diff options
Diffstat (limited to 'src/p11tool.c')
| -rw-r--r-- | src/p11tool.c | 404 |
1 files changed, 190 insertions, 214 deletions
diff --git a/src/p11tool.c b/src/p11tool.c index 10988829d2..93c4200434 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -47,234 +47,210 @@ #include "p11tool.h" #include "certtool-common.h" -static void cmd_parser (int argc, char **argv); +static void cmd_parser(int argc, char **argv); static FILE *outfile; int batch = 0; -static void -tls_log_func (int level, const char *str) +static void tls_log_func(int level, const char *str) { - fprintf (stderr, "|<%d>| %s", level, str); + fprintf(stderr, "|<%d>| %s", level, str); } -int -main (int argc, char **argv) +int main(int argc, char **argv) { - cmd_parser (argc, argv); + cmd_parser(argc, argv); - return 0; + return 0; } -static void -cmd_parser (int argc, char **argv) +static void cmd_parser(int argc, char **argv) { - int ret, debug = 0; - common_info_st cinfo; - unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN; - const char* url = NULL; - unsigned int detailed_url = 0, optct; - unsigned int login = 0, bits = 0; - const char* label = NULL, *sec_param = NULL; - - optct = optionProcess( &p11toolOptions, argc, argv); - argc += optct; - argv += optct; - - if (url == NULL && argc > 0) - url = argv[0]; - else - url = "pkcs11:"; - - if (HAVE_OPT(DEBUG)) - debug = OPT_VALUE_DEBUG; - - gnutls_global_set_log_function (tls_log_func); - gnutls_global_set_log_level (debug); - if (debug > 1) - printf ("Setting log level to %d\n", debug); - - if ((ret = gnutls_global_init ()) < 0) - { - fprintf (stderr, "global_init: %s", gnutls_strerror (ret)); - exit(1); - } - - if (HAVE_OPT(PROVIDER)) - { - ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); - if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); - else - { - ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL); - if (ret < 0) - { - fprintf (stderr, "pkcs11_add_provider: %s", - gnutls_strerror (ret)); - exit(1); - } - } - } - else - { - ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); - if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); - } - - if (HAVE_OPT(OUTFILE)) - { - outfile = safe_open_rw (OPT_ARG(OUTFILE), 0); - if (outfile == NULL) - { - fprintf (stderr, "%s", OPT_ARG(OUTFILE)); - exit(1); - } - } - else - outfile = stdout; - - memset (&cinfo, 0, sizeof (cinfo)); - - if (HAVE_OPT(SECRET_KEY)) - cinfo.secret_key = OPT_ARG(SECRET_KEY); - - if (HAVE_OPT(LOAD_PRIVKEY)) - cinfo.privkey = OPT_ARG(LOAD_PRIVKEY); - - if (HAVE_OPT(PKCS8)) - cinfo.pkcs8 = 1; - - if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW)) - cinfo.incert_format = GNUTLS_X509_FMT_DER; - else - cinfo.incert_format = GNUTLS_X509_FMT_PEM; - - if (HAVE_OPT(LOAD_CERTIFICATE)) - cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); - - if (HAVE_OPT(LOAD_PUBKEY)) - cinfo.pubkey = OPT_ARG(LOAD_PUBKEY); - - if (ENABLED_OPT(DETAILED_URL)) - detailed_url = 1; - - if (ENABLED_OPT(LOGIN)) - login = 1; - - if (HAVE_OPT(LABEL)) - { - label = OPT_ARG(LABEL); - } - - if (HAVE_OPT(BITS)) - { - bits = OPT_VALUE_BITS; - } - - if (HAVE_OPT(SEC_PARAM)) - { - sec_param = OPT_ARG(SEC_PARAM); - } - - if (debug > 0) - { - if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no"); - fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no"); - fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no"); - fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no"); - fprintf(stderr, "\n"); - } - - /* handle actions - */ - if (HAVE_OPT(LIST_TOKENS)) - pkcs11_token_list (outfile, detailed_url, &cinfo); - else if (HAVE_OPT(LIST_MECHANISMS)) - pkcs11_mechanism_list (outfile, url, login, - &cinfo); - else if (HAVE_OPT(GENERATE_RANDOM)) - pkcs11_get_random (outfile, url, OPT_VALUE_GENERATE_RANDOM, &cinfo); - else if (HAVE_OPT(LIST_ALL)) - { - pkcs11_type = PKCS11_TYPE_ALL; - pkcs11_list (outfile, url, pkcs11_type, - login, detailed_url, &cinfo); - } - else if (HAVE_OPT(LIST_ALL_CERTS)) - { - pkcs11_type = PKCS11_TYPE_CRT_ALL; - pkcs11_list (outfile, url, pkcs11_type, - login, detailed_url, &cinfo); - } - else if (HAVE_OPT(LIST_CERTS)) - { - pkcs11_type = PKCS11_TYPE_PK; - pkcs11_list (outfile, url, pkcs11_type, - login, detailed_url, &cinfo); - } - else if (HAVE_OPT(LIST_ALL_PRIVKEYS)) - { - pkcs11_type = PKCS11_TYPE_PRIVKEY; - pkcs11_list (outfile, url, pkcs11_type, - login, detailed_url, &cinfo); - } - else if (HAVE_OPT(LIST_ALL_TRUSTED)) - { - pkcs11_type = PKCS11_TYPE_TRUSTED; - pkcs11_list (outfile, url, pkcs11_type, - login, detailed_url, &cinfo); - } - else if (HAVE_OPT(EXPORT)) - { - pkcs11_export (outfile, url, login, &cinfo); - } - else if (HAVE_OPT(WRITE)) - { - int priv; - - if (HAVE_OPT(PRIVATE)) - priv = ENABLED_OPT(PRIVATE); - else priv = -1; - pkcs11_write (outfile, url, label, - ENABLED_OPT(TRUSTED), priv, login, &cinfo); - } - else if (HAVE_OPT(INITIALIZE)) - pkcs11_init (outfile, url, label, &cinfo); - else if (HAVE_OPT(DELETE)) - pkcs11_delete (outfile, url, 0, login, &cinfo); - else if (HAVE_OPT(GENERATE_ECC)) - { - key_type = GNUTLS_PK_EC; - pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param, 0), - label, ENABLED_OPT(PRIVATE), detailed_url, login, - &cinfo); - } - else if (HAVE_OPT(GENERATE_RSA)) - { - key_type = GNUTLS_PK_RSA; - pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param, 0), - label, ENABLED_OPT(PRIVATE), detailed_url, login, - &cinfo); - } - else if (HAVE_OPT(GENERATE_DSA)) - { - key_type = GNUTLS_PK_DSA; - pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param, 0), - label, ENABLED_OPT(PRIVATE), detailed_url, login, - &cinfo); - } - else - { - USAGE(1); - } - - fclose (outfile); + int ret, debug = 0; + common_info_st cinfo; + unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN; + const char *url = NULL; + unsigned int detailed_url = 0, optct; + unsigned int login = 0, bits = 0; + const char *label = NULL, *sec_param = NULL; + + optct = optionProcess(&p11toolOptions, argc, argv); + argc += optct; + argv += optct; + + if (url == NULL && argc > 0) + url = argv[0]; + else + url = "pkcs11:"; + + if (HAVE_OPT(DEBUG)) + debug = OPT_VALUE_DEBUG; + + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(debug); + if (debug > 1) + printf("Setting log level to %d\n", debug); + + if ((ret = gnutls_global_init()) < 0) { + fprintf(stderr, "global_init: %s", gnutls_strerror(ret)); + exit(1); + } + + if (HAVE_OPT(PROVIDER)) { + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret < 0) + fprintf(stderr, "pkcs11_init: %s", + gnutls_strerror(ret)); + else { + ret = + gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER), + NULL); + if (ret < 0) { + fprintf(stderr, "pkcs11_add_provider: %s", + gnutls_strerror(ret)); + exit(1); + } + } + } else { + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); + if (ret < 0) + fprintf(stderr, "pkcs11_init: %s", + gnutls_strerror(ret)); + } + + if (HAVE_OPT(OUTFILE)) { + outfile = safe_open_rw(OPT_ARG(OUTFILE), 0); + if (outfile == NULL) { + fprintf(stderr, "%s", OPT_ARG(OUTFILE)); + exit(1); + } + } else + outfile = stdout; + + memset(&cinfo, 0, sizeof(cinfo)); + + if (HAVE_OPT(SECRET_KEY)) + cinfo.secret_key = OPT_ARG(SECRET_KEY); + + if (HAVE_OPT(LOAD_PRIVKEY)) + cinfo.privkey = OPT_ARG(LOAD_PRIVKEY); + + if (HAVE_OPT(PKCS8)) + cinfo.pkcs8 = 1; + + if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW)) + cinfo.incert_format = GNUTLS_X509_FMT_DER; + else + cinfo.incert_format = GNUTLS_X509_FMT_PEM; + + if (HAVE_OPT(LOAD_CERTIFICATE)) + cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); + + if (HAVE_OPT(LOAD_PUBKEY)) + cinfo.pubkey = OPT_ARG(LOAD_PUBKEY); + + if (ENABLED_OPT(DETAILED_URL)) + detailed_url = 1; + + if (ENABLED_OPT(LOGIN)) + login = 1; + + if (HAVE_OPT(LABEL)) { + label = OPT_ARG(LABEL); + } + + if (HAVE_OPT(BITS)) { + bits = OPT_VALUE_BITS; + } + + if (HAVE_OPT(SEC_PARAM)) { + sec_param = OPT_ARG(SEC_PARAM); + } + + if (debug > 0) { + if (HAVE_OPT(PRIVATE)) + fprintf(stderr, "Private: %s\n", + ENABLED_OPT(PRIVATE) ? "yes" : "no"); + fprintf(stderr, "Trusted: %s\n", + ENABLED_OPT(TRUSTED) ? "yes" : "no"); + fprintf(stderr, "Login: %s\n", + ENABLED_OPT(LOGIN) ? "yes" : "no"); + fprintf(stderr, "Detailed URLs: %s\n", + ENABLED_OPT(DETAILED_URL) ? "yes" : "no"); + fprintf(stderr, "\n"); + } + + /* handle actions + */ + if (HAVE_OPT(LIST_TOKENS)) + pkcs11_token_list(outfile, detailed_url, &cinfo); + else if (HAVE_OPT(LIST_MECHANISMS)) + pkcs11_mechanism_list(outfile, url, login, &cinfo); + else if (HAVE_OPT(GENERATE_RANDOM)) + pkcs11_get_random(outfile, url, OPT_VALUE_GENERATE_RANDOM, + &cinfo); + else if (HAVE_OPT(LIST_ALL)) { + pkcs11_type = PKCS11_TYPE_ALL; + pkcs11_list(outfile, url, pkcs11_type, + login, detailed_url, &cinfo); + } else if (HAVE_OPT(LIST_ALL_CERTS)) { + pkcs11_type = PKCS11_TYPE_CRT_ALL; + pkcs11_list(outfile, url, pkcs11_type, + login, detailed_url, &cinfo); + } else if (HAVE_OPT(LIST_CERTS)) { + pkcs11_type = PKCS11_TYPE_PK; + pkcs11_list(outfile, url, pkcs11_type, + login, detailed_url, &cinfo); + } else if (HAVE_OPT(LIST_ALL_PRIVKEYS)) { + pkcs11_type = PKCS11_TYPE_PRIVKEY; + pkcs11_list(outfile, url, pkcs11_type, + login, detailed_url, &cinfo); + } else if (HAVE_OPT(LIST_ALL_TRUSTED)) { + pkcs11_type = PKCS11_TYPE_TRUSTED; + pkcs11_list(outfile, url, pkcs11_type, + login, detailed_url, &cinfo); + } else if (HAVE_OPT(EXPORT)) { + pkcs11_export(outfile, url, login, &cinfo); + } else if (HAVE_OPT(WRITE)) { + int priv; + + if (HAVE_OPT(PRIVATE)) + priv = ENABLED_OPT(PRIVATE); + else + priv = -1; + pkcs11_write(outfile, url, label, + ENABLED_OPT(TRUSTED), priv, login, &cinfo); + } else if (HAVE_OPT(INITIALIZE)) + pkcs11_init(outfile, url, label, &cinfo); + else if (HAVE_OPT(DELETE)) + pkcs11_delete(outfile, url, 0, login, &cinfo); + else if (HAVE_OPT(GENERATE_ECC)) { + key_type = GNUTLS_PK_EC; + pkcs11_generate(outfile, url, key_type, + get_bits(key_type, bits, sec_param, 0), + label, ENABLED_OPT(PRIVATE), detailed_url, + login, &cinfo); + } else if (HAVE_OPT(GENERATE_RSA)) { + key_type = GNUTLS_PK_RSA; + pkcs11_generate(outfile, url, key_type, + get_bits(key_type, bits, sec_param, 0), + label, ENABLED_OPT(PRIVATE), detailed_url, + login, &cinfo); + } else if (HAVE_OPT(GENERATE_DSA)) { + key_type = GNUTLS_PK_DSA; + pkcs11_generate(outfile, url, key_type, + get_bits(key_type, bits, sec_param, 0), + label, ENABLED_OPT(PRIVATE), detailed_url, + login, &cinfo); + } else { + USAGE(1); + } + + fclose(outfile); #ifdef ENABLE_PKCS11 - gnutls_pkcs11_deinit (); + gnutls_pkcs11_deinit(); #endif - gnutls_global_deinit (); + gnutls_global_deinit(); } |