diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-20 17:32:25 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-20 17:51:22 +0100 |
| commit | 0e5683ada58ddb14969ea7aa3113de2f843eb38d (patch) | |
| tree | 861a50bee149c03cbee249c1fe675a672744f309 | |
| parent | 5653b4db4ee6ae5a8600ecacaedb577080dac0d4 (diff) | |
| download | gnutls-0e5683ada58ddb14969ea7aa3113de2f843eb38d.tar.gz | |
Several updates in certificate/public key printing.
* Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an easier to parse format.
* Added gnutls_pubkey_import_x509_crq() to convert a certificate request to a public key.
* Added gnutls_pubkey_print() to simplify public key printing.
* certtool's pubkey-info can be combined with --load-request.
* Added --numbers option to certtool which prints big numbers in an easier to parser format.
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | doc/Makefile.am | 6 | ||||
| -rw-r--r-- | doc/cha-gtls-app.texi | 8 | ||||
| -rw-r--r-- | doc/invoke-certtool.texi | 9 | ||||
| -rw-r--r-- | doc/manpages/Makefile.am | 3 | ||||
| -rw-r--r-- | lib/gnutls_pubkey.c | 36 | ||||
| -rw-r--r-- | lib/includes/gnutls/abstract.h | 7 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 4 | ||||
| -rw-r--r-- | lib/libgnutls.map | 2 | ||||
| -rw-r--r-- | lib/x509/output.c | 962 | ||||
| -rw-r--r-- | src/certtool-args.c | 575 | ||||
| -rw-r--r-- | src/certtool-args.def | 8 | ||||
| -rw-r--r-- | src/certtool-args.h | 128 | ||||
| -rw-r--r-- | src/certtool-common.c | 136 | ||||
| -rw-r--r-- | src/certtool-common.h | 2 | ||||
| -rw-r--r-- | src/certtool.c | 27 | ||||
| -rw-r--r-- | src/tpmtool.c | 2 |
17 files changed, 1011 insertions, 909 deletions
@@ -22,6 +22,9 @@ key. ** certtool: It is able to set certificate policies via a template. +** certtool: Added --numbers option which prints big numbers in an +easier to parser format. + ** p11tool: After key generation, outputs the public key (useful in tokens that do not store the public key). @@ -30,6 +33,8 @@ gnutls_pkcs11_privkey_generate2: Added gnutls_x509_crt_get_policy: Added gnutls_x509_crt_set_policy: Added gnutls_x509_policy_release: Added +gnutls_pubkey_import_x509_crq: Added +gnutls_pubkey_print: Added * Version 3.1.4 (released 2012-11-10) diff --git a/doc/Makefile.am b/doc/Makefile.am index f5d26d24c1..881b86fe1c 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1481,10 +1481,14 @@ FUNCS += functions/gnutls_pubkey_import_url FUNCS += functions/gnutls_pubkey_import_url.short FUNCS += functions/gnutls_pubkey_import_x509 FUNCS += functions/gnutls_pubkey_import_x509.short +FUNCS += functions/gnutls_pubkey_import_x509_crq +FUNCS += functions/gnutls_pubkey_import_x509_crq.short FUNCS += functions/gnutls_pubkey_import_x509_raw FUNCS += functions/gnutls_pubkey_import_x509_raw.short FUNCS += functions/gnutls_pubkey_init FUNCS += functions/gnutls_pubkey_init.short +FUNCS += functions/gnutls_pubkey_print +FUNCS += functions/gnutls_pubkey_print.short FUNCS += functions/gnutls_pubkey_set_key_usage FUNCS += functions/gnutls_pubkey_set_key_usage.short FUNCS += functions/gnutls_pubkey_set_pin_function @@ -2027,6 +2031,8 @@ FUNCS += functions/gnutls_x509_crt_set_key_usage FUNCS += functions/gnutls_x509_crt_set_key_usage.short FUNCS += functions/gnutls_x509_crt_set_pin_function FUNCS += functions/gnutls_x509_crt_set_pin_function.short +FUNCS += functions/gnutls_x509_crt_set_policy +FUNCS += functions/gnutls_x509_crt_set_policy.short FUNCS += functions/gnutls_x509_crt_set_private_key_usage_period FUNCS += functions/gnutls_x509_crt_set_private_key_usage_period.short FUNCS += functions/gnutls_x509_crt_set_proxy diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index d2f84fda30..fc8b61bc40 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -106,8 +106,12 @@ See @ref{Error codes}, for a description of the available error codes. @node Common types @subsection Common types -Several functions in @acronym{GnuTLS} use @code{gnutls_datum_t} which is -convenient way to combine a pointer to data and data's size. Its definition is +All strings that are to provided as input to @acronym{GnuTLS} functions +should be in UTF-8 unless otherwise specified. Output strings are also +in UTF-8 format unless otherwise specified. + +When data of a fixed size are provided to @acronym{GnuTLS} functions then +the helper structure @code{gnutls_datum_t} is often used. Its definition is shown below. @verbatim typedef struct diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi index ed521186a8..1ac06b673f 100644 --- a/doc/invoke-certtool.texi +++ b/doc/invoke-certtool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-certtool.texi) # -# It has been AutoGen-ed November 20, 2012 at 12:17:13 AM by AutoGen 5.16 +# It has been AutoGen-ed November 20, 2012 at 05:51:14 PM by AutoGen 5.16 # From the definitions ../src/certtool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -71,6 +71,7 @@ USAGE: certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... --load-ca-privkey=str Loads the certificate authority's private key file --load-ca-certificate=str Loads the certificate authority's certificate file --password=str Password to use + --simple-numbers Print big number in an easier format to parse --null-password Enforce a NULL password -i, --certificate-info Print information on the given certificate --certificate-pubkey Print certificate's public key @@ -208,7 +209,7 @@ This option enforces a NULL password. This may be different than the empty passw @subheading pubkey-info option This is the ``print information on a public key'' option. -The option combined with --load-pubkey, --load-privkey and --load-certificate will extract the public key of the object in question. +The option combined with --load-request, --load-pubkey, --load-privkey and --load-certificate will extract the public key of the object in question. @anchor{certtool to-p12} @subheading to-p12 option @@ -544,11 +545,11 @@ signing_key # ca_issuers_uri = http://my.ca.issuer # Certificate policies -# policy = 1.3.6.1.4.1.5484.1.10.99.1.0 +# policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0 # policy1_txt = "This is a long policy to summarize" # policy1_url = http://www.example.com/a-policy-to-read -# policy = 1.3.6.1.4.1.5484.1.10.99.1.1 +# policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1 # policy2_txt = "This is a short policy" # policy2_url = http://www.example.com/another-policy-to-read diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index f336d1d06d..481af0f29a 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -550,8 +550,10 @@ APIMANS += gnutls_pubkey_import_tpm_raw.3 APIMANS += gnutls_pubkey_import_tpm_url.3 APIMANS += gnutls_pubkey_import_url.3 APIMANS += gnutls_pubkey_import_x509.3 +APIMANS += gnutls_pubkey_import_x509_crq.3 APIMANS += gnutls_pubkey_import_x509_raw.3 APIMANS += gnutls_pubkey_init.3 +APIMANS += gnutls_pubkey_print.3 APIMANS += gnutls_pubkey_set_key_usage.3 APIMANS += gnutls_pubkey_set_pin_function.3 APIMANS += gnutls_pubkey_verify_data.3 @@ -823,6 +825,7 @@ APIMANS += gnutls_x509_crt_set_key.3 APIMANS += gnutls_x509_crt_set_key_purpose_oid.3 APIMANS += gnutls_x509_crt_set_key_usage.3 APIMANS += gnutls_x509_crt_set_pin_function.3 +APIMANS += gnutls_x509_crt_set_policy.3 APIMANS += gnutls_x509_crt_set_private_key_usage_period.3 APIMANS += gnutls_x509_crt_set_proxy.3 APIMANS += gnutls_x509_crt_set_proxy_dn.3 diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index e9dbcbe9f1..2c662c4d95 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -179,6 +179,42 @@ gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, } /** + * gnutls_pubkey_import_x509_crq: + * @key: The public key + * @crq: The certificate to be imported + * @flags: should be zero + * + * This function will import the given public key to the abstract + * #gnutls_pubkey_t structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.1.5 + **/ +int +gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq, + unsigned int flags) +{ + int ret; + + key->pk_algorithm = gnutls_x509_crq_get_pk_algorithm (crq, &key->bits); + + ret = gnutls_x509_crq_get_key_usage (crq, &key->key_usage, NULL); + if (ret < 0) + key->key_usage = 0; + + ret = _gnutls_x509_crq_get_mpis (crq, &key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return 0; +} + +/** * gnutls_pubkey_import_privkey: * @key: The public key * @pkey: The private key diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 36aa89cb74..204e3296ab 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -64,6 +64,8 @@ int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits); int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, unsigned int flags); +int gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq, + unsigned int flags); int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, gnutls_pkcs11_obj_t obj, unsigned int flags); int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, @@ -387,6 +389,11 @@ int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, const gnutls_datum_t * hash, const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED; +int +gnutls_pubkey_print (gnutls_pubkey_t pubkey, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); + #ifdef __cplusplus } #endif diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 0a07565fb2..23bea88aee 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -572,6 +572,7 @@ extern "C" /** * gnutls_certificate_print_formats_t: * @GNUTLS_CRT_PRINT_FULL: Full information about certificate. + * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters. * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key. * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line. * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate. @@ -583,7 +584,8 @@ extern "C" GNUTLS_CRT_PRINT_FULL = 0, GNUTLS_CRT_PRINT_ONELINE = 1, GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2, - GNUTLS_CRT_PRINT_COMPACT = 3 + GNUTLS_CRT_PRINT_COMPACT = 3, + GNUTLS_CRT_PRINT_FULL_NUMBERS = 4, } gnutls_certificate_print_formats_t; #define GNUTLS_PK_ECC GNUTLS_PK_EC diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 6a53b8fbd7..c19a3c1aec 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -874,6 +874,8 @@ GNUTLS_3_1_0 { gnutls_x509_crt_get_policy; gnutls_certificate_policy_release; gnutls_x509_crt_set_policy; + gnutls_pubkey_import_x509_crq; + gnutls_pubkey_print; } GNUTLS_3_0_0; GNUTLS_PRIVATE { diff --git a/lib/x509/output.c b/lib/x509/output.c index 6ac7c47949..09f61500de 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -63,66 +63,67 @@ ip_to_string (void *_ip, int ip_size, char *string, int string_size) switch (ip_size) { case 4: - snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); + snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2], + ip[3]); break; case 16: snprintf (string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x", - (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3], - (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7], - (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11], - (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]); + (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3], + (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7], + (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11], + (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]); break; } return string; } -static void add_altname(gnutls_buffer_st * str, const char* prefix, unsigned int alt_type, - char* name, size_t name_size) +static void +add_altname (gnutls_buffer_st * str, const char *prefix, + unsigned int alt_type, char *name, size_t name_size) { -char str_ip[64]; -char *p; + char str_ip[64]; + char *p; - if ((alt_type == GNUTLS_SAN_DNSNAME - || alt_type == GNUTLS_SAN_RFC822NAME - || alt_type == GNUTLS_SAN_URI) && strlen (name) != name_size) - { - adds (str, _("warning: altname contains an embedded NUL, " - "replacing with '!'\n")); - while (strlen (name) < name_size) - name[strlen (name)] = '!'; - } + if ((alt_type == GNUTLS_SAN_DNSNAME + || alt_type == GNUTLS_SAN_RFC822NAME + || alt_type == GNUTLS_SAN_URI) && strlen (name) != name_size) + { + adds (str, _("warning: altname contains an embedded NUL, " + "replacing with '!'\n")); + while (strlen (name) < name_size) + name[strlen (name)] = '!'; + } - switch (alt_type) - { - case GNUTLS_SAN_DNSNAME: - addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) name_size, name); - break; + switch (alt_type) + { + case GNUTLS_SAN_DNSNAME: + addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) name_size, name); + break; - case GNUTLS_SAN_RFC822NAME: - addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) name_size, - name); - break; + case GNUTLS_SAN_RFC822NAME: + addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) name_size, name); + break; - case GNUTLS_SAN_URI: - addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size, name); - break; + case GNUTLS_SAN_URI: + addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size, name); + break; - case GNUTLS_SAN_IPADDRESS: - p = ip_to_string (name, name_size, str_ip, sizeof (str_ip)); - if (p == NULL) - p = ERROR_STR; - addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p); - break; + case GNUTLS_SAN_IPADDRESS: + p = ip_to_string (name, name_size, str_ip, sizeof (str_ip)); + if (p == NULL) + p = ERROR_STR; + addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p); + break; - case GNUTLS_SAN_DN: - addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix, - (int) name_size, name); - break; - default: - addf (str, "error: unknown altname\n"); - break; - } + case GNUTLS_SAN_DN: + addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix, + (int) name_size, name); + break; + default: + addf (str, "error: unknown altname\n"); + break; + } } static void @@ -172,48 +173,48 @@ print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert) for (;;) { err = gnutls_x509_crt_get_authority_info_access - (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL); + (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - return; + return; if (err < 0) - { - addf (str, "error: get_aia: %s\n", gnutls_strerror (err)); - return; - } + { + addf (str, "error: get_aia: %s\n", gnutls_strerror (err)); + return; + } addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data); if (data.size == sizeof (GNUTLS_OID_AD_OCSP) && - memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0) - adds (str, " (id-ad-ocsp)\n"); + memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0) + adds (str, " (id-ad-ocsp)\n"); else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) && - memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0) - adds (str, " (id-ad-caIssuers)\n"); + memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0) + adds (str, " (id-ad-caIssuers)\n"); else - adds (str, " (UNKNOWN)\n"); + adds (str, " (UNKNOWN)\n"); err = gnutls_x509_crt_get_authority_info_access - (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL); + (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL); if (err < 0) - { - addf (str, "error: get_aia type: %s\n", gnutls_strerror (err)); - return; - } + { + addf (str, "error: get_aia type: %s\n", gnutls_strerror (err)); + return; + } if (data.size == sizeof ("uniformResourceIdentifier") && - memcmp (data.data, "uniformResourceIdentifier", data.size) == 0) - { - adds (str, "\t\t\tAccess Location URI: "); - err = gnutls_x509_crt_get_authority_info_access - (cert, seq, GNUTLS_IA_URI, &data, NULL); - if (err < 0) - { - addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err)); - return; - } - addf (str, "%.*s\n", data.size, data.data); - } + memcmp (data.data, "uniformResourceIdentifier", data.size) == 0) + { + adds (str, "\t\t\tAccess Location URI: "); + err = gnutls_x509_crt_get_authority_info_access + (cert, seq, GNUTLS_IA_URI, &data, NULL); + if (err < 0) + { + addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err)); + return; + } + addf (str, "%.*s\n", data.size, data.data); + } else - adds (str, "\t\t\tUnsupported accessLocation type\n"); + adds (str, "\t\t\tUnsupported accessLocation type\n"); seq++; } @@ -259,6 +260,7 @@ print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert) #define TYPE_CRL 1 #define TYPE_CRT 2 #define TYPE_CRQ 3 +#define TYPE_PUBKEY 4 #define TYPE_CRT_SAN TYPE_CRT #define TYPE_CRQ_SAN TYPE_CRQ @@ -269,6 +271,7 @@ typedef union gnutls_x509_crt_t crt; gnutls_x509_crq_t crq; gnutls_x509_crl_t crl; + gnutls_pubkey_t pubkey; } cert_type_t; static void @@ -276,27 +279,30 @@ print_aki_gn_serial (gnutls_buffer_st * str, int type, cert_type_t cert) { char *buffer = NULL; char serial[128]; - size_t size = 0, serial_size = sizeof(serial); + size_t size = 0, serial_size = sizeof (serial); unsigned int alt_type; int err; if (type == TYPE_CRT) err = - gnutls_x509_crt_get_authority_key_gn_serial(cert.crt, 0, NULL, &size, - &alt_type, serial, &serial_size, NULL); + gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, NULL, &size, + &alt_type, serial, + &serial_size, NULL); else if (type == TYPE_CRL) err = - gnutls_x509_crl_get_authority_key_gn_serial(cert.crl, 0, NULL, &size, - &alt_type, serial, &serial_size, NULL); + gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, NULL, &size, + &alt_type, serial, + &serial_size, NULL); else { gnutls_assert (); return; } - + if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) { - addf (str, "error: get_authority_key_gn_serial: %s\n", gnutls_strerror (err)); + addf (str, "error: get_authority_key_gn_serial: %s\n", + gnutls_strerror (err)); return; } @@ -310,21 +316,24 @@ print_aki_gn_serial (gnutls_buffer_st * str, int type, cert_type_t cert) if (type == TYPE_CRT) err = - gnutls_x509_crt_get_authority_key_gn_serial(cert.crt, 0, buffer, &size, - &alt_type, serial, &serial_size, NULL); + gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, buffer, &size, + &alt_type, serial, + &serial_size, NULL); else err = - gnutls_x509_crl_get_authority_key_gn_serial(cert.crl, 0, buffer, &size, - &alt_type, serial, &serial_size, NULL); + gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, buffer, &size, + &alt_type, serial, + &serial_size, NULL); if (err < 0) { gnutls_free (buffer); - addf (str, "error: get_authority_key_gn_serial2: %s\n", gnutls_strerror (err)); + addf (str, "error: get_authority_key_gn_serial2: %s\n", + gnutls_strerror (err)); return; } - add_altname(str, "", alt_type, buffer, size); + add_altname (str, "", alt_type, buffer, size); adds (str, "\t\t\tserial: "); _gnutls_buffer_hexprint (str, serial, serial_size); adds (str, "\n"); @@ -350,11 +359,11 @@ print_aki (gnutls_buffer_st * str, int type, cert_type_t cert) gnutls_assert (); return; } - + if (err == GNUTLS_E_X509_UNSUPPORTED_EXTENSION) { /* Check if an alternative name is there */ - print_aki_gn_serial(str, type, cert); + print_aki_gn_serial (str, type, cert); return; } @@ -404,6 +413,8 @@ print_key_usage (gnutls_buffer_st * str, const char *prefix, int type, err = gnutls_x509_crt_get_key_usage (cert.crt, &key_usage, NULL); else if (type == TYPE_CRQ) err = gnutls_x509_crq_get_key_usage (cert.crq, &key_usage, NULL); + else if (type == TYPE_PUBKEY) + err = gnutls_pubkey_get_key_usage (cert.pubkey, &key_usage); else return; @@ -414,28 +425,28 @@ print_key_usage (gnutls_buffer_st * str, const char *prefix, int type, } if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE) - addf (str, _("%s\t\t\tDigital signature.\n"), prefix); + addf (str, _("%sDigital signature.\n"), prefix); if (key_usage & GNUTLS_KEY_NON_REPUDIATION) - addf (str, _("%s\t\t\tNon repudiation.\n"), prefix); + addf (str, _("%sNon repudiation.\n"), prefix); if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) - addf (str, _("%s\t\t\tKey encipherment.\n"), prefix); + addf (str, _("%sKey encipherment.\n"), prefix); if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT) - addf (str, _("%s\t\t\tData encipherment.\n"), prefix); + addf (str, _("%sData encipherment.\n"), prefix); if (key_usage & GNUTLS_KEY_KEY_AGREEMENT) - addf (str, _("%s\t\t\tKey agreement.\n"), prefix); + addf (str, _("%sKey agreement.\n"), prefix); if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN) - addf (str, _("%s\t\t\tCertificate signing.\n"), prefix); + addf (str, _("%sCertificate signing.\n"), prefix); if (key_usage & GNUTLS_KEY_CRL_SIGN) - addf (str, _("%s\t\t\tCRL signing.\n"), prefix); + addf (str, _("%sCRL signing.\n"), prefix); if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY) - addf (str, _("%s\t\t\tKey encipher only.\n"), prefix); + addf (str, _("%sKey encipher only.\n"), prefix); if (key_usage & GNUTLS_KEY_DECIPHER_ONLY) - addf (str, _("%s\t\t\tKey decipher only.\n"), prefix); + addf (str, _("%sKey decipher only.\n"), prefix); } static void -print_private_key_usage_period (gnutls_buffer_st * str, const char *prefix, int type, - cert_type_t cert) +print_private_key_usage_period (gnutls_buffer_st * str, const char *prefix, + int type, cert_type_t cert) { time_t activation, expiration; int err; @@ -444,15 +455,20 @@ print_private_key_usage_period (gnutls_buffer_st * str, const char *prefix, int size_t max; if (type == TYPE_CRT) - err = gnutls_x509_crt_get_private_key_usage_period (cert.crt, &activation, &expiration, NULL); + err = + gnutls_x509_crt_get_private_key_usage_period (cert.crt, &activation, + &expiration, NULL); else if (type == TYPE_CRQ) - err = gnutls_x509_crq_get_private_key_usage_period (cert.crq, &activation, &expiration, NULL); + err = + gnutls_x509_crq_get_private_key_usage_period (cert.crq, &activation, + &expiration, NULL); else return; if (err < 0) { - addf (str, "error: get_private_key_usage_period: %s\n", gnutls_strerror (err)); + addf (str, "error: get_private_key_usage_period: %s\n", + gnutls_strerror (err)); return; } @@ -668,8 +684,8 @@ print_basic (gnutls_buffer_st * str, const char *prefix, int type, static void -print_altname (gnutls_buffer_st * str, const char *prefix, unsigned int altname_type, - cert_type_t cert) +print_altname (gnutls_buffer_st * str, const char *prefix, + unsigned int altname_type, cert_type_t cert) { unsigned int altname_idx; @@ -734,84 +750,84 @@ print_altname (gnutls_buffer_st * str, const char *prefix, unsigned int altname_ if (err == GNUTLS_SAN_OTHERNAME) { - char *oid = NULL; - size_t oidsize; - - oidsize = 0; - if (altname_type == TYPE_CRT_SAN) - err = gnutls_x509_crt_get_subject_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRQ_SAN) - err = gnutls_x509_crq_get_subject_alt_othername_oid - (cert.crq, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRT_IAN) - err = gnutls_x509_crt_get_issuer_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); - - if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - gnutls_free (buffer); - addf (str, - "error: get_subject/issuer_alt_othername_oid: %s\n", - gnutls_strerror (err)); - return; - } + char *oid = NULL; + size_t oidsize; + + oidsize = 0; + if (altname_type == TYPE_CRT_SAN) + err = gnutls_x509_crt_get_subject_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRQ_SAN) + err = gnutls_x509_crq_get_subject_alt_othername_oid + (cert.crq, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRT_IAN) + err = gnutls_x509_crt_get_issuer_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); + + if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_free (buffer); + addf (str, + "error: get_subject/issuer_alt_othername_oid: %s\n", + gnutls_strerror (err)); + return; + } - oid = gnutls_malloc (oidsize); - if (!oid) - { - gnutls_free (buffer); - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - return; - } + oid = gnutls_malloc (oidsize); + if (!oid) + { + gnutls_free (buffer); + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + return; + } - if (altname_type == TYPE_CRT_SAN) - err = gnutls_x509_crt_get_subject_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRQ_SAN) - err = gnutls_x509_crq_get_subject_alt_othername_oid - (cert.crq, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRT_IAN) - err = gnutls_x509_crt_get_issuer_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); + if (altname_type == TYPE_CRT_SAN) + err = gnutls_x509_crt_get_subject_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRQ_SAN) + err = gnutls_x509_crq_get_subject_alt_othername_oid + (cert.crq, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRT_IAN) + err = gnutls_x509_crt_get_issuer_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); - if (err < 0) - { - gnutls_free (buffer); - gnutls_free (oid); - addf (str, "error: get_subject_alt_othername_oid2: %s\n", - gnutls_strerror (err)); - return; - } + if (err < 0) + { + gnutls_free (buffer); + gnutls_free (oid); + addf (str, "error: get_subject_alt_othername_oid2: %s\n", + gnutls_strerror (err)); + return; + } - if (err == GNUTLS_SAN_OTHERNAME_XMPP) - { - if (strlen (buffer) != size) - { - adds (str, _("warning: altname contains an embedded NUL, " - "replacing with '!'\n")); - while (strlen (buffer) < size) - buffer[strlen (buffer)] = '!'; - } - - addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix, - (int) size, buffer); - } - else - { - addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix, - (int) oidsize, oid); - addf (str, _("%s\t\t\totherName DER: "), prefix); - _gnutls_buffer_hexprint (str, buffer, size); - addf (str, _("\n%s\t\t\totherName ASCII: "), prefix); - _gnutls_buffer_asciiprint (str, buffer, size); - addf (str, "\n"); - } - gnutls_free (oid); - } + if (err == GNUTLS_SAN_OTHERNAME_XMPP) + { + if (strlen (buffer) != size) + { + adds (str, _("warning: altname contains an embedded NUL, " + "replacing with '!'\n")); + while (strlen (buffer) < size) + buffer[strlen (buffer)] = '!'; + } + + addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix, + (int) size, buffer); + } + else + { + addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix, + (int) oidsize, oid); + addf (str, _("%s\t\t\totherName DER: "), prefix); + _gnutls_buffer_hexprint (str, buffer, size); + addf (str, _("\n%s\t\t\totherName ASCII: "), prefix); + _gnutls_buffer_asciiprint (str, buffer, size); + addf (str, "\n"); + } + gnutls_free (oid); + } else - add_altname(str, prefix, err, buffer, size); + add_altname (str, prefix, err, buffer, size); gnutls_free (buffer); } @@ -893,6 +909,7 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, int ski_idx = 0; int aki_idx = 0; int crldist_idx = 0, pkey_usage_period_idx = 0; + char pfx[16]; for (i = 0;; i++) { @@ -961,34 +978,41 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, else if (strcmp (oid, "2.5.29.32") == 0) { struct gnutls_x509_policy_st policy; - const char* name; + const char *name; int x; - for (x=0;;x++) + for (x = 0;; x++) { - err = gnutls_x509_crt_get_policy (cert.crt, x, &policy, &critical); + err = + gnutls_x509_crt_get_policy (cert.crt, x, &policy, &critical); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; - + if (err < 0) { - addf (str, "error: certificate policy: %s\n", gnutls_strerror(err)); + addf (str, "error: certificate policy: %s\n", + gnutls_strerror (err)); break; } - if (x==0) addf (str, "%s\t\tCertificate Policies (%s):\n", prefix, critical ? _("critical") : _("not critical")); + if (x == 0) + addf (str, "%s\t\tCertificate Policies (%s):\n", prefix, + critical ? _("critical") : _("not critical")); addf (str, "%s\t\t\t%s\n", prefix, policy.oid); - for (j=0;j<policy.qualifiers;j++) + for (j = 0; j < policy.qualifiers; j++) { - if (policy.qualifier[j].type==GNUTLS_X509_QUALIFIER_URI) + if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI) name = "URI"; - else if (policy.qualifier[j].type==GNUTLS_X509_QUALIFIER_NOTICE) + else if (policy.qualifier[j].type == + GNUTLS_X509_QUALIFIER_NOTICE) name = "Note"; - else name = "Unknown qualifier"; - addf (str, "%s\t\t\t\t%s: %s\n", prefix, name, policy.qualifier[j].data); + else + name = "Unknown qualifier"; + addf (str, "%s\t\t\t\t%s: %s\n", prefix, name, + policy.qualifier[j].data); } - + gnutls_x509_policy_release (&policy); } } @@ -1020,7 +1044,8 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, addf (str, _("%s\t\tKey Usage (%s):\n"), prefix, critical ? _("critical") : _("not critical")); - print_key_usage (str, prefix, type, cert); + snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix); + print_key_usage (str, pfx, type, cert); keyusage_idx++; } @@ -1028,7 +1053,8 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, { if (pkey_usage_period_idx) { - addf (str, "error: more than one private key usage period extension\n"); + addf (str, + "error: more than one private key usage period extension\n"); continue; } @@ -1117,7 +1143,7 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0) { addf (str, _("%s\t\tAuthority Information " - "Access (%s):\n"), prefix, + "Access (%s):\n"), prefix, critical ? _("critical") : _("not critical")); if (type == TYPE_CRT) @@ -1189,7 +1215,173 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, } static void -print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) +print_pubkey (gnutls_buffer_st * str, const char* key_name, gnutls_pubkey_t pubkey, gnutls_certificate_print_formats_t format) +{ + int err, pk; + const char *name; + unsigned bits; + + err = gnutls_pubkey_get_pk_algorithm (pubkey, &bits); + if (err < 0) + { + addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err)); + return; + } + + name = gnutls_pk_algorithm_get_name (err); + if (name == NULL) + name = _("unknown"); + + pk = err; + + addf (str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name); + addf (str, _("\tAlgorithm Security Level: %s (%d bits)\n"), + gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param + (err, bits)), bits); + switch (pk) + { + case GNUTLS_PK_RSA: + { + gnutls_datum_t m, e; + + err = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e); + if (err < 0) + addf (str, "error: get_pk_rsa_raw: %s\n", gnutls_strerror (err)); + else + { + if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) + { + addf (str, _("\t\tModulus (bits %d): "), bits); + _gnutls_buffer_hexprint (str, m.data, m.size); + adds (str, "\n"); + addf (str, _("\t\tExponent (bits %d): "), e.size * 8); + _gnutls_buffer_hexprint (str, e.data, e.size); + adds (str, "\n"); + } + else + { + addf (str, _("\t\tModulus (bits %d):\n"), bits); + _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t"); + addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8); + _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t"); + } + + gnutls_free (m.data); + gnutls_free (e.data); + } + + } + break; + + case GNUTLS_PK_EC: + { + gnutls_datum_t x, y; + gnutls_ecc_curve_t curve; + + err = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y); + if (err < 0) + addf (str, "error: get_pk_ecc_raw: %s\n", gnutls_strerror (err)); + else + { + addf (str, _("\t\tCurve:\t%s\n"), + gnutls_ecc_curve_get_name (curve)); + if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) + { + addf (str, _("\t\tX: ")); + _gnutls_buffer_hexprint (str, x.data, x.size); + adds (str, "\n"); + addf (str, _("\t\tY: ")); + _gnutls_buffer_hexprint (str, y.data, y.size); + adds (str, "\n"); + } + else + { + addf (str, _("\t\tX:\n")); + _gnutls_buffer_hexdump (str, x.data, x.size, "\t\t\t"); + adds (str, _("\t\tY:\n")); + _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t"); + } + + gnutls_free (x.data); + gnutls_free (y.data); + + } + } + break; + case GNUTLS_PK_DSA: + { + gnutls_datum_t p, q, g, y; + + err = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y); + if (err < 0) + addf (str, "error: get_pk_dsa_raw: %s\n", gnutls_strerror (err)); + else + { + if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) + { + addf (str, _("\t\tPublic key (bits %d): "), bits); + _gnutls_buffer_hexprint (str, y.data, y.size); + adds (str, "\n"); + addf (str, _("\t\tP: ")); + _gnutls_buffer_hexprint (str, p.data, p.size); + adds (str, "\n"); + addf (str, _("\t\tQ: ")); + _gnutls_buffer_hexprint (str, q.data, q.size); + adds (str, "\n"); + addf (str, _("\t\tG: ")); + _gnutls_buffer_hexprint (str, g.data, g.size); + adds (str, "\n"); + } + else + { + addf (str, _("\t\tPublic key (bits %d):\n"), bits); + _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t"); + adds (str, _("\t\tP:\n")); + _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t"); + adds (str, _("\t\tQ:\n")); + _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t"); + adds (str, _("\t\tG:\n")); + _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t"); + } + + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); + + } + } + break; + + default: + break; + } +} + +static void +print_crt_pubkey (gnutls_buffer_st * str, gnutls_x509_crt_t crt, gnutls_certificate_print_formats_t format) +{ + gnutls_pubkey_t pubkey; + int ret; + + ret = gnutls_pubkey_init (&pubkey); + if (ret < 0) + return; + + ret = gnutls_pubkey_import_x509 (pubkey, crt, 0); + if (ret < 0) + goto cleanup; + + print_pubkey (str, _("Subject "), pubkey, format); + +cleanup: + gnutls_pubkey_deinit (pubkey); + return; +} + +static void +print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, + gnutls_certificate_print_formats_t format) { /* Version. */ { @@ -1218,7 +1410,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) } /* Issuer. */ - if (!notsigned) + if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) { char *dn; size_t dn_size = 0; @@ -1309,122 +1501,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) } /* SubjectPublicKeyInfo. */ - { - int err, pk; - unsigned int bits; - - err = gnutls_x509_crt_get_pk_algorithm (cert, &bits); - if (err < 0) - addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err)); - else - { - gnutls_pubkey_t pubkey; - const char *name = gnutls_pk_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); - - pk = err; - - addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); - addf (str, _("\tCertificate Security Level: %s (%d bits)\n"), - gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param - (err, bits)), bits); - err = gnutls_pubkey_init(&pubkey); - if (err < 0) - { - addf (str, "error: gnutls_pubkey_init: %s\n", gnutls_strerror (err)); - return; - } - - err = gnutls_pubkey_import_x509(pubkey, cert, 0); - if (err < 0) - { - addf (str, "error: gnutls_pubkey_import_x509: %s\n", gnutls_strerror (err)); - return; - } - - switch (pk) - { - case GNUTLS_PK_RSA: - { - gnutls_datum_t m, e; - - err = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e); - if (err < 0) - addf (str, "error: get_pk_rsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tModulus (bits %d):\n"), bits); - _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t"); - addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8); - _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t"); - - gnutls_free (m.data); - gnutls_free (e.data); - } - - } - break; - - case GNUTLS_PK_EC: - { - gnutls_datum_t x, y; - gnutls_ecc_curve_t curve; - - err = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y); - if (err < 0) - addf (str, "error: get_pk_ecc_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tCurve:\t%s\n"), gnutls_ecc_curve_get_name(curve)); - addf (str, _("\t\tX:\n")); - _gnutls_buffer_hexdump (str, x.data, x.size, "\t\t\t"); - adds (str, _("\t\tY:\n")); - _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t"); - - gnutls_free (x.data); - gnutls_free (y.data); - - } - } - break; - case GNUTLS_PK_DSA: - { - gnutls_datum_t p, q, g, y; - - err = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y); - if (err < 0) - addf (str, "error: get_pk_dsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tPublic key (bits %d):\n"), bits); - _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t"); - adds (str, _("\t\tP:\n")); - _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t"); - adds (str, _("\t\tQ:\n")); - _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t"); - adds (str, _("\t\tG:\n")); - _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t"); - - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - - } - } - break; - - default: - break; - } - - gnutls_pubkey_deinit(pubkey); - } - } + print_crt_pubkey(str, cert, format); print_unique_ids (str, cert); @@ -1438,7 +1515,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) } /* Signature. */ - if (!notsigned) + if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) { int err; size_t size = 0; @@ -1455,7 +1532,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) name = _("unknown"); addf (str, _("\tSignature Algorithm: %s\n"), name); } - if (gnutls_sign_is_secure(err) == 0) + if (gnutls_sign_is_secure (err) == 0) { adds (str, _("warning: signed using a broken signature " "algorithm that can be forged.\n")); @@ -1498,7 +1575,7 @@ print_fingerprint (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int err; char buffer[MAX_HASH_SIZE]; size_t size = sizeof (buffer); - + err = gnutls_x509_crt_get_fingerprint (cert, algo, buffer, &size); if (err < 0) { @@ -1519,9 +1596,9 @@ print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t cert) { int err; unsigned char buffer[32]; - size_t size = sizeof(buffer); - const char* name; - char* p; + size_t size = sizeof (buffer); + const char *name; + char *p; unsigned int bits; err = gnutls_x509_crt_get_key_id (cert, 0, buffer, &size); @@ -1538,26 +1615,27 @@ print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t cert) err = gnutls_x509_crt_get_pk_algorithm (cert, &bits); if (err < 0) return; - - name = gnutls_pk_get_name(err); + + name = gnutls_pk_get_name (err); if (name == NULL) return; - p = _gnutls_key_fingerprint_randomart(buffer, size, name, bits, "\t\t"); + p = _gnutls_key_fingerprint_randomart (buffer, size, name, bits, "\t\t"); if (p == NULL) return; - + adds (str, _("\tPublic key's random art:\n")); adds (str, p); adds (str, "\n"); - gnutls_free(p); + gnutls_free (p); } static void -print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) +print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert, + gnutls_certificate_print_formats_t format) { - if (!notsigned) + if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) { print_fingerprint (str, cert, GNUTLS_DIG_SHA1); } @@ -1567,7 +1645,7 @@ print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) static void print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) { -int err; + int err; /* Subject. */ { @@ -1641,7 +1719,7 @@ int err; const char *name = gnutls_sign_algorithm_get_name (err); if (name == NULL) name = _("unknown"); - if (gnutls_sign_is_secure(err) == 0) + if (gnutls_sign_is_secure (err) == 0) addf (str, _("signed using %s (broken!), "), name); else addf (str, _("signed using %s, "), name); @@ -1751,60 +1829,57 @@ gnutls_x509_crt_print (gnutls_x509_crt_t cert, gnutls_buffer_st str; int ret; - if (format == GNUTLS_CRT_PRINT_FULL - || format == GNUTLS_CRT_PRINT_UNSIGNED_FULL) + if (format == GNUTLS_CRT_PRINT_COMPACT) { _gnutls_buffer_init (&str); - _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n")); - - print_cert (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL); - - _gnutls_buffer_append_str (&str, _("Other Information:\n")); + print_oneline (&str, cert); - print_other (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL); + _gnutls_buffer_append_data (&str, "\n", 1); + print_keyid (&str, cert); _gnutls_buffer_append_data (&str, "\0", 1); - ret = _gnutls_buffer_to_datum( &str, out); - if (out->size > 0) out->size--; - + ret = _gnutls_buffer_to_datum (&str, out); + if (out->size > 0) + out->size--; + return ret; } - else if (format == GNUTLS_CRT_PRINT_COMPACT) + else if (format == GNUTLS_CRT_PRINT_ONELINE) { _gnutls_buffer_init (&str); print_oneline (&str, cert); - _gnutls_buffer_append_data (&str, "\n", 1); - print_keyid (&str, cert); - _gnutls_buffer_append_data (&str, "\0", 1); - ret = _gnutls_buffer_to_datum( &str, out); - if (out->size > 0) out->size--; - + ret = _gnutls_buffer_to_datum (&str, out); + if (out->size > 0) + out->size--; + return ret; } - else if (format == GNUTLS_CRT_PRINT_ONELINE) + else { _gnutls_buffer_init (&str); - print_oneline (&str, cert); + _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n")); + + print_cert (&str, cert, format); + + _gnutls_buffer_append_str (&str, _("Other Information:\n")); + + print_other (&str, cert, format); _gnutls_buffer_append_data (&str, "\0", 1); - ret = _gnutls_buffer_to_datum( &str, out); - if (out->size > 0) out->size--; - + ret = _gnutls_buffer_to_datum (&str, out); + if (out->size > 0) + out->size--; + return ret; } - else - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } } static void @@ -2068,7 +2143,7 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) name = _("unknown"); addf (str, _("\tSignature Algorithm: %s\n"), name); } - if (gnutls_sign_is_secure(err) == 0) + if (gnutls_sign_is_secure (err) == 0) { adds (str, _("warning: signed using a broken signature " "algorithm that can be forged.\n")); @@ -2134,15 +2209,37 @@ gnutls_x509_crl_print (gnutls_x509_crl_t crl, print_crl (&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL); _gnutls_buffer_append_data (&str, "\0", 1); - - ret = _gnutls_buffer_to_datum( &str, out); - if (out->size > 0) out->size--; - + + ret = _gnutls_buffer_to_datum (&str, out); + if (out->size > 0) + out->size--; + return ret; } static void -print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert) +print_crq_pubkey (gnutls_buffer_st * str, gnutls_x509_crq_t crq, gnutls_certificate_print_formats_t format) +{ + gnutls_pubkey_t pubkey; + int ret; + + ret = gnutls_pubkey_init (&pubkey); + if (ret < 0) + return; + + ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0); + if (ret < 0) + goto cleanup; + + print_pubkey (str, _("Subject "), pubkey, format); + +cleanup: + gnutls_pubkey_deinit (pubkey); + return; +} + +static void +print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert, gnutls_certificate_print_formats_t format) { /* Version. */ { @@ -2189,68 +2286,7 @@ print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert) if (err < 0) addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err)); else - { - const char *name = gnutls_pk_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); - - addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); - switch (err) - { - case GNUTLS_PK_RSA: - { - gnutls_datum_t m, e; - - err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e); - if (err < 0) - addf (str, "error: get_pk_rsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tModulus (bits %d):\n"), bits); - _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t"); - adds (str, _("\t\tExponent:\n")); - _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t"); - - gnutls_free (m.data); - gnutls_free (e.data); - } - - } - break; -#if 0 /* not implemented yet */ - case GNUTLS_PK_DSA: - { - gnutls_datum_t p, q, g, y; - - err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y); - if (err < 0) - addf (str, "error: get_pk_dsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tPublic key (bits %d):\n"), bits); - _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t"); - addf (str, _("\t\tP:\n")); - _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t"); - addf (str, _("\t\tQ:\n")); - _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t"); - addf (str, _("\t\tG:\n")); - _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t"); - - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - - } - } - break; -#endif - default: - break; - } - } + print_crq_pubkey (str, cert, format); } /* parse attributes */ @@ -2447,7 +2483,7 @@ gnutls_x509_crq_print (gnutls_x509_crq_t crq, _gnutls_buffer_append_str (&str, _("PKCS #10 Certificate Request Information:\n")); - print_crq (&str, crq); + print_crq (&str, crq, format); _gnutls_buffer_append_str (&str, _("Other Information:\n")); @@ -2455,9 +2491,85 @@ gnutls_x509_crq_print (gnutls_x509_crq_t crq, _gnutls_buffer_append_data (&str, "\0", 1); - ret = _gnutls_buffer_to_datum( &str, out); - if (out->size > 0) out->size--; - + ret = _gnutls_buffer_to_datum (&str, out); + if (out->size > 0) + out->size--; + return ret; } +static void +print_pubkey_other (gnutls_buffer_st * str, gnutls_pubkey_t pubkey, gnutls_certificate_print_formats_t format) +{ + uint8_t buffer[MAX_HASH_SIZE]; + size_t size = sizeof(buffer); + int ret; + unsigned int usage; + cert_type_t ccert; + + ccert.pubkey = pubkey; + + ret = gnutls_pubkey_get_key_usage (pubkey, &usage); + if (ret < 0) + { + addf (str, "error: get_key_usage: %s\n", gnutls_strerror (ret)); + return; + } + + adds (str, "\n"); + adds (str, _("Public Key Usage:\n")); + print_key_usage (str, "\t", TYPE_PUBKEY, ccert); + + ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size); + if (ret < 0) + { + addf (str, "error: get_key_id: %s\n", gnutls_strerror (ret)); + return; + } + + adds (str, "\n"); + adds (str, _("Public Key ID: ")); + _gnutls_buffer_hexprint (str, buffer, size); + adds (str, "\n"); +} + +/** + * gnutls_pubkey_print: + * @pubkey: The structure to be printed + * @format: Indicate the format to use + * @out: Newly allocated datum with (0) terminated string. + * + * This function will pretty print public key information, suitable for + * display to a human. + * + * Only %GNUTLS_CRT_PRINT_FULL and %GNUTLS_CRT_PRINT_FULL_NUMBERS + * are implemented. + * + * The output @out needs to be deallocated using gnutls_free(). + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int +gnutls_pubkey_print (gnutls_pubkey_t pubkey, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) +{ + gnutls_buffer_st str; + int ret; + + _gnutls_buffer_init (&str); + + _gnutls_buffer_append_str (&str, _("Public Key Information:\n")); + + print_pubkey (&str, "", pubkey, format); + print_pubkey_other (&str, pubkey, format); + + _gnutls_buffer_append_data (&str, "\0", 1); + + ret = _gnutls_buffer_to_datum (&str, out); + if (out->size > 0) + out->size--; + + return ret; +} diff --git a/src/certtool-args.c b/src/certtool-args.c index 261f2d89e7..9eee3b9120 100644 --- a/src/certtool-args.c +++ b/src/certtool-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.c) * - * It has been AutoGen-ed November 20, 2012 at 12:55:34 AM by AutoGen 5.16 + * It has been AutoGen-ed November 20, 2012 at 05:51:05 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * @@ -67,7 +67,7 @@ extern FILE * option_usage_fp; /* * certtool option static const strings */ -static char const certtool_opt_strs[4691] = +static char const certtool_opt_strs[4767] = /* 0 */ "certtool @VERSION@\n" "Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" @@ -156,115 +156,118 @@ static char const certtool_opt_strs[4691] = /* 2293 */ "Password to use\0" /* 2309 */ "PASSWORD\0" /* 2318 */ "password\0" -/* 2327 */ "Enforce a NULL password\0" -/* 2351 */ "NULL_PASSWORD\0" -/* 2365 */ "null-password\0" -/* 2379 */ "Print information on the given certificate\0" -/* 2422 */ "CERTIFICATE_INFO\0" -/* 2439 */ "certificate-info\0" -/* 2456 */ "Print certificate's public key\0" -/* 2487 */ "CERTIFICATE_PUBKEY\0" -/* 2506 */ "certificate-pubkey\0" -/* 2525 */ "Print information on the given OpenPGP certificate\0" -/* 2576 */ "PGP_CERTIFICATE_INFO\0" -/* 2597 */ "pgp-certificate-info\0" -/* 2618 */ "Print information on the given OpenPGP keyring structure\0" -/* 2675 */ "PGP_RING_INFO\0" -/* 2689 */ "pgp-ring-info\0" -/* 2703 */ "Print information on the given CRL structure\0" -/* 2748 */ "CRL_INFO\0" -/* 2757 */ "crl-info\0" -/* 2766 */ "Print information on the given certificate request\0" -/* 2817 */ "CRQ_INFO\0" -/* 2826 */ "crq-info\0" -/* 2835 */ "Do not use extensions in certificate requests\0" -/* 2881 */ "NO_CRQ_EXTENSIONS\0" -/* 2899 */ "no-crq-extensions\0" -/* 2917 */ "Print information on a PKCS #12 structure\0" -/* 2959 */ "P12_INFO\0" -/* 2968 */ "p12-info\0" -/* 2977 */ "Print information on a PKCS #7 structure\0" -/* 3018 */ "P7_INFO\0" -/* 3026 */ "p7-info\0" -/* 3034 */ "Convert S/MIME to PKCS #7 structure\0" -/* 3070 */ "SMIME_TO_P7\0" -/* 3082 */ "smime-to-p7\0" -/* 3094 */ "Print information on a private key\0" -/* 3129 */ "KEY_INFO\0" -/* 3138 */ "key-info\0" -/* 3147 */ "Print information on an OpenPGP private key\0" -/* 3191 */ "PGP_KEY_INFO\0" -/* 3204 */ "pgp-key-info\0" -/* 3217 */ "Print information on a public key\0" -/* 3251 */ "PUBKEY_INFO\0" -/* 3263 */ "pubkey-info\0" -/* 3275 */ "Generate an X.509 version 1 certificate (with no extensions)\0" -/* 3336 */ "V1\0" -/* 3339 */ "v1\0" -/* 3342 */ "Generate a PKCS #12 structure\0" -/* 3372 */ "TO_P12\0" -/* 3379 */ "to-p12\0" -/* 3386 */ "Generate a PKCS #8 structure\0" -/* 3415 */ "TO_P8\0" -/* 3421 */ "to-p8\0" -/* 3427 */ "Use PKCS #8 format for private keys\0" -/* 3463 */ "PKCS8\0" -/* 3469 */ "pkcs8\0" -/* 3475 */ "Generate RSA key\0" -/* 3492 */ "RSA\0" -/* 3496 */ "rsa\0" -/* 3500 */ "Generate DSA key\0" -/* 3517 */ "DSA\0" -/* 3521 */ "dsa\0" -/* 3525 */ "Generate ECC (ECDSA) key\0" -/* 3550 */ "ECC\0" -/* 3554 */ "ecc\0" -/* 3558 */ "Hash algorithm to use for signing.\0" -/* 3593 */ "HASH\0" -/* 3598 */ "hash\0" -/* 3603 */ "Use DER format for input certificates and private keys.\0" -/* 3659 */ "INDER\0" -/* 3665 */ "no-inder\0" -/* 3674 */ "no\0" -/* 3677 */ "This is an alias for 'inder'\0" -/* 3706 */ "inraw\0" -/* 3712 */ "Use DER format for output certificates and private keys\0" -/* 3768 */ "OUTDER\0" -/* 3775 */ "no-outder\0" -/* 3785 */ "This is an alias for 'outder'\0" -/* 3815 */ "outraw\0" -/* 3822 */ "Specify the number of bits for key generate\0" -/* 3866 */ "BITS\0" -/* 3871 */ "bits\0" -/* 3876 */ "Specify the security level [low, legacy, normal, high, ultra].\0" -/* 3939 */ "SEC_PARAM\0" -/* 3949 */ "sec-param\0" -/* 3959 */ "No effect\0" -/* 3969 */ "DISABLE_QUICK_RANDOM\0" -/* 3990 */ "disable-quick-random\0" -/* 4011 */ "Template file to use for non-interactive operation\0" -/* 4062 */ "TEMPLATE\0" -/* 4071 */ "template\0" -/* 4080 */ "Cipher to use for PKCS #8 and #12 operations\0" -/* 4125 */ "PKCS_CIPHER\0" -/* 4137 */ "pkcs-cipher\0" -/* 4149 */ "Display extended usage information and exit\0" -/* 4193 */ "help\0" -/* 4198 */ "Extended usage information passed thru pager\0" -/* 4243 */ "more-help\0" -/* 4253 */ "Output version information and exit\0" -/* 4289 */ "version\0" -/* 4297 */ "CERTTOOL\0" -/* 4306 */ "certtool - GnuTLS certificate tool - Ver. @VERSION@\n" +/* 2327 */ "Print big number in an easier format to parse\0" +/* 2373 */ "SIMPLE_NUMBERS\0" +/* 2388 */ "simple-numbers\0" +/* 2403 */ "Enforce a NULL password\0" +/* 2427 */ "NULL_PASSWORD\0" +/* 2441 */ "null-password\0" +/* 2455 */ "Print information on the given certificate\0" +/* 2498 */ "CERTIFICATE_INFO\0" +/* 2515 */ "certificate-info\0" +/* 2532 */ "Print certificate's public key\0" +/* 2563 */ "CERTIFICATE_PUBKEY\0" +/* 2582 */ "certificate-pubkey\0" +/* 2601 */ "Print information on the given OpenPGP certificate\0" +/* 2652 */ "PGP_CERTIFICATE_INFO\0" +/* 2673 */ "pgp-certificate-info\0" +/* 2694 */ "Print information on the given OpenPGP keyring structure\0" +/* 2751 */ "PGP_RING_INFO\0" +/* 2765 */ "pgp-ring-info\0" +/* 2779 */ "Print information on the given CRL structure\0" +/* 2824 */ "CRL_INFO\0" +/* 2833 */ "crl-info\0" +/* 2842 */ "Print information on the given certificate request\0" +/* 2893 */ "CRQ_INFO\0" +/* 2902 */ "crq-info\0" +/* 2911 */ "Do not use extensions in certificate requests\0" +/* 2957 */ "NO_CRQ_EXTENSIONS\0" +/* 2975 */ "no-crq-extensions\0" +/* 2993 */ "Print information on a PKCS #12 structure\0" +/* 3035 */ "P12_INFO\0" +/* 3044 */ "p12-info\0" +/* 3053 */ "Print information on a PKCS #7 structure\0" +/* 3094 */ "P7_INFO\0" +/* 3102 */ "p7-info\0" +/* 3110 */ "Convert S/MIME to PKCS #7 structure\0" +/* 3146 */ "SMIME_TO_P7\0" +/* 3158 */ "smime-to-p7\0" +/* 3170 */ "Print information on a private key\0" +/* 3205 */ "KEY_INFO\0" +/* 3214 */ "key-info\0" +/* 3223 */ "Print information on an OpenPGP private key\0" +/* 3267 */ "PGP_KEY_INFO\0" +/* 3280 */ "pgp-key-info\0" +/* 3293 */ "Print information on a public key\0" +/* 3327 */ "PUBKEY_INFO\0" +/* 3339 */ "pubkey-info\0" +/* 3351 */ "Generate an X.509 version 1 certificate (with no extensions)\0" +/* 3412 */ "V1\0" +/* 3415 */ "v1\0" +/* 3418 */ "Generate a PKCS #12 structure\0" +/* 3448 */ "TO_P12\0" +/* 3455 */ "to-p12\0" +/* 3462 */ "Generate a PKCS #8 structure\0" +/* 3491 */ "TO_P8\0" +/* 3497 */ "to-p8\0" +/* 3503 */ "Use PKCS #8 format for private keys\0" +/* 3539 */ "PKCS8\0" +/* 3545 */ "pkcs8\0" +/* 3551 */ "Generate RSA key\0" +/* 3568 */ "RSA\0" +/* 3572 */ "rsa\0" +/* 3576 */ "Generate DSA key\0" +/* 3593 */ "DSA\0" +/* 3597 */ "dsa\0" +/* 3601 */ "Generate ECC (ECDSA) key\0" +/* 3626 */ "ECC\0" +/* 3630 */ "ecc\0" +/* 3634 */ "Hash algorithm to use for signing.\0" +/* 3669 */ "HASH\0" +/* 3674 */ "hash\0" +/* 3679 */ "Use DER format for input certificates and private keys.\0" +/* 3735 */ "INDER\0" +/* 3741 */ "no-inder\0" +/* 3750 */ "no\0" +/* 3753 */ "This is an alias for 'inder'\0" +/* 3782 */ "inraw\0" +/* 3788 */ "Use DER format for output certificates and private keys\0" +/* 3844 */ "OUTDER\0" +/* 3851 */ "no-outder\0" +/* 3861 */ "This is an alias for 'outder'\0" +/* 3891 */ "outraw\0" +/* 3898 */ "Specify the number of bits for key generate\0" +/* 3942 */ "BITS\0" +/* 3947 */ "bits\0" +/* 3952 */ "Specify the security level [low, legacy, normal, high, ultra].\0" +/* 4015 */ "SEC_PARAM\0" +/* 4025 */ "sec-param\0" +/* 4035 */ "No effect\0" +/* 4045 */ "DISABLE_QUICK_RANDOM\0" +/* 4066 */ "disable-quick-random\0" +/* 4087 */ "Template file to use for non-interactive operation\0" +/* 4138 */ "TEMPLATE\0" +/* 4147 */ "template\0" +/* 4156 */ "Cipher to use for PKCS #8 and #12 operations\0" +/* 4201 */ "PKCS_CIPHER\0" +/* 4213 */ "pkcs-cipher\0" +/* 4225 */ "Display extended usage information and exit\0" +/* 4269 */ "help\0" +/* 4274 */ "Extended usage information passed thru pager\0" +/* 4319 */ "more-help\0" +/* 4329 */ "Output version information and exit\0" +/* 4365 */ "version\0" +/* 4373 */ "CERTTOOL\0" +/* 4382 */ "certtool - GnuTLS certificate tool - Ver. @VERSION@\n" "USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" -/* 4416 */ "bug-gnutls@gnu.org\0" -/* 4435 */ "\n\n\0" -/* 4438 */ "\n" +/* 4492 */ "bug-gnutls@gnu.org\0" +/* 4511 */ "\n\n\0" +/* 4514 */ "\n" "Tool to parse and generate X.509 certificates, requests and private keys.\n" "It can be used interactively or non interactively by specifying the\n" "template command line option.\n\0" -/* 4612 */ "certtool @VERSION@\0" -/* 4631 */ "certtool [options]\n" +/* 4688 */ "certtool @VERSION@\0" +/* 4707 */ "certtool [options]\n" "certtool --help for usage instructions.\n"; /* @@ -476,132 +479,140 @@ static int const aVerify_CrlMustList[] = { | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* + * simple-numbers option description: + */ +#define SIMPLE_NUMBERS_DESC (certtool_opt_strs+2327) +#define SIMPLE_NUMBERS_NAME (certtool_opt_strs+2373) +#define SIMPLE_NUMBERS_name (certtool_opt_strs+2388) +#define SIMPLE_NUMBERS_FLAGS (OPTST_DISABLED) + +/* * null-password option description: */ -#define NULL_PASSWORD_DESC (certtool_opt_strs+2327) -#define NULL_PASSWORD_NAME (certtool_opt_strs+2351) -#define NULL_PASSWORD_name (certtool_opt_strs+2365) +#define NULL_PASSWORD_DESC (certtool_opt_strs+2403) +#define NULL_PASSWORD_NAME (certtool_opt_strs+2427) +#define NULL_PASSWORD_name (certtool_opt_strs+2441) #define NULL_PASSWORD_FLAGS (OPTST_DISABLED) /* * certificate-info option description: */ -#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2379) -#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2422) -#define CERTIFICATE_INFO_name (certtool_opt_strs+2439) +#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2455) +#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2498) +#define CERTIFICATE_INFO_name (certtool_opt_strs+2515) #define CERTIFICATE_INFO_FLAGS (OPTST_DISABLED) /* * certificate-pubkey option description: */ -#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2456) -#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2487) -#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2506) +#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2532) +#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2563) +#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2582) #define CERTIFICATE_PUBKEY_FLAGS (OPTST_DISABLED) /* * pgp-certificate-info option description: */ -#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2525) -#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2576) -#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2597) +#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2601) +#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2652) +#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2673) #define PGP_CERTIFICATE_INFO_FLAGS (OPTST_DISABLED) /* * pgp-ring-info option description: */ -#define PGP_RING_INFO_DESC (certtool_opt_strs+2618) -#define PGP_RING_INFO_NAME (certtool_opt_strs+2675) -#define PGP_RING_INFO_name (certtool_opt_strs+2689) +#define PGP_RING_INFO_DESC (certtool_opt_strs+2694) +#define PGP_RING_INFO_NAME (certtool_opt_strs+2751) +#define PGP_RING_INFO_name (certtool_opt_strs+2765) #define PGP_RING_INFO_FLAGS (OPTST_DISABLED) /* * crl-info option description: */ -#define CRL_INFO_DESC (certtool_opt_strs+2703) -#define CRL_INFO_NAME (certtool_opt_strs+2748) -#define CRL_INFO_name (certtool_opt_strs+2757) +#define CRL_INFO_DESC (certtool_opt_strs+2779) +#define CRL_INFO_NAME (certtool_opt_strs+2824) +#define CRL_INFO_name (certtool_opt_strs+2833) #define CRL_INFO_FLAGS (OPTST_DISABLED) /* * crq-info option description: */ -#define CRQ_INFO_DESC (certtool_opt_strs+2766) -#define CRQ_INFO_NAME (certtool_opt_strs+2817) -#define CRQ_INFO_name (certtool_opt_strs+2826) +#define CRQ_INFO_DESC (certtool_opt_strs+2842) +#define CRQ_INFO_NAME (certtool_opt_strs+2893) +#define CRQ_INFO_name (certtool_opt_strs+2902) #define CRQ_INFO_FLAGS (OPTST_DISABLED) /* * no-crq-extensions option description: */ -#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2835) -#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2881) -#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2899) +#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2911) +#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2957) +#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2975) #define NO_CRQ_EXTENSIONS_FLAGS (OPTST_DISABLED) /* * p12-info option description: */ -#define P12_INFO_DESC (certtool_opt_strs+2917) -#define P12_INFO_NAME (certtool_opt_strs+2959) -#define P12_INFO_name (certtool_opt_strs+2968) +#define P12_INFO_DESC (certtool_opt_strs+2993) +#define P12_INFO_NAME (certtool_opt_strs+3035) +#define P12_INFO_name (certtool_opt_strs+3044) #define P12_INFO_FLAGS (OPTST_DISABLED) /* * p7-info option description: */ -#define P7_INFO_DESC (certtool_opt_strs+2977) -#define P7_INFO_NAME (certtool_opt_strs+3018) -#define P7_INFO_name (certtool_opt_strs+3026) +#define P7_INFO_DESC (certtool_opt_strs+3053) +#define P7_INFO_NAME (certtool_opt_strs+3094) +#define P7_INFO_name (certtool_opt_strs+3102) #define P7_INFO_FLAGS (OPTST_DISABLED) /* * smime-to-p7 option description: */ -#define SMIME_TO_P7_DESC (certtool_opt_strs+3034) -#define SMIME_TO_P7_NAME (certtool_opt_strs+3070) -#define SMIME_TO_P7_name (certtool_opt_strs+3082) +#define SMIME_TO_P7_DESC (certtool_opt_strs+3110) +#define SMIME_TO_P7_NAME (certtool_opt_strs+3146) +#define SMIME_TO_P7_name (certtool_opt_strs+3158) #define SMIME_TO_P7_FLAGS (OPTST_DISABLED) /* * key-info option description: */ -#define KEY_INFO_DESC (certtool_opt_strs+3094) -#define KEY_INFO_NAME (certtool_opt_strs+3129) -#define KEY_INFO_name (certtool_opt_strs+3138) +#define KEY_INFO_DESC (certtool_opt_strs+3170) +#define KEY_INFO_NAME (certtool_opt_strs+3205) +#define KEY_INFO_name (certtool_opt_strs+3214) #define KEY_INFO_FLAGS (OPTST_DISABLED) /* * pgp-key-info option description: */ -#define PGP_KEY_INFO_DESC (certtool_opt_strs+3147) -#define PGP_KEY_INFO_NAME (certtool_opt_strs+3191) -#define PGP_KEY_INFO_name (certtool_opt_strs+3204) +#define PGP_KEY_INFO_DESC (certtool_opt_strs+3223) +#define PGP_KEY_INFO_NAME (certtool_opt_strs+3267) +#define PGP_KEY_INFO_name (certtool_opt_strs+3280) #define PGP_KEY_INFO_FLAGS (OPTST_DISABLED) /* * pubkey-info option description: */ -#define PUBKEY_INFO_DESC (certtool_opt_strs+3217) -#define PUBKEY_INFO_NAME (certtool_opt_strs+3251) -#define PUBKEY_INFO_name (certtool_opt_strs+3263) +#define PUBKEY_INFO_DESC (certtool_opt_strs+3293) +#define PUBKEY_INFO_NAME (certtool_opt_strs+3327) +#define PUBKEY_INFO_name (certtool_opt_strs+3339) #define PUBKEY_INFO_FLAGS (OPTST_DISABLED) /* * v1 option description: */ -#define V1_DESC (certtool_opt_strs+3275) -#define V1_NAME (certtool_opt_strs+3336) -#define V1_name (certtool_opt_strs+3339) +#define V1_DESC (certtool_opt_strs+3351) +#define V1_NAME (certtool_opt_strs+3412) +#define V1_name (certtool_opt_strs+3415) #define V1_FLAGS (OPTST_DISABLED) /* * to-p12 option description with * "Must also have options" and "Incompatible options": */ -#define TO_P12_DESC (certtool_opt_strs+3342) -#define TO_P12_NAME (certtool_opt_strs+3372) -#define TO_P12_name (certtool_opt_strs+3379) +#define TO_P12_DESC (certtool_opt_strs+3418) +#define TO_P12_NAME (certtool_opt_strs+3448) +#define TO_P12_name (certtool_opt_strs+3455) static int const aTo_P12MustList[] = { INDEX_OPT_LOAD_CERTIFICATE, NO_EQUIVALENT }; #define TO_P12_FLAGS (OPTST_DISABLED) @@ -609,140 +620,140 @@ static int const aTo_P12MustList[] = { /* * to-p8 option description: */ -#define TO_P8_DESC (certtool_opt_strs+3386) -#define TO_P8_NAME (certtool_opt_strs+3415) -#define TO_P8_name (certtool_opt_strs+3421) +#define TO_P8_DESC (certtool_opt_strs+3462) +#define TO_P8_NAME (certtool_opt_strs+3491) +#define TO_P8_name (certtool_opt_strs+3497) #define TO_P8_FLAGS (OPTST_DISABLED) /* * pkcs8 option description: */ -#define PKCS8_DESC (certtool_opt_strs+3427) -#define PKCS8_NAME (certtool_opt_strs+3463) -#define PKCS8_name (certtool_opt_strs+3469) +#define PKCS8_DESC (certtool_opt_strs+3503) +#define PKCS8_NAME (certtool_opt_strs+3539) +#define PKCS8_name (certtool_opt_strs+3545) #define PKCS8_FLAGS (OPTST_DISABLED) /* * rsa option description: */ -#define RSA_DESC (certtool_opt_strs+3475) -#define RSA_NAME (certtool_opt_strs+3492) -#define RSA_name (certtool_opt_strs+3496) +#define RSA_DESC (certtool_opt_strs+3551) +#define RSA_NAME (certtool_opt_strs+3568) +#define RSA_name (certtool_opt_strs+3572) #define RSA_FLAGS (OPTST_DISABLED) /* * dsa option description: */ -#define DSA_DESC (certtool_opt_strs+3500) -#define DSA_NAME (certtool_opt_strs+3517) -#define DSA_name (certtool_opt_strs+3521) +#define DSA_DESC (certtool_opt_strs+3576) +#define DSA_NAME (certtool_opt_strs+3593) +#define DSA_name (certtool_opt_strs+3597) #define DSA_FLAGS (OPTST_DISABLED) /* * ecc option description: */ -#define ECC_DESC (certtool_opt_strs+3525) -#define ECC_NAME (certtool_opt_strs+3550) -#define ECC_name (certtool_opt_strs+3554) +#define ECC_DESC (certtool_opt_strs+3601) +#define ECC_NAME (certtool_opt_strs+3626) +#define ECC_name (certtool_opt_strs+3630) #define ECC_FLAGS (OPTST_DISABLED) /* * hash option description: */ -#define HASH_DESC (certtool_opt_strs+3558) -#define HASH_NAME (certtool_opt_strs+3593) -#define HASH_name (certtool_opt_strs+3598) +#define HASH_DESC (certtool_opt_strs+3634) +#define HASH_NAME (certtool_opt_strs+3669) +#define HASH_name (certtool_opt_strs+3674) #define HASH_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * inder option description: */ -#define INDER_DESC (certtool_opt_strs+3603) -#define INDER_NAME (certtool_opt_strs+3659) -#define NOT_INDER_name (certtool_opt_strs+3665) -#define NOT_INDER_PFX (certtool_opt_strs+3674) +#define INDER_DESC (certtool_opt_strs+3679) +#define INDER_NAME (certtool_opt_strs+3735) +#define NOT_INDER_name (certtool_opt_strs+3741) +#define NOT_INDER_PFX (certtool_opt_strs+3750) #define INDER_name (NOT_INDER_name + 3) #define INDER_FLAGS (OPTST_DISABLED) /* * inraw option description: */ -#define INRAW_DESC (certtool_opt_strs+3677) +#define INRAW_DESC (certtool_opt_strs+3753) #define INRAW_NAME NULL -#define INRAW_name (certtool_opt_strs+3706) +#define INRAW_name (certtool_opt_strs+3782) #define INRAW_FLAGS (INDER_FLAGS | OPTST_ALIAS) /* * outder option description: */ -#define OUTDER_DESC (certtool_opt_strs+3712) -#define OUTDER_NAME (certtool_opt_strs+3768) -#define NOT_OUTDER_name (certtool_opt_strs+3775) -#define NOT_OUTDER_PFX (certtool_opt_strs+3674) +#define OUTDER_DESC (certtool_opt_strs+3788) +#define OUTDER_NAME (certtool_opt_strs+3844) +#define NOT_OUTDER_name (certtool_opt_strs+3851) +#define NOT_OUTDER_PFX (certtool_opt_strs+3750) #define OUTDER_name (NOT_OUTDER_name + 3) #define OUTDER_FLAGS (OPTST_DISABLED) /* * outraw option description: */ -#define OUTRAW_DESC (certtool_opt_strs+3785) +#define OUTRAW_DESC (certtool_opt_strs+3861) #define OUTRAW_NAME NULL -#define OUTRAW_name (certtool_opt_strs+3815) +#define OUTRAW_name (certtool_opt_strs+3891) #define OUTRAW_FLAGS (OUTDER_FLAGS | OPTST_ALIAS) /* * bits option description: */ -#define BITS_DESC (certtool_opt_strs+3822) -#define BITS_NAME (certtool_opt_strs+3866) -#define BITS_name (certtool_opt_strs+3871) +#define BITS_DESC (certtool_opt_strs+3898) +#define BITS_NAME (certtool_opt_strs+3942) +#define BITS_name (certtool_opt_strs+3947) #define BITS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) /* * sec-param option description: */ -#define SEC_PARAM_DESC (certtool_opt_strs+3876) -#define SEC_PARAM_NAME (certtool_opt_strs+3939) -#define SEC_PARAM_name (certtool_opt_strs+3949) +#define SEC_PARAM_DESC (certtool_opt_strs+3952) +#define SEC_PARAM_NAME (certtool_opt_strs+4015) +#define SEC_PARAM_name (certtool_opt_strs+4025) #define SEC_PARAM_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * disable-quick-random option description: */ -#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3959) -#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3969) -#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3990) +#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+4035) +#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+4045) +#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+4066) #define DISABLE_QUICK_RANDOM_FLAGS (OPTST_DISABLED) /* * template option description: */ -#define TEMPLATE_DESC (certtool_opt_strs+4011) -#define TEMPLATE_NAME (certtool_opt_strs+4062) -#define TEMPLATE_name (certtool_opt_strs+4071) +#define TEMPLATE_DESC (certtool_opt_strs+4087) +#define TEMPLATE_NAME (certtool_opt_strs+4138) +#define TEMPLATE_name (certtool_opt_strs+4147) #define TEMPLATE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) /* * pkcs-cipher option description: */ -#define PKCS_CIPHER_DESC (certtool_opt_strs+4080) -#define PKCS_CIPHER_NAME (certtool_opt_strs+4125) -#define PKCS_CIPHER_name (certtool_opt_strs+4137) +#define PKCS_CIPHER_DESC (certtool_opt_strs+4156) +#define PKCS_CIPHER_NAME (certtool_opt_strs+4201) +#define PKCS_CIPHER_name (certtool_opt_strs+4213) #define PKCS_CIPHER_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * Help/More_Help/Version option descriptions: */ -#define HELP_DESC (certtool_opt_strs+4149) -#define HELP_name (certtool_opt_strs+4193) +#define HELP_DESC (certtool_opt_strs+4225) +#define HELP_name (certtool_opt_strs+4269) #ifdef HAVE_WORKING_FORK -#define MORE_HELP_DESC (certtool_opt_strs+4198) -#define MORE_HELP_name (certtool_opt_strs+4243) +#define MORE_HELP_DESC (certtool_opt_strs+4274) +#define MORE_HELP_name (certtool_opt_strs+4319) #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) #else #define MORE_HELP_DESC NULL @@ -755,8 +766,8 @@ static int const aTo_P12MustList[] = { # define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT) #endif -#define VER_DESC (certtool_opt_strs+4253) -#define VER_name (certtool_opt_strs+4289) +#define VER_DESC (certtool_opt_strs+4329) +#define VER_name (certtool_opt_strs+4365) /* * Declare option callback procedures */ @@ -1066,8 +1077,20 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PASSWORD_DESC, PASSWORD_NAME, PASSWORD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 24, VALUE_OPT_NULL_PASSWORD, - /* equiv idx, value */ 24, VALUE_OPT_NULL_PASSWORD, + { /* entry idx, value */ 24, VALUE_OPT_SIMPLE_NUMBERS, + /* equiv idx, value */ 24, VALUE_OPT_SIMPLE_NUMBERS, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ SIMPLE_NUMBERS_FLAGS, 0, + /* last opt argumnt */ { NULL }, /* --simple-numbers */ + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ SIMPLE_NUMBERS_DESC, SIMPLE_NUMBERS_NAME, SIMPLE_NUMBERS_name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 25, VALUE_OPT_NULL_PASSWORD, + /* equiv idx, value */ 25, VALUE_OPT_NULL_PASSWORD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ NULL_PASSWORD_FLAGS, 0, @@ -1078,8 +1101,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ NULL_PASSWORD_DESC, NULL_PASSWORD_NAME, NULL_PASSWORD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 25, VALUE_OPT_CERTIFICATE_INFO, - /* equiv idx, value */ 25, VALUE_OPT_CERTIFICATE_INFO, + { /* entry idx, value */ 26, VALUE_OPT_CERTIFICATE_INFO, + /* equiv idx, value */ 26, VALUE_OPT_CERTIFICATE_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CERTIFICATE_INFO_FLAGS, 0, @@ -1090,8 +1113,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CERTIFICATE_INFO_DESC, CERTIFICATE_INFO_NAME, CERTIFICATE_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 26, VALUE_OPT_CERTIFICATE_PUBKEY, - /* equiv idx, value */ 26, VALUE_OPT_CERTIFICATE_PUBKEY, + { /* entry idx, value */ 27, VALUE_OPT_CERTIFICATE_PUBKEY, + /* equiv idx, value */ 27, VALUE_OPT_CERTIFICATE_PUBKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CERTIFICATE_PUBKEY_FLAGS, 0, @@ -1102,8 +1125,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CERTIFICATE_PUBKEY_DESC, CERTIFICATE_PUBKEY_NAME, CERTIFICATE_PUBKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 27, VALUE_OPT_PGP_CERTIFICATE_INFO, - /* equiv idx, value */ 27, VALUE_OPT_PGP_CERTIFICATE_INFO, + { /* entry idx, value */ 28, VALUE_OPT_PGP_CERTIFICATE_INFO, + /* equiv idx, value */ 28, VALUE_OPT_PGP_CERTIFICATE_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGP_CERTIFICATE_INFO_FLAGS, 0, @@ -1114,8 +1137,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGP_CERTIFICATE_INFO_DESC, PGP_CERTIFICATE_INFO_NAME, PGP_CERTIFICATE_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 28, VALUE_OPT_PGP_RING_INFO, - /* equiv idx, value */ 28, VALUE_OPT_PGP_RING_INFO, + { /* entry idx, value */ 29, VALUE_OPT_PGP_RING_INFO, + /* equiv idx, value */ 29, VALUE_OPT_PGP_RING_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGP_RING_INFO_FLAGS, 0, @@ -1126,8 +1149,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGP_RING_INFO_DESC, PGP_RING_INFO_NAME, PGP_RING_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 29, VALUE_OPT_CRL_INFO, - /* equiv idx, value */ 29, VALUE_OPT_CRL_INFO, + { /* entry idx, value */ 30, VALUE_OPT_CRL_INFO, + /* equiv idx, value */ 30, VALUE_OPT_CRL_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CRL_INFO_FLAGS, 0, @@ -1138,8 +1161,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRL_INFO_DESC, CRL_INFO_NAME, CRL_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 30, VALUE_OPT_CRQ_INFO, - /* equiv idx, value */ 30, VALUE_OPT_CRQ_INFO, + { /* entry idx, value */ 31, VALUE_OPT_CRQ_INFO, + /* equiv idx, value */ 31, VALUE_OPT_CRQ_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CRQ_INFO_FLAGS, 0, @@ -1150,8 +1173,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRQ_INFO_DESC, CRQ_INFO_NAME, CRQ_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 31, VALUE_OPT_NO_CRQ_EXTENSIONS, - /* equiv idx, value */ 31, VALUE_OPT_NO_CRQ_EXTENSIONS, + { /* entry idx, value */ 32, VALUE_OPT_NO_CRQ_EXTENSIONS, + /* equiv idx, value */ 32, VALUE_OPT_NO_CRQ_EXTENSIONS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ NO_CRQ_EXTENSIONS_FLAGS, 0, @@ -1162,8 +1185,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ NO_CRQ_EXTENSIONS_DESC, NO_CRQ_EXTENSIONS_NAME, NO_CRQ_EXTENSIONS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 32, VALUE_OPT_P12_INFO, - /* equiv idx, value */ 32, VALUE_OPT_P12_INFO, + { /* entry idx, value */ 33, VALUE_OPT_P12_INFO, + /* equiv idx, value */ 33, VALUE_OPT_P12_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P12_INFO_FLAGS, 0, @@ -1174,8 +1197,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P12_INFO_DESC, P12_INFO_NAME, P12_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 33, VALUE_OPT_P7_INFO, - /* equiv idx, value */ 33, VALUE_OPT_P7_INFO, + { /* entry idx, value */ 34, VALUE_OPT_P7_INFO, + /* equiv idx, value */ 34, VALUE_OPT_P7_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_INFO_FLAGS, 0, @@ -1186,8 +1209,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_INFO_DESC, P7_INFO_NAME, P7_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 34, VALUE_OPT_SMIME_TO_P7, - /* equiv idx, value */ 34, VALUE_OPT_SMIME_TO_P7, + { /* entry idx, value */ 35, VALUE_OPT_SMIME_TO_P7, + /* equiv idx, value */ 35, VALUE_OPT_SMIME_TO_P7, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SMIME_TO_P7_FLAGS, 0, @@ -1198,8 +1221,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SMIME_TO_P7_DESC, SMIME_TO_P7_NAME, SMIME_TO_P7_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 35, VALUE_OPT_KEY_INFO, - /* equiv idx, value */ 35, VALUE_OPT_KEY_INFO, + { /* entry idx, value */ 36, VALUE_OPT_KEY_INFO, + /* equiv idx, value */ 36, VALUE_OPT_KEY_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ KEY_INFO_FLAGS, 0, @@ -1210,8 +1233,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ KEY_INFO_DESC, KEY_INFO_NAME, KEY_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 36, VALUE_OPT_PGP_KEY_INFO, - /* equiv idx, value */ 36, VALUE_OPT_PGP_KEY_INFO, + { /* entry idx, value */ 37, VALUE_OPT_PGP_KEY_INFO, + /* equiv idx, value */ 37, VALUE_OPT_PGP_KEY_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGP_KEY_INFO_FLAGS, 0, @@ -1222,8 +1245,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGP_KEY_INFO_DESC, PGP_KEY_INFO_NAME, PGP_KEY_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 37, VALUE_OPT_PUBKEY_INFO, - /* equiv idx, value */ 37, VALUE_OPT_PUBKEY_INFO, + { /* entry idx, value */ 38, VALUE_OPT_PUBKEY_INFO, + /* equiv idx, value */ 38, VALUE_OPT_PUBKEY_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PUBKEY_INFO_FLAGS, 0, @@ -1234,8 +1257,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PUBKEY_INFO_DESC, PUBKEY_INFO_NAME, PUBKEY_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 38, VALUE_OPT_V1, - /* equiv idx, value */ 38, VALUE_OPT_V1, + { /* entry idx, value */ 39, VALUE_OPT_V1, + /* equiv idx, value */ 39, VALUE_OPT_V1, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ V1_FLAGS, 0, @@ -1246,8 +1269,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ V1_DESC, V1_NAME, V1_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 39, VALUE_OPT_TO_P12, - /* equiv idx, value */ 39, VALUE_OPT_TO_P12, + { /* entry idx, value */ 40, VALUE_OPT_TO_P12, + /* equiv idx, value */ 40, VALUE_OPT_TO_P12, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TO_P12_FLAGS, 0, @@ -1258,8 +1281,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TO_P12_DESC, TO_P12_NAME, TO_P12_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 40, VALUE_OPT_TO_P8, - /* equiv idx, value */ 40, VALUE_OPT_TO_P8, + { /* entry idx, value */ 41, VALUE_OPT_TO_P8, + /* equiv idx, value */ 41, VALUE_OPT_TO_P8, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TO_P8_FLAGS, 0, @@ -1270,8 +1293,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TO_P8_DESC, TO_P8_NAME, TO_P8_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 41, VALUE_OPT_PKCS8, - /* equiv idx, value */ 41, VALUE_OPT_PKCS8, + { /* entry idx, value */ 42, VALUE_OPT_PKCS8, + /* equiv idx, value */ 42, VALUE_OPT_PKCS8, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PKCS8_FLAGS, 0, @@ -1282,8 +1305,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PKCS8_DESC, PKCS8_NAME, PKCS8_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 42, VALUE_OPT_RSA, - /* equiv idx, value */ 42, VALUE_OPT_RSA, + { /* entry idx, value */ 43, VALUE_OPT_RSA, + /* equiv idx, value */ 43, VALUE_OPT_RSA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ RSA_FLAGS, 0, @@ -1294,8 +1317,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ RSA_DESC, RSA_NAME, RSA_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 43, VALUE_OPT_DSA, - /* equiv idx, value */ 43, VALUE_OPT_DSA, + { /* entry idx, value */ 44, VALUE_OPT_DSA, + /* equiv idx, value */ 44, VALUE_OPT_DSA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DSA_FLAGS, 0, @@ -1306,8 +1329,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DSA_DESC, DSA_NAME, DSA_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 44, VALUE_OPT_ECC, - /* equiv idx, value */ 44, VALUE_OPT_ECC, + { /* entry idx, value */ 45, VALUE_OPT_ECC, + /* equiv idx, value */ 45, VALUE_OPT_ECC, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ ECC_FLAGS, 0, @@ -1318,8 +1341,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ ECC_DESC, ECC_NAME, ECC_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 45, VALUE_OPT_HASH, - /* equiv idx, value */ 45, VALUE_OPT_HASH, + { /* entry idx, value */ 46, VALUE_OPT_HASH, + /* equiv idx, value */ 46, VALUE_OPT_HASH, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ HASH_FLAGS, 0, @@ -1330,8 +1353,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ HASH_DESC, HASH_NAME, HASH_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 46, VALUE_OPT_INDER, - /* equiv idx, value */ 46, VALUE_OPT_INDER, + { /* entry idx, value */ 47, VALUE_OPT_INDER, + /* equiv idx, value */ 47, VALUE_OPT_INDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INDER_FLAGS, 0, @@ -1342,8 +1365,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name, /* disablement strs */ NOT_INDER_name, NOT_INDER_PFX }, - { /* entry idx, value */ 47, VALUE_OPT_INRAW, - /* equiv idx, value */ 47, VALUE_OPT_INRAW, + { /* entry idx, value */ 48, VALUE_OPT_INRAW, + /* equiv idx, value */ 48, VALUE_OPT_INRAW, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INRAW_FLAGS, 0, @@ -1354,8 +1377,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INRAW_DESC, INRAW_NAME, INRAW_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 48, VALUE_OPT_OUTDER, - /* equiv idx, value */ 48, VALUE_OPT_OUTDER, + { /* entry idx, value */ 49, VALUE_OPT_OUTDER, + /* equiv idx, value */ 49, VALUE_OPT_OUTDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OUTDER_FLAGS, 0, @@ -1366,8 +1389,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name, /* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX }, - { /* entry idx, value */ 49, VALUE_OPT_OUTRAW, - /* equiv idx, value */ 49, VALUE_OPT_OUTRAW, + { /* entry idx, value */ 50, VALUE_OPT_OUTRAW, + /* equiv idx, value */ 50, VALUE_OPT_OUTRAW, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OUTRAW_FLAGS, 0, @@ -1378,8 +1401,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OUTRAW_DESC, OUTRAW_NAME, OUTRAW_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 50, VALUE_OPT_BITS, - /* equiv idx, value */ 50, VALUE_OPT_BITS, + { /* entry idx, value */ 51, VALUE_OPT_BITS, + /* equiv idx, value */ 51, VALUE_OPT_BITS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BITS_FLAGS, 0, @@ -1390,8 +1413,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 51, VALUE_OPT_SEC_PARAM, - /* equiv idx, value */ 51, VALUE_OPT_SEC_PARAM, + { /* entry idx, value */ 52, VALUE_OPT_SEC_PARAM, + /* equiv idx, value */ 52, VALUE_OPT_SEC_PARAM, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SEC_PARAM_FLAGS, 0, @@ -1402,8 +1425,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 52, VALUE_OPT_DISABLE_QUICK_RANDOM, - /* equiv idx, value */ 52, VALUE_OPT_DISABLE_QUICK_RANDOM, + { /* entry idx, value */ 53, VALUE_OPT_DISABLE_QUICK_RANDOM, + /* equiv idx, value */ 53, VALUE_OPT_DISABLE_QUICK_RANDOM, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DISABLE_QUICK_RANDOM_FLAGS, 0, @@ -1414,8 +1437,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DISABLE_QUICK_RANDOM_DESC, DISABLE_QUICK_RANDOM_NAME, DISABLE_QUICK_RANDOM_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 53, VALUE_OPT_TEMPLATE, - /* equiv idx, value */ 53, VALUE_OPT_TEMPLATE, + { /* entry idx, value */ 54, VALUE_OPT_TEMPLATE, + /* equiv idx, value */ 54, VALUE_OPT_TEMPLATE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TEMPLATE_FLAGS, 0, @@ -1426,8 +1449,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TEMPLATE_DESC, TEMPLATE_NAME, TEMPLATE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 54, VALUE_OPT_PKCS_CIPHER, - /* equiv idx, value */ 54, VALUE_OPT_PKCS_CIPHER, + { /* entry idx, value */ 55, VALUE_OPT_PKCS_CIPHER, + /* equiv idx, value */ 55, VALUE_OPT_PKCS_CIPHER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PKCS_CIPHER_FLAGS, 0, @@ -1482,14 +1505,14 @@ static tOptDesc optDesc[OPTION_CT] = { * * Define the certtool Option Environment */ -#define zPROGNAME (certtool_opt_strs+4297) -#define zUsageTitle (certtool_opt_strs+4306) +#define zPROGNAME (certtool_opt_strs+4373) +#define zUsageTitle (certtool_opt_strs+4382) #define zRcName NULL #define apzHomeList NULL -#define zBugsAddr (certtool_opt_strs+4416) -#define zExplain (certtool_opt_strs+4435) -#define zDetail (certtool_opt_strs+4438) -#define zFullVersion (certtool_opt_strs+4612) +#define zBugsAddr (certtool_opt_strs+4492) +#define zExplain (certtool_opt_strs+4511) +#define zDetail (certtool_opt_strs+4514) +#define zFullVersion (certtool_opt_strs+4688) /* extracted from optcode.tlib near line 350 */ #if defined(ENABLE_NLS) @@ -1503,7 +1526,7 @@ static tOptDesc optDesc[OPTION_CT] = { #define certtool_full_usage (NULL) -#define certtool_short_usage (certtool_opt_strs+4631) +#define certtool_short_usage (certtool_opt_strs+4707) #endif /* not defined __doxygen__ */ @@ -1720,7 +1743,7 @@ tOptions certtoolOptions = { NO_EQUIVALENT, /* '-#' option index */ NO_EQUIVALENT /* index of default opt */ }, - 58 /* full option count */, 55 /* user option count */, + 59 /* full option count */, 56 /* user option count */, certtool_full_usage, certtool_short_usage, NULL, NULL, PKGDATADIR, certtool_packager_info diff --git a/src/certtool-args.def b/src/certtool-args.def index 5e22325df9..0cd94b5fcd 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -151,6 +151,12 @@ flag = { }; flag = { + name = simple-numbers; + descrip = "Print big number in an easier format to parse"; + doc = ""; +}; + +flag = { name = null-password; descrip = "Enforce a NULL password"; doc = "This option enforces a NULL password. This may be different than the empty password in some schemas."; @@ -235,7 +241,7 @@ flag = { flag = { name = pubkey-info; descrip = "Print information on a public key"; - doc = "The option combined with --load-pubkey, --load-privkey and --load-certificate will extract the public key of the object in question."; + doc = "The option combined with --load-request, --load-pubkey, --load-privkey and --load-certificate will extract the public key of the object in question."; }; flag = { diff --git a/src/certtool-args.h b/src/certtool-args.h index a3c43b3959..68166521e2 100644 --- a/src/certtool-args.h +++ b/src/certtool-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.h) * - * It has been AutoGen-ed November 20, 2012 at 12:55:34 AM by AutoGen 5.16 + * It has been AutoGen-ed November 20, 2012 at 05:51:05 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * @@ -91,43 +91,44 @@ typedef enum { INDEX_OPT_LOAD_CA_PRIVKEY = 21, INDEX_OPT_LOAD_CA_CERTIFICATE = 22, INDEX_OPT_PASSWORD = 23, - INDEX_OPT_NULL_PASSWORD = 24, - INDEX_OPT_CERTIFICATE_INFO = 25, - INDEX_OPT_CERTIFICATE_PUBKEY = 26, - INDEX_OPT_PGP_CERTIFICATE_INFO = 27, - INDEX_OPT_PGP_RING_INFO = 28, - INDEX_OPT_CRL_INFO = 29, - INDEX_OPT_CRQ_INFO = 30, - INDEX_OPT_NO_CRQ_EXTENSIONS = 31, - INDEX_OPT_P12_INFO = 32, - INDEX_OPT_P7_INFO = 33, - INDEX_OPT_SMIME_TO_P7 = 34, - INDEX_OPT_KEY_INFO = 35, - INDEX_OPT_PGP_KEY_INFO = 36, - INDEX_OPT_PUBKEY_INFO = 37, - INDEX_OPT_V1 = 38, - INDEX_OPT_TO_P12 = 39, - INDEX_OPT_TO_P8 = 40, - INDEX_OPT_PKCS8 = 41, - INDEX_OPT_RSA = 42, - INDEX_OPT_DSA = 43, - INDEX_OPT_ECC = 44, - INDEX_OPT_HASH = 45, - INDEX_OPT_INDER = 46, - INDEX_OPT_INRAW = 47, - INDEX_OPT_OUTDER = 48, - INDEX_OPT_OUTRAW = 49, - INDEX_OPT_BITS = 50, - INDEX_OPT_SEC_PARAM = 51, - INDEX_OPT_DISABLE_QUICK_RANDOM = 52, - INDEX_OPT_TEMPLATE = 53, - INDEX_OPT_PKCS_CIPHER = 54, - INDEX_OPT_VERSION = 55, - INDEX_OPT_HELP = 56, - INDEX_OPT_MORE_HELP = 57 + INDEX_OPT_SIMPLE_NUMBERS = 24, + INDEX_OPT_NULL_PASSWORD = 25, + INDEX_OPT_CERTIFICATE_INFO = 26, + INDEX_OPT_CERTIFICATE_PUBKEY = 27, + INDEX_OPT_PGP_CERTIFICATE_INFO = 28, + INDEX_OPT_PGP_RING_INFO = 29, + INDEX_OPT_CRL_INFO = 30, + INDEX_OPT_CRQ_INFO = 31, + INDEX_OPT_NO_CRQ_EXTENSIONS = 32, + INDEX_OPT_P12_INFO = 33, + INDEX_OPT_P7_INFO = 34, + INDEX_OPT_SMIME_TO_P7 = 35, + INDEX_OPT_KEY_INFO = 36, + INDEX_OPT_PGP_KEY_INFO = 37, + INDEX_OPT_PUBKEY_INFO = 38, + INDEX_OPT_V1 = 39, + INDEX_OPT_TO_P12 = 40, + INDEX_OPT_TO_P8 = 41, + INDEX_OPT_PKCS8 = 42, + INDEX_OPT_RSA = 43, + INDEX_OPT_DSA = 44, + INDEX_OPT_ECC = 45, + INDEX_OPT_HASH = 46, + INDEX_OPT_INDER = 47, + INDEX_OPT_INRAW = 48, + INDEX_OPT_OUTDER = 49, + INDEX_OPT_OUTRAW = 50, + INDEX_OPT_BITS = 51, + INDEX_OPT_SEC_PARAM = 52, + INDEX_OPT_DISABLE_QUICK_RANDOM = 53, + INDEX_OPT_TEMPLATE = 54, + INDEX_OPT_PKCS_CIPHER = 55, + INDEX_OPT_VERSION = 56, + INDEX_OPT_HELP = 57, + INDEX_OPT_MORE_HELP = 58 } teOptIndex; -#define OPTION_CT 58 +#define OPTION_CT 59 #define CERTTOOL_VERSION "@VERSION@" #define CERTTOOL_FULL_VERSION "certtool @VERSION@" @@ -191,39 +192,40 @@ typedef enum { #define VALUE_OPT_LOAD_CA_PRIVKEY 21 #define VALUE_OPT_LOAD_CA_CERTIFICATE 22 #define VALUE_OPT_PASSWORD 23 -#define VALUE_OPT_NULL_PASSWORD 24 +#define VALUE_OPT_SIMPLE_NUMBERS 24 +#define VALUE_OPT_NULL_PASSWORD 25 #define VALUE_OPT_CERTIFICATE_INFO 'i' -#define VALUE_OPT_CERTIFICATE_PUBKEY 26 -#define VALUE_OPT_PGP_CERTIFICATE_INFO 27 -#define VALUE_OPT_PGP_RING_INFO 28 +#define VALUE_OPT_CERTIFICATE_PUBKEY 27 +#define VALUE_OPT_PGP_CERTIFICATE_INFO 28 +#define VALUE_OPT_PGP_RING_INFO 29 #define VALUE_OPT_CRL_INFO 'l' -#define VALUE_OPT_CRQ_INFO 30 -#define VALUE_OPT_NO_CRQ_EXTENSIONS 31 -#define VALUE_OPT_P12_INFO 32 -#define VALUE_OPT_P7_INFO 129 -#define VALUE_OPT_SMIME_TO_P7 130 +#define VALUE_OPT_CRQ_INFO 31 +#define VALUE_OPT_NO_CRQ_EXTENSIONS 32 +#define VALUE_OPT_P12_INFO 129 +#define VALUE_OPT_P7_INFO 130 +#define VALUE_OPT_SMIME_TO_P7 131 #define VALUE_OPT_KEY_INFO 'k' -#define VALUE_OPT_PGP_KEY_INFO 132 -#define VALUE_OPT_PUBKEY_INFO 133 -#define VALUE_OPT_V1 134 -#define VALUE_OPT_TO_P12 135 -#define VALUE_OPT_TO_P8 136 +#define VALUE_OPT_PGP_KEY_INFO 133 +#define VALUE_OPT_PUBKEY_INFO 134 +#define VALUE_OPT_V1 135 +#define VALUE_OPT_TO_P12 136 +#define VALUE_OPT_TO_P8 137 #define VALUE_OPT_PKCS8 '8' -#define VALUE_OPT_RSA 138 -#define VALUE_OPT_DSA 139 -#define VALUE_OPT_ECC 140 -#define VALUE_OPT_HASH 141 -#define VALUE_OPT_INDER 142 -#define VALUE_OPT_INRAW 143 -#define VALUE_OPT_OUTDER 144 -#define VALUE_OPT_OUTRAW 145 -#define VALUE_OPT_BITS 146 +#define VALUE_OPT_RSA 139 +#define VALUE_OPT_DSA 140 +#define VALUE_OPT_ECC 141 +#define VALUE_OPT_HASH 142 +#define VALUE_OPT_INDER 143 +#define VALUE_OPT_INRAW 144 +#define VALUE_OPT_OUTDER 145 +#define VALUE_OPT_OUTRAW 146 +#define VALUE_OPT_BITS 147 #define OPT_VALUE_BITS (DESC(BITS).optArg.argInt) -#define VALUE_OPT_SEC_PARAM 147 -#define VALUE_OPT_DISABLE_QUICK_RANDOM 148 -#define VALUE_OPT_TEMPLATE 149 -#define VALUE_OPT_PKCS_CIPHER 150 +#define VALUE_OPT_SEC_PARAM 148 +#define VALUE_OPT_DISABLE_QUICK_RANDOM 149 +#define VALUE_OPT_TEMPLATE 150 +#define VALUE_OPT_PKCS_CIPHER 151 #define VALUE_OPT_HELP 'h' #define VALUE_OPT_MORE_HELP '!' #define VALUE_OPT_VERSION 'v' diff --git a/src/certtool-common.c b/src/certtool-common.c index 518367d4af..a24f035d18 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -691,142 +691,18 @@ print_rsa_pkey (FILE* outfile, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_da } } -static void -print_key_usage (FILE * outfile, unsigned int usage) -{ - if (usage & GNUTLS_KEY_DIGITAL_SIGNATURE) - { - fprintf (outfile, "\tDigital signature.\n"); - } - - if (usage & GNUTLS_KEY_NON_REPUDIATION) - { - fprintf (outfile, "\tNon repudiation.\n"); - } - - if (usage & GNUTLS_KEY_KEY_ENCIPHERMENT) - { - fprintf (outfile, "\tKey encipherment.\n"); - } - - if (usage & GNUTLS_KEY_DATA_ENCIPHERMENT) - { - fprintf (outfile, "\tData encipherment.\n"); - } - - if (usage & GNUTLS_KEY_KEY_AGREEMENT) - { - fprintf (outfile, "\tKey agreement.\n"); - } - - if (usage & GNUTLS_KEY_KEY_CERT_SIGN) - { - fprintf (outfile, "\tCertificate signing.\n"); - } - - if (usage & GNUTLS_KEY_NON_REPUDIATION) - { - fprintf (outfile, "\tCRL signing.\n"); - } - - if (usage & GNUTLS_KEY_ENCIPHER_ONLY) - { - fprintf (outfile, "\tKey encipher only.\n"); - } - - if (usage & GNUTLS_KEY_DECIPHER_ONLY) - { - fprintf (outfile, "\tKey decipher only.\n"); - } -} - -void _pubkey_info(FILE* outfile, gnutls_pubkey_t pubkey) +void _pubkey_info(FILE* outfile, gnutls_certificate_print_formats_t format, gnutls_pubkey_t pubkey) { -unsigned int usage; +gnutls_datum_t data; int ret; size_t size; -unsigned int bits; -const char *cprint; - - fprintf (outfile, "Public Key Info:\n\n"); - ret = gnutls_pubkey_get_pk_algorithm (pubkey, &bits); - fprintf (outfile, "Public Key Algorithm: "); - cprint = gnutls_pk_algorithm_get_name (ret); - fprintf (outfile, "%s (%u bits)\n", cprint ? cprint : "Unknown", bits); - - /* Print the raw public and private keys - */ - if (ret == GNUTLS_PK_RSA) - { - gnutls_datum_t m, e; - ret = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e); - if (ret < 0) - fprintf (stderr, "Error in key RSA data export: %s\n", - gnutls_strerror (ret)); - else - { - print_rsa_pkey (outfile, &m, &e, NULL, NULL, NULL, NULL, NULL, NULL); - gnutls_free (m.data); - gnutls_free (e.data); - } - } - else if (ret == GNUTLS_PK_DSA) - { - gnutls_datum_t p, q, g, y; - - ret = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y); - if (ret < 0) - fprintf (stderr, "Error in key DSA data export: %s\n", - gnutls_strerror (ret)); - else - { - print_dsa_pkey (outfile, NULL, &y, &p, &q, &g); - gnutls_free (y.data); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - } - } - else if (ret == GNUTLS_PK_EC) - { - gnutls_datum_t x, y; - gnutls_ecc_curve_t curve; - - ret = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y); - if (ret < 0) - fprintf (stderr, "Error in key ECC data export: %s\n", - gnutls_strerror (ret)); - else - { - print_ecc_pkey (outfile, curve, NULL, &y, &x); - gnutls_free (y.data); - gnutls_free (x.data); - } - } - - ret = gnutls_pubkey_get_key_usage (pubkey, &usage); + ret = gnutls_pubkey_print(pubkey, format, &data); if (ret < 0) - { - error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s", - gnutls_strerror (ret)); - } - - fprintf (outfile, "Public Key Usage:\n"); - print_key_usage (outfile, usage); - - fprintf (outfile, "\n"); + error (EXIT_FAILURE, 0, "pubkey_print error: %s", gnutls_strerror (ret)); - size = buffer_size; - if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0) - { - fprintf (stderr, "Error in key id calculation: %s\n", - gnutls_strerror (ret)); - } - else - { - fprintf (outfile, "Public Key ID: %s\n", raw_to_string (buffer, size)); - } + fprintf (outfile, "%s\n", data.data); + gnutls_free (data.data); size = buffer_size; ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); diff --git a/src/certtool-common.h b/src/certtool-common.h index dcaed449d5..ea296d5957 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -78,7 +78,7 @@ void dh_info (common_info_st * ci); gnutls_x509_privkey_t * load_privkey_list (int mand, size_t * privkey_size, common_info_st * info); -void _pubkey_info(FILE* outfile, gnutls_pubkey_t pubkey); +void _pubkey_info(FILE* outfile, gnutls_certificate_print_formats_t, gnutls_pubkey_t pubkey); void print_ecc_pkey (FILE* outfile, gnutls_ecc_curve_t curve, gnutls_datum_t* k, gnutls_datum_t * x, gnutls_datum_t * y); void diff --git a/src/certtool.c b/src/certtool.c index dd34e3ac29..d858be2412 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -79,6 +79,7 @@ FILE *infile; static gnutls_digest_algorithm_t default_dig; static unsigned int incert_format, outcert_format; static unsigned int req_key_type; +gnutls_certificate_print_formats_t full_format = GNUTLS_CRT_PRINT_FULL; /* non interactive operation if set */ @@ -885,6 +886,9 @@ cmd_parser (int argc, char **argv) if (HAVE_OPT(GENERATE_PRIVKEY) || HAVE_OPT(GENERATE_REQUEST) || HAVE_OPT(KEY_INFO) || HAVE_OPT(PGP_KEY_INFO)) privkey_op = 1; + + if (HAVE_OPT(SIMPLE_NUMBERS)) + full_format = GNUTLS_CRT_PRINT_FULL_NUMBERS; if (HAVE_OPT(OUTFILE)) { @@ -1436,7 +1440,7 @@ print_certificate_info (gnutls_x509_crt_t crt, FILE * out, unsigned int all) int ret; if (all) - ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &data); + ret = gnutls_x509_crt_print (crt, full_format, &data); else ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_UNSIGNED_FULL, &data); if (ret == 0) @@ -1459,7 +1463,7 @@ print_crl_info (gnutls_x509_crl_t crl, FILE * out) int ret; size_t size; - ret = gnutls_x509_crl_print (crl, GNUTLS_CRT_PRINT_FULL, &data); + ret = gnutls_x509_crl_print (crl, full_format, &data); if (ret < 0) error (EXIT_FAILURE, 0, "crl_print: %s", gnutls_strerror (ret)); @@ -1514,7 +1518,7 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out) if (outcert_format == GNUTLS_X509_FMT_PEM) { - ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &data); + ret = gnutls_x509_crq_print (crq, full_format, &data); if (ret < 0) error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret)); @@ -2706,7 +2710,8 @@ void pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo) { gnutls_pubkey_t pubkey; - gnutls_privkey_t privkey; + gnutls_privkey_t privkey = NULL; + gnutls_x509_crq_t crq = NULL; int ret; size_t size; @@ -2721,6 +2726,11 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo) crt = load_cert (0, cinfo); } + if (crq == NULL) + { + crq = load_request (cinfo); + } + if (crt != NULL) { ret = gnutls_pubkey_import_x509 (pubkey, crt, 0); @@ -2728,6 +2738,13 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo) error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", gnutls_strerror (ret)); } + else if (crq != NULL) + { + ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "pubkey_import_x509_crq: %s", + gnutls_strerror (ret)); + } else { privkey = load_private_key (0, cinfo); @@ -2762,6 +2779,6 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo) /* PEM */ - _pubkey_info(outfile, pubkey); + _pubkey_info(outfile, full_format, pubkey); gnutls_pubkey_deinit (pubkey); } diff --git a/src/tpmtool.c b/src/tpmtool.c index 9f21d06d06..b4a0253b73 100644 --- a/src/tpmtool.c +++ b/src/tpmtool.c @@ -284,7 +284,7 @@ static void tpm_pubkey(const char* url, FILE* outfile) if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_pubkey_import_tpm_url: %s", gnutls_strerror (ret)); - _pubkey_info(outfile, pubkey); + _pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey); gnutls_pubkey_deinit(pubkey); } |