version 1.2, 2014/08/28 14:23:52 |
version 1.3, 2015/07/12 16:32:21 |
|
|
|
|
static int add_certs_from_file(STACK_OF(X509) * stack, char *certfile); |
static int add_certs_from_file(STACK_OF(X509) * stack, char *certfile); |
|
|
/* -inform arg - input format - default PEM (DER or PEM) |
static struct { |
* -outform arg - output format - default PEM |
STACK_OF(OPENSSL_STRING) *certflst; |
* -in arg - input file - default stdin |
char *infile; |
* -out arg - output file - default stdout |
int informat; |
*/ |
int nocrl; |
|
char *outfile; |
|
int outformat; |
|
} crl2p7_config; |
|
|
|
static int |
|
crl2p7_opt_certfile(char *arg) |
|
{ |
|
if (crl2p7_config.certflst == NULL) |
|
crl2p7_config.certflst = sk_OPENSSL_STRING_new_null(); |
|
if (crl2p7_config.certflst == NULL) { |
|
fprintf(stderr, "out of memory\n"); |
|
return (1); |
|
} |
|
if (!sk_OPENSSL_STRING_push(crl2p7_config.certflst, arg)) { |
|
fprintf(stderr, "out of memory\n"); |
|
return (1); |
|
} |
|
|
|
return (0); |
|
} |
|
|
|
static struct option crl2p7_options[] = { |
|
{ |
|
.name = "certfile", |
|
.argname = "file", |
|
.desc = "Chain of PEM certificates to a trusted CA", |
|
.type = OPTION_ARG_FUNC, |
|
.opt.argfunc = crl2p7_opt_certfile, |
|
}, |
|
{ |
|
.name = "in", |
|
.argname = "file", |
|
.desc = "Input file (default stdin)", |
|
.type = OPTION_ARG, |
|
.opt.arg = &crl2p7_config.infile, |
|
}, |
|
{ |
|
.name = "inform", |
|
.argname = "format", |
|
.desc = "Input format (DER or PEM (default))", |
|
.type = OPTION_ARG_FORMAT, |
|
.opt.value = &crl2p7_config.informat, |
|
}, |
|
{ |
|
.name = "nocrl", |
|
.desc = "Do not read CRL from input or include CRL in output", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &crl2p7_config.nocrl, |
|
}, |
|
{ |
|
.name = "out", |
|
.argname = "file", |
|
.desc = "Output file (default stdout)", |
|
.type = OPTION_ARG, |
|
.opt.arg = &crl2p7_config.outfile, |
|
}, |
|
{ |
|
.name = "outform", |
|
.argname = "format", |
|
.desc = "Output format (DER or PEM (default))", |
|
.type = OPTION_ARG_FORMAT, |
|
.opt.value = &crl2p7_config.outformat, |
|
}, |
|
{ NULL }, |
|
}; |
|
|
|
static void |
|
crl2p7_usage(void) |
|
{ |
|
fprintf(stderr, |
|
"usage: crl2p7 [-certfile file] [-in file] [-inform DER | PEM]\n" |
|
" [-nocrl] [-out file] [-outform DER | PEM]\n\n"); |
|
options_usage(crl2p7_options); |
|
} |
|
|
int crl2pkcs7_main(int, char **); |
int crl2pkcs7_main(int, char **); |
|
|
int |
int |
crl2pkcs7_main(int argc, char **argv) |
crl2pkcs7_main(int argc, char **argv) |
{ |
{ |
int i, badops = 0; |
int i; |
BIO *in = NULL, *out = NULL; |
BIO *in = NULL, *out = NULL; |
int informat, outformat; |
char *certfile; |
char *infile, *outfile, *prog, *certfile; |
|
PKCS7 *p7 = NULL; |
PKCS7 *p7 = NULL; |
PKCS7_SIGNED *p7s = NULL; |
PKCS7_SIGNED *p7s = NULL; |
X509_CRL *crl = NULL; |
X509_CRL *crl = NULL; |
STACK_OF(OPENSSL_STRING) * certflst = NULL; |
STACK_OF(X509_CRL) *crl_stack = NULL; |
STACK_OF(X509_CRL) * crl_stack = NULL; |
STACK_OF(X509) *cert_stack = NULL; |
STACK_OF(X509) * cert_stack = NULL; |
int ret = 1; |
int ret = 1, nocrl = 0; |
|
|
|
infile = NULL; |
memset(&crl2p7_config, 0, sizeof(crl2p7_config)); |
outfile = NULL; |
|
informat = FORMAT_PEM; |
|
outformat = FORMAT_PEM; |
|
|
|
prog = argv[0]; |
crl2p7_config.informat = FORMAT_PEM; |
argc--; |
crl2p7_config.outformat = FORMAT_PEM; |
argv++; |
|
while (argc >= 1) { |
|
if (strcmp(*argv, "-inform") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
informat = str2fmt(*(++argv)); |
|
} else if (strcmp(*argv, "-outform") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
outformat = str2fmt(*(++argv)); |
|
} else if (strcmp(*argv, "-in") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
infile = *(++argv); |
|
} else if (strcmp(*argv, "-nocrl") == 0) { |
|
nocrl = 1; |
|
} else if (strcmp(*argv, "-out") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
outfile = *(++argv); |
|
} else if (strcmp(*argv, "-certfile") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
if (!certflst) |
|
certflst = sk_OPENSSL_STRING_new_null(); |
|
sk_OPENSSL_STRING_push(certflst, *(++argv)); |
|
} else { |
|
BIO_printf(bio_err, "unknown option %s\n", *argv); |
|
badops = 1; |
|
break; |
|
} |
|
argc--; |
|
argv++; |
|
} |
|
|
|
if (badops) { |
if (options_parse(argc, argv, crl2p7_options, NULL, NULL) != 0) { |
bad: |
crl2p7_usage(); |
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); |
|
BIO_printf(bio_err, "where options are\n"); |
|
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); |
|
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); |
|
BIO_printf(bio_err, " -in arg input file\n"); |
|
BIO_printf(bio_err, " -out arg output file\n"); |
|
BIO_printf(bio_err, " -certfile arg certificates file of chain to a trusted CA\n"); |
|
BIO_printf(bio_err, " (can be used more than once)\n"); |
|
BIO_printf(bio_err, " -nocrl no crl to load, just certs from '-certfile'\n"); |
|
ret = 1; |
|
goto end; |
goto end; |
} |
} |
|
|
in = BIO_new(BIO_s_file()); |
in = BIO_new(BIO_s_file()); |
out = BIO_new(BIO_s_file()); |
out = BIO_new(BIO_s_file()); |
if ((in == NULL) || (out == NULL)) { |
if (in == NULL || out == NULL) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (!nocrl) { |
if (!crl2p7_config.nocrl) { |
if (infile == NULL) |
if (crl2p7_config.infile == NULL) |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
else { |
else { |
if (BIO_read_filename(in, infile) <= 0) { |
if (BIO_read_filename(in, crl2p7_config.infile) <= 0) { |
perror(infile); |
perror(crl2p7_config.infile); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
if (informat == FORMAT_ASN1) |
if (crl2p7_config.informat == FORMAT_ASN1) |
crl = d2i_X509_CRL_bio(in, NULL); |
crl = d2i_X509_CRL_bio(in, NULL); |
else if (informat == FORMAT_PEM) |
else if (crl2p7_config.informat == FORMAT_PEM) |
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); |
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); |
else { |
else { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
goto end; |
goto end; |
p7s->cert = cert_stack; |
p7s->cert = cert_stack; |
|
|
if (certflst) |
if (crl2p7_config.certflst) { |
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { |
for (i = 0; i < sk_OPENSSL_STRING_num(crl2p7_config.certflst); i++) { |
certfile = sk_OPENSSL_STRING_value(certflst, i); |
certfile = sk_OPENSSL_STRING_value(crl2p7_config.certflst, i); |
if (add_certs_from_file(cert_stack, certfile) < 0) { |
if (add_certs_from_file(cert_stack, certfile) < 0) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"error loading certificates\n"); |
"error loading certificates\n"); |
|
|
goto end; |
goto end; |
} |
} |
} |
} |
|
} |
|
|
sk_OPENSSL_STRING_free(certflst); |
sk_OPENSSL_STRING_free(crl2p7_config.certflst); |
|
|
if (outfile == NULL) { |
if (crl2p7_config.outfile == NULL) { |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
} else { |
} else { |
if (BIO_write_filename(out, outfile) <= 0) { |
if (BIO_write_filename(out, crl2p7_config.outfile) <= 0) { |
perror(outfile); |
perror(crl2p7_config.outfile); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
if (outformat == FORMAT_ASN1) |
if (crl2p7_config.outformat == FORMAT_ASN1) |
i = i2d_PKCS7_bio(out, p7); |
i = i2d_PKCS7_bio(out, p7); |
else if (outformat == FORMAT_PEM) |
else if (crl2p7_config.outformat == FORMAT_PEM) |
i = PEM_write_bio_PKCS7(out, p7); |
i = PEM_write_bio_PKCS7(out, p7); |
else { |
else { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
if (crl != NULL) |
if (crl != NULL) |
X509_CRL_free(crl); |
X509_CRL_free(crl); |
|
|
|
|
return (ret); |
return (ret); |
} |
} |
|
|
/* |
|
*---------------------------------------------------------------------- |
|
* int add_certs_from_file |
|
* |
|
* Read a list of certificates to be checked from a file. |
|
* |
|
* Results: |
|
* number of certs added if successful, -1 if not. |
|
*---------------------------------------------------------------------- |
|
*/ |
|
static int |
static int |
add_certs_from_file(STACK_OF(X509) * stack, char *certfile) |
add_certs_from_file(STACK_OF(X509) *stack, char *certfile) |
{ |
{ |
BIO *in = NULL; |
BIO *in = NULL; |
int count = 0; |
int count = 0; |
int ret = -1; |
int ret = -1; |
STACK_OF(X509_INFO) * sk = NULL; |
STACK_OF(X509_INFO) *sk = NULL; |
X509_INFO *xi; |
X509_INFO *xi; |
|
|
in = BIO_new(BIO_s_file()); |
in = BIO_new(BIO_s_file()); |
if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) { |
if (in == NULL || BIO_read_filename(in, certfile) <= 0) { |
BIO_printf(bio_err, "error opening the file, %s\n", certfile); |
BIO_printf(bio_err, "error opening the file, %s\n", certfile); |
goto end; |
goto end; |
} |
} |