686
686
} else if ((!strcmp("peer_hit", text)) && (strcmp("rst", argv[1]) == 0)) {
688
} else if (!strcmp("acquire", text)) {
688
} else if (!strcmp("certificate", text)) {
689
ret = TYPE_CERTIFICATE;
690
690
} else if (strcmp("nat", argv[1]) == 0) {
691
691
if (argv[2] && strcmp("port", argv[2]) == 0) {
692
692
if (argv[3] && strcmp("local", argv[3]) == 0) {
2265
* Utility function which compactly checks whether a string represents
2266
* a positive natural number, since scanf() is too lenient.
2268
* @param string NUL-terminated string to be checked
2270
* @return 1 if the only characters in the string are digits,
2271
* optionally with one leading '+' sign; 0 otherwise
2274
static int is_pos_natural_number(const char *string)
2276
if (string != NULL) {
2279
// allow one leading '+'
2280
if (string[0] == '+') {
2284
if ((len = strlen(string)) > 0) {
2285
for (size_t i = 0; i < len; i++) {
2286
if (string[i] < '0' || string[i] > '9') {
2264
2296
static int hip_conf_handle_certificate(struct hip_common *msg,
2266
2298
const char *opt[],
2268
2300
UNUSED int send_only)
2271
struct in6_addr subject_hit;
2273
ret = inet_pton(AF_INET6, opt[0], &subject_hit);
2274
HIP_DEBUG_HIT("Requesting certificate for subject:", &subject_hit);
2276
HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
2277
"Failed to build user message header.: %s\n", strerror(err));
2278
HIP_IFEL(hip_build_param_cert_x509_req(msg, &subject_hit), -1,
2279
"Failed to build cert_info\n");
2302
hip_hit_t subject_hit;
2303
uint32_t valid_until_h = 0;
2304
uint32_t valid_until_n = 0;
2308
/* convert the parameter strings input by the user into the
2309
* appropriate binary formats for further processing */
2310
const int pton_res = inet_pton(AF_INET6, opt[0], &subject_hit);
2312
if (optc == 2 && is_pos_natural_number(opt[1])) {
2313
/* need to use sscanf() here: strtol() won't do since we want the
2314
* result of the conversion to fit into an uint32_t, whereas
2315
* strtol() and relatives would write to a variable of platform-
2317
scanf_res = sscanf(opt[1], "%"SCNu32, &valid_until_h);
2320
/* the second parameter after "acquire certificate" is optional, so we accept
2321
* optc == 1 as well as optc == 2 (the latter is implied if scanf_res is 1) */
2322
if (pton_res == 1 && action == ACTION_ACQUIRE &&
2323
(optc == 1 || scanf_res == 1)) {
2324
HIP_DEBUG_HIT("Requesting certificate for subject", &subject_hit);
2326
HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
2327
"Failed to build user message header.\n");
2329
/* if the user provides a second parameter (following the HIT), it's meant to indicate
2330
* the point in time when validity of the issued certificate ends; expressed in "number
2331
* of seconds since the epoch"; we use a uint32_t for this, so we're creating a
2332
* year-2106-problem here (be scared) */
2333
if (scanf_res == 1) {
2334
valid_until_n = htonl(valid_until_h);
2335
HIP_IFEL(hip_build_param_contents(msg, &valid_until_n, HIP_PARAM_UINT, sizeof(uint32_t)), -1,
2336
"Failed to build validity parameter.\n");
2339
HIP_IFEL(hip_build_param_cert_x509_req(msg, &subject_hit), -1,
2340
"Failed to build cert_x509_req parameter.\n");
2343
HIP_ERROR("Invalid arguments.\n");
2294
2359
HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
2295
2360
"No name x509 struct found\n");
2296
HIP_IFEL(!(cert = cert_DER_to_X509(p->der, p->der_len)),
2361
const uint32_t der_len_h = ntohl(p->der_len);
2362
HIP_IFEL(!(cert = cert_DER_to_X509(p->der, der_len_h)),
2297
2363
-1, "Could not get X509 certificate from DER encoding\n.");
2298
X509_print_fp(stdout, cert);
2299
PEM_write_X509(stdout, cert);
2364
HIP_IFEL(fwrite(p->der, der_len_h, 1, stdout) != 1, -1, "Couldn't output certificate.\n");
2375
2440
NULL, /* 42: unused, was TYPE_HANDOVER */
2376
2441
hip_conf_handle_manual_update, /* 43: TYPE_MANUAL_UPDATE */
2377
2442
hip_conf_handle_broadcast, /* 44: TYPE_BROADCAST */
2378
hip_conf_handle_certificate, /* 45: TYPE CERTIFICATE */
2443
hip_conf_handle_certificate, /* 45: TYPE_CERTIFICATE */
2379
2444
NULL /* TYPE_MAX, the end. */
2431
2496
NULL, /* 42: unused, was TYPE_HANDOVER */
2432
2497
NULL, /* 43: TYPE_MANUAL_UPDATE */
2433
2498
NULL, /* 44: TYPE_BROADCAST */
2434
hip_conf_handle_certificate_answer, /* 45: TYPE CERTIFICATE */
2499
hip_conf_handle_certificate_answer, /* 45: TYPE_CERTIFICATE */
2435
2500
NULL /* TYPE_MAX, the end. */