diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-06-26 09:30:32 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-06-26 09:47:27 +0200 |
| commit | e363e3d839fe2a4cd57aafc1755b63f8740028ee (patch) | |
| tree | b1f229089b10c6b86da92b140c71abc3325fb0ef /src | |
| parent | 6ed36ec84c3da56f66647a20c83efb0303881306 (diff) | |
| download | gnutls-e363e3d839fe2a4cd57aafc1755b63f8740028ee.tar.gz | |
certtool: allow specifying the friendly name on the command line and use the load-ca-certificate
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool-args.def | 7 | ||||
| -rw-r--r-- | src/certtool-common.c | 8 | ||||
| -rw-r--r-- | src/certtool-common.h | 2 | ||||
| -rw-r--r-- | src/certtool.c | 50 |
4 files changed, 58 insertions, 9 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index f7969bc50d..903830e695 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -227,6 +227,13 @@ flag = { }; flag = { + name = p12-name; + arg-type = string; + descrip = "The PKCS #12 friendly name to use"; + doc = "The name to be used for the primary certificate and private key in a PKCS #12 file."; +}; + +flag = { name = p7-info; descrip = "Print information on a PKCS #7 structure"; doc = ""; diff --git a/src/certtool-common.c b/src/certtool-common.c index aa27f2590e..ece0652c55 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -515,13 +515,17 @@ gnutls_privkey_t load_ca_private_key(common_info_st * info) /* Loads the CA's certificate */ -gnutls_x509_crt_t load_ca_cert(common_info_st * info) +gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info) { gnutls_x509_crt_t crt; int ret; gnutls_datum_t dat; size_t size; + if (mand == 0 && info->ca == NULL) { + return NULL; + } + if (info->ca == NULL) { fprintf(stderr, "missing --load-ca-certificate\n"); exit(1); @@ -537,7 +541,7 @@ gnutls_x509_crt_t load_ca_cert(common_info_st * info) dat.size = size; if (!dat.data) { - fprintf(stderr, "reading --load-ca-certificate: %s\n", + fprintf(stderr, "error reading --load-ca-certificate: %s\n", info->ca); exit(1); } diff --git a/src/certtool-common.h b/src/certtool-common.h index 2a9965da75..c347d27400 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -68,7 +68,7 @@ gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size, common_info_st * info); gnutls_x509_crq_t load_request(common_info_st * info); gnutls_privkey_t load_ca_private_key(common_info_st * info); -gnutls_x509_crt_t load_ca_cert(common_info_st * info); +gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info); gnutls_x509_crt_t load_cert(int mand, common_info_st * info); gnutls_datum_t *load_secret_key(int mand, common_info_st * info); gnutls_pubkey_t load_pubkey(int mand, common_info_st * info); diff --git a/src/certtool.c b/src/certtool.c index ad5f8dde44..a3aeab58c5 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -808,7 +808,7 @@ static void generate_signed_certificate(common_info_st * cinfo) fprintf(stdlog, "Generating a signed certificate...\n"); ca_key = load_ca_private_key(cinfo); - ca_crt = load_ca_cert(cinfo); + ca_crt = load_ca_cert(1, cinfo); crt = generate_certificate(&key, ca_crt, 0, cinfo); @@ -897,7 +897,7 @@ static void generate_signed_crl(common_info_st * cinfo) fprintf(stdlog, "Generating a signed CRL...\n"); ca_key = load_ca_private_key(cinfo); - ca_crt = load_ca_cert(cinfo); + ca_crt = load_ca_cert(1, cinfo); crl = generate_crl(ca_crt, cinfo); fprintf(stdlog, "\n"); @@ -928,7 +928,7 @@ static void update_signed_certificate(common_info_st * cinfo) fprintf(stdlog, "Generating a signed certificate...\n"); ca_key = load_ca_private_key(cinfo); - ca_crt = load_ca_cert(cinfo); + ca_crt = load_ca_cert(1, cinfo); crt = load_cert(1, cinfo); fprintf(stderr, "Activation/Expiration time.\n"); @@ -2488,7 +2488,7 @@ void verify_crl(common_info_st * cinfo) gnutls_x509_crl_t crl; gnutls_x509_crt_t issuer; - issuer = load_ca_cert(cinfo); + issuer = load_ca_cert(1, cinfo); fprintf(outfile, "\nCA certificate:\n"); @@ -2588,7 +2588,7 @@ void generate_pkcs8(common_info_st * cinfo) void generate_pkcs12(common_info_st * cinfo) { gnutls_pkcs12_t pkcs12; - gnutls_x509_crt_t *crts; + gnutls_x509_crt_t *crts, ca_crt; gnutls_x509_privkey_t *keys; int result; size_t size; @@ -2606,8 +2606,13 @@ void generate_pkcs12(common_info_st * cinfo) keys = load_privkey_list(0, &nkeys, cinfo); crts = load_cert_list(0, &ncrts, cinfo); + ca_crt = load_ca_cert(0, cinfo); - name = get_pkcs12_key_name(); + if (HAVE_OPT(P12_NAME)) { + name = OPT_ARG(P12_NAME); + } else { + name = get_pkcs12_key_name(); + } result = gnutls_pkcs12_init(&pkcs12); if (result < 0) { @@ -2684,6 +2689,39 @@ void generate_pkcs12(common_info_st * cinfo) } } + /* Add the ca cert, if any */ + if (ca_crt) { + gnutls_pkcs12_bag_t bag; + + result = gnutls_pkcs12_bag_init(&bag); + if (result < 0) { + fprintf(stderr, "bag_init: %s\n", + gnutls_strerror(result)); + exit(1); + } + + result = gnutls_pkcs12_bag_set_crt(bag, ca_crt); + if (result < 0) { + fprintf(stderr, "set_crt[%d]: %s\n", i, + gnutls_strerror(result)); + exit(1); + } + + result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); + if (result < 0) { + fprintf(stderr, "bag_encrypt: %s\n", + gnutls_strerror(result)); + exit(1); + } + + result = gnutls_pkcs12_set_bag(pkcs12, bag); + if (result < 0) { + fprintf(stderr, "set_bag: %s\n", + gnutls_strerror(result)); + exit(1); + } + } + for (i = 0; i < nkeys; i++) { gnutls_pkcs12_bag_t kbag; |