doc = "";
+};
+
+flag = {
+    name      = response-info;
+    value     = j;
+    descrip   = "Print information on a OCSP response";
+    doc = "";
+};
+
+flag = {
+    name      = generate-request;
+    value     = q;
+    descrip   = "Generate an OCSP request";
+    doc = "";
+};
+
+flag = {
+    name      = nonce;
+    disabled  = yes;
+    disable   = "no";
+    descrip   = "Don't add nonce to OCSP request";
+    doc = "";
+};
+
+flag = {
+    name      = load-issuer;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Read issuer certificate from file";
+    doc = "";
+};
+
+flag = {
+    name      = load-cert;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Read certificate to check from file";
+    doc = "";
+};
+
+flag = {
+    name      = load-trust;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Read OCSP trust anchors from file";
+    flags-cant = load-signer;
+    doc = "";
+};
+
+flag = {
+    name      = load-signer;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Read OCSP response signer from file";
+    flags-cant = load-trust;
+    doc = "";
+};
+
+flag = {
+    name      = inder;
+    disabled;
+    disable   = "no";
+    descrip   = "Use DER format for input certificates and private keys";
+    doc      = "";
+};
+
+flag = {
+    name      = load-request;
+    value     = Q;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Read DER encoded OCSP request from file";
+    doc      = "";
+};
+
+flag = {
+    name      = load-response;
+    value     = S;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Read DER encoded OCSP response from file";
+    doc      = "";
+};
+
+flag = {
+    name      = outfile;
+    arg-type  = string;
+    descrip   = "Output file";
+    doc      = "";
+};
+
+flag = {
+    name      = infile;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Input file";
+    doc   = "";
+};
+
+flag = {
+    name      = verbose;
+    value     = V;
+    max       = NOLIMIT;
+    descrip   = "More verbose output";
+    doc      = "";
+};
+
+doc-section = {
+  ds-type = 'SEE ALSO';
+  ds-format = 'man';
+  ds-text   = <<-_EOT_
+    certtool (1)
+_EOT_;
+};
+
diff --git a/src/ocsptool.c b/src/ocsptool.c
index bd35a102b5..c90e6a9bff 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -37,11 +37,11 @@
 #include <read-file.h>
 
 #include <ocsptool-common.h>
-#include <ocsptool-gaa.h>
+#include <ocsptool-args.h>
 
-gaainfo info;
 FILE *outfile;
 FILE *infile;
+static unsigned int encoding;
 
 static void
 tls_log_func (int level, const char *str)
@@ -61,8 +61,8 @@ request_info (void)
   if (ret < 0)
     error (EXIT_FAILURE, 0, "ocsp_req_init: %s", gnutls_strerror (ret));
 
-  if (info.req)
-    dat.data = (void*)read_binary_file (info.req, &size);
+  if (HAVE_OPT(LOAD_REQUEST))
+    dat.data = (void*)read_binary_file (OPT_ARG(LOAD_REQUEST), &size);
   else
     dat.data = (void*)fread_file (infile, &size);
   if (dat.data == NULL)
@@ -96,8 +96,8 @@ response_info (void)
   if (ret < 0)
     error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
 
-  if (info.resp)
-    dat.data = (void*)read_binary_file (info.resp, &size);
+  if (HAVE_OPT(LOAD_RESPONSE))
+    dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size);
   else
     dat.data = (void*)fread_file (infile, &size);
   if (dat.data == NULL)
@@ -127,24 +127,24 @@ load_issuer (void)
   gnutls_datum_t dat;
   size_t size;
 
-  if (info.issuer == NULL)
+  if (!HAVE_OPT(LOAD_ISSUER))
     error (EXIT_FAILURE, 0, "missing --load-issuer");
 
   ret = gnutls_x509_crt_init (&crt);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
 
-  dat.data = (void*)read_binary_file (info.issuer, &size);
+  dat.data = (void*)read_binary_file (OPT_ARG(LOAD_ISSUER), &size);
   dat.size = size;
 
   if (!dat.data)
-    error (EXIT_FAILURE, errno, "reading --load-issuer: %s", info.issuer);
+    error (EXIT_FAILURE, errno, "reading --load-issuer: %s", OPT_ARG(LOAD_ISSUER));
 
-  ret = gnutls_x509_crt_import (crt, &dat, info.inder);
+  ret = gnutls_x509_crt_import (crt, &dat, encoding);
   free (dat.data);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "importing --load-issuer: %s: %s",
-           info.issuer, gnutls_strerror (ret));
+           OPT_ARG(LOAD_ISSUER), gnutls_strerror (ret));
 
   return crt;
 }
@@ -157,24 +157,24 @@ load_cert (void)
   gnutls_datum_t dat;
   size_t size;
 
-  if (info.cert == NULL)
+  if (!HAVE_OPT(LOAD_CERT))
     error (EXIT_FAILURE, 0, "missing --load-cert");
 
   ret = gnutls_x509_crt_init (&crt);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
 
-  dat.data = (void*)read_binary_file (info.cert, &size);
+  dat.data = (void*)read_binary_file (OPT_ARG(LOAD_CERT), &size);
   dat.size = size;
 
   if (!dat.data)
-    error (EXIT_FAILURE, errno, "reading --load-cert: %s", info.cert);
+    error (EXIT_FAILURE, errno, "reading --load-cert: %s", OPT_ARG(LOAD_CERT));
 
-  ret = gnutls_x509_crt_import (crt, &dat, info.inder);
+  ret = gnutls_x509_crt_import (crt, &dat, encoding);
   free (dat.data);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "importing --load-cert: %s: %s",
-           info.cert, gnutls_strerror (ret));
+           OPT_ARG(LOAD_CERT), gnutls_strerror (ret));
 
   return crt;
 }
@@ -202,7 +202,7 @@ generate_request (void)
   gnutls_x509_crt_deinit (cert);
   gnutls_x509_crt_deinit (issuer);
 
-  if (!info.nononce)
+  if (ENABLED_OPT(NONCE))
     {
       unsigned char noncebuf[23];
       gnutls_datum_t nonce = { noncebuf, sizeof (noncebuf) };
@@ -318,8 +318,8 @@ verify_response (void)
   if (ret < 0)
     error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
 
-  if (info.resp)
-    dat.data = (void*)read_binary_file (info.resp, &size);
+  if (HAVE_OPT(LOAD_RESPONSE))
+    dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size);
   else
     dat.data = (void*)fread_file (infile, &size);
   if (dat.data == NULL)
@@ -331,13 +331,11 @@ verify_response (void)
   if (ret < 0)
     error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
 
-  if (info.trust && info.signer)
-    error (EXIT_FAILURE, 0, "cannot mix --load-trust and --load-signer");
-  else if (info.signer == NULL)
+  if (!HAVE_OPT(LOAD_SIGNER) && HAVE_OPT(LOAD_TRUST))
     {
-      dat.data = (void*)read_binary_file (info.trust, &size);
+      dat.data = (void*)read_binary_file (OPT_ARG(LOAD_TRUST), &size);
       if (dat.data == NULL)
-	error (EXIT_FAILURE, errno, "reading --load-trust: %s", info.trust);
+	error (EXIT_FAILURE, errno, "reading --load-trust: %s", OPT_ARG(LOAD_TRUST));
       dat.size = size;
 
       ret = gnutls_x509_trust_list_init (&list, 0);
@@ -351,7 +349,7 @@ verify_response (void)
 	error (EXIT_FAILURE, 0, "error parsing CAs: %s",
 	       gnutls_strerror (ret));
 
-      if (info.verbose)
+      if (HAVE_OPT(VERBOSE))
 	{
 	  unsigned int i;
 	  for (i = 0; i < x509_ncas; i++)
@@ -374,7 +372,7 @@ verify_response (void)
 	error (EXIT_FAILURE, 0, "gnutls_x509_trust_add_cas: %s",
 	       gnutls_strerror (ret));
 
-      if (info.verbose)
+      if (HAVE_OPT(VERBOSE))
 	fprintf (stdout, "Loaded %d trust anchors\n", x509_ncas);
 
       ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
@@ -382,24 +380,24 @@ verify_response (void)
 	error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify: %s",
 	       gnutls_strerror (ret));
     }
-  else if (info.trust == NULL)
+  else if (!HAVE_OPT(LOAD_TRUST) && HAVE_OPT(LOAD_SIGNER))
     {
       ret = gnutls_x509_crt_init (&signer);
       if (ret < 0)
 	error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
 
-      dat.data = (void*)read_binary_file (info.signer, &size);
+      dat.data = (void*)read_binary_file (OPT_ARG(LOAD_SIGNER), &size);
       if (dat.data == NULL)
-	error (EXIT_FAILURE, errno, "reading --load-signer: %s", info.signer);
+	error (EXIT_FAILURE, errno, "reading --load-signer: %s", OPT_ARG(LOAD_SIGNER));
       dat.size = size;
 
-      ret = gnutls_x509_crt_import (signer, &dat, info.inder);
+      ret = gnutls_x509_crt_import (signer, &dat, encoding);
       free (dat.data);
       if (ret < 0)
 	error (EXIT_FAILURE, 0, "importing --load-signer: %s: %s",
-	       info.signer, gnutls_strerror (ret));
+	       OPT_ARG(LOAD_SIGNER), gnutls_strerror (ret));
 
-      if (info.verbose)
+      if (HAVE_OPT(VERBOSE))
 	{
 	  gnutls_datum_t out;
 
@@ -437,70 +435,47 @@ main (int argc, char **argv)
   if ((ret = gnutls_global_init ()) < 0)
     error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
 
-  if (gaa (argc, argv, &info) != -1)
-    {
-      fprintf (stderr, "Try `%s --help' for more information.\n",
-               program_name);
-      exit (EXIT_FAILURE);
-    }
+  optionProcess( &ocsptoolOptions, argc, argv);
 
   gnutls_global_set_log_function (tls_log_func);
-  gnutls_global_set_log_level (info.debug);
+  gnutls_global_set_log_level (OPT_VALUE_DEBUG);
 
-  if (info.outfile)
+  if (HAVE_OPT(OUTFILE))
     {
-      outfile = fopen (info.outfile, "wb");
+      outfile = fopen (OPT_ARG(OUTFILE), "wb");
       if (outfile == NULL)
-        error (EXIT_FAILURE, errno, "%s", info.outfile);
+        error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
     }
   else
     outfile = stdout;
 
-  if (info.infile)
+  if (HAVE_OPT(INFILE))
     {
-      infile = fopen (info.infile, "rb");
+      infile = fopen (OPT_ARG(INFILE), "rb");
       if (infile == NULL)
-        error (EXIT_FAILURE, errno, "%s", info.infile);
+        error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
     }
   else
     infile = stdin;
 
-  if (info.inder)
-    info.inder = GNUTLS_X509_FMT_DER;
+  if (ENABLED_OPT(INDER))
+    encoding = GNUTLS_X509_FMT_DER;
   else
-    info.inder = GNUTLS_X509_FMT_PEM;
-
-  switch (info.action)
+    encoding = GNUTLS_X509_FMT_PEM;
+
+  if (HAVE_OPT(REQUEST_INFO))
+    request_info ();
+  else if (HAVE_OPT(RESPONSE_INFO))
+    response_info ();
+  else if (HAVE_OPT(GENERATE_REQUEST))
+    generate_request ();
+  else if (HAVE_OPT(VERIFY_RESPONSE))
+    verify_response ();
+  else 
     {
-    case ACTION_REQ_INFO:
-      request_info ();
-      break;
-
-    case ACTION_RESP_INFO:
-      response_info ();
-      break;
-
-    case ACTION_GEN_REQ:
-      generate_request ();
-      break;
-
-    case ACTION_VERIFY_RESP:
-      verify_response ();
-      break;
-
-    default:
-      gaa_help();
+      USAGE(1);
     }
 
   return 0;
 }
 
-void
-ocsptool_version (void)
-{
-  const char *p = PACKAGE_NAME;
-  if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
-    p = PACKAGE_STRING;
-  version_etc (stdout, "ocsptool", p, gnutls_check_version (NULL),
-               "Simon Josefsson", (char *) NULL);
-}
diff --git a/src/ocsptool.gaa b/src/ocsptool.gaa
deleted file mode 100644
index 1f0195d0bf..0000000000
--- a/src/ocsptool.gaa
+++ /dev/null
@@ -1,76 +0,0 @@
-#{
-
-/* C declarations */
-
-#include <config.h>
-#ifdef _WIN32
-# include <io.h>
-#endif
-
-#include "ocsptool-common.h"
-
-#}
-
-helpnode "Ocsptool help\nUsage : ocsptool [options]"
-
-#int action;
-
-option (e, verify-response) { $action = ACTION_VERIFY_RESP; } "Verify response."
-
-option (i, request-info) { $action = ACTION_REQ_INFO; } "Print information on a OCSP request."
-
-option (j, response-info) { $action = ACTION_RESP_INFO; } "Print information on a OCSP response."
-
-option (q, generate-request) { $action = ACTION_GEN_REQ; } "Generate a OCSP request."
-
-#int nononce;
-option (no-nonce) { $nononce = 1 } "don't add nonce to OCSP request."
-
-#char *issuer;
-option (load-issuer) STR "FILE" { $issuer = $1 } "read issuer certificate from FILE."
-
-#char *cert;
-option (load-cert) STR "FILE" { $cert = $1 } "read certificate to check from FILE."
-
-#char *trust;
-option (load-trust) STR "FILE" { $trust = $1 } "read OCSP trust anchors from FILE."
-
-#char *signer;
-option (load-signer) STR "FILE" { $signer = $1 } "read OCSP response signer from FILE."
-
-#int inder;
-option (inder) { $inder=1 } "Use DER format for input certificates."
-
-#char *req;
-option (Q, load-request) STR "FILE" { $req = $1 } "read DER encoded OCSP request from FILE."
-
-#char *resp;
-option (S, load-response) STR "FILE" { $resp = $1 } "read DER encoded OCSP response from FILE."
-
-#char *outfile;
-option (outfile) STR "FILE" { $outfile = $1 } "Output file."
-
-#char *infile;
-option (infile) STR "FILE" { $infile = $1 } "Input file."
-
-#int verbose;
-option (V, verbose) { $verbose = 1 } "More verbose output."
-
-#int debug;
-option (d, debug) INT "integer" { $debug = $1 } "Enable debugging"
-
-option (v, version) { ocsptool_version(); exit(0); } "prints the program's version number"
-option (h, help) { gaa_help(); exit(0); } "shows this help text"
-
-init { $action = ACTION_NONE;
-       $nononce = 0;
-       $inder = 0;
-       $issuer = NULL;
-       $cert = NULL;
-       $trust = NULL;
-       $req = NULL;
-       $resp = NULL;
-       $outfile = NULL;
-       $infile = NULL;
-       $verbose = 0;
-       $debug = 0; }