added the --der option to certtool.

4 files changed, 72 insertions, 48 deletions

diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index 89972e9fde..7097d78bbb 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -131,6 +131,7 @@ void gaa_help(void)
 	__gaa_helpsingle('i', "certificate-info", "", "Print information on a certificate.");
 	__gaa_helpsingle('k', "key-info", "", "Print information on a private key.");
 	__gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys.");
+	__gaa_helpsingle(0, "der", "", "Use DER format for certificates and private keys.");
 	__gaa_helpsingle(0, "bits", "BITS ", "specify the number of bits for key generation.");
 	__gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
 	__gaa_helpsingle(0, "infile", "FILE ", "Output file.");
@@ -151,14 +152,16 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 48 "certtool.gaa"
+#line 51 "certtool.gaa"
 	int debug;
-#line 45 "certtool.gaa"
+#line 48 "certtool.gaa"
 	char *infile;
-#line 42 "certtool.gaa"
+#line 45 "certtool.gaa"
 	char *outfile;
-#line 39 "certtool.gaa"
+#line 42 "certtool.gaa"
 	int bits;
+#line 39 "certtool.gaa"
+	int cert_format;
 #line 36 "certtool.gaa"
 	int pkcs8;
 #line 28 "certtool.gaa"
@@ -227,27 +230,28 @@ int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           20
+#define GAA_NB_OPTION           21
 #define GAAOPTID_version	1
 #define GAAOPTID_help	2
 #define GAAOPTID_debug	3
 #define GAAOPTID_infile	4
 #define GAAOPTID_outfile	5
 #define GAAOPTID_bits	6
-#define GAAOPTID_pkcs8	7
-#define GAAOPTID_key_info	8
-#define GAAOPTID_certificate_info	9
-#define GAAOPTID_load_ca_certificate	10
-#define GAAOPTID_load_ca_privkey	11
-#define GAAOPTID_load_certificate	12
-#define GAAOPTID_load_request	13
-#define GAAOPTID_load_privkey	14
-#define GAAOPTID_verify_chain	15
-#define GAAOPTID_generate_request	16
-#define GAAOPTID_generate_privkey	17
-#define GAAOPTID_update_certificate	18
-#define GAAOPTID_generate_certificate	19
-#define GAAOPTID_generate_self_signed	20
+#define GAAOPTID_der	7
+#define GAAOPTID_pkcs8	8
+#define GAAOPTID_key_info	9
+#define GAAOPTID_certificate_info	10
+#define GAAOPTID_load_ca_certificate	11
+#define GAAOPTID_load_ca_privkey	12
+#define GAAOPTID_load_certificate	13
+#define GAAOPTID_load_request	14
+#define GAAOPTID_load_privkey	15
+#define GAAOPTID_verify_chain	16
+#define GAAOPTID_generate_request	17
+#define GAAOPTID_generate_privkey	18
+#define GAAOPTID_update_certificate	19
+#define GAAOPTID_generate_certificate	20
+#define GAAOPTID_generate_self_signed	21
 
 #line 168 "gaa.skel"
 
@@ -530,6 +534,7 @@ int gaa_get_option_num(char *str, int status)
 #line 375 "gaa.skel"
 			GAA_CHECK1STR("v", GAAOPTID_version);
 			GAA_CHECK1STR("h", GAAOPTID_help);
+			GAA_CHECK1STR("", GAAOPTID_der);
 			GAA_CHECK1STR("8", GAAOPTID_pkcs8);
 			GAA_CHECK1STR("k", GAAOPTID_key_info);
 			GAA_CHECK1STR("i", GAAOPTID_certificate_info);
@@ -549,6 +554,7 @@ int gaa_get_option_num(char *str, int status)
 			GAA_CHECKSTR("infile", GAAOPTID_infile);
 			GAA_CHECKSTR("outfile", GAAOPTID_outfile);
 			GAA_CHECKSTR("bits", GAAOPTID_bits);
+			GAA_CHECKSTR("der", GAAOPTID_der);
 			GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8);
 			GAA_CHECKSTR("key-info", GAAOPTID_key_info);
 			GAA_CHECKSTR("certificate-info", GAAOPTID_certificate_info);
@@ -606,14 +612,14 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
 	case GAAOPTID_version:
 	OK = 0;
-#line 53 "certtool.gaa"
+#line 56 "certtool.gaa"
 { certtool_version(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_help:
 	OK = 0;
-#line 51 "certtool.gaa"
+#line 54 "certtool.gaa"
 { gaa_help(); exit(0); ;};
 
 		return GAA_OK;
@@ -623,7 +629,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
 		gaa_index++;
-#line 49 "certtool.gaa"
+#line 52 "certtool.gaa"
 { gaaval->debug = GAATMP_debug.arg1 ;};
 
 		return GAA_OK;
@@ -633,7 +639,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
 		gaa_index++;
-#line 46 "certtool.gaa"
+#line 49 "certtool.gaa"
 { gaaval->infile = GAATMP_infile.arg1 ;};
 
 		return GAA_OK;
@@ -643,7 +649,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
 		gaa_index++;
-#line 43 "certtool.gaa"
+#line 46 "certtool.gaa"
 { gaaval->outfile = GAATMP_outfile.arg1 ;};
 
 		return GAA_OK;
@@ -653,11 +659,18 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
 		gaa_index++;
-#line 40 "certtool.gaa"
+#line 43 "certtool.gaa"
 { gaaval->bits = GAATMP_bits.arg1 ;};
 
 		return GAA_OK;
 		break;
+	case GAAOPTID_der:
+	OK = 0;
+#line 40 "certtool.gaa"
+{ gaaval->cert_format=1 ;};
+
+		return GAA_OK;
+		break;
 	case GAAOPTID_pkcs8:
 	OK = 0;
 #line 37 "certtool.gaa"
@@ -795,9 +808,10 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 55 "certtool.gaa"
+#line 58 "certtool.gaa"
 { gaaval->bits = 1024; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; 
-	gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; ;};
+	gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; 
+	gaaval->cert_format = 0; ;};
 
     }
     inited = 1;
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index e581876340..5b28a139b1 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,14 +8,16 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 48 "certtool.gaa"
+#line 51 "certtool.gaa"
 	int debug;
-#line 45 "certtool.gaa"
+#line 48 "certtool.gaa"
 	char *infile;
-#line 42 "certtool.gaa"
+#line 45 "certtool.gaa"
 	char *outfile;
-#line 39 "certtool.gaa"
+#line 42 "certtool.gaa"
 	int bits;
+#line 39 "certtool.gaa"
+	int cert_format;
 #line 36 "certtool.gaa"
 	int pkcs8;
 #line 28 "certtool.gaa"
diff --git a/src/certtool.c b/src/certtool.c
index 87156f66bc..303022e1cb 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -21,6 +21,7 @@ void generate_request(void);
 static gaainfo info;
 FILE* outfile;
 FILE* infile;
+int cert_format;
 
 static unsigned char buffer[40*1024];
 static const int buffer_size = sizeof(buffer);
@@ -167,14 +168,14 @@ int size, ret;
 
 	if (!info.pkcs8) {
 		size = sizeof(buffer);
-		ret = gnutls_x509_privkey_export( key, GNUTLS_X509_FMT_PEM, buffer, &size);	
+		ret = gnutls_x509_privkey_export( key, cert_format, buffer, &size);	
 		if (ret < 0) {
 			fprintf(stderr, "privkey_export: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
 		size = sizeof(buffer);
-		ret = gnutls_x509_privkey_export_pkcs8( key, GNUTLS_X509_FMT_PEM, NULL, GNUTLS_PKCS8_PLAIN, buffer, &size);
+		ret = gnutls_x509_privkey_export_pkcs8( key, cert_format, NULL, GNUTLS_PKCS8_PLAIN, buffer, &size);
 		if (ret < 0) {
 			fprintf(stderr, "privkey_export_pkcs8: %s\n", gnutls_strerror(ret));
 			exit(1);
@@ -370,7 +371,7 @@ void generate_self_signed( void)
 	print_private_key( key);
 
 	size = sizeof(buffer);
-	result = gnutls_x509_crt_export( crt, GNUTLS_X509_FMT_PEM, buffer, &size);	
+	result = gnutls_x509_crt_export( crt, cert_format, buffer, &size);	
 	if (result < 0) {
 		fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result));
 		exit(1);
@@ -410,7 +411,7 @@ void generate_signed_certificate( void)
 	print_private_key( key);
 
 	size = sizeof(buffer);
-	result = gnutls_x509_crt_export( crt, GNUTLS_X509_FMT_PEM, buffer, &size);	
+	result = gnutls_x509_crt_export( crt, cert_format, buffer, &size);	
 	if (result < 0) {
 		fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result));
 		exit(1);
@@ -445,7 +446,7 @@ void update_signed_certificate( void)
 	}
 
 	size = sizeof(buffer);
-	result = gnutls_x509_crt_export( crt, GNUTLS_X509_FMT_PEM, buffer, &size);	
+	result = gnutls_x509_crt_export( crt, cert_format, buffer, &size);	
 	if (result < 0) {
 		fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result));
 		exit(1);
@@ -479,6 +480,9 @@ void gaa_parser(int argc, char **argv)
 			exit(1);
 		}
 	} else infile = stdin;
+	
+	if (info.cert_format) cert_format = GNUTLS_X509_FMT_DER;
+	else cert_format = GNUTLS_X509_FMT_PEM;
 
 	gnutls_global_init();
 	gnutls_global_set_log_function( tls_log_func);
@@ -555,7 +559,7 @@ void certificate_info( void)
 	pem.data = buffer;
 	pem.size = size;
 	
-	ret = gnutls_x509_crt_import(crt, &pem, GNUTLS_X509_FMT_PEM);
+	ret = gnutls_x509_crt_import(crt, &pem, cert_format);
 	if (ret < 0) {
 		fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
 		exit(1);
@@ -728,9 +732,9 @@ void privkey_info( void)
 	pem.size = size;
 	
 	if (!info.pkcs8) {
-		ret = gnutls_x509_privkey_import(key, &pem, GNUTLS_X509_FMT_PEM);
+		ret = gnutls_x509_privkey_import(key, &pem, cert_format);
 	} else {
-		ret = gnutls_x509_privkey_import_pkcs8(key, &pem, GNUTLS_X509_FMT_PEM, NULL, GNUTLS_PKCS8_PLAIN);
+		ret = gnutls_x509_privkey_import_pkcs8(key, &pem, cert_format, NULL, GNUTLS_PKCS8_PLAIN);
 	}
 
 	if (ret < 0) {
@@ -796,9 +800,9 @@ size_t size;
 	dat.size = size;
 	
 	if (!info.pkcs8)
-		ret = gnutls_x509_privkey_import( key, &dat, GNUTLS_X509_FMT_PEM);
+		ret = gnutls_x509_privkey_import( key, &dat, cert_format);
 	else
-		ret = gnutls_x509_privkey_import_pkcs8( key, &dat, GNUTLS_X509_FMT_PEM,
+		ret = gnutls_x509_privkey_import_pkcs8( key, &dat, cert_format,
 			NULL, 0);
 	
 	if (ret < 0) {
@@ -839,7 +843,7 @@ size_t size;
 	dat.data = buffer;
 	dat.size = size;
 	
-	ret = gnutls_x509_crq_import( crq, &dat, GNUTLS_X509_FMT_PEM);
+	ret = gnutls_x509_crq_import( crq, &dat, cert_format);
 	
 	if (ret < 0) {
 		fprintf(stderr, "crq_import: %s\n", gnutls_strerror(ret));
@@ -885,9 +889,9 @@ size_t size;
 	dat.size = size;
 	
 	if (!info.pkcs8)
-		ret = gnutls_x509_privkey_import( key, &dat, GNUTLS_X509_FMT_PEM);
+		ret = gnutls_x509_privkey_import( key, &dat, cert_format);
 	else
-		ret = gnutls_x509_privkey_import_pkcs8( key, &dat, GNUTLS_X509_FMT_PEM,
+		ret = gnutls_x509_privkey_import_pkcs8( key, &dat, cert_format,
 			NULL, 0);
 	
 	if (ret < 0) {
@@ -935,7 +939,7 @@ size_t size;
 	dat.data = buffer;
 	dat.size = size;
 	
-	ret = gnutls_x509_crt_import( crt, &dat, GNUTLS_X509_FMT_PEM);
+	ret = gnutls_x509_crt_import( crt, &dat, cert_format);
 	if (ret < 0) {
 		fprintf(stderr, "crt_import: %s\n", gnutls_strerror(ret));
 		exit(1);
@@ -981,7 +985,7 @@ size_t size;
 	dat.data = buffer;
 	dat.size = size;
 	
-	ret = gnutls_x509_crt_import( crt, &dat, GNUTLS_X509_FMT_PEM);
+	ret = gnutls_x509_crt_import( crt, &dat, cert_format);
 	if (ret < 0) {
 		fprintf(stderr, "crt_import: %s\n", gnutls_strerror(ret));
 		exit(1);
@@ -1052,7 +1056,7 @@ void generate_request(void)
 	print_private_key( key);
 
 	size = sizeof(buffer);	
-	ret = gnutls_x509_crq_export( crq, GNUTLS_X509_FMT_PEM, buffer, &size);	
+	ret = gnutls_x509_crq_export( crq, cert_format, buffer, &size);	
 	if (ret < 0) {
 		fprintf(stderr, "export: %s\n", gnutls_strerror(ret));
 		exit(1);
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 705e9695fc..9185d5f4b4 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -36,6 +36,9 @@ option (k, key-info) { $action = 6; } "Print information on a private key."
 #int pkcs8;
 option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."
 
+#int cert_format;
+option (der) { $cert_format=1 } "Use DER format for certificates and private keys."
+
 #int bits;
 option (bits) INT "BITS" { $bits = $1 } "specify the number of bits for key generation."
 
@@ -53,5 +56,6 @@ option (h, help) { gaa_help(); exit(0); } "shows this help text"
 option (v, version) { certtool_version(); exit(0); } "shows the program version"
 
 init { $bits = 1024; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; 
-	$debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; }
+	$debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; 
+	$cert_format = 0; }