From d4a4643dbe1bd739e55706fa4affaf10aae1dfa9 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 23 May 2010 14:05:32 +0200 Subject: Added support to copy certificates and private keys to tokens. New functions: gnutls_pkcs11_copy_x509_crt() gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool was updated to allow copying certificates and private keys to tokens. Deleting an object has issues (segfault) but it seems to be related with libopensc and its pkcs11 API. --- src/certtool-common.h | 14 ++++ src/certtool-gaa.c | 219 ++++++++++++++++++++++++++++++++++---------------- src/certtool-gaa.h | 6 +- src/certtool.c | 12 +-- src/certtool.gaa | 11 ++- src/crypt-gaa.c | 64 +++++++++------ src/pkcs11.c | 37 ++++++++- 7 files changed, 260 insertions(+), 103 deletions(-) (limited to 'src') diff --git a/src/certtool-common.h b/src/certtool-common.h index f5db0abd80..79d2300471 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -29,6 +29,8 @@ enum ACTION_PKCS11_LIST, ACTION_PKCS11_TOKENS, ACTION_PKCS11_EXPORT_URL, + ACTION_PKCS11_WRITE_URL, + ACTION_PKCS11_DELETE_URL, ACTION_PUBKEY_INFO, }; @@ -39,6 +41,8 @@ void certtool_version (void); void pkcs11_list( FILE*outfile, const char* url, int type); void pkcs11_export(FILE* outfile, const char *pkcs11_url); void pkcs11_token_list(FILE* outfile); +void pkcs11_write(FILE* outfile, const char *pkcs11_url, const char* label, int trusted); +void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int batch); #define PKCS11_TYPE_CRT_ALL 1 #define PKCS11_TYPE_TRUSTED 2 @@ -47,3 +51,13 @@ void pkcs11_token_list(FILE* outfile); extern unsigned char buffer[]; extern const int buffer_size; + +#include +#include + +gnutls_x509_privkey_t load_private_key (int mand); +gnutls_x509_crq_t load_request (void); +gnutls_x509_privkey_t load_ca_private_key (void); +gnutls_x509_crt_t load_ca_cert (void); +gnutls_x509_crt_t load_cert (int mand); +gnutls_pubkey_t load_pubkey (int mand); diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index d353489fec..fae02faa53 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -184,6 +184,10 @@ void gaa_help(void) __gaa_helpsingle(0, "pkcs11-list-all-certs", "", "List all certificates specified by a PKCS#11 URL"); __gaa_helpsingle(0, "pkcs11-list-all", "", "List all objects specified by a PKCS#11 URL"); __gaa_helpsingle(0, "pkcs11-list-tokens", "", "List all available tokens"); + __gaa_helpsingle(0, "pkcs11-write", "URL ", "Writes loaded certificates or private keys to a PKCS11 token."); + __gaa_helpsingle(0, "pkcs11-write-label", "label ", "Sets a label for the write operation."); + __gaa_helpsingle(0, "pkcs11-write-trusted", "", "Marks the certificate to be imported as trusted."); + __gaa_helpsingle(0, "pkcs11-delete-url", "URL ", "Deletes objects matching the URL."); __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1."); __gaa_helpsingle('h', "help", "", "shows this help text"); __gaa_helpsingle('v', "version", "", "shows the program's version"); @@ -201,8 +205,12 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 148 "certtool.gaa" +#line 156 "certtool.gaa" int debug; +#line 151 "certtool.gaa" + int pkcs11_trusted; +#line 148 "certtool.gaa" + char* pkcs11_label; #line 141 "certtool.gaa" int pkcs11_type; #line 138 "certtool.gaa" @@ -311,65 +319,69 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 58 +#define GAA_NB_OPTION 62 #define GAAOPTID_version 1 #define GAAOPTID_help 2 #define GAAOPTID_debug 3 -#define GAAOPTID_pkcs11_list_tokens 4 -#define GAAOPTID_pkcs11_list_all 5 -#define GAAOPTID_pkcs11_list_all_certs 6 -#define GAAOPTID_pkcs11_list_trusted 7 -#define GAAOPTID_pkcs11_list_certs 8 -#define GAAOPTID_pkcs11_export_url 9 -#define GAAOPTID_pkcs11_provider 10 -#define GAAOPTID_pkcs_cipher 11 -#define GAAOPTID_template 12 -#define GAAOPTID_infile 13 -#define GAAOPTID_outfile 14 -#define GAAOPTID_disable_quick_random 15 -#define GAAOPTID_bits 16 -#define GAAOPTID_outraw 17 -#define GAAOPTID_outder 18 -#define GAAOPTID_inraw 19 -#define GAAOPTID_inder 20 -#define GAAOPTID_export_ciphers 21 -#define GAAOPTID_hash 22 -#define GAAOPTID_dsa 23 -#define GAAOPTID_pkcs8 24 -#define GAAOPTID_to_p8 25 -#define GAAOPTID_to_p12 26 -#define GAAOPTID_v1 27 -#define GAAOPTID_fix_key 28 -#define GAAOPTID_pubkey_info 29 -#define GAAOPTID_pgp_key_info 30 -#define GAAOPTID_key_info 31 -#define GAAOPTID_smime_to_p7 32 -#define GAAOPTID_p7_info 33 -#define GAAOPTID_p12_info 34 -#define GAAOPTID_no_crq_extensions 35 -#define GAAOPTID_crq_info 36 -#define GAAOPTID_crl_info 37 -#define GAAOPTID_pgp_ring_info 38 -#define GAAOPTID_pgp_certificate_info 39 -#define GAAOPTID_certificate_info 40 -#define GAAOPTID_password 41 -#define GAAOPTID_load_ca_certificate 42 -#define GAAOPTID_load_ca_privkey 43 -#define GAAOPTID_load_certificate 44 -#define GAAOPTID_load_request 45 -#define GAAOPTID_load_pubkey 46 -#define GAAOPTID_load_privkey 47 -#define GAAOPTID_get_dh_params 48 -#define GAAOPTID_generate_dh_params 49 -#define GAAOPTID_verify_crl 50 -#define GAAOPTID_verify_chain 51 -#define GAAOPTID_generate_request 52 -#define GAAOPTID_generate_privkey 53 -#define GAAOPTID_update_certificate 54 -#define GAAOPTID_generate_crl 55 -#define GAAOPTID_generate_proxy 56 -#define GAAOPTID_generate_certificate 57 -#define GAAOPTID_generate_self_signed 58 +#define GAAOPTID_pkcs11_delete_url 4 +#define GAAOPTID_pkcs11_write_trusted 5 +#define GAAOPTID_pkcs11_write_label 6 +#define GAAOPTID_pkcs11_write 7 +#define GAAOPTID_pkcs11_list_tokens 8 +#define GAAOPTID_pkcs11_list_all 9 +#define GAAOPTID_pkcs11_list_all_certs 10 +#define GAAOPTID_pkcs11_list_trusted 11 +#define GAAOPTID_pkcs11_list_certs 12 +#define GAAOPTID_pkcs11_export_url 13 +#define GAAOPTID_pkcs11_provider 14 +#define GAAOPTID_pkcs_cipher 15 +#define GAAOPTID_template 16 +#define GAAOPTID_infile 17 +#define GAAOPTID_outfile 18 +#define GAAOPTID_disable_quick_random 19 +#define GAAOPTID_bits 20 +#define GAAOPTID_outraw 21 +#define GAAOPTID_outder 22 +#define GAAOPTID_inraw 23 +#define GAAOPTID_inder 24 +#define GAAOPTID_export_ciphers 25 +#define GAAOPTID_hash 26 +#define GAAOPTID_dsa 27 +#define GAAOPTID_pkcs8 28 +#define GAAOPTID_to_p8 29 +#define GAAOPTID_to_p12 30 +#define GAAOPTID_v1 31 +#define GAAOPTID_fix_key 32 +#define GAAOPTID_pubkey_info 33 +#define GAAOPTID_pgp_key_info 34 +#define GAAOPTID_key_info 35 +#define GAAOPTID_smime_to_p7 36 +#define GAAOPTID_p7_info 37 +#define GAAOPTID_p12_info 38 +#define GAAOPTID_no_crq_extensions 39 +#define GAAOPTID_crq_info 40 +#define GAAOPTID_crl_info 41 +#define GAAOPTID_pgp_ring_info 42 +#define GAAOPTID_pgp_certificate_info 43 +#define GAAOPTID_certificate_info 44 +#define GAAOPTID_password 45 +#define GAAOPTID_load_ca_certificate 46 +#define GAAOPTID_load_ca_privkey 47 +#define GAAOPTID_load_certificate 48 +#define GAAOPTID_load_request 49 +#define GAAOPTID_load_pubkey 50 +#define GAAOPTID_load_privkey 51 +#define GAAOPTID_get_dh_params 52 +#define GAAOPTID_generate_dh_params 53 +#define GAAOPTID_verify_crl 54 +#define GAAOPTID_verify_chain 55 +#define GAAOPTID_generate_request 56 +#define GAAOPTID_generate_privkey 57 +#define GAAOPTID_update_certificate 58 +#define GAAOPTID_generate_crl 59 +#define GAAOPTID_generate_proxy 60 +#define GAAOPTID_generate_certificate 61 +#define GAAOPTID_generate_self_signed 62 #line 168 "gaa.skel" @@ -562,49 +574,67 @@ struct GAAOPTION_debug int size1; }; -struct GAAOPTION_pkcs11_export_url +struct GAAOPTION_pkcs11_delete_url +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_pkcs11_write_label +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_pkcs11_write { char* arg1; int size1; }; -struct GAAOPTION_pkcs11_provider +struct GAAOPTION_pkcs11_export_url { char* arg1; int size1; }; -struct GAAOPTION_pkcs_cipher +struct GAAOPTION_pkcs11_provider { char* arg1; int size1; }; -struct GAAOPTION_template +struct GAAOPTION_pkcs_cipher { char* arg1; int size1; }; -struct GAAOPTION_infile +struct GAAOPTION_template { char* arg1; int size1; }; -struct GAAOPTION_outfile +struct GAAOPTION_infile { char* arg1; int size1; }; -struct GAAOPTION_bits +struct GAAOPTION_outfile +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_bits { int arg1; int size1; }; -struct GAAOPTION_hash +struct GAAOPTION_hash { char* arg1; int size1; @@ -682,6 +712,9 @@ static int gaa_get_option_num(char *str, int status) { case GAA_LETTER_OPTION: GAA_CHECK1STR("d", GAAOPTID_debug); + GAA_CHECK1STR("", GAAOPTID_pkcs11_delete_url); + GAA_CHECK1STR("", GAAOPTID_pkcs11_write_label); + GAA_CHECK1STR("", GAAOPTID_pkcs11_write); GAA_CHECK1STR("", GAAOPTID_pkcs11_export_url); GAA_CHECK1STR("", GAAOPTID_pkcs11_provider); GAA_CHECK1STR("", GAAOPTID_pkcs_cipher); @@ -701,6 +734,7 @@ static int gaa_get_option_num(char *str, int status) #line 375 "gaa.skel" GAA_CHECK1STR("v", GAAOPTID_version); GAA_CHECK1STR("h", GAAOPTID_help); + GAA_CHECK1STR("", GAAOPTID_pkcs11_write_trusted); GAA_CHECK1STR("", GAAOPTID_pkcs11_list_tokens); GAA_CHECK1STR("", GAAOPTID_pkcs11_list_all); GAA_CHECK1STR("", GAAOPTID_pkcs11_list_all_certs); @@ -748,6 +782,10 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("version", GAAOPTID_version); GAA_CHECKSTR("help", GAAOPTID_help); GAA_CHECKSTR("debug", GAAOPTID_debug); + GAA_CHECKSTR("pkcs11-delete-url", GAAOPTID_pkcs11_delete_url); + GAA_CHECKSTR("pkcs11-write-trusted", GAAOPTID_pkcs11_write_trusted); + GAA_CHECKSTR("pkcs11-write-label", GAAOPTID_pkcs11_write_label); + GAA_CHECKSTR("pkcs11-write", GAAOPTID_pkcs11_write); GAA_CHECKSTR("pkcs11-list-tokens", GAAOPTID_pkcs11_list_tokens); GAA_CHECKSTR("pkcs11-list-all", GAAOPTID_pkcs11_list_all); GAA_CHECKSTR("pkcs11-list-all-certs", GAAOPTID_pkcs11_list_all_certs); @@ -816,6 +854,9 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) int OK = 0; int gaa_last_non_option; struct GAAOPTION_debug GAATMP_debug; + struct GAAOPTION_pkcs11_delete_url GAATMP_pkcs11_delete_url; + struct GAAOPTION_pkcs11_write_label GAATMP_pkcs11_write_label; + struct GAAOPTION_pkcs11_write GAATMP_pkcs11_write; struct GAAOPTION_pkcs11_export_url GAATMP_pkcs11_export_url; struct GAAOPTION_pkcs11_provider GAATMP_pkcs11_provider; struct GAAOPTION_pkcs_cipher GAATMP_pkcs_cipher; @@ -853,14 +894,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_version: OK = 0; -#line 153 "certtool.gaa" +#line 161 "certtool.gaa" { certtool_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 151 "certtool.gaa" +#line 159 "certtool.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; @@ -870,9 +911,46 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1); gaa_index++; -#line 149 "certtool.gaa" +#line 157 "certtool.gaa" { gaaval->debug = GAATMP_debug.arg1 ;}; + return GAA_OK; + break; + case GAAOPTID_pkcs11_delete_url: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_pkcs11_delete_url.arg1, gaa_getstr, GAATMP_pkcs11_delete_url.size1); + gaa_index++; +#line 154 "certtool.gaa" +{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_pkcs11_delete_url.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_pkcs11_write_trusted: + OK = 0; +#line 152 "certtool.gaa" +{ gaaval->pkcs11_trusted = 1; ;}; + + return GAA_OK; + break; + case GAAOPTID_pkcs11_write_label: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_pkcs11_write_label.arg1, gaa_getstr, GAATMP_pkcs11_write_label.size1); + gaa_index++; +#line 150 "certtool.gaa" +{ gaaval->pkcs11_label = GAATMP_pkcs11_write_label.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_pkcs11_write: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_pkcs11_write.arg1, gaa_getstr, GAATMP_pkcs11_write.size1); + gaa_index++; +#line 149 "certtool.gaa" +{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_pkcs11_write.arg1; ;}; + return GAA_OK; break; case GAAOPTID_pkcs11_list_tokens: @@ -1329,13 +1407,14 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 155 "certtool.gaa" +#line 163 "certtool.gaa" { gaaval->bits = 2048; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0; gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; gaaval->privkey_op = 0; gaaval->pkcs_cipher = "3des"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL; - gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; ;}; + gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; + gaaval->pkcs11_trusted=0; ;}; } inited = 1; diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h index b96924aa61..8cda5acc1b 100644 --- a/src/certtool-gaa.h +++ b/src/certtool-gaa.h @@ -8,8 +8,12 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 148 "certtool.gaa" +#line 156 "certtool.gaa" int debug; +#line 151 "certtool.gaa" + int pkcs11_trusted; +#line 148 "certtool.gaa" + char* pkcs11_label; #line 141 "certtool.gaa" int pkcs11_type; #line 138 "certtool.gaa" diff --git a/src/certtool.c b/src/certtool.c index 075f19c840..b646453c50 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -64,12 +64,6 @@ void verify_crl (void); void pubkey_info (void); void pgp_privkey_info (void); void pgp_ring_info (void); -gnutls_x509_privkey_t load_private_key (int mand); -gnutls_x509_crq_t load_request (void); -gnutls_x509_privkey_t load_ca_private_key (void); -gnutls_x509_crt_t load_ca_cert (void); -gnutls_x509_crt_t load_cert (int mand); -gnutls_pubkey_t load_pubkey (int mand); void certificate_info (void); void pgp_certificate_info (void); void crl_info (void); @@ -1028,6 +1022,12 @@ gaa_parser (int argc, char **argv) case ACTION_PKCS11_EXPORT_URL: pkcs11_export(outfile, info.pkcs11_url); break; + case ACTION_PKCS11_WRITE_URL: + pkcs11_write(outfile, info.pkcs11_url, info.pkcs11_label, info.pkcs11_trusted); + break; + case ACTION_PKCS11_DELETE_URL: + pkcs11_delete(outfile, info.pkcs11_url, batch); + break; #ifdef ENABLE_OPENPGP case ACTION_PGP_INFO: pgp_certificate_info (); diff --git a/src/certtool.gaa b/src/certtool.gaa index 0ce49aaea5..9a835ad3ab 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -145,6 +145,14 @@ option (pkcs11-list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS option (pkcs11-list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL" option (pkcs11-list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens" +#char* pkcs11_label; +option (pkcs11-write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates or private keys to a PKCS11 token." +option (pkcs11-write-label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation." +#int pkcs11_trusted; +option (pkcs11-write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted." + +option (pkcs11-delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL." + #int debug; option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1." @@ -157,4 +165,5 @@ init { $bits = 2048; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0; $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; $privkey_op = 0; $pkcs_cipher = "3des"; $crq_extensions=1; $pkcs11_provider= NULL; - $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; } + $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; + $pkcs11_trusted=0; } diff --git a/src/crypt-gaa.c b/src/crypt-gaa.c index 8ec3b033ed..3375cf9988 100644 --- a/src/crypt-gaa.c +++ b/src/crypt-gaa.c @@ -389,12 +389,31 @@ static int gaa_getint(char *arg) return tmp; } +static char gaa_getchar(char *arg) +{ + if(strlen(arg) != 1) + { + printf("Option %s: '%s' isn't an character\n", gaa_current_option, arg); + GAAERROR(-1); + } + return arg[0]; +} static char* gaa_getstr(char *arg) { return arg; } - +static float gaa_getfloat(char *arg) +{ + float tmp; + char a; + if(sscanf(arg, "%f%c", &tmp, &a) < 1) + { + printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg); + GAAERROR(-1); + } + return tmp; +} /* option structures */ struct GAAOPTION_create_conf @@ -615,19 +634,16 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) int gaa(int argc, char **argv, gaainfo *gaaval) { int tmp1, tmp2; - int l; - size_t i, j; + int i, j; char *opt_list; - i = 0; - GAAargv = argv; GAAargc = argc; opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1); - for(l = 0; l < GAA_NB_OPTION + 1; l++) - opt_list[l] = 0; + for(i = 0; i < GAA_NB_OPTION + 1; i++) + opt_list[i] = 0; /* initialization */ if(inited == 0) { @@ -646,27 +662,27 @@ int gaa(int argc, char **argv, gaainfo *gaaval) gaa_arg_used = gaa_malloc(argc * sizeof(char)); } - for(l = 1; l < argc; l++) - gaa_arg_used[l] = 0; - for(l = 1; l < argc; l++) + for(i = 1; i < argc; i++) + gaa_arg_used[i] = 0; + for(i = 1; i < argc; i++) { - if(gaa_arg_used[l] == 0) + if(gaa_arg_used[i] == 0) { j = 0; - tmp1 = gaa_is_an_argument(GAAargv[l]); + tmp1 = gaa_is_an_argument(GAAargv[i]); switch(tmp1) { case GAA_WORD_OPTION: j++; case GAA_LETTER_OPTION: j++; - tmp2 = gaa_get_option_num(argv[l]+j, tmp1); + tmp2 = gaa_get_option_num(argv[i]+j, tmp1); if(tmp2 == GAA_ERROR_NOMATCH) { - printf("Invalid option '%s'\n", argv[l]+j); + printf("Invalid option '%s'\n", argv[i]+j); return 0; } - switch(gaa_try(tmp2, l+1, gaaval, opt_list)) + switch(gaa_try(tmp2, i+1, gaaval, opt_list)) { case GAA_ERROR_NOTENOUGH_ARGS: printf("'%s': not enough arguments\n",gaa_current_option); @@ -679,18 +695,18 @@ int gaa(int argc, char **argv, gaainfo *gaaval) default: printf("Unknown error\n"); } - gaa_arg_used[l] = 1; + gaa_arg_used[i] = 1; break; case GAA_MULTIPLE_OPTION: - for(j = 1; j < strlen(argv[l]); j++) + for(j = 1; j < strlen(argv[i]); j++) { - tmp2 = gaa_get_option_num(argv[l]+j, tmp1); + tmp2 = gaa_get_option_num(argv[i]+j, tmp1); if(tmp2 == GAA_ERROR_NOMATCH) { - printf("Invalid option '%c'\n", *(argv[l]+j)); + printf("Invalid option '%c'\n", *(argv[i]+j)); return 0; } - switch(gaa_try(tmp2, l+1, gaaval, opt_list)) + switch(gaa_try(tmp2, i+1, gaaval, opt_list)) { case GAA_ERROR_NOTENOUGH_ARGS: printf("'%s': not enough arguments\n",gaa_current_option); @@ -704,7 +720,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval) printf("Unknown error\n"); } } - gaa_arg_used[l] = 1; + gaa_arg_used[i] = 1; break; default: break; } @@ -730,9 +746,9 @@ if(gaa_processing_file == 0) } #endif } - for(l = 1; l < argc; l++) + for(i = 1; i < argc; i++) { - if(gaa_arg_used[l] == 0) + if(gaa_arg_used[i] == 0) { printf("Too many arguments\n"); return 0; @@ -783,7 +799,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc len++; a = fgetc( file); - if(a==EOF) return 0; /* a = ' '; */ + if(a==EOF) return 0; //a = ' '; } len += 1; diff --git a/src/pkcs11.c b/src/pkcs11.c index be99641777..c27dd03e25 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -44,6 +44,28 @@ static void pkcs11_common(void) } +void pkcs11_delete(FILE* outfile, const char* url, int batch) +{ +int ret; + if (!batch) { + pkcs11_list(outfile, url, PKCS11_TYPE_ALL); + ret = read_yesno("Are you sure you want to delete those objects? (Y/N): "); + if (ret == 0) { + exit(1); + } + } + + ret = gnutls_pkcs11_delete_url(url); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\n%d objects deleted\n", ret); + + return; +} + /* lists certificates from a token */ void pkcs11_list( FILE* outfile, const char* url, int type) @@ -340,6 +362,15 @@ size_t size; } return; +} + +void pkcs11_write(FILE* outfile, const char* url, const char* label, int trusted) +{ +gnutls_x509_crt_t xcrt; +gnutls_x509_privkey_t xkey; +int ret; +unsigned int flags = 0; +unsigned int key_usage; } @@ -512,6 +543,10 @@ size_t size; return; + if (xkey == NULL && xcrt == NULL) { + fprintf(stderr, "You must use --load-privkey or --load-certificate to load the file to be copied\n"); + exit (1); + } - + return; } -- cgit v1.2.1