diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-16 16:31:25 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-16 16:31:32 +0100 |
| commit | 93d1ca3ce86ee996a245c5b8036d3062a2a8ccf1 (patch) | |
| tree | 4959625d205d14ef704a4c5105b8baa4bb56c56d /src | |
| parent | d38faa024ae6b1c916f862d742ac43c9067cdc78 (diff) | |
| download | gnutls-93d1ca3ce86ee996a245c5b8036d3062a2a8ccf1.tar.gz | |
Added activation_date and expiration_date options to certtool template file.
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 18 | ||||
| -rw-r--r-- | src/certtool-args.def | 5 | ||||
| -rw-r--r-- | src/certtool-cfg.c | 86 | ||||
| -rw-r--r-- | src/certtool-cfg.h | 3 | ||||
| -rw-r--r-- | src/certtool.c | 51 |
5 files changed, 117 insertions, 46 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 2a7576ccf2..c68418031f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -35,6 +35,7 @@ EXTRA_DIST = args-std.def AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../gl \ + -I$(srcdir)/gl \ -I$(builddir)/../gl \ -I$(builddir)/../lib/includes \ -I$(srcdir)/../lib/includes \ @@ -148,8 +149,8 @@ noinst_LTLIBRARIES += libcmd-certtool.la libcmd_certtool_la_CFLAGS = libcmd_certtool_la_SOURCES = certtool-args.c certtool-args.def certtool-args.h \ certtool-cfg.h certtool-cfg.c -libcmd_certtool_la_LIBADD = $(LIBOPTS) ../gl/libgnu.la ../lib/libgnutls.la gl/libgnu_gpl.a -libcmd_certtool_la_LIBADD += $(LTLIBINTL) +libcmd_certtool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la +libcmd_certtool_la_LIBADD += $(LIBOPTS) $(LTLIBINTL) libcmd_certtool_la_LIBADD += $(LTLIBREADLINE) libcmd_certtool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME) @@ -164,10 +165,11 @@ noinst_LTLIBRARIES += libcmd-danetool.la libcmd_danetool_la_CFLAGS = libcmd_danetool_la_SOURCES = danetool-args.c danetool-args.def danetool-args.h \ certtool-cfg.h certtool-cfg.c -libcmd_danetool_la_LIBADD = $(LIBOPTS) ../gl/libgnu.la ../lib/libgnutls.la +libcmd_danetool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la +libcmd_danetool_la_LIBADD += $(LIBOPTS) libcmd_danetool_la_LIBADD += $(LTLIBINTL) libcmd_danetool_la_LIBADD += $(LTLIBREADLINE) -libcmd_danetool_la_LIBADD += $(INET_PTON_LIB) +libcmd_danetool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME) # p11 tool if ENABLE_PKCS11 @@ -182,8 +184,8 @@ noinst_LTLIBRARIES += libcmd-p11tool.la libcmd_p11tool_la_CFLAGS = libcmd_p11tool_la_SOURCES = p11tool-args.def p11tool-args.c p11tool-args.h \ certtool-cfg.h certtool-cfg.c -libcmd_p11tool_la_LIBADD = ../gl/libgnu.la ../lib/libgnutls.la -libcmd_p11tool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) +libcmd_p11tool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la +libcmd_p11tool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME) endif # ENABLE_PKCS11 @@ -198,8 +200,8 @@ noinst_LTLIBRARIES += libcmd-tpmtool.la libcmd_tpmtool_la_CFLAGS = libcmd_tpmtool_la_SOURCES = tpmtool-args.def tpmtool-args.c tpmtool-args.h \ certtool-cfg.h certtool-cfg.c -libcmd_tpmtool_la_LIBADD = ../gl/libgnu.la ../lib/libgnutls.la -libcmd_tpmtool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) +libcmd_tpmtool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la +libcmd_tpmtool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME) endif # ENABLE_TROUSERS diff --git a/src/certtool-args.def b/src/certtool-args.def index bd512a51b5..f50f63544d 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -582,6 +582,11 @@ serial = 007 # Use -1 if there is no expiration date. expiration_days = 700 +# Alternatively you may set concrete dates. Acceptable dates are dates +# read by getdate(). +#activation_date = "2004-02-29 16:21:42" +#expiration_date = "2025-02-29 16:24:41" + # X.509 v3 extensions # A dnsname in case of a WWW server. diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index 747c4b7986..81be6db89e 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * @@ -30,7 +31,9 @@ #include <limits.h> #include <inttypes.h> #include <time.h> +#include <parse-datetime.h> #include <autoopts/options.h> +#include <intprops.h> /* for inet_pton */ #include <sys/types.h> @@ -74,6 +77,8 @@ typedef struct _cfg_ctx { char *crl_dist_points; char *password; char *pkcs12_key_name; + char *expiration_date; + char *activation_date; int serial; int expiration_days; int ca; @@ -238,6 +243,14 @@ int template_parse(const char *template) if (val != NULL && val->valType == OPARG_TYPE_STRING) cfg.country = strdup(val->v.strVal); + val = optionGetValue(pov, "expiration_date"); + if (val != NULL && val->valType == OPARG_TYPE_STRING) + cfg.expiration_date = strdup(val->v.strVal); + + val = optionGetValue(pov, "activation_date"); + if (val != NULL && val->valType == OPARG_TYPE_STRING) + cfg.activation_date = strdup(val->v.strVal); + for (i = 0; i < MAX_POLICIES; i++) { snprintf(tmpstr, sizeof(tmpstr), "policy%d", i + 1); val = optionGetValue(pov, tmpstr); @@ -837,23 +850,82 @@ int get_serial(void) } } -int get_days(void) +static +time_t get_date(const char* date) +{ + time_t t; + struct timespec r; + + if (date==NULL || parse_datetime(&r, date, NULL) == 0) { + fprintf(stderr, "Cannot parse date: %s\n", date); + exit(1); + } + + return r.tv_sec; +} + +time_t get_activation_date() { - int days; + if (batch && cfg.activation_date != NULL) { + return get_date(cfg.activation_date); + } + + return time(NULL); +} + +static +time_t days_to_secs(int days) +{ +time_t secs = days; +time_t now = time(NULL); + + if (secs != (time_t)-1) { + if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) { + secs = -1; + } else { + secs *= 24*60*60; + } + } + + if (secs != (time_t)-1) { + if (INT_ADD_OVERFLOW(secs, now)) { + secs = -1; + } else { + secs += now; + } + } + + return secs; +} + +time_t get_expiration_date() +{ if (batch) { - if (cfg.expiration_days == 0 || cfg.expiration_days < -2) - return 365; - else - return cfg.expiration_days; + if (cfg.expiration_date == NULL) { + time_t secs, now; + + now = time(NULL); + + if (cfg.expiration_days == 0 || cfg.expiration_days < -2) + secs = days_to_secs(365); + else { + secs = days_to_secs(cfg.expiration_days); + } + + return secs; + } else + return get_date(cfg.expiration_date); } else { + int days; + do { days = read_int ("The certificate will expire in (days): "); } while (days == 0); - return days; + return days_to_secs(days); } } diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 7617900002..98275de283 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -51,7 +51,8 @@ void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt); void get_oid_crt_set(gnutls_x509_crt_t crt); void get_key_purpose_set(int type, void *crt); int get_serial(void); -int get_days(void); +time_t get_expiration_date(void); +time_t get_activation_date(void); int get_ca_status(void); int get_crl_number(void); int get_path_len(void); diff --git a/src/certtool.c b/src/certtool.c index 83a25491b3..e7c0c26d01 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -38,7 +38,6 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> -#include <intprops.h> /* Gnulib portability files. */ #include <read-file.h> @@ -231,8 +230,8 @@ generate_certificate(gnutls_privkey_t * ret_key, size_t size; int ret; int client; - int days, result, ca_status = 0, is_ike = 0, path_len; - time_t secs, now; + int result, ca_status = 0, is_ike = 0, path_len; + time_t secs; int vers; unsigned int usage = 0, server; gnutls_x509_crq_t crq; /* request */ @@ -329,28 +328,16 @@ generate_certificate(gnutls_privkey_t * ret_key, if (!batch) fprintf(stderr, "\n\nActivation/Expiration time.\n"); - now = time(NULL); + secs = get_activation_date(); - gnutls_x509_crt_set_activation_time(crt, now); - - days = get_days(); - secs = days; - - if (secs != (time_t)-1) { - if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) { - secs = -1; - } else { - secs *= 24*60*60; - } - } + result = gnutls_x509_crt_set_activation_time(crt, secs); + if (result < 0) { + fprintf(stderr, "set_activation: %s", + gnutls_strerror(result)); + exit(1); + } - if (secs != (time_t)-1) { - if (INT_ADD_OVERFLOW(secs, now)) { - secs = -1; - } else { - secs += now; - } - } + secs = get_expiration_date(); result = gnutls_x509_crt_set_expiration_time(crt, secs); if (result < 0) { @@ -942,8 +929,7 @@ static void update_signed_certificate(common_info_st * cinfo) int result; gnutls_privkey_t ca_key; gnutls_x509_crt_t ca_crt; - int days; - time_t tim = time(NULL); + time_t tim; fprintf(stderr, "Generating a signed certificate...\n"); @@ -952,15 +938,20 @@ static void update_signed_certificate(common_info_st * cinfo) crt = load_cert(1, cinfo); fprintf(stderr, "Activation/Expiration time.\n"); - gnutls_x509_crt_set_activation_time(crt, tim); + tim = get_activation_date(); + + result = gnutls_x509_crt_set_activation_time(crt, tim); + if (result < 0) { + fprintf(stderr, "set_activation: %s", + gnutls_strerror(result)); + exit(1); + } - days = get_days(); + tim = get_expiration_date(); result = gnutls_x509_crt_set_expiration_time(crt, - tim + - ((time_t) days) * 24 * 60 * - 60); + tim); if (result < 0) { fprintf(stderr, "set_expiration: %s", gnutls_strerror(result)); |