diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/certtool-args.def | 6 | ||||
-rw-r--r-- | src/certtool-cfg.c | 53 | ||||
-rw-r--r-- | src/certtool-cfg.h | 1 | ||||
-rw-r--r-- | src/certtool.c | 2 |
4 files changed, 62 insertions, 0 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index af2c41bfab..91c6a59883 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -747,6 +747,12 @@ challenge_password = 123456 # Whether this is a CA certificate or not #ca +# Subject Unique ID (in hex) +#subject_unique_id = 00153224 + +# Issuer Unique ID (in hex) +#issuer_unique_id = 00153225 + #### Key usage # The following key usage flags are used by CAs and end certificates diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index 540ee42658..1bae6ec8c9 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -97,6 +97,8 @@ static struct cfg_options available_options[] = { { .name = "dn", .type = OPTION_STRING }, { .name = "cn", .type = OPTION_STRING }, { .name = "uid", .type = OPTION_STRING }, + { .name = "subject_unique_id", .type = OPTION_STRING }, + { .name = "issuer_unique_id", .type = OPTION_STRING }, { .name = "challenge_password", .type = OPTION_STRING }, { .name = "password", .type = OPTION_STRING }, { .name = "pkcs9_email", .type = OPTION_STRING }, @@ -139,6 +141,10 @@ typedef struct _cfg_ctx { char *dn; char *cn; char *uid; + uint8_t *subject_unique_id; + unsigned subject_unique_id_size; + uint8_t *issuer_unique_id; + unsigned issuer_unique_id_size; char *challenge_password; char *pkcs9_email; char *country; @@ -277,6 +283,18 @@ void cfg_init(void) s_name = strtol(val->v.strVal, NULL, 10); \ } +#define HEX_DECODE(hex, output, output_size) \ + { \ + gnutls_datum_t _input = {(void*)hex, strlen(hex)}; \ + gnutls_datum_t _output; \ + ret = gnutls_hex_decode2(&_input, &_output); \ + if (ret < 0) { \ + fprintf(stderr, "error in hex ID: %s\n", hex); \ + exit(1); \ + } \ + output = _output.data; \ + output_size = _output.size; \ + } static int handle_option(const tOptionValue* val) { @@ -307,6 +325,7 @@ int template_parse(const char *template) { /* Parsing return code */ unsigned int i; + int ret; tOptionValue const *pov; const tOptionValue *val, *prev; char tmpstr[256]; @@ -358,6 +377,14 @@ int template_parse(const char *template) if (val != NULL && val->valType == OPARG_TYPE_STRING) cfg.uid = strdup(val->v.strVal); + val = optionGetValue(pov, "issuer_unique_id"); + if (val != NULL && val->valType == OPARG_TYPE_STRING) + HEX_DECODE(val->v.strVal, cfg.issuer_unique_id, cfg.issuer_unique_id_size); + + val = optionGetValue(pov, "subject_unique_id"); + if (val != NULL && val->valType == OPARG_TYPE_STRING) + HEX_DECODE(val->v.strVal, cfg.subject_unique_id, cfg.subject_unique_id_size); + val = optionGetValue(pov, "challenge_password"); if (val != NULL && val->valType == OPARG_TYPE_STRING) cfg.challenge_password = strdup(val->v.strVal); @@ -962,6 +989,32 @@ void crt_constraints_set(gnutls_x509_crt_t crt) } } +void crt_unique_ids_set(gnutls_x509_crt_t crt) +{ + int ret; + + if (batch) { + if (cfg.subject_unique_id == NULL && cfg.issuer_unique_id == NULL) + return; /* nothing to do */ + + if (cfg.subject_unique_id) { + ret = gnutls_x509_crt_set_subject_unique_id(crt, cfg.subject_unique_id, cfg.subject_unique_id_size); + if (ret < 0) { + fprintf(stderr, "error setting subject unique ID: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + if (cfg.issuer_unique_id) { + ret = gnutls_x509_crt_set_issuer_unique_id(crt, cfg.issuer_unique_id, cfg.issuer_unique_id_size); + if (ret < 0) { + fprintf(stderr, "error setting issuer unique ID: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + } +} + void get_uid_crt_set(gnutls_x509_crt_t crt) { int ret; diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 2c7240daa2..1942ad867b 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -81,6 +81,7 @@ int get_ipsec_ike_status(void); void get_dc_set(int type, void *crt); void get_ca_issuers_set(gnutls_x509_crt_t crt); void get_ocsp_issuer_set(gnutls_x509_crt_t crt); +void crt_unique_ids_set(gnutls_x509_crt_t crt); int get_key_agreement_status(void); int get_non_repudiation_status(void); diff --git a/src/certtool.c b/src/certtool.c index b7e9d32eaf..9926a722f1 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -448,6 +448,8 @@ generate_certificate(gnutls_privkey_t * ret_key, } } + crt_unique_ids_set(crt); + is_ike = get_ipsec_ike_status(); server = get_tls_server_status(); |