diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-10-07 19:07:41 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-10-26 14:43:36 +0200 |
commit | 154593924653afc71a7722d093098246b9865de1 (patch) | |
tree | 82b42c0782057a91ec458fd7e57a5348521f7a17 | |
parent | f14c31dd55836c9a9b4c9fee663be74e30ec620b (diff) | |
download | gnutls-154593924653afc71a7722d093098246b9865de1.tar.gz |
certtool: --p7-info can be combined with --p7-show-data to display embedded data
-rw-r--r-- | src/certtool-args.def | 2 | ||||
-rw-r--r-- | src/certtool.c | 53 |
2 files changed, 37 insertions, 18 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index 123226e563..884d3a37a0 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -325,7 +325,7 @@ flag = { disable = "no"; disabled; descrip = "Will show the embedded data in the PKCS #7 structure"; - doc = "This option can be combined with --p7-verify and will display the embedded signed data in the PKCS #7 structure."; + doc = "This option can be combined with --p7-verify or --p7-info and will display the embedded signed data in the PKCS #7 structure."; }; flag = { diff --git a/src/certtool.c b/src/certtool.c index 0b8b17a582..5a69440a69 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -52,7 +52,7 @@ static FILE *stdlog = NULL; static void privkey_info_int(common_info_st *, gnutls_x509_privkey_t key); static void print_crl_info(gnutls_x509_crl_t crl, FILE * out); -void pkcs7_info(common_info_st *); +void pkcs7_info(common_info_st *cinfo, unsigned display_data); void pkcs7_sign(common_info_st *, unsigned embed); void pkcs7_generate(common_info_st *); void pkcs8_info(void); @@ -1270,7 +1270,7 @@ static void cmd_parser(int argc, char **argv) else if (HAVE_OPT(CRL_INFO)) crl_info(); else if (HAVE_OPT(P7_INFO)) - pkcs7_info(&cinfo); + pkcs7_info(&cinfo, ENABLED_OPT(P7_SHOW_DATA)); else if (HAVE_OPT(P7_GENERATE)) pkcs7_generate(&cinfo); else if (HAVE_OPT(P7_SIGN)) @@ -3756,16 +3756,16 @@ void pkcs8_info(void) pkcs8_info_int(&data, incert_format, 0, outfile, ""); } -void pkcs7_info(common_info_st *cinfo) +void pkcs7_info(common_info_st *cinfo, unsigned display_data) { gnutls_pkcs7_t pkcs7; - int result; + int ret; size_t size; gnutls_datum_t data, str; - result = gnutls_pkcs7_init(&pkcs7); - if (result < 0) { - fprintf(stderr, "p7_init: %s\n", gnutls_strerror(result)); + ret = gnutls_pkcs7_init(&pkcs7); + if (ret < 0) { + fprintf(stderr, "p7_init: %s\n", gnutls_strerror(ret)); exit(1); } @@ -3777,23 +3777,42 @@ void pkcs7_info(common_info_st *cinfo) exit(1); } - result = gnutls_pkcs7_import(pkcs7, &data, incert_format); + ret = gnutls_pkcs7_import(pkcs7, &data, incert_format); free(data.data); - if (result < 0) { + if (ret < 0) { fprintf(stderr, "import error: %s\n", - gnutls_strerror(result)); + gnutls_strerror(ret)); exit(1); } - result = gnutls_pkcs7_print(pkcs7, GNUTLS_CRT_PRINT_FULL, &str); - if (result < 0) { - fprintf(stderr, "printing error: %s\n", - gnutls_strerror(result)); - exit(1); + if (display_data) { + gnutls_datum_t tmp; + + ret = gnutls_pkcs7_get_embedded_data(pkcs7, 0, &tmp); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + if (ret < 0) { + fprintf(stderr, "error getting embedded data: %s\n", gnutls_strerror(ret)); + exit(1); + } + + fwrite(tmp.data, 1, tmp.size, outfile); + gnutls_free(tmp.data); + } else { + fprintf(stderr, "no embedded data are available\n"); + exit(1); + } + } else { + ret = gnutls_pkcs7_print(pkcs7, GNUTLS_CRT_PRINT_FULL, &str); + if (ret < 0) { + fprintf(stderr, "printing error: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "%s", str.data); + gnutls_free(str.data); } - fprintf(outfile, "%s", str.data); - gnutls_free(str.data); gnutls_pkcs7_deinit(pkcs7); } |