diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-11-12 12:03:14 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-05 13:59:59 +0200 |
commit | 1c256f4034b5ce305494aefa47d54035a41887a4 (patch) | |
tree | 36f04d4bb18e3f34a292ffeda17076699d30a51c | |
parent | d1f9dcb267888d0d0c826506a9cf33534065d0a8 (diff) | |
download | gnutls-1c256f4034b5ce305494aefa47d54035a41887a4.tar.gz |
certtool: Allow writing unique IDs in generated certificates
-rw-r--r-- | src/certtool-args.def | 6 | ||||
-rw-r--r-- | src/certtool-cfg.c | 57 | ||||
-rw-r--r-- | src/certtool-cfg.h | 1 | ||||
-rw-r--r-- | src/certtool.c | 2 |
4 files changed, 66 insertions, 0 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index de2f27fbc3..b5c67bc60a 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -661,6 +661,12 @@ challenge_password = 123456 # Whether this is a CA certificate or not #ca +# Subject Unique ID (in hex) +#subject_unique_id = 00153224 + +# Issuer Unique ID (in hex) +#issuer_unique_id = 00153225 + # for microsoft smart card logon # key_purpose_oid = 1.3.6.1.4.1.311.20.2.2 diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index db087bf4a6..2f4a4ee966 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -91,6 +91,8 @@ static struct cfg_options available_options[] = { { .name = "dn", .type = OPTION_STRING }, { .name = "cn", .type = OPTION_STRING }, { .name = "uid", .type = OPTION_STRING }, + { .name = "subject_unique_id", .type = OPTION_STRING }, + { .name = "issuer_unique_id", .type = OPTION_STRING }, { .name = "challenge_password", .type = OPTION_STRING }, { .name = "password", .type = OPTION_STRING }, { .name = "pkcs9_email", .type = OPTION_STRING }, @@ -127,6 +129,10 @@ typedef struct _cfg_ctx { char *dn; char *cn; char *uid; + uint8_t *subject_unique_id; + unsigned subject_unique_id_size; + uint8_t *issuer_unique_id; + unsigned issuer_unique_id_size; char *challenge_password; char *pkcs9_email; char *country; @@ -259,6 +265,22 @@ void cfg_init(void) s_name = strtol(val->v.strVal, NULL, 10); \ } +#define HEX_DECODE(hex, output, output_size) \ + { \ + gnutls_datum_t _input = {(void*)hex, strlen(hex)}; \ + size_t _s; \ + gnutls_datum_t _output; \ + _output.size = _input.size/2; \ + _output.data = gnutls_malloc(_output.size); \ + _s = _output.size; \ + ret = gnutls_hex_decode(&_input, _output.data, &_s); \ + if (ret < 0) { \ + fprintf(stderr, "error in hex ID: %s\n", hex); \ + exit(1); \ + } \ + output = _output.data; \ + output_size = _s; \ + } static int handle_option(const tOptionValue* val) { @@ -289,6 +311,7 @@ int template_parse(const char *template) { /* Parsing return code */ unsigned int i; + int ret; tOptionValue const *pov; const tOptionValue *val, *prev; char tmpstr[256]; @@ -340,6 +363,14 @@ int template_parse(const char *template) if (val != NULL && val->valType == OPARG_TYPE_STRING) cfg.uid = strdup(val->v.strVal); + val = optionGetValue(pov, "issuer_unique_id"); + if (val != NULL && val->valType == OPARG_TYPE_STRING) + HEX_DECODE(val->v.strVal, cfg.issuer_unique_id, cfg.issuer_unique_id_size); + + val = optionGetValue(pov, "subject_unique_id"); + if (val != NULL && val->valType == OPARG_TYPE_STRING) + HEX_DECODE(val->v.strVal, cfg.subject_unique_id, cfg.subject_unique_id_size); + val = optionGetValue(pov, "challenge_password"); if (val != NULL && val->valType == OPARG_TYPE_STRING) cfg.challenge_password = strdup(val->v.strVal); @@ -928,6 +959,32 @@ void crt_constraints_set(gnutls_x509_crt_t crt) } } +void crt_unique_ids_set(gnutls_x509_crt_t crt) +{ + int ret; + + if (batch) { + if (cfg.subject_unique_id == NULL && cfg.issuer_unique_id == NULL) + return; /* nothing to do */ + + if (cfg.subject_unique_id) { + ret = gnutls_x509_crt_set_subject_unique_id(crt, cfg.subject_unique_id, cfg.subject_unique_id_size); + if (ret < 0) { + fprintf(stderr, "error setting subject unique ID: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + if (cfg.issuer_unique_id) { + ret = gnutls_x509_crt_set_issuer_unique_id(crt, cfg.issuer_unique_id, cfg.issuer_unique_id_size); + if (ret < 0) { + fprintf(stderr, "error setting issuer unique ID: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + } +} + void get_uid_crt_set(gnutls_x509_crt_t crt) { int ret; diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 7fa7b0c1a5..606e1cf686 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -79,6 +79,7 @@ int get_ipsec_ike_status(void); void get_dc_set(int type, void *crt); void get_ca_issuers_set(gnutls_x509_crt_t crt); void get_ocsp_issuer_set(gnutls_x509_crt_t crt); +void crt_unique_ids_set(gnutls_x509_crt_t crt); void get_cn_crq_set(gnutls_x509_crq_t crq); void get_uid_crq_set(gnutls_x509_crq_t crq); diff --git a/src/certtool.c b/src/certtool.c index 9fe837d0c7..40732bf90b 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -428,6 +428,8 @@ generate_certificate(gnutls_privkey_t * ret_key, } } + crt_unique_ids_set(crt); + is_ike = get_ipsec_ike_status(); server = get_tls_server_status(); |