119
static gnutls_x509_privkey
117
static gnutls_x509_privkey_t
120
118
generate_private_key_int (void)
122
gnutls_x509_privkey key;
120
gnutls_x509_privkey_t key;
123
121
int ret, key_type;
129
125
key_type = GNUTLS_PK_DSA;
131
127
if (info.bits > 1024)
134
"The DSA algorithm cannot be used with primes over 1024 bits.\n");
128
error (EXIT_FAILURE, 0, "--dsa is incompatible with --bits > 1024");
141
key_type = GNUTLS_PK_RSA;
146
return load_private_key (1);
131
key_type = GNUTLS_PK_RSA;
148
133
ret = gnutls_x509_privkey_init (&key);
151
fprintf (stderr, "privkey_init: %s\n", gnutls_strerror (ret));
135
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
155
fprintf (stderr, "Generating a %d bit %s private key...\n", info.bits, msg);
137
fprintf (stderr, "Generating a %d bit %s private key...\n", info.bits,
138
gnutls_pk_algorithm_get_name (key_type));
157
140
ret = gnutls_x509_privkey_generate (key, key_type, info.bits, 0);
160
fprintf (stderr, "privkey_generate: %s\n", gnutls_strerror (ret));
142
error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
169
print_key_usage (unsigned int x, FILE *out)
171
if (x & GNUTLS_KEY_DIGITAL_SIGNATURE)
172
fprintf (out, "\t\tDigital signature.\n");
173
if (x & GNUTLS_KEY_NON_REPUDIATION)
174
fprintf (out, "\t\tNon repudiation.\n");
175
if (x & GNUTLS_KEY_KEY_ENCIPHERMENT)
176
fprintf (out, "\t\tKey encipherment.\n");
177
if (x & GNUTLS_KEY_DATA_ENCIPHERMENT)
178
fprintf (out, "\t\tData encipherment.\n");
179
if (x & GNUTLS_KEY_KEY_AGREEMENT)
180
fprintf (out, "\t\tKey agreement.\n");
181
if (x & GNUTLS_KEY_KEY_CERT_SIGN)
182
fprintf (out, "\t\tCertificate signing.\n");
183
if (x & GNUTLS_KEY_CRL_SIGN)
184
fprintf (out, "\t\tCRL signing.\n");
185
if (x & GNUTLS_KEY_ENCIPHER_ONLY)
186
fprintf (out, "\t\tKey encipher only.\n");
187
if (x & GNUTLS_KEY_DECIPHER_ONLY)
188
fprintf (out, "\t\tKey decipher only.\n");
192
print_key_purpose (const char *x, FILE *out)
194
if (strcasecmp (x, GNUTLS_KP_TLS_WWW_SERVER) == 0)
195
fprintf (out, "\t\tTLS WWW Server.\n");
196
else if (strcasecmp (x, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
197
fprintf (out, "\t\tTLS WWW Client.\n");
198
else if (strcasecmp (x, GNUTLS_KP_CODE_SIGNING) == 0)
199
fprintf (out, "\t\tCode signing.\n");
200
else if (strcasecmp (x, GNUTLS_KP_EMAIL_PROTECTION) == 0)
201
fprintf (out, "\t\tEmail protection.\n");
202
else if (strcasecmp (x, GNUTLS_KP_TIME_STAMPING) == 0)
203
fprintf (out, "\t\tTime stamping.\n");
204
else if (strcasecmp (x, GNUTLS_KP_OCSP_SIGNING) == 0)
205
fprintf (out, "\t\tOCSP signing.\n");
206
else if (strcasecmp (x, GNUTLS_KP_ANY) == 0)
207
fprintf (out, "\t\tAny purpose.\n");
209
fprintf (out, "\t\t%s\n", x);
215
print_private_key (gnutls_x509_privkey key)
148
print_private_key (gnutls_x509_privkey_t key)
313
get_country_crt_set (crt);
314
get_organization_crt_set (crt);
315
get_unit_crt_set (crt);
316
get_locality_crt_set (crt);
317
get_state_crt_set (crt);
318
get_cn_crt_set (crt);
319
get_uid_crt_set (crt);
320
get_oid_crt_set (crt);
324
"This field should not be used in new certificates.\n");
326
get_pkcs9_email_crt_set (crt);
239
result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0);
241
error (EXIT_FAILURE, 0, "set_proxy_dn: %s",
242
gnutls_strerror (result));
244
get_cn_crt_set (crt);
248
get_country_crt_set (crt);
249
get_organization_crt_set (crt);
250
get_unit_crt_set (crt);
251
get_locality_crt_set (crt);
252
get_state_crt_set (crt);
253
get_cn_crt_set (crt);
254
get_uid_crt_set (crt);
255
get_oid_crt_set (crt);
259
"This field should not be used in new certificates.\n");
261
get_pkcs9_email_crt_set (crt);
328
264
result = gnutls_x509_crt_set_key (crt, key);
331
fprintf (stderr, "set_key: %s\n", gnutls_strerror (result));
266
error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (result));
338
270
result = gnutls_x509_crt_set_crq (crt, crq);
341
fprintf (stderr, "set_crq: %s\n", gnutls_strerror (result));
272
error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result));
347
276
serial = get_serial ();
348
buffer[3] = serial & 0xff;
349
buffer[2] = (serial >> 8) & 0xff;
350
buffer[1] = (serial >> 16) & 0xff;
277
buffer[4] = serial & 0xff;
278
buffer[3] = (serial >> 8) & 0xff;
279
buffer[2] = (serial >> 16) & 0xff;
280
buffer[1] = (serial >> 24) & 0xff;
353
result = gnutls_x509_crt_set_serial (crt, buffer, 4);
283
result = gnutls_x509_crt_set_serial (crt, buffer, 5);
356
fprintf (stderr, "serial: %s\n", gnutls_strerror (result));
285
error (EXIT_FAILURE, 0, "serial: %s", gnutls_strerror (result));
362
288
fprintf (stderr, "\n\nActivation/Expiration time.\n");
369
295
gnutls_x509_crt_set_expiration_time (crt,
370
296
time (NULL) + days * 24 * 60 * 60);
373
fprintf (stderr, "set_expiration: %s\n", gnutls_strerror (result));
298
error (EXIT_FAILURE, 0, "set_expiration: %s", gnutls_strerror (result));
379
301
fprintf (stderr, "\n\nExtensions.\n");
381
ca_status = get_ca_status ();
383
result = gnutls_x509_crt_set_ca_status (crt, ca_status);
386
fprintf (stderr, "ca_status: %s\n", gnutls_strerror (result));
305
const char *policylanguage;
308
int proxypathlen = get_path_len ();
312
printf ("1.3.6.1.5.5.7.21.1 ::= id-ppl-inheritALL\n");
313
printf ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n");
316
policylanguage = get_proxy_policy (&policy, &policylen);
318
result = gnutls_x509_crt_set_proxy (crt, proxypathlen, policylanguage,
321
error (EXIT_FAILURE, 0, "set_proxy: %s", gnutls_strerror (result));
325
ca_status = get_ca_status ();
327
path_len = get_path_len ();
331
result = gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len);
333
error (EXIT_FAILURE, 0, "basic_constraints: %s", gnutls_strerror (result));
390
335
client = get_tls_client_status ();
394
gnutls_x509_crt_set_key_purpose_oid (crt,
395
GNUTLS_KP_TLS_WWW_CLIENT, 0);
338
result = gnutls_x509_crt_set_key_purpose_oid (crt,
339
GNUTLS_KP_TLS_WWW_CLIENT,
398
fprintf (stderr, "key_kp: %s\n", gnutls_strerror (result));
342
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result));
403
345
server = get_tls_server_status ();
597
510
generate_crl (void)
600
gnutls_x509_crt *crts;
512
gnutls_x509_crl_t crl;
513
gnutls_x509_crt_t *crts;
602
515
int days, result, i;
603
int vers = 2; /* the default version in the CRL
516
time_t now = time (NULL);
606
518
result = gnutls_x509_crl_init (&crl);
609
fprintf (stderr, "crl_init: %s\n", gnutls_strerror (result));
520
error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (result));
613
crts = load_cert_list (1, &size);
522
crts = load_cert_list (0, &size);
615
524
for (i = 0; i < size; i++)
618
result = gnutls_x509_crl_set_crt (crl, crts[i], time (0));
526
result = gnutls_x509_crl_set_crt (crl, crts[i], now);
621
fprintf (stderr, "crl_set_crt: %s\n", gnutls_strerror (result));
528
error (EXIT_FAILURE, 0, "crl_set_crt: %s", gnutls_strerror (result));
626
fprintf (stderr, "\n\nthisUpdate/nextUpdate time.\n");
627
gnutls_x509_crl_set_this_update (crl, time (NULL));
531
result = gnutls_x509_crl_set_this_update (crl, now);
533
error (EXIT_FAILURE, 0, "this_update: %s", gnutls_strerror (result));
535
fprintf (stderr, "Update times.\n");
629
536
days = get_crl_next_update ();
632
gnutls_x509_crl_set_next_update (crl, time (NULL) + days * 24 * 60 * 60);
538
result = gnutls_x509_crl_set_next_update (crl, now + days * 24 * 60 * 60);
635
fprintf (stderr, "next_update: %s\n", gnutls_strerror (result));
540
error (EXIT_FAILURE, 0, "next_update: %s", gnutls_strerror (result));
641
result = gnutls_x509_crl_set_version (crl, vers);
542
result = gnutls_x509_crl_set_version (crl, 2);
644
fprintf (stderr, "set_version: %s\n", gnutls_strerror (result));
544
error (EXIT_FAILURE, 0, "set_version: %s", gnutls_strerror (result));
652
update_certificate (void)
658
size = gnutls_x509_crt_init (&crt);
661
fprintf (stderr, "crt_init: %s\n", gnutls_strerror (size));
667
fprintf (stderr, "Activation/Expiration time.\n");
668
gnutls_x509_crt_set_activation_time (crt, time (NULL));
673
gnutls_x509_crt_set_expiration_time (crt,
674
time (NULL) + days * 24 * 60 * 60);
677
fprintf (stderr, "set_expiration: %s\n", gnutls_strerror (result));
687
550
generate_self_signed (void)
690
gnutls_x509_privkey key;
552
gnutls_x509_crt_t crt;
553
gnutls_x509_privkey_t key;
695
558
fprintf (stderr, "Generating a self signed certificate...\n");
697
crt = generate_certificate (&key, NULL);
560
crt = generate_certificate (&key, NULL, 0);
700
563
key = load_private_key (1);
767
622
result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, dig, 0);
770
fprintf (stderr, "crt_sign: %s\n", gnutls_strerror (result));
774
size = sizeof (buffer);
775
result = gnutls_x509_crt_export (crt, out_cert_format, buffer, &size);
778
fprintf (stderr, "crt_export: %s\n", gnutls_strerror (result));
624
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
626
size = sizeof (buffer);
627
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
629
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
631
fwrite (buffer, 1, size, outfile);
633
gnutls_x509_crt_deinit (crt);
634
gnutls_x509_privkey_deinit (key);
638
generate_proxy_certificate (void)
640
gnutls_x509_crt_t crt, eecrt;
641
gnutls_x509_privkey_t key, eekey;
645
fprintf (stderr, "Generating a proxy certificate...\n");
647
eekey = load_ca_private_key ();
648
eecrt = load_cert (1);
650
crt = generate_certificate (&key, eecrt, 1);
652
print_certificate_info (crt, stderr, 0);
654
fprintf (stderr, "\n\nSigning certificate...\n");
656
result = gnutls_x509_crt_sign2 (crt, eecrt, eekey, dig, 0);
658
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
660
size = sizeof (buffer);
661
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
663
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
782
665
fwrite (buffer, 1, size, outfile);
997
864
smime_to_pkcs7 ();
867
generate_proxy_certificate ();
1000
fprintf (stderr, "GnuTLS' certtool utility.\n");
1002
"Please use the --help to get help on this program.\n");
1005
873
fclose (outfile);
1009
/* OIDs that are handled by the gnutls' functions.
1012
known_oid (const char *oid)
1014
if (strcmp (oid, "2.5.29.17") == 0 ||
1015
strcmp (oid, "2.5.29.19") == 0 ||
1016
strcmp (oid, "2.5.29.31") == 0 ||
1017
strcmp (oid, "2.5.29.37") == 0 ||
1018
strcmp (oid, "2.5.29.14") == 0 ||
1019
strcmp (oid, "2.5.29.35") == 0 || strcmp (oid, "2.5.29.15") == 0)
1027
878
certificate_info (void)
1029
gnutls_x509_crt crt[MAX_CRTS];
880
gnutls_x509_crt_t crt[MAX_CRTS];
1031
882
int ret, i, count;
1033
884
unsigned int crt_num;
1035
size = fread (buffer, 1, sizeof (buffer) - 1, infile);
886
pem.data = fread_file (infile, &size);
1039
887
pem.size = size;
1041
889
crt_num = MAX_CRTS;
1043
gnutls_x509_crt_list_import (crt, &crt_num, &pem, in_cert_format,
1044
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
890
ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem, info.incert_format,
891
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
1045
892
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
1048
"Too many certificates (%d), will only read the first %d.\n",
894
error (0, 0, "Too many certificates (%d), will only read the first %d.",
1050
896
crt_num = MAX_CRTS;
1052
gnutls_x509_crt_list_import (crt, &crt_num, &pem, in_cert_format, 0);
897
ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem,
898
info.incert_format, 0);
1057
fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
901
error (EXIT_FAILURE, 0, "Import error: %s", gnutls_strerror (ret));
1062
if (count > 1 && out_cert_format == GNUTLS_X509_FMT_DER)
907
if (count > 1 && info.outcert_format == GNUTLS_X509_FMT_DER)
1064
fprintf(stderr, "Cannot output multiple certificates in DER format, using PEM instead.\n");
1065
out_cert_format = GNUTLS_X509_FMT_PEM;
909
error(0, 0, "Cannot output multiple certificates in DER format, using PEM instead.");
910
info.outcert_format = GNUTLS_X509_FMT_PEM;
1068
913
for (i = 0; i < count; i++)
1070
if (out_cert_format == GNUTLS_X509_FMT_PEM)
1071
print_certificate_info (crt[i], outfile, 1);
916
fprintf (outfile, "\n");
918
if (info.outcert_format == GNUTLS_X509_FMT_PEM)
919
print_certificate_info (crt[i], outfile, 1);
1075
923
size = sizeof (buffer);
1077
gnutls_x509_crt_export (crt[i], out_cert_format, buffer,
924
ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer,
1081
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
1084
fprintf (outfile, "\n%s\n", buffer);
927
error (EXIT_FAILURE, 0, "Export error: %s",
928
gnutls_strerror (ret));
929
fprintf (outfile, "%s", buffer);
1091
935
ret = gnutls_x509_crt_to_xml (crt[i], &xml, GNUTLS_XML_SHOW_ALL);
1094
fprintf (stderr, "XML encoding error: %s\n",
1095
gnutls_strerror (ret));
937
error (EXIT_FAILURE, 0, "XML encoding error: %s",
938
gnutls_strerror (ret));
1099
940
fprintf (outfile, "\n%s\n", xml.data);
1100
941
gnutls_free (xml.data);
1107
print_hex_datum (gnutls_datum * dat)
947
print_hex_datum (gnutls_datum_t * dat)
1110
950
#define SPACE "\t"
1123
print_certificate_info (gnutls_x509_crt crt, FILE *out, unsigned int all)
963
print_certificate_info (gnutls_x509_crt_t crt, FILE *out, unsigned int all)
1126
unsigned int i, indx, j, version;
1127
unsigned int critical, key_usage, bits;
1130
size_t serial_size = sizeof (serial), dn_size, size;
1134
char old_oid[128] = "";
1136
fprintf (out, "\n\nX.509 certificate info:\n\n");
1138
version = gnutls_x509_crt_get_version (crt);
1139
fprintf (out, "Version: %d\n", version);
1143
if (gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0)
1145
fprintf (out, "Serial Number (hex): %s\n",
1146
raw_to_string (serial, serial_size));
1151
dn_size = sizeof (dn);
1152
ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size);
1154
fprintf (out, "Subject: %s\n", dn);
1156
fprintf (stderr, "get_dn: %s\n", gnutls_strerror (ret));
1162
dn_size = sizeof (dn);
1163
ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size);
1165
fprintf (out, "Issuer: %s\n", dn);
1167
fprintf (stderr, "get_issuer_dn: %s\n", gnutls_strerror (ret));
1170
/* signature algorithm
1172
fprintf (out, "Signature Algorithm: ");
1173
ret = gnutls_x509_crt_get_signature_algorithm (crt);
1175
cprint = gnutls_sign_algorithm_get_name (ret);
1178
fprintf (out, "%s\n", cprint);
1179
if (ret == GNUTLS_SIGN_RSA_MD5 || ret == GNUTLS_SIGN_RSA_MD2)
1182
"Warning: certificate uses a broken signature algorithm that can be forged.\n");
1188
fprintf (out, "Validity:\n");
1190
tim = gnutls_x509_crt_get_activation_time (crt);
1191
fprintf (out, "\tNot Before: %s", ctime (&tim));
1193
tim = gnutls_x509_crt_get_expiration_time (crt);
1194
fprintf (out, "\tNot After: %s", ctime (&tim));
1196
/* Public key algorithm
1198
fprintf (out, "Subject Public Key Info:\n");
1199
ret = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
1200
fprintf (out, "\tPublic Key Algorithm: ");
1202
cprint = gnutls_pk_algorithm_get_name (ret);
1205
fprintf (out, "%s", cprint);
1206
if (ret >= 0 && bits)
1207
fprintf (out, " (%u bits)", bits);
1208
fprintf (out, "\n");
1210
/* Print the raw public keys
1214
if (ret == GNUTLS_PK_RSA)
1218
ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e);
1221
fprintf (stderr, "Error in key RSA data export: %s\n",
1222
gnutls_strerror (ret));
1225
fprintf (outfile, "modulus:");
1226
print_hex_datum (&m);
1227
fprintf (outfile, "public exponent:");
1228
print_hex_datum (&e);
1231
else if (ret == GNUTLS_PK_DSA)
1233
gnutls_datum p, q, g, y;
1235
ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y);
1238
fprintf (stderr, "Error in key DSA data export: %s\n",
1239
gnutls_strerror (ret));
1242
fprintf (outfile, "public key:");
1243
print_hex_datum (&y);
1244
fprintf (outfile, "p:");
1245
print_hex_datum (&p);
1246
fprintf (outfile, "q:");
1247
print_hex_datum (&q);
1248
fprintf (outfile, "g:");
1249
print_hex_datum (&g);
1254
fprintf (out, "\nX.509 Extensions:\n");
1256
/* subject alternative name
1258
for (i = 0; !(ret < 0); i++)
1260
size = sizeof (buffer);
1262
gnutls_x509_crt_get_subject_alt_name (crt, i, buffer, &size,
1265
if (i == 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
1267
fprintf (out, "\tSubject Alternative name:");
1269
fprintf (out, " (critical)");
1270
fprintf (out, "\n");
1273
if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
1275
fprintf (out, "\t\tFound unsupported alternative name.\n");
1280
case GNUTLS_SAN_DNSNAME:
1281
fprintf (out, "\t\tDNSname: %s\n", buffer);
1283
case GNUTLS_SAN_RFC822NAME:
1284
fprintf (out, "\t\tRFC822name: %s\n", buffer);
1286
case GNUTLS_SAN_URI:
1287
fprintf (out, "\t\tURI: %s\n", buffer);
1289
case GNUTLS_SAN_IPADDRESS:
1290
fprintf (out, "\t\tIPAddress: %s\n", buffer);
1298
for (i = 0; !(ret < 0); i++)
1300
size = sizeof (buffer);
1302
gnutls_x509_crt_get_crl_dist_points (crt, i, buffer, &size,
1305
if (i == 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
1307
fprintf (out, "\tCRL Distribution points:");
1309
fprintf (out, " (critical)");
1310
fprintf (out, "\n");
1313
if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
1315
fprintf (out, "\t\tError decoding: %s\n", gnutls_strerror (ret));
1320
case GNUTLS_SAN_DNSNAME:
1321
fprintf (out, "\t\tDNSname: %s\n", buffer);
1323
case GNUTLS_SAN_RFC822NAME:
1324
fprintf (out, "\t\tRFC822name: %s\n", buffer);
1326
case GNUTLS_SAN_URI:
1327
fprintf (out, "\t\tURI: %s\n", buffer);
1329
case GNUTLS_SAN_IPADDRESS:
1330
fprintf (out, "\t\tIPAddress: %s\n", buffer);
1335
/* check for basicConstraints
1337
ret = gnutls_x509_crt_get_ca_status (crt, &critical);
1341
fprintf (out, "\tBasic Constraints:");
1343
fprintf (out, " (critical)");
1344
fprintf (out, "\n");
1347
fprintf (out, "\t\tCA:FALSE\n");
1349
fprintf (out, "\t\tCA:TRUE\n");
1355
ret = gnutls_x509_crt_get_key_usage (crt, &key_usage, &critical);
1359
fprintf (out, "\tKey usage: %s\n", critical ? "(critical)" : "");
1360
print_key_usage (key_usage, out);
1363
/* Key Purpose identifiers.
1367
size = sizeof (buffer);
1369
gnutls_x509_crt_get_key_purpose_oid (crt, 0, buffer, &size,
1372
fprintf (out, "\tKey purpose OIDs: %s\n", critical ? "(critical)" : "");
1375
size = sizeof (buffer);
1377
gnutls_x509_crt_get_key_purpose_oid (crt, i, buffer, &size,
1382
print_key_purpose (buffer, out);
1391
size = sizeof (buffer);
1392
ret = gnutls_x509_crt_get_subject_key_id (crt, buffer, &size, &critical);
1394
if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
1396
fprintf (out, "Error getting subject key id: %s\n",
1397
gnutls_strerror (ret));
1402
fprintf (out, "\tSubject Key ID: %s\n\t\t%s\n",
1403
critical ? "(critical)" : "", raw_to_string (buffer, size));
1408
size = sizeof (buffer);
1409
ret = gnutls_x509_crt_get_authority_key_id (crt, buffer, &size, &critical);
1411
if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
1413
fprintf (out, "Error getting authority key id: %s\n",
1414
gnutls_strerror (ret));
1419
fprintf (out, "\tAuthority Key ID: %s\n\t\t%s\n",
1420
critical ? "(critical)" : "", raw_to_string (buffer, size));
1423
/* other extensions:
1427
for (i = 0; !(ret < 0); i++)
1430
size = sizeof (oid);
1431
ret = gnutls_x509_crt_get_extension_oid (crt, i, oid, &size);
1435
if (known_oid (oid))
1438
if (strcmp (oid, old_oid) == 0)
1447
fprintf (out, "\t%s: ", oid);
1449
size = sizeof (buffer);
1451
gnutls_x509_crt_get_extension_by_oid (crt, oid, indx,
1452
buffer, &size, &critical);
1457
fprintf (out, "(critical)\n");
1459
fprintf (out, "\n");
1461
fprintf (out, "\t\tDER Data: ");
1462
for (j = 0; j < size; j++)
1464
fprintf (out, "%.2x", (unsigned char) buffer[j]);
1466
fprintf (out, "\n");
1467
fprintf (out, "\t\tASCII: ");
1468
for (j = 0; j < size; j++)
1470
if (isprint (buffer[j]))
1471
fprintf (out, "%c", (unsigned char) buffer[j]);
1475
fprintf (out, "\n");
1479
strcpy (old_oid, oid);
1487
fprintf (out, "\nOther information:\n");
1490
size = sizeof (buffer);
1492
gnutls_x509_crt_get_fingerprint (crt, GNUTLS_DIG_MD5, buffer,
1495
fprintf (out, "Error in fingerprint calculation: %s\n",
1496
gnutls_strerror (ret));
1500
fprintf (out, "\tMD5 Fingerprint: %s\n",
1501
raw_to_string (buffer, size));
1504
size = sizeof (buffer);
1506
gnutls_x509_crt_get_fingerprint (crt, GNUTLS_DIG_SHA1, buffer,
1509
fprintf (out, "Error in fingerprint calculation: %s\n",
1510
gnutls_strerror (ret));
1514
fprintf (out, "\tSHA1 Fingerprint: %s\n",
1515
raw_to_string (buffer, size));
1520
size = sizeof (buffer);
1521
if ((ret = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size)) < 0)
1523
fprintf (out, "Error in key id calculation: %s\n",
1524
gnutls_strerror (ret));
1528
fprintf (out, "\tPublic Key ID: %s\n", raw_to_string (buffer, size));
1531
fprintf (out, "\n");
969
ret = gnutls_x509_crt_print (crt, GNUTLS_X509_CRT_FULL, &info);
971
ret = gnutls_x509_crt_print (crt, GNUTLS_X509_CRT_UNSIGNED_FULL, &info);
974
fprintf (out, "%s\n", info.data);
975
gnutls_free (info.data);
1533
978
if (out == stderr && batch == 0) /* interactive */
1534
979
if (read_yesno ("Is the above information ok? (Y/N): ") == 0)
1541
print_crl_info (gnutls_x509_crl crl, FILE *out, int all)
1547
size_t serial_size = sizeof (serial), dn_size;
1551
fprintf (out, "CRL information:\n");
1552
fprintf (out, "Version: %d\n", gnutls_x509_crl_get_version (crl));
1558
dn_size = sizeof (dn);
1560
ret = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
1562
fprintf (out, "Issuer: %s\n", dn);
1564
fprintf (out, "Signature Algorithm: ");
1565
ret = gnutls_x509_crl_get_signature_algorithm (crl);
1567
cprint = gnutls_sign_algorithm_get_name (ret);
1570
fprintf (out, "%s\n", cprint);
1575
fprintf (out, "Update dates:\n");
1577
tim = gnutls_x509_crl_get_this_update (crl);
1578
fprintf (out, "\tIssued at: %s", ctime (&tim));
1580
tim = gnutls_x509_crl_get_next_update (crl);
1581
fprintf (out, "\tNext at: %s", ctime (&tim));
1583
fprintf (out, "\n");
1585
/* Count the certificates.
1588
rc = gnutls_x509_crl_get_crt_count (crl);
1589
fprintf (out, "Revoked certificates: %d\n", rc);
1591
for (j = 0; j < (unsigned int) rc; j++)
1595
serial_size = sizeof (serial);
1597
gnutls_x509_crl_get_crt_serial (crl, j, serial, &serial_size, &tim);
1601
fprintf (stderr, "error: %s\n", gnutls_strerror (ret));
1605
fprintf (out, "\tCertificate SN: %s\n",
1606
raw_to_string (serial, serial_size));
1607
fprintf (out, "\tRevoked at: %s\n", ctime (&tim));
1616
gnutls_x509_crl crl;
986
print_crl_info (gnutls_x509_crl_t crl, FILE *out)
1621
size = fread (buffer, 1, sizeof (buffer) - 1, infile);
1624
gnutls_x509_crl_init (&crl);
1629
ret = gnutls_x509_crl_import (crl, &pem, in_cert_format);
992
ret = gnutls_x509_crl_print (crl, GNUTLS_X509_CRT_FULL, &info);
1632
fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
1636
print_crl_info (crl, outfile, 1);
994
error (EXIT_FAILURE, 0, "crl_print: %s", gnutls_strerror (ret));
996
fprintf (out, "%s\n", info.data);
998
gnutls_free (info.data);
1638
1000
size = sizeof (buffer);
1639
1001
ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size);
1642
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
1646
fprintf (outfile, "\n%s\n", buffer);
1003
error (EXIT_FAILURE, 0, "crl_export: %s", gnutls_strerror (ret));
1005
fprintf (outfile, "%s", buffer);
1011
gnutls_x509_crl_t crl;
1016
ret = gnutls_x509_crl_init (&crl);
1018
error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (ret));
1020
pem.data = fread_file (infile, &size);
1024
error (EXIT_FAILURE, errno, "%s", info.infile ? info.infile :
1027
ret = gnutls_x509_crl_import (crl, &pem, info.incert_format);
1030
error (EXIT_FAILURE, 0, "Import error: %s", gnutls_strerror (ret));
1032
print_crl_info (crl, outfile);
1652
1036
privkey_info (void)
1654
gnutls_x509_privkey key;
1038
gnutls_x509_privkey_t key;
1658
1042
const char *cprint;
1659
1043
const char *pass;
1766
1146
ret = gnutls_x509_privkey_fix (key);
1769
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
1148
error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret));
1774
1151
size = sizeof (buffer);
1775
1152
ret = gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &size);
1778
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
1154
error (EXIT_FAILURE, 0, "Export error: %s", gnutls_strerror (ret));
1781
1156
fprintf (outfile, "\n%s\n", buffer);
1784
/* mand should be non zero if it is required to read a private key.
1159
/* Load the private key.
1160
* @mand should be non zero if it is required to read a private key.
1162
gnutls_x509_privkey_t
1787
1163
load_private_key (int mand)
1790
gnutls_x509_privkey key;
1165
gnutls_x509_privkey_t key;
1796
1170
if (!info.privkey && !mand)
1801
fprintf (stderr, "error: a private key was not specified\n");
1805
fd = fopen (info.privkey, "r");
1808
fprintf (stderr, "error: could not load key file '%s'.\n",
1813
size = fread (buffer, 1, sizeof (buffer) - 1, fd);
1173
if (info.privkey == NULL)
1174
error (EXIT_FAILURE, 0, "missing --load-privkey");
1818
1176
ret = gnutls_x509_privkey_init (&key);
1821
fprintf (stderr, "privkey_init: %s\n", gnutls_strerror (ret));
1178
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
1180
dat.data = read_binary_file (info.privkey, &size);
1826
1181
dat.size = size;
1829
ret = gnutls_x509_privkey_import (key, &dat, in_cert_format);
1184
error (EXIT_FAILURE, errno, "reading --load-privkey: %s",
1189
const char *pass = get_pass ();
1190
ret = gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
1833
ret = gnutls_x509_privkey_import_pkcs8 (key, &dat, in_cert_format,
1194
ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
1839
fprintf (stderr, "privkey_import: %s\n", gnutls_strerror (ret));
1197
error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
1198
info.privkey, gnutls_strerror (ret));
1203
/* Load the Certificate Request.
1850
gnutls_x509_crq crq;
1208
gnutls_x509_crq_t crq;
1855
1213
if (!info.request)
1858
fd = fopen (info.request, "r");
1861
fprintf (stderr, "File %s does not exist.\n", info.request);
1865
size = fread (buffer, 1, sizeof (buffer) - 1, fd);
1870
1216
ret = gnutls_x509_crq_init (&crq);
1873
fprintf (stderr, "crq_init: %s\n", gnutls_strerror (ret));
1218
error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
1220
dat.data = read_binary_file (info.request, &size);
1878
1221
dat.size = size;
1880
ret = gnutls_x509_crq_import (crq, &dat, in_cert_format);
1224
error (EXIT_FAILURE, errno, "reading --load-request: %s",
1227
ret = gnutls_x509_crq_import (crq, &dat, info.incert_format);
1884
fprintf (stderr, "crq_import: %s\n", gnutls_strerror (ret));
1230
error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
1231
info.request, gnutls_strerror (ret));
1892
load_ca_private_key ()
1236
/* Load the CA's private key.
1238
gnutls_x509_privkey_t
1239
load_ca_private_key (void)
1895
gnutls_x509_privkey key;
1241
gnutls_x509_privkey_t key;
1901
fprintf (stderr, "Loading CA's private key...\n");
1903
1246
if (info.ca_privkey == NULL)
1905
fprintf (stderr, "You must specify a private key of the CA.\n");
1909
fd = fopen (info.ca_privkey, "r");
1912
fprintf (stderr, "File %s does not exist.\n", info.ca_privkey);
1916
size = fread (buffer, 1, sizeof (buffer) - 1, fd);
1247
error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
1921
1249
ret = gnutls_x509_privkey_init (&key);
1924
fprintf (stderr, "privkey_init: %s\n", gnutls_strerror (ret));
1251
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
1253
dat.data = read_binary_file (info.ca_privkey, &size);
1929
1254
dat.size = size;
1932
ret = gnutls_x509_privkey_import (key, &dat, in_cert_format);
1257
error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
1262
const char *pass = get_pass ();
1263
ret = gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
1936
ret = gnutls_x509_privkey_import_pkcs8 (key, &dat, in_cert_format,
1267
ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
1942
fprintf (stderr, "privkey_import: %s\n", gnutls_strerror (ret));
1270
error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
1271
info.ca_privkey, gnutls_strerror (ret));
1949
1276
/* Loads the CA's certificate
1955
gnutls_x509_crt crt;
1281
gnutls_x509_crt_t crt;
1960
fprintf (stderr, "Loading CA's certificate...\n");
1962
1286
if (info.ca == NULL)
1964
fprintf (stderr, "You must specify a certificate of the CA.\n");
1968
fd = fopen (info.ca, "r");
1971
fprintf (stderr, "File %s does not exist.\n", info.ca);
1975
size = fread (buffer, 1, sizeof (buffer) - 1, fd);
1287
error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
1980
1289
ret = gnutls_x509_crt_init (&crt);
1983
fprintf (stderr, "crt_init: %s\n", gnutls_strerror (ret));
1291
error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
1293
dat.data = read_binary_file (info.ca, &size);
1988
1294
dat.size = size;
1990
ret = gnutls_x509_crt_import (crt, &dat, in_cert_format);
1297
error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s",
1300
ret = gnutls_x509_crt_import (crt, &dat, info.incert_format);
1993
fprintf (stderr, "crt_import: %s\n", gnutls_strerror (ret));
1303
error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
1304
info.ca, gnutls_strerror (ret));
2532
1764
unsigned int output;
2536
gnutls_x509_crl crl;
1768
gnutls_x509_crl_t crl;
2537
1769
time_t now = time (0);
2538
gnutls_x509_crt issuer;
1770
gnutls_x509_crt_t issuer;
2540
1772
issuer = load_ca_cert ();
2542
1774
fprintf (outfile, "\nCA certificate:\n");
2543
1776
dn_size = sizeof (dn);
2544
1777
ret = gnutls_x509_crt_get_dn (issuer, dn, &dn_size);
2546
fprintf (outfile, "\tSubject: %s\n\n", dn);
2548
size = fread (buffer, 1, sizeof (buffer) - 1, infile);
1779
error (EXIT_FAILURE, 0, "crt_get_dn: %s", gnutls_strerror (ret));
1781
fprintf (outfile, "\tSubject: %s\n\n", dn);
1783
ret = gnutls_x509_crl_init (&crl);
1785
error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (ret));
1787
pem.data = fread_file (infile, &size);
2552
1788
pem.size = size;
2554
gnutls_x509_crl_init (&crl);
2556
ret = gnutls_x509_crl_import (crl, &pem, in_cert_format);
1790
ret = gnutls_x509_crl_import (crl, &pem, info.incert_format);
2559
fprintf (stderr, "CRL decoding error: %s\n", gnutls_strerror (ret));
2563
print_crl_info (crl, outfile, 1);
1793
error (EXIT_FAILURE, 0, "Import error: %s", gnutls_strerror (ret));
1795
print_crl_info (crl, outfile);
2566
1797
fprintf (outfile, "Verification output: ");
2567
1798
ret = gnutls_x509_crl_verify (crl, &issuer, 1, 0, &output);
2570
fprintf (stderr, "Error in verification: %s\n", gnutls_strerror (ret));
1800
error (EXIT_FAILURE, 0, "Verification error: %s", gnutls_strerror (ret));
2574
1802
if (output & GNUTLS_CERT_INVALID)
2628
1855
generate_pkcs12 (void)
2630
gnutls_pkcs12 pkcs12;
2631
gnutls_pkcs12_bag bag, kbag;
2632
gnutls_x509_crt crt;
2633
gnutls_x509_privkey key;
1857
gnutls_pkcs12_t pkcs12;
1858
gnutls_x509_crt_t *crts;
1859
gnutls_x509_privkey_t key;
1862
gnutls_datum_t data;
2637
1863
const char *password;
2638
1864
const char *name;
2639
1865
unsigned int flags;
2640
gnutls_datum key_id;
1866
gnutls_datum_t key_id;
2641
1867
unsigned char _key_id[20];
2644
1872
fprintf (stderr, "Generating a PKCS #12 structure...\n");
2646
1874
key = load_private_key (0);
2647
crt = load_cert (0);
1875
crts = load_cert_list (0, &ncrts);
2649
1877
name = get_pkcs12_key_name ();
1879
result = gnutls_pkcs12_init (&pkcs12);
1881
error (EXIT_FAILURE, 0, "pkcs12_init: %s", gnutls_strerror (result));
2652
1884
password = info.pass;
2654
1886
password = get_pass ();
2656
result = gnutls_pkcs12_bag_init (&bag);
1888
for (i = 0; i < ncrts; i++)
2659
fprintf (stderr, "bag_init: %s\n", gnutls_strerror (result));
2664
{ /* add the certificate only if it was specified.
2666
result = gnutls_pkcs12_bag_set_crt (bag, crt);
2669
fprintf (stderr, "set_crt: %s\n", gnutls_strerror (result));
1890
gnutls_pkcs12_bag_t bag;
1892
result = gnutls_pkcs12_bag_init (&bag);
1894
error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
1896
result = gnutls_pkcs12_bag_set_crt (bag, crts[i]);
1898
error (EXIT_FAILURE, 0, "set_crt[%d]: %s", i, gnutls_strerror (result));
2673
1900
index = result;
2675
1902
result = gnutls_pkcs12_bag_set_friendly_name (bag, index, name);
2676
1903
if (result < 0)
2678
fprintf (stderr, "bag_set_friendly_name: %s\n",
2679
gnutls_strerror (result));
1904
error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
1905
gnutls_strerror (result));
2683
1907
size = sizeof (_key_id);
2684
result = gnutls_x509_crt_get_key_id (crt, 0, _key_id, &size);
1908
result = gnutls_x509_crt_get_key_id (crts[i], 0, _key_id, &size);
2685
1909
if (result < 0)
2687
fprintf (stderr, "key_id: %s\n", gnutls_strerror (result));
1910
error (EXIT_FAILURE, 0, "key_id[%d]: %s", i, gnutls_strerror (result));
2691
1912
key_id.data = _key_id;
2692
1913
key_id.size = size;
2694
1915
result = gnutls_pkcs12_bag_set_key_id (bag, index, &key_id);
2695
1916
if (result < 0)
2697
fprintf (stderr, "bag_set_key_id: %s\n", gnutls_strerror (result));
1917
error (EXIT_FAILURE, 0, "bag_set_key_id: %s", gnutls_strerror (result));
2701
1919
if (info.export)
2702
1920
flags = GNUTLS_PKCS_USE_PKCS12_RC2_40;
2742
1956
gnutls_pkcs12_bag_set_data (kbag,
2743
1957
GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data);
2744
1958
if (result < 0)
2746
fprintf (stderr, "bag_set_data: %s\n", gnutls_strerror (result));
1959
error (EXIT_FAILURE, 0, "bag_set_data: %s", gnutls_strerror (result));
2750
1961
index = result;
2752
1963
result = gnutls_pkcs12_bag_set_friendly_name (kbag, index, name);
2753
1964
if (result < 0)
2755
fprintf (stderr, "bag_set_friendly_name: %s\n",
2756
gnutls_strerror (result));
1965
error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
1966
gnutls_strerror (result));
2760
1968
size = sizeof (_key_id);
2761
1969
result = gnutls_x509_privkey_get_key_id (key, 0, _key_id, &size);
2762
1970
if (result < 0)
2764
fprintf (stderr, "key_id: %s\n", gnutls_strerror (result));
1971
error (EXIT_FAILURE, 0, "key_id: %s", gnutls_strerror (result));
2768
1973
key_id.data = _key_id;
2769
1974
key_id.size = size;
2771
1976
result = gnutls_pkcs12_bag_set_key_id (kbag, index, &key_id);
2772
1977
if (result < 0)
2774
fprintf (stderr, "bag_set_key_id: %s\n", gnutls_strerror (result));
2779
/* write the PKCS #12 structure.
2781
result = gnutls_pkcs12_init (&pkcs12);
2784
fprintf (stderr, "pkcs12_init: %s\n", gnutls_strerror (result));
2790
result = gnutls_pkcs12_set_bag (pkcs12, bag);
2793
fprintf (stderr, "set_bag: %s\n", gnutls_strerror (result));
1978
error (EXIT_FAILURE, 0, "bag_set_key_id: %s", gnutls_strerror (result));
2800
1980
result = gnutls_pkcs12_set_bag (pkcs12, kbag);
2801
1981
if (result < 0)
2803
fprintf (stderr, "set_bag: %s\n", gnutls_strerror (result));
1982
error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
2808
1985
result = gnutls_pkcs12_generate_mac (pkcs12, password);
2809
1986
if (result < 0)
2811
fprintf (stderr, "generate_mac: %s\n", gnutls_strerror (result));
1987
error (EXIT_FAILURE, 0, "generate_mac: %s", gnutls_strerror (result));
2815
1989
size = sizeof (buffer);
2816
result = gnutls_pkcs12_export (pkcs12, out_cert_format, buffer, &size);
1990
result = gnutls_pkcs12_export (pkcs12, info.outcert_format, buffer, &size);
2817
1991
if (result < 0)
2819
fprintf (stderr, "pkcs12_export: %s\n", gnutls_strerror (result));
1992
error (EXIT_FAILURE, 0, "pkcs12_export: %s", gnutls_strerror (result));
2823
1994
fwrite (buffer, 1, size, outfile);
2828
BAGTYPE (gnutls_pkcs12_bag_type x)
1999
BAGTYPE (gnutls_pkcs12_bag_type_t x)
2939
2094
pkcs12_info (void)
2941
gnutls_pkcs12 pkcs12;
2942
gnutls_pkcs12_bag bag;
2096
gnutls_pkcs12_t pkcs12;
2097
gnutls_pkcs12_bag_t bag;
2100
gnutls_datum_t data;
2946
2101
const char *password;
2949
size = fread (buffer, 1, sizeof (buffer) - 1, infile);
2104
result = gnutls_pkcs12_init (&pkcs12);
2106
error (EXIT_FAILURE, 0, "p12_init: %s", gnutls_strerror (result));
2108
data.data = fread_file (infile, &size);
2953
2109
data.size = size;
2111
result = gnutls_pkcs12_import (pkcs12, &data, info.incert_format, 0);
2114
error (EXIT_FAILURE, 0, "p12_import: %s", gnutls_strerror (result));
2956
2117
password = info.pass;
2958
2119
password = get_pass ();
2960
result = gnutls_pkcs12_init (&pkcs12);
2963
fprintf (stderr, "p12_init: %s\n", gnutls_strerror (result));
2967
result = gnutls_pkcs12_import (pkcs12, &data, in_cert_format, 0);
2970
fprintf (stderr, "p12_import: %s\n", gnutls_strerror (result));
2974
2121
result = gnutls_pkcs12_verify_mac (pkcs12, password);
2975
2122
if (result < 0)
2977
fprintf (stderr, "verify_mac: %s\n", gnutls_strerror (result));
2123
error (EXIT_FAILURE, 0, "verify_mac: %s", gnutls_strerror (result));
2127
for (index = 0; ; index++)
2987
2129
result = gnutls_pkcs12_bag_init (&bag);
2988
2130
if (result < 0)
2990
fprintf (stderr, "bag_init: %s\n", gnutls_strerror (result));
2131
error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
2994
ret = gnutls_pkcs12_get_bag (pkcs12, index, bag);
2133
result = gnutls_pkcs12_get_bag (pkcs12, index, bag);
3000
2137
result = gnutls_pkcs12_bag_get_count (bag);
3001
2138
if (result < 0)
3003
fprintf (stderr, "bag_init: %s\n", gnutls_strerror (result));
2139
error (EXIT_FAILURE, 0, "bag_count: %s", gnutls_strerror (result));
3007
2141
fprintf (outfile, "BAG #%d\n", index);
3009
2143
result = gnutls_pkcs12_bag_get_type (bag, 0);
3010
2144
if (result < 0)
3012
fprintf (stderr, "bag_init: %s\n", gnutls_strerror (result));
2145
error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
3017
2147
if (result == GNUTLS_BAG_ENCRYPTED)
3022
2152
result = gnutls_pkcs12_bag_decrypt (bag, password);
3024
2154
if (result < 0)
3026
fprintf (stderr, "bag_decrypt: %s\n", gnutls_strerror (result));
2155
error (EXIT_FAILURE, 0, "bag_decrypt: %s",
2156
gnutls_strerror (result));
3030
2158
result = gnutls_pkcs12_bag_get_count (bag);
3031
2159
if (result < 0)
3033
fprintf (stderr, "get_count: %s\n", gnutls_strerror (result));
2160
error (EXIT_FAILURE, 0, "encrypted bag_count: %s",
2161
gnutls_strerror (result));
3039
2164
print_bag_data (bag);
3041
2166
gnutls_pkcs12_bag_deinit (bag);
3051
2171
pkcs7_info (void)
2173
gnutls_pkcs7_t pkcs7;
3056
gnutls_datum data, b64;
2176
gnutls_datum_t data, b64;
3057
2177
int index, count;
3059
size = fread (buffer, 1, sizeof (buffer) - 1, infile);
3065
2179
result = gnutls_pkcs7_init (&pkcs7);
3066
2180
if (result < 0)
3068
fprintf (stderr, "p7_init: %s\n", gnutls_strerror (result));
3072
result = gnutls_pkcs7_import (pkcs7, &data, in_cert_format);
2181
error (EXIT_FAILURE, 0, "p7_init: %s", gnutls_strerror (result));
2183
data.data = fread_file (infile, &size);
2186
result = gnutls_pkcs7_import (pkcs7, &data, info.incert_format);
3073
2188
if (result < 0)
3075
fprintf (stderr, "p7_import: %s\n", gnutls_strerror (result));
2189
error (EXIT_FAILURE, 0, "Import error: %s", gnutls_strerror (result));
3079
2191
/* Read and print the certificates.
3081
2193
result = gnutls_pkcs7_get_crt_count (pkcs7);
3082
2194
if (result < 0)
3084
fprintf (stderr, "p7_count: %s\n", gnutls_strerror (result));
2195
error (EXIT_FAILURE, 0, "p7_crt_count: %s", gnutls_strerror (result));
3088
2197
count = result;
3091
fprintf (outfile, "Certificates: %u\n", count);
2200
fprintf (outfile, "Number of certificates: %u\n", count);
3093
2202
for (index = 0; index < count; index++)
2204
fputs ("\n", outfile);
3095
2206
size = sizeof (buffer);
3096
2207
result = gnutls_pkcs7_get_crt_raw (pkcs7, index, buffer, &size);
3097
2208
if (result < 0)
3102
2211
data.data = buffer;
3103
2212
data.size = size;
3105
2214
result = gnutls_pem_base64_encode_alloc ("CERTIFICATE", &data, &b64);
3106
2215
if (result < 0)
3108
fprintf (stderr, "error encoding: %s\n", gnutls_strerror (result));
2216
error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result));
3112
2218
fputs (b64.data, outfile);
3113
fputs ("\n", outfile);
3114
2219
gnutls_free (b64.data);