2
* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
4
* This file is part of GNUTLS.
6
* GNUTLS is free software: you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
2
* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
4
* This file is part of GnuTLS.
6
* GnuTLS is free software: you can redistribute it and/or modify it
7
* under the terms of the GNU General Public License as published by
8
8
* the Free Software Foundation, either version 3 of the License, or
9
9
* (at your option) any later version.
11
* GNUTLS is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
11
* GnuTLS is distributed in the hope that it will be useful, but
12
* WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
* General Public License for more details.
16
16
* You should have received a copy of the GNU General Public License
17
* along with this program. If not, see <http://www.gnu.org/licenses/>.
17
* along with this program. If not, see
18
* <http://www.gnu.org/licenses/>.
20
21
#include <config.h>
21
23
#include <gnutls/gnutls.h>
22
24
#include <gnutls/extra.h>
25
#include <gnutls/x509.h>
26
#include <gnutls/openpgp.h>
27
#include <gnutls/pkcs12.h>
23
29
#include <gcrypt.h>
26
32
#include <stdlib.h>
27
33
#include <string.h>
29
#include <gnutls/x509.h>
30
#include <gnutls/openpgp.h>
32
#include "certtool-gaa.h"
33
#include "certtool-common.h"
34
#include <gnutls/pkcs12.h>
35
36
#include <unistd.h>
36
#include <certtool-cfg.h>
39
38
#include <sys/types.h>
40
39
#include <sys/stat.h>
204
cipher_to_flags (const char *cipher)
206
if (strcasecmp (cipher, "3des") == 0)
208
return GNUTLS_PKCS_USE_PBES2_3DES;
210
else if (strcasecmp (cipher, "3des-pkcs12") == 0)
212
return GNUTLS_PKCS_USE_PKCS12_3DES;
214
else if (strcasecmp (cipher, "arcfour") == 0)
216
return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
218
else if (strcasecmp (cipher, "aes-128") == 0)
220
return GNUTLS_PKCS_USE_PBES2_AES_128;
222
else if (strcasecmp (cipher, "aes-192") == 0)
224
return GNUTLS_PKCS_USE_PBES2_AES_192;
226
else if (strcasecmp (cipher, "aes-256") == 0)
228
return GNUTLS_PKCS_USE_PBES2_AES_256;
230
else if (strcasecmp (cipher, "rc2-40") == 0)
232
return GNUTLS_PKCS_USE_PKCS12_RC2_40;
235
error (EXIT_FAILURE, 0, "Unknown cipher %s\n", cipher);
199
241
print_private_key (gnutls_x509_privkey_t key)
1421
ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &cinfo);
1423
error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret));
1425
fprintf (out, "%s\n", cinfo.data);
1427
gnutls_free (cinfo.data);
1481
if (info.outcert_format == GNUTLS_X509_FMT_PEM)
1483
ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &cinfo);
1485
error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret));
1487
fprintf (out, "%s\n", cinfo.data);
1489
gnutls_free (cinfo.data);
1429
1492
size = sizeof (buffer);
1430
ret = gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &size);
1493
ret = gnutls_x509_crq_export (crq, info.outcert_format, buffer, &size);
1432
1495
error (EXIT_FAILURE, 0, "crq_export: %s", gnutls_strerror (ret));
1890
1945
error (EXIT_FAILURE, 0, "set_pass: %s", gnutls_strerror (ret));
1893
ca_status = get_ca_status ();
1895
path_len = get_path_len ();
1899
ret = gnutls_x509_crq_set_basic_constraints (crq, ca_status, path_len);
1901
error (EXIT_FAILURE, 0, "set_basic_constraints: %s",
1902
gnutls_strerror (ret));
1905
ret = get_sign_status (1);
1907
usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
1909
ret = get_encrypt_status (1);
1911
usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
1913
usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
1917
ret = get_cert_sign_status ();
1919
usage |= GNUTLS_KEY_KEY_CERT_SIGN;
1921
ret = get_crl_sign_status ();
1923
usage |= GNUTLS_KEY_CRL_SIGN;
1925
ret = get_code_sign_status ();
1929
gnutls_x509_crq_set_key_purpose_oid (crq,
1930
GNUTLS_KP_CODE_SIGNING, 0);
1932
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1935
ret = get_ocsp_sign_status ();
1939
gnutls_x509_crq_set_key_purpose_oid (crq,
1940
GNUTLS_KP_OCSP_SIGNING, 0);
1942
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1945
ret = get_time_stamp_status ();
1949
gnutls_x509_crq_set_key_purpose_oid (crq,
1950
GNUTLS_KP_TIME_STAMPING, 0);
1952
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1957
ret = gnutls_x509_crq_set_key_usage (crq, usage);
1959
error (EXIT_FAILURE, 0, "key_usage: %s", gnutls_strerror (ret));
1961
ret = get_tls_client_status ();
1964
ret = gnutls_x509_crq_set_key_purpose_oid (crq,
1965
GNUTLS_KP_TLS_WWW_CLIENT, 0);
1967
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1970
ret = get_tls_server_status ();
1973
ret = gnutls_x509_crq_set_key_purpose_oid (crq,
1974
GNUTLS_KP_TLS_WWW_SERVER, 0);
1976
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1948
if (info.crq_extensions != 0)
1950
ca_status = get_ca_status ();
1952
path_len = get_path_len ();
1956
ret = gnutls_x509_crq_set_basic_constraints (crq, ca_status, path_len);
1958
error (EXIT_FAILURE, 0, "set_basic_constraints: %s",
1959
gnutls_strerror (ret));
1961
ret = get_sign_status (1);
1963
usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
1965
ret = get_encrypt_status (1);
1967
usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
1969
usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
1973
ret = get_cert_sign_status ();
1975
usage |= GNUTLS_KEY_KEY_CERT_SIGN;
1977
ret = get_crl_sign_status ();
1979
usage |= GNUTLS_KEY_CRL_SIGN;
1981
ret = get_code_sign_status ();
1984
ret = gnutls_x509_crq_set_key_purpose_oid
1985
(crq, GNUTLS_KP_CODE_SIGNING, 0);
1987
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1990
ret = get_ocsp_sign_status ();
1993
ret = gnutls_x509_crq_set_key_purpose_oid
1994
(crq, GNUTLS_KP_OCSP_SIGNING, 0);
1996
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1999
ret = get_time_stamp_status ();
2002
ret = gnutls_x509_crq_set_key_purpose_oid
2003
(crq, GNUTLS_KP_TIME_STAMPING, 0);
2005
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
2008
ret = get_ipsec_ike_status ();
2011
ret = gnutls_x509_crq_set_key_purpose_oid
2012
(crq, GNUTLS_KP_IPSEC_IKE, 0);
2014
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
2018
ret = gnutls_x509_crq_set_key_usage (crq, usage);
2020
error (EXIT_FAILURE, 0, "key_usage: %s", gnutls_strerror (ret));
2022
ret = get_tls_client_status ();
2025
ret = gnutls_x509_crq_set_key_purpose_oid
2026
(crq, GNUTLS_KP_TLS_WWW_CLIENT, 0);
2028
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
2031
ret = get_tls_server_status ();
2034
ret = gnutls_x509_crq_set_key_purpose_oid
2035
(crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
2037
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
1979
2041
ret = gnutls_x509_crq_set_key (crq, key);