|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2010-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GnuTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* GnuTLS is free software: you can redistribute it and/or modify it
|
|
Packit |
aea12f |
* under the terms of the GNU General Public License as published by
|
|
Packit |
aea12f |
* the Free Software Foundation, either version 3 of the License, or
|
|
Packit |
aea12f |
* (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
* General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU General Public License
|
|
Packit |
aea12f |
* along with this program. If not, see
|
|
Packit |
aea12f |
* <https://www.gnu.org/licenses/>.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <config.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <gnutls/gnutls.h>
|
|
Packit |
aea12f |
#include <gnutls/x509.h>
|
|
Packit |
aea12f |
#include <gnutls/openpgp.h>
|
|
Packit |
aea12f |
#include <gnutls/pkcs12.h>
|
|
Packit |
aea12f |
#include <gnutls/system-keys.h>
|
|
Packit |
aea12f |
#include <gnutls/abstract.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <stdio.h>
|
|
Packit |
aea12f |
#include <stdlib.h>
|
|
Packit |
aea12f |
#include <string.h>
|
|
Packit |
aea12f |
#include <ctype.h>
|
|
Packit |
aea12f |
#include <time.h>
|
|
Packit |
aea12f |
#include <unistd.h>
|
|
Packit |
aea12f |
#include <errno.h>
|
|
Packit |
aea12f |
#include <sys/types.h>
|
|
Packit |
aea12f |
#include <sys/stat.h>
|
|
Packit |
aea12f |
#include <fcntl.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Gnulib portability files. */
|
|
Packit |
aea12f |
#include <read-file.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include "certtool-common.h"
|
|
Packit |
aea12f |
#include "systemkey-args.h"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void cmd_parser(int argc, char **argv);
|
|
Packit |
aea12f |
static void systemkey_delete(const char *url, FILE * outfile);
|
|
Packit |
aea12f |
static void systemkey_list(FILE * outfile);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static gnutls_x509_crt_fmt_t incert_format, outcert_format;
|
|
Packit |
aea12f |
static gnutls_x509_crt_fmt_t inkey_format, outkey_format;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static FILE *outfile;
|
|
Packit |
aea12f |
static const char *outfile_name = NULL;
|
|
Packit |
aea12f |
static FILE *infile;
|
|
Packit |
aea12f |
int batch = 0;
|
|
Packit |
aea12f |
int ask_pass = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void app_exit(int val)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (val != 0) {
|
|
Packit |
aea12f |
if (outfile_name)
|
|
Packit |
aea12f |
(void)remove(outfile_name);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
exit(val);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void tls_log_func(int level, const char *str)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
fprintf(stderr, "|<%d>| %s", level, str);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int main(int argc, char **argv)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
cmd_parser(argc, argv);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void cmd_parser(int argc, char **argv)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
/* Note that the default sec-param is legacy because several TPMs
|
|
Packit |
aea12f |
* cannot handle larger keys.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
optionProcess(&systemkey_toolOptions, argc, argv);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_global_set_log_function(tls_log_func);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (HAVE_OPT(DEBUG)) {
|
|
Packit |
aea12f |
gnutls_global_set_log_level(OPT_VALUE_DEBUG);
|
|
Packit |
aea12f |
printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (HAVE_OPT(INDER)) {
|
|
Packit |
aea12f |
incert_format = GNUTLS_X509_FMT_DER;
|
|
Packit |
aea12f |
inkey_format = GNUTLS_X509_FMT_DER;
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
incert_format = GNUTLS_X509_FMT_PEM;
|
|
Packit |
aea12f |
inkey_format = GNUTLS_X509_FMT_PEM;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (HAVE_OPT(OUTDER)) {
|
|
Packit |
aea12f |
outcert_format = GNUTLS_X509_FMT_DER;
|
|
Packit |
aea12f |
outkey_format = GNUTLS_X509_FMT_DER;
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
outcert_format = GNUTLS_X509_FMT_PEM;
|
|
Packit |
aea12f |
outkey_format = GNUTLS_X509_FMT_PEM;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (HAVE_OPT(OUTFILE)) {
|
|
Packit |
aea12f |
outfile = safe_open_rw(OPT_ARG(OUTFILE), 0);
|
|
Packit |
aea12f |
if (outfile == NULL) {
|
|
Packit |
aea12f |
fprintf(stderr, "%s", OPT_ARG(OUTFILE));
|
|
Packit |
aea12f |
app_exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
outfile_name = OPT_ARG(OUTFILE);
|
|
Packit |
aea12f |
} else
|
|
Packit |
aea12f |
outfile = stdout;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (HAVE_OPT(INFILE)) {
|
|
Packit |
aea12f |
infile = fopen(OPT_ARG(INFILE), "rb");
|
|
Packit |
aea12f |
if (infile == NULL) {
|
|
Packit |
aea12f |
fprintf(stderr, "%s", OPT_ARG(INFILE));
|
|
Packit |
aea12f |
app_exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
} else
|
|
Packit |
aea12f |
infile = stdin;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (HAVE_OPT(DELETE)) {
|
|
Packit |
aea12f |
systemkey_delete(OPT_ARG(DELETE), outfile);
|
|
Packit |
aea12f |
} else if (HAVE_OPT(LIST)) {
|
|
Packit |
aea12f |
systemkey_list(outfile);
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
USAGE(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
fclose(outfile);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_global_deinit();
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
static void systemkey_delete(const char *url, FILE * out)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_system_key_delete(url, url);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "gnutls_systemkey_privkey_delete: %s",
|
|
Packit |
aea12f |
gnutls_strerror(ret));
|
|
Packit |
aea12f |
app_exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
fprintf(out, "Key %s deleted\n", url);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void systemkey_list(FILE * out)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
gnutls_system_key_iter_t iter = NULL;
|
|
Packit |
aea12f |
char *cert_url, *key_url, *label;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
do {
|
|
Packit |
aea12f |
ret = gnutls_system_key_iter_get_info(&iter, GNUTLS_CRT_X509, &cert_url, &key_url, &label, NULL, 0);
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fprintf(out, "Label:\t%s\nCert:\t%s\nKey:\t%s\n\n", label, cert_url, key_url);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
} while(ret >= 0);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit |
aea12f |
if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) {
|
|
Packit |
aea12f |
fprintf(stderr, "Native key store is not supported, or not present on this system\n");
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
fprintf(stderr, "Error: %s\n", gnutls_strerror(ret));
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
app_exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
gnutls_system_key_iter_deinit(iter);
|
|
Packit |
aea12f |
fputs("\n", out);
|
|
Packit |
aea12f |
}
|