diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-23 20:59:41 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-23 20:59:41 +0100 |
commit | 918ea24be3befedf1ae956a2cadc6a396ec178a4 (patch) | |
tree | 4e34bab4d992eb7e0ac74a9d9ead5b68673492ec /src | |
parent | a0c6659d49ead8e65a28d8d421b96546025d0cd9 (diff) | |
download | gnutls-918ea24be3befedf1ae956a2cadc6a396ec178a4.tar.gz |
ocsptool uses libopts
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 16 | ||||
-rw-r--r-- | src/ocsptool-args.def.in | 164 | ||||
-rw-r--r-- | src/ocsptool.c | 129 | ||||
-rw-r--r-- | src/ocsptool.gaa | 76 |
4 files changed, 222 insertions, 163 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 11cdfcbb5a..6f1e4c9ca7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -73,10 +73,10 @@ endif if ENABLE_OCSP ocsptool_SOURCES = ocsptool.c ocsptool-common.h -ocsptool_LDADD = ../lib/libgnutls.la libcmd-ocsp.la ../gl/libgnu.la +ocsptool_LDADD = ../lib/libgnutls.la libcmd-ocsp.la ../gl/libgnu.la $(LIBOPTS_LDADD) noinst_LTLIBRARIES += libcmd-ocsp.la libcmd_ocsp_la_CFLAGS = -libcmd_ocsp_la_SOURCES = ocsptool.gaa ocsptool-gaa.h ocsptool-gaa.c +libcmd_ocsp_la_SOURCES = ocsptool-args.def ocsptool-args.h ocsptool-args.c endif psktool_SOURCES = psk.c @@ -134,13 +134,11 @@ libcmd_p11tool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB) endif # ENABLE_PKCS11 -psk-gaa.c: $(srcdir)/psk.gaa - -$(GAA) $< -o psk-gaa.c -i psk-gaa.h -ocsptool-gaa.c: $(srcdir)/ocsptool.gaa - -$(GAA) $< -o ocsptool-gaa.c -i ocsptool-gaa.h +ocsptool-args.c: $(srcdir)/ocsptool-args.def + -autogen $< if ENABLE_PKCS11 -p11tool-gaa.c: $(srcdir)/p11tool.gaa - -$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h +p11tool-args.c: $(srcdir)/p11tool-args.def + -autogen $< endif psk-args.c: $(srcdir)/psk-args.def -autogen $< @@ -152,7 +150,5 @@ serv-args.c: $(srcdir)/serv-args.def -autogen $< srptool-args.c: $(srcdir)/srptool-args.def -autogen $< -p11tool-args.c: $(srcdir)/p11tool-args.def - -autogen $< certtool-args.c: $(srcdir)/certtool-args.def -autogen $< diff --git a/src/ocsptool-args.def.in b/src/ocsptool-args.def.in new file mode 100644 index 0000000000..70182b6310 --- /dev/null +++ b/src/ocsptool-args.def.in @@ -0,0 +1,164 @@ +AutoGen Definitions options; +prog-name = ocsptool; +prog-title = "GnuTLS OCSP tool"; +prog-desc = "Program to handle OCSP request/responses."; +help-value = "h"; +detail = "Ocsptool can parse OCSP request/responses, generate OCSP requests and verify OCSP responses."; + +short-usage = "ocsptool [options]\nocsptool --help for usage instructions.\n"; +prog-group = "GnuTLS"; +explain = ""; +gnu-usage; +no-xlate = opt; +no-misuse-usage; +disable-save; +long-opts; +config-header = 'config.h'; +export = '#include <gettext.h>'; + +copyright = { + date = "2012"; + owner = "Free Software Foundation"; + author = "Simon Josefsson and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list."; + eaddr = "bug-gnutls@gnu.org"; + type = gpl; +}; +version = "@VERSION@"; + +flag = { + name = debug; + value = d; + arg-type = number; + arg-default = 0; + arg-range = "0 -> 9999"; + descrip = "Enable debugging."; + doc = "Specifies the debug level."; +}; + +flag = { + name = verify-response; + value = e; + descrip = "Verify response"; + doc = ""; +}; + +flag = { + name = request-info; + value = i; + descrip = "Print information on a OCSP request"; + doc = ""; +}; + +flag = { + name = response-info; + value = j; + descrip = "Print information on a OCSP response"; + doc = ""; +}; + +flag = { + name = generate-request; + value = q; + descrip = "Generate an OCSP request"; + doc = ""; +}; + +flag = { + name = nonce; + disabled = yes; + disable = "no"; + descrip = "Don't add nonce to OCSP request"; + doc = ""; +}; + +flag = { + name = load-issuer; + arg-type = file; + file-exists = yes; + descrip = "Read issuer certificate from file"; + doc = ""; +}; + +flag = { + name = load-cert; + arg-type = file; + file-exists = yes; + descrip = "Read certificate to check from file"; + doc = ""; +}; + +flag = { + name = load-trust; + arg-type = file; + file-exists = yes; + descrip = "Read OCSP trust anchors from file"; + flags-cant = load-signer; + doc = ""; +}; + +flag = { + name = load-signer; + arg-type = file; + file-exists = yes; + descrip = "Read OCSP response signer from file"; + flags-cant = load-trust; + doc = ""; +}; + +flag = { + name = inder; + disabled; + disable = "no"; + descrip = "Use DER format for input certificates and private keys"; + doc = ""; +}; + +flag = { + name = load-request; + value = Q; + arg-type = file; + file-exists = yes; + descrip = "Read DER encoded OCSP request from file"; + doc = ""; +}; + +flag = { + name = load-response; + value = S; + arg-type = file; + file-exists = yes; + descrip = "Read DER encoded OCSP response from file"; + doc = ""; +}; + +flag = { + name = outfile; + arg-type = string; + descrip = "Output file"; + doc = ""; +}; + +flag = { + name = infile; + arg-type = file; + file-exists = yes; + descrip = "Input file"; + doc = ""; +}; + +flag = { + name = verbose; + value = V; + max = NOLIMIT; + descrip = "More verbose output"; + doc = ""; +}; + +doc-section = { + ds-type = 'SEE ALSO'; + ds-format = 'man'; + ds-text = <<-_EOT_ + certtool (1) +_EOT_; +}; + diff --git a/src/ocsptool.c b/src/ocsptool.c index bd35a102b5..c90e6a9bff 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -37,11 +37,11 @@ #include <read-file.h> #include <ocsptool-common.h> -#include <ocsptool-gaa.h> +#include <ocsptool-args.h> -gaainfo info; FILE *outfile; FILE *infile; +static unsigned int encoding; static void tls_log_func (int level, const char *str) @@ -61,8 +61,8 @@ request_info (void) if (ret < 0) error (EXIT_FAILURE, 0, "ocsp_req_init: %s", gnutls_strerror (ret)); - if (info.req) - dat.data = (void*)read_binary_file (info.req, &size); + if (HAVE_OPT(LOAD_REQUEST)) + dat.data = (void*)read_binary_file (OPT_ARG(LOAD_REQUEST), &size); else dat.data = (void*)fread_file (infile, &size); if (dat.data == NULL) @@ -96,8 +96,8 @@ response_info (void) if (ret < 0) error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret)); - if (info.resp) - dat.data = (void*)read_binary_file (info.resp, &size); + if (HAVE_OPT(LOAD_RESPONSE)) + dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size); else dat.data = (void*)fread_file (infile, &size); if (dat.data == NULL) @@ -127,24 +127,24 @@ load_issuer (void) gnutls_datum_t dat; size_t size; - if (info.issuer == NULL) + if (!HAVE_OPT(LOAD_ISSUER)) error (EXIT_FAILURE, 0, "missing --load-issuer"); ret = gnutls_x509_crt_init (&crt); if (ret < 0) error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); - dat.data = (void*)read_binary_file (info.issuer, &size); + dat.data = (void*)read_binary_file (OPT_ARG(LOAD_ISSUER), &size); dat.size = size; if (!dat.data) - error (EXIT_FAILURE, errno, "reading --load-issuer: %s", info.issuer); + error (EXIT_FAILURE, errno, "reading --load-issuer: %s", OPT_ARG(LOAD_ISSUER)); - ret = gnutls_x509_crt_import (crt, &dat, info.inder); + ret = gnutls_x509_crt_import (crt, &dat, encoding); free (dat.data); if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-issuer: %s: %s", - info.issuer, gnutls_strerror (ret)); + OPT_ARG(LOAD_ISSUER), gnutls_strerror (ret)); return crt; } @@ -157,24 +157,24 @@ load_cert (void) gnutls_datum_t dat; size_t size; - if (info.cert == NULL) + if (!HAVE_OPT(LOAD_CERT)) error (EXIT_FAILURE, 0, "missing --load-cert"); ret = gnutls_x509_crt_init (&crt); if (ret < 0) error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); - dat.data = (void*)read_binary_file (info.cert, &size); + dat.data = (void*)read_binary_file (OPT_ARG(LOAD_CERT), &size); dat.size = size; if (!dat.data) - error (EXIT_FAILURE, errno, "reading --load-cert: %s", info.cert); + error (EXIT_FAILURE, errno, "reading --load-cert: %s", OPT_ARG(LOAD_CERT)); - ret = gnutls_x509_crt_import (crt, &dat, info.inder); + ret = gnutls_x509_crt_import (crt, &dat, encoding); free (dat.data); if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-cert: %s: %s", - info.cert, gnutls_strerror (ret)); + OPT_ARG(LOAD_CERT), gnutls_strerror (ret)); return crt; } @@ -202,7 +202,7 @@ generate_request (void) gnutls_x509_crt_deinit (cert); gnutls_x509_crt_deinit (issuer); - if (!info.nononce) + if (ENABLED_OPT(NONCE)) { unsigned char noncebuf[23]; gnutls_datum_t nonce = { noncebuf, sizeof (noncebuf) }; @@ -318,8 +318,8 @@ verify_response (void) if (ret < 0) error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret)); - if (info.resp) - dat.data = (void*)read_binary_file (info.resp, &size); + if (HAVE_OPT(LOAD_RESPONSE)) + dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size); else dat.data = (void*)fread_file (infile, &size); if (dat.data == NULL) @@ -331,13 +331,11 @@ verify_response (void) if (ret < 0) error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret)); - if (info.trust && info.signer) - error (EXIT_FAILURE, 0, "cannot mix --load-trust and --load-signer"); - else if (info.signer == NULL) + if (!HAVE_OPT(LOAD_SIGNER) && HAVE_OPT(LOAD_TRUST)) { - dat.data = (void*)read_binary_file (info.trust, &size); + dat.data = (void*)read_binary_file (OPT_ARG(LOAD_TRUST), &size); if (dat.data == NULL) - error (EXIT_FAILURE, errno, "reading --load-trust: %s", info.trust); + error (EXIT_FAILURE, errno, "reading --load-trust: %s", OPT_ARG(LOAD_TRUST)); dat.size = size; ret = gnutls_x509_trust_list_init (&list, 0); @@ -351,7 +349,7 @@ verify_response (void) error (EXIT_FAILURE, 0, "error parsing CAs: %s", gnutls_strerror (ret)); - if (info.verbose) + if (HAVE_OPT(VERBOSE)) { unsigned int i; for (i = 0; i < x509_ncas; i++) @@ -374,7 +372,7 @@ verify_response (void) error (EXIT_FAILURE, 0, "gnutls_x509_trust_add_cas: %s", gnutls_strerror (ret)); - if (info.verbose) + if (HAVE_OPT(VERBOSE)) fprintf (stdout, "Loaded %d trust anchors\n", x509_ncas); ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0); @@ -382,24 +380,24 @@ verify_response (void) error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify: %s", gnutls_strerror (ret)); } - else if (info.trust == NULL) + else if (!HAVE_OPT(LOAD_TRUST) && HAVE_OPT(LOAD_SIGNER)) { ret = gnutls_x509_crt_init (&signer); if (ret < 0) error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); - dat.data = (void*)read_binary_file (info.signer, &size); + dat.data = (void*)read_binary_file (OPT_ARG(LOAD_SIGNER), &size); if (dat.data == NULL) - error (EXIT_FAILURE, errno, "reading --load-signer: %s", info.signer); + error (EXIT_FAILURE, errno, "reading --load-signer: %s", OPT_ARG(LOAD_SIGNER)); dat.size = size; - ret = gnutls_x509_crt_import (signer, &dat, info.inder); + ret = gnutls_x509_crt_import (signer, &dat, encoding); free (dat.data); if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-signer: %s: %s", - info.signer, gnutls_strerror (ret)); + OPT_ARG(LOAD_SIGNER), gnutls_strerror (ret)); - if (info.verbose) + if (HAVE_OPT(VERBOSE)) { gnutls_datum_t out; @@ -437,70 +435,47 @@ main (int argc, char **argv) if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); - if (gaa (argc, argv, &info) != -1) - { - fprintf (stderr, "Try `%s --help' for more information.\n", - program_name); - exit (EXIT_FAILURE); - } + optionProcess( &ocsptoolOptions, argc, argv); gnutls_global_set_log_function (tls_log_func); - gnutls_global_set_log_level (info.debug); + gnutls_global_set_log_level (OPT_VALUE_DEBUG); - if (info.outfile) + if (HAVE_OPT(OUTFILE)) { - outfile = fopen (info.outfile, "wb"); + outfile = fopen (OPT_ARG(OUTFILE), "wb"); if (outfile == NULL) - error (EXIT_FAILURE, errno, "%s", info.outfile); + error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE)); } else outfile = stdout; - if (info.infile) + if (HAVE_OPT(INFILE)) { - infile = fopen (info.infile, "rb"); + infile = fopen (OPT_ARG(INFILE), "rb"); if (infile == NULL) - error (EXIT_FAILURE, errno, "%s", info.infile); + error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE)); } else infile = stdin; - if (info.inder) - info.inder = GNUTLS_X509_FMT_DER; + if (ENABLED_OPT(INDER)) + encoding = GNUTLS_X509_FMT_DER; else - info.inder = GNUTLS_X509_FMT_PEM; - - switch (info.action) + encoding = GNUTLS_X509_FMT_PEM; + + if (HAVE_OPT(REQUEST_INFO)) + request_info (); + else if (HAVE_OPT(RESPONSE_INFO)) + response_info (); + else if (HAVE_OPT(GENERATE_REQUEST)) + generate_request (); + else if (HAVE_OPT(VERIFY_RESPONSE)) + verify_response (); + else { - case ACTION_REQ_INFO: - request_info (); - break; - - case ACTION_RESP_INFO: - response_info (); - break; - - case ACTION_GEN_REQ: - generate_request (); - break; - - case ACTION_VERIFY_RESP: - verify_response (); - break; - - default: - gaa_help(); + USAGE(1); } return 0; } -void -ocsptool_version (void) -{ - const char *p = PACKAGE_NAME; - if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0) - p = PACKAGE_STRING; - version_etc (stdout, "ocsptool", p, gnutls_check_version (NULL), - "Simon Josefsson", (char *) NULL); -} diff --git a/src/ocsptool.gaa b/src/ocsptool.gaa deleted file mode 100644 index 1f0195d0bf..0000000000 --- a/src/ocsptool.gaa +++ /dev/null @@ -1,76 +0,0 @@ -#{ - -/* C declarations */ - -#include <config.h> -#ifdef _WIN32 -# include <io.h> -#endif - -#include "ocsptool-common.h" - -#} - -helpnode "Ocsptool help\nUsage : ocsptool [options]" - -#int action; - -option (e, verify-response) { $action = ACTION_VERIFY_RESP; } "Verify response." - -option (i, request-info) { $action = ACTION_REQ_INFO; } "Print information on a OCSP request." - -option (j, response-info) { $action = ACTION_RESP_INFO; } "Print information on a OCSP response." - -option (q, generate-request) { $action = ACTION_GEN_REQ; } "Generate a OCSP request." - -#int nononce; -option (no-nonce) { $nononce = 1 } "don't add nonce to OCSP request." - -#char *issuer; -option (load-issuer) STR "FILE" { $issuer = $1 } "read issuer certificate from FILE." - -#char *cert; -option (load-cert) STR "FILE" { $cert = $1 } "read certificate to check from FILE." - -#char *trust; -option (load-trust) STR "FILE" { $trust = $1 } "read OCSP trust anchors from FILE." - -#char *signer; -option (load-signer) STR "FILE" { $signer = $1 } "read OCSP response signer from FILE." - -#int inder; -option (inder) { $inder=1 } "Use DER format for input certificates." - -#char *req; -option (Q, load-request) STR "FILE" { $req = $1 } "read DER encoded OCSP request from FILE." - -#char *resp; -option (S, load-response) STR "FILE" { $resp = $1 } "read DER encoded OCSP response from FILE." - -#char *outfile; -option (outfile) STR "FILE" { $outfile = $1 } "Output file." - -#char *infile; -option (infile) STR "FILE" { $infile = $1 } "Input file." - -#int verbose; -option (V, verbose) { $verbose = 1 } "More verbose output." - -#int debug; -option (d, debug) INT "integer" { $debug = $1 } "Enable debugging" - -option (v, version) { ocsptool_version(); exit(0); } "prints the program's version number" -option (h, help) { gaa_help(); exit(0); } "shows this help text" - -init { $action = ACTION_NONE; - $nononce = 0; - $inder = 0; - $issuer = NULL; - $cert = NULL; - $trust = NULL; - $req = NULL; - $resp = NULL; - $outfile = NULL; - $infile = NULL; - $verbose = 0; - $debug = 0; } |