diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-05-23 14:05:32 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-03 19:54:31 +0200 |
| commit | d4a4643dbe1bd739e55706fa4affaf10aae1dfa9 (patch) | |
| tree | 9370894ecc414e53d4cca7aa2449c24e10ec89bc /src | |
| parent | b6e40a9119444a56af19f5bbbd33c3842b758438 (diff) | |
| download | gnutls-d4a4643dbe1bd739e55706fa4affaf10aae1dfa9.tar.gz | |
Added support to copy certificates and private keys to tokens.
New functions:
gnutls_pkcs11_copy_x509_crt()
gnutls_pkcs11_copy_x509_privkey()
gnutls_pkcs11_delete_url()
Certtool was updated to allow copying certificates and private keys
to tokens. Deleting an object has issues (segfault) but it seems to be related
with libopensc and its pkcs11 API.
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool-common.h | 14 | ||||
| -rw-r--r-- | src/certtool-gaa.c | 219 | ||||
| -rw-r--r-- | src/certtool-gaa.h | 6 | ||||
| -rw-r--r-- | src/certtool.c | 12 | ||||
| -rw-r--r-- | src/certtool.gaa | 11 | ||||
| -rw-r--r-- | src/crypt-gaa.c | 64 | ||||
| -rw-r--r-- | src/pkcs11.c | 37 |
7 files changed, 260 insertions, 103 deletions
diff --git a/src/certtool-common.h b/src/certtool-common.h index f5db0abd80..79d2300471 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -29,6 +29,8 @@ enum ACTION_PKCS11_LIST, ACTION_PKCS11_TOKENS, ACTION_PKCS11_EXPORT_URL, + ACTION_PKCS11_WRITE_URL, + ACTION_PKCS11_DELETE_URL, ACTION_PUBKEY_INFO, }; @@ -39,6 +41,8 @@ void certtool_version (void); void pkcs11_list( FILE*outfile, const char* url, int type); void pkcs11_export(FILE* outfile, const char *pkcs11_url); void pkcs11_token_list(FILE* outfile); +void pkcs11_write(FILE* outfile, const char *pkcs11_url, const char* label, int trusted); +void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int batch); #define PKCS11_TYPE_CRT_ALL 1 #define PKCS11_TYPE_TRUSTED 2 @@ -47,3 +51,13 @@ void pkcs11_token_list(FILE* outfile); extern unsigned char buffer[]; extern const int buffer_size; + +#include <gnutls/x509.h> +#include <gnutls/abstract.h> + +gnutls_x509_privkey_t load_private_key (int mand); +gnutls_x509_crq_t load_request (void); +gnutls_x509_privkey_t load_ca_private_key (void); +gnutls_x509_crt_t load_ca_cert (void); +gnutls_x509_crt_t load_cert (int mand); +gnutls_pubkey_t load_pubkey (int mand); diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index d353489fec..fae02faa53 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -184,6 +184,10 @@ void gaa_help(void) __gaa_helpsingle(0, "pkcs11-list-all-certs", "", "List all certificates specified by a PKCS#11 URL"); __gaa_helpsingle(0, "pkcs11-list-all", "", "List all objects specified by a PKCS#11 URL"); __gaa_helpsingle(0, "pkcs11-list-tokens", "", "List all available tokens"); + __gaa_helpsingle(0, "pkcs11-write", "URL ", "Writes loaded certificates or private keys to a PKCS11 token."); + __gaa_helpsingle(0, "pkcs11-write-label", "label ", "Sets a label for the write operation."); + __gaa_helpsingle(0, "pkcs11-write-trusted", "", "Marks the certificate to be imported as trusted."); + __gaa_helpsingle(0, "pkcs11-delete-url", "URL ", "Deletes objects matching the URL."); __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1."); __gaa_helpsingle('h', "help", "", "shows this help text"); __gaa_helpsingle('v', "version", "", "shows the program's version"); @@ -201,8 +205,12 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 148 "certtool.gaa" +#line 156 "certtool.gaa" int debug; +#line 151 "certtool.gaa" + int pkcs11_trusted; +#line 148 "certtool.gaa" + char* pkcs11_label; #line 141 "certtool.gaa" int pkcs11_type; #line 138 "certtool.gaa" @@ -311,65 +319,69 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 58 +#define GAA_NB_OPTION 62 #define GAAOPTID_version 1 #define GAAOPTID_help 2 #define GAAOPTID_debug 3 -#define GAAOPTID_pkcs11_list_tokens 4 -#define GAAOPTID_pkcs11_list_all 5 -#define GAAOPTID_pkcs11_list_all_certs 6 -#define GAAOPTID_pkcs11_list_trusted 7 -#define GAAOPTID_pkcs11_list_certs 8 -#define GAAOPTID_pkcs11_export_url 9 -#define GAAOPTID_pkcs11_provider 10 -#define GAAOPTID_pkcs_cipher 11 -#define GAAOPTID_template 12 -#define GAAOPTID_infile 13 -#define GAAOPTID_outfile 14 -#define GAAOPTID_disable_quick_random 15 -#define GAAOPTID_bits 16 -#define GAAOPTID_outraw 17 -#define GAAOPTID_outder 18 -#define GAAOPTID_inraw 19 -#define GAAOPTID_inder 20 -#define GAAOPTID_export_ciphers 21 -#define GAAOPTID_hash 22 -#define GAAOPTID_dsa 23 -#define GAAOPTID_pkcs8 24 -#define GAAOPTID_to_p8 25 -#define GAAOPTID_to_p12 26 -#define GAAOPTID_v1 27 -#define GAAOPTID_fix_key 28 -#define GAAOPTID_pubkey_info 29 -#define GAAOPTID_pgp_key_info 30 -#define GAAOPTID_key_info 31 -#define GAAOPTID_smime_to_p7 32 -#define GAAOPTID_p7_info 33 -#define GAAOPTID_p12_info 34 -#define GAAOPTID_no_crq_extensions 35 -#define GAAOPTID_crq_info 36 -#define GAAOPTID_crl_info 37 -#define GAAOPTID_pgp_ring_info 38 -#define GAAOPTID_pgp_certificate_info 39 -#define GAAOPTID_certificate_info 40 -#define GAAOPTID_password 41 -#define GAAOPTID_load_ca_certificate 42 -#define GAAOPTID_load_ca_privkey 43 -#define GAAOPTID_load_certificate 44 -#define GAAOPTID_load_request 45 -#define GAAOPTID_load_pubkey 46 -#define GAAOPTID_load_privkey 47 -#define GAAOPTID_get_dh_params 48 -#define GAAOPTID_generate_dh_params 49 -#define GAAOPTID_verify_crl 50 -#define GAAOPTID_verify_chain 51 -#define GAAOPTID_generate_request 52 -#define GAAOPTID_generate_privkey 53 -#define GAAOPTID_update_certificate 54 -#define GAAOPTID_generate_crl 55 -#define GAAOPTID_generate_proxy 56 -#define GAAOPTID_generate_certificate 57 -#define GAAOPTID_generate_self_signed 58 +#define GAAOPTID_pkcs11_delete_url 4 +#define GAAOPTID_pkcs11_write_trusted 5 +#define GAAOPTID_pkcs11_write_label 6 +#define GAAOPTID_pkcs11_write 7 +#define GAAOPTID_pkcs11_list_tokens 8 +#define GAAOPTID_pkcs11_list_all 9 +#define GAAOPTID_pkcs11_list_all_certs 10 +#define GAAOPTID_pkcs11_list_trusted 11 +#define GAAOPTID_pkcs11_list_certs 12 +#define GAAOPTID_pkcs11_export_url 13 +#define GAAOPTID_pkcs11_provider 14 +#define GAAOPTID_pkcs_cipher 15 +#define GAAOPTID_template 16 +#define GAAOPTID_infile 17 +#define GAAOPTID_outfile 18 +#define GAAOPTID_disable_quick_random 19 +#define GAAOPTID_bits 20 +#define GAAOPTID_outraw 21 +#define GAAOPTID_outder 22 +#define GAAOPTID_inraw 23 +#define GAAOPTID_inder 24 +#define GAAOPTID_export_ciphers 25 +#define GAAOPTID_hash 26 +#define GAAOPTID_dsa 27 +#define GAAOPTID_pkcs8 28 +#define GAAOPTID_to_p8 29 +#define GAAOPTID_to_p12 30 +#define GAAOPTID_v1 31 +#define GAAOPTID_fix_key 32 +#define GAAOPTID_pubkey_info 33 +#define GAAOPTID_pgp_key_info 34 +#define GAAOPTID_key_info 35 +#define GAAOPTID_smime_to_p7 36 +#define GAAOPTID_p7_info 37 +#define GAAOPTID_p12_info 38 +#define GAAOPTID_no_crq_extensions 39 +#define GAAOPTID_crq_info 40 +#define GAAOPTID_crl_info 41 +#define GAAOPTID_pgp_ring_info 42 +#define GAAOPTID_pgp_certificate_info 43 +#define GAAOPTID_certificate_info 44 +#define GAAOPTID_password 45 +#define GAAOPTID_load_ca_certificate 46 +#define GAAOPTID_load_ca_privkey 47 +#define GAAOPTID_load_certificate 48 +#define GAAOPTID_load_request 49 +#define GAAOPTID_load_pubkey 50 +#define GAAOPTID_load_privkey 51 +#define GAAOPTID_get_dh_params 52 +#define GAAOPTID_generate_dh_params 53 +#define GAAOPTID_verify_crl 54 +#define GAAOPTID_verify_chain 55 +#define GAAOPTID_generate_request 56 +#define GAAOPTID_generate_privkey 57 +#define GAAOPTID_update_certificate 58 +#define GAAOPTID_generate_crl 59 +#define GAAOPTID_generate_proxy 60 +#define GAAOPTID_generate_certificate 61 +#define GAAOPTID_generate_self_signed 62 #line 168 "gaa.skel" @@ -562,49 +574,67 @@ struct GAAOPTION_debug int size1; }; -struct GAAOPTION_pkcs11_export_url +struct GAAOPTION_pkcs11_delete_url +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_pkcs11_write_label +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_pkcs11_write { char* arg1; int size1; }; -struct GAAOPTION_pkcs11_provider +struct GAAOPTION_pkcs11_export_url { char* arg1; int size1; }; -struct GAAOPTION_pkcs_cipher +struct GAAOPTION_pkcs11_provider { char* arg1; int size1; }; -struct GAAOPTION_template +struct GAAOPTION_pkcs_cipher { char* arg1; int size1; }; -struct GAAOPTION_infile +struct GAAOPTION_template { char* arg1; int size1; }; -struct GAAOPTION_outfile +struct GAAOPTION_infile { char* arg1; int size1; }; -struct GAAOPTION_bits +struct GAAOPTION_outfile +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_bits { int arg1; int size1; }; -struct GAAOPTION_hash +struct GAAOPTION_hash { char* arg1; int size1; @@ -682,6 +712,9 @@ static int gaa_get_option_num(char *str, int status) { case GAA_LETTER_OPTION: GAA_CHECK1STR("d", GAAOPTID_debug); + GAA_CHECK1STR("", GAAOPTID_pkcs11_delete_url); + GAA_CHECK1STR("", GAAOPTID_pkcs11_write_label); + GAA_CHECK1STR("", GAAOPTID_pkcs11_write); GAA_CHECK1STR("", GAAOPTID_pkcs11_export_url); GAA_CHECK1STR("", GAAOPTID_pkcs11_provider); GAA_CHECK1STR("", GAAOPTID_pkcs_cipher); @@ -701,6 +734,7 @@ static int gaa_get_option_num(char *str, int status) #line 375 "gaa.skel" GAA_CHECK1STR("v", GAAOPTID_version); GAA_CHECK1STR("h", GAAOPTID_help); + GAA_CHECK1STR("", GAAOPTID_pkcs11_write_trusted); GAA_CHECK1STR("", GAAOPTID_pkcs11_list_tokens); GAA_CHECK1STR("", GAAOPTID_pkcs11_list_all); GAA_CHECK1STR("", GAAOPTID_pkcs11_list_all_certs); @@ -748,6 +782,10 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("version", GAAOPTID_version); GAA_CHECKSTR("help", GAAOPTID_help); GAA_CHECKSTR("debug", GAAOPTID_debug); + GAA_CHECKSTR("pkcs11-delete-url", GAAOPTID_pkcs11_delete_url); + GAA_CHECKSTR("pkcs11-write-trusted", GAAOPTID_pkcs11_write_trusted); + GAA_CHECKSTR("pkcs11-write-label", GAAOPTID_pkcs11_write_label); + GAA_CHECKSTR("pkcs11-write", GAAOPTID_pkcs11_write); GAA_CHECKSTR("pkcs11-list-tokens", GAAOPTID_pkcs11_list_tokens); GAA_CHECKSTR("pkcs11-list-all", GAAOPTID_pkcs11_list_all); GAA_CHECKSTR("pkcs11-list-all-certs", GAAOPTID_pkcs11_list_all_certs); @@ -816,6 +854,9 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) int OK = 0; int gaa_last_non_option; struct GAAOPTION_debug GAATMP_debug; + struct GAAOPTION_pkcs11_delete_url GAATMP_pkcs11_delete_url; + struct GAAOPTION_pkcs11_write_label GAATMP_pkcs11_write_label; + struct GAAOPTION_pkcs11_write GAATMP_pkcs11_write; struct GAAOPTION_pkcs11_export_url GAATMP_pkcs11_export_url; struct GAAOPTION_pkcs11_provider GAATMP_pkcs11_provider; struct GAAOPTION_pkcs_cipher GAATMP_pkcs_cipher; @@ -853,14 +894,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_version: OK = 0; -#line 153 "certtool.gaa" +#line 161 "certtool.gaa" { certtool_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 151 "certtool.gaa" +#line 159 "certtool.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; @@ -870,11 +911,48 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1); gaa_index++; -#line 149 "certtool.gaa" +#line 157 "certtool.gaa" { gaaval->debug = GAATMP_debug.arg1 ;}; return GAA_OK; break; + case GAAOPTID_pkcs11_delete_url: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_pkcs11_delete_url.arg1, gaa_getstr, GAATMP_pkcs11_delete_url.size1); + gaa_index++; +#line 154 "certtool.gaa" +{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_pkcs11_delete_url.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_pkcs11_write_trusted: + OK = 0; +#line 152 "certtool.gaa" +{ gaaval->pkcs11_trusted = 1; ;}; + + return GAA_OK; + break; + case GAAOPTID_pkcs11_write_label: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_pkcs11_write_label.arg1, gaa_getstr, GAATMP_pkcs11_write_label.size1); + gaa_index++; +#line 150 "certtool.gaa" +{ gaaval->pkcs11_label = GAATMP_pkcs11_write_label.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_pkcs11_write: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_pkcs11_write.arg1, gaa_getstr, GAATMP_pkcs11_write.size1); + gaa_index++; +#line 149 "certtool.gaa" +{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_pkcs11_write.arg1; ;}; + + return GAA_OK; + break; case GAAOPTID_pkcs11_list_tokens: OK = 0; #line 146 "certtool.gaa" @@ -1329,13 +1407,14 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 155 "certtool.gaa" +#line 163 "certtool.gaa" { gaaval->bits = 2048; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0; gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; gaaval->privkey_op = 0; gaaval->pkcs_cipher = "3des"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL; - gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; ;}; + gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; + gaaval->pkcs11_trusted=0; ;}; } inited = 1; diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h index b96924aa61..8cda5acc1b 100644 --- a/src/certtool-gaa.h +++ b/src/certtool-gaa.h @@ -8,8 +8,12 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 148 "certtool.gaa" +#line 156 "certtool.gaa" int debug; +#line 151 "certtool.gaa" + int pkcs11_trusted; +#line 148 "certtool.gaa" + char* pkcs11_label; #line 141 "certtool.gaa" int pkcs11_type; #line 138 "certtool.gaa" diff --git a/src/certtool.c b/src/certtool.c index 075f19c840..b646453c50 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -64,12 +64,6 @@ void verify_crl (void); void pubkey_info (void); void pgp_privkey_info (void); void pgp_ring_info (void); -gnutls_x509_privkey_t load_private_key (int mand); -gnutls_x509_crq_t load_request (void); -gnutls_x509_privkey_t load_ca_private_key (void); -gnutls_x509_crt_t load_ca_cert (void); -gnutls_x509_crt_t load_cert (int mand); -gnutls_pubkey_t load_pubkey (int mand); void certificate_info (void); void pgp_certificate_info (void); void crl_info (void); @@ -1028,6 +1022,12 @@ gaa_parser (int argc, char **argv) case ACTION_PKCS11_EXPORT_URL: pkcs11_export(outfile, info.pkcs11_url); break; + case ACTION_PKCS11_WRITE_URL: + pkcs11_write(outfile, info.pkcs11_url, info.pkcs11_label, info.pkcs11_trusted); + break; + case ACTION_PKCS11_DELETE_URL: + pkcs11_delete(outfile, info.pkcs11_url, batch); + break; #ifdef ENABLE_OPENPGP case ACTION_PGP_INFO: pgp_certificate_info (); diff --git a/src/certtool.gaa b/src/certtool.gaa index 0ce49aaea5..9a835ad3ab 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -145,6 +145,14 @@ option (pkcs11-list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS option (pkcs11-list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL" option (pkcs11-list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens" +#char* pkcs11_label; +option (pkcs11-write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates or private keys to a PKCS11 token." +option (pkcs11-write-label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation." +#int pkcs11_trusted; +option (pkcs11-write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted." + +option (pkcs11-delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL." + #int debug; option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1." @@ -157,4 +165,5 @@ init { $bits = 2048; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0; $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; $privkey_op = 0; $pkcs_cipher = "3des"; $crq_extensions=1; $pkcs11_provider= NULL; - $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; } + $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; + $pkcs11_trusted=0; } diff --git a/src/crypt-gaa.c b/src/crypt-gaa.c index 8ec3b033ed..3375cf9988 100644 --- a/src/crypt-gaa.c +++ b/src/crypt-gaa.c @@ -389,12 +389,31 @@ static int gaa_getint(char *arg) return tmp; } +static char gaa_getchar(char *arg) +{ + if(strlen(arg) != 1) + { + printf("Option %s: '%s' isn't an character\n", gaa_current_option, arg); + GAAERROR(-1); + } + return arg[0]; +} static char* gaa_getstr(char *arg) { return arg; } - +static float gaa_getfloat(char *arg) +{ + float tmp; + char a; + if(sscanf(arg, "%f%c", &tmp, &a) < 1) + { + printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg); + GAAERROR(-1); + } + return tmp; +} /* option structures */ struct GAAOPTION_create_conf @@ -615,19 +634,16 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) int gaa(int argc, char **argv, gaainfo *gaaval) { int tmp1, tmp2; - int l; - size_t i, j; + int i, j; char *opt_list; - i = 0; - GAAargv = argv; GAAargc = argc; opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1); - for(l = 0; l < GAA_NB_OPTION + 1; l++) - opt_list[l] = 0; + for(i = 0; i < GAA_NB_OPTION + 1; i++) + opt_list[i] = 0; /* initialization */ if(inited == 0) { @@ -646,27 +662,27 @@ int gaa(int argc, char **argv, gaainfo *gaaval) gaa_arg_used = gaa_malloc(argc * sizeof(char)); } - for(l = 1; l < argc; l++) - gaa_arg_used[l] = 0; - for(l = 1; l < argc; l++) + for(i = 1; i < argc; i++) + gaa_arg_used[i] = 0; + for(i = 1; i < argc; i++) { - if(gaa_arg_used[l] == 0) + if(gaa_arg_used[i] == 0) { j = 0; - tmp1 = gaa_is_an_argument(GAAargv[l]); + tmp1 = gaa_is_an_argument(GAAargv[i]); switch(tmp1) { case GAA_WORD_OPTION: j++; case GAA_LETTER_OPTION: j++; - tmp2 = gaa_get_option_num(argv[l]+j, tmp1); + tmp2 = gaa_get_option_num(argv[i]+j, tmp1); if(tmp2 == GAA_ERROR_NOMATCH) { - printf("Invalid option '%s'\n", argv[l]+j); + printf("Invalid option '%s'\n", argv[i]+j); return 0; } - switch(gaa_try(tmp2, l+1, gaaval, opt_list)) + switch(gaa_try(tmp2, i+1, gaaval, opt_list)) { case GAA_ERROR_NOTENOUGH_ARGS: printf("'%s': not enough arguments\n",gaa_current_option); @@ -679,18 +695,18 @@ int gaa(int argc, char **argv, gaainfo *gaaval) default: printf("Unknown error\n"); } - gaa_arg_used[l] = 1; + gaa_arg_used[i] = 1; break; case GAA_MULTIPLE_OPTION: - for(j = 1; j < strlen(argv[l]); j++) + for(j = 1; j < strlen(argv[i]); j++) { - tmp2 = gaa_get_option_num(argv[l]+j, tmp1); + tmp2 = gaa_get_option_num(argv[i]+j, tmp1); if(tmp2 == GAA_ERROR_NOMATCH) { - printf("Invalid option '%c'\n", *(argv[l]+j)); + printf("Invalid option '%c'\n", *(argv[i]+j)); return 0; } - switch(gaa_try(tmp2, l+1, gaaval, opt_list)) + switch(gaa_try(tmp2, i+1, gaaval, opt_list)) { case GAA_ERROR_NOTENOUGH_ARGS: printf("'%s': not enough arguments\n",gaa_current_option); @@ -704,7 +720,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval) printf("Unknown error\n"); } } - gaa_arg_used[l] = 1; + gaa_arg_used[i] = 1; break; default: break; } @@ -730,9 +746,9 @@ if(gaa_processing_file == 0) } #endif } - for(l = 1; l < argc; l++) + for(i = 1; i < argc; i++) { - if(gaa_arg_used[l] == 0) + if(gaa_arg_used[i] == 0) { printf("Too many arguments\n"); return 0; @@ -783,7 +799,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc len++; a = fgetc( file); - if(a==EOF) return 0; /* a = ' '; */ + if(a==EOF) return 0; //a = ' '; } len += 1; diff --git a/src/pkcs11.c b/src/pkcs11.c index be99641777..c27dd03e25 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -44,6 +44,28 @@ static void pkcs11_common(void) } +void pkcs11_delete(FILE* outfile, const char* url, int batch) +{ +int ret; + if (!batch) { + pkcs11_list(outfile, url, PKCS11_TYPE_ALL); + ret = read_yesno("Are you sure you want to delete those objects? (Y/N): "); + if (ret == 0) { + exit(1); + } + } + + ret = gnutls_pkcs11_delete_url(url); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\n%d objects deleted\n", ret); + + return; +} + /* lists certificates from a token */ void pkcs11_list( FILE* outfile, const char* url, int type) @@ -340,6 +362,15 @@ size_t size; } return; +} + +void pkcs11_write(FILE* outfile, const char* url, const char* label, int trusted) +{ +gnutls_x509_crt_t xcrt; +gnutls_x509_privkey_t xkey; +int ret; +unsigned int flags = 0; +unsigned int key_usage; } @@ -512,6 +543,10 @@ size_t size; return; + if (xkey == NULL && xcrt == NULL) { + fprintf(stderr, "You must use --load-privkey or --load-certificate to load the file to be copied\n"); + exit (1); + } - + return; } |