version 1.12, 2022/11/11 17:07:39 |
version 1.13, 2023/03/06 14:32:06 |
|
|
char *spkac; |
char *spkac; |
char *spksect; |
char *spksect; |
int verify; |
int verify; |
} spkac_config; |
} cfg; |
|
|
static const struct option spkac_options[] = { |
static const struct option spkac_options[] = { |
{ |
{ |
|
|
.argname = "string", |
.argname = "string", |
.desc = "Specify challenge string if SPKAC is generated", |
.desc = "Specify challenge string if SPKAC is generated", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &spkac_config.challenge, |
.opt.arg = &cfg.challenge, |
}, |
}, |
{ |
{ |
.name = "in", |
.name = "in", |
.argname = "file", |
.argname = "file", |
.desc = "Input file (default stdin)", |
.desc = "Input file (default stdin)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &spkac_config.infile, |
.opt.arg = &cfg.infile, |
}, |
}, |
{ |
{ |
.name = "key", |
.name = "key", |
.argname = "file", |
.argname = "file", |
.desc = "Create SPKAC using private key file", |
.desc = "Create SPKAC using private key file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &spkac_config.keyfile, |
.opt.arg = &cfg.keyfile, |
}, |
}, |
{ |
{ |
.name = "noout", |
.name = "noout", |
.desc = "Do not print text version of SPKAC", |
.desc = "Do not print text version of SPKAC", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &spkac_config.noout, |
.opt.flag = &cfg.noout, |
}, |
}, |
{ |
{ |
.name = "out", |
.name = "out", |
.argname = "file", |
.argname = "file", |
.desc = "Output file (default stdout)", |
.desc = "Output file (default stdout)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &spkac_config.outfile, |
.opt.arg = &cfg.outfile, |
}, |
}, |
{ |
{ |
.name = "passin", |
.name = "passin", |
.argname = "src", |
.argname = "src", |
.desc = "Input file passphrase source", |
.desc = "Input file passphrase source", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &spkac_config.passargin, |
.opt.arg = &cfg.passargin, |
}, |
}, |
{ |
{ |
.name = "pubkey", |
.name = "pubkey", |
.desc = "Output public key of an SPKAC (not used if creating)", |
.desc = "Output public key of an SPKAC (not used if creating)", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &spkac_config.pubkey, |
.opt.flag = &cfg.pubkey, |
}, |
}, |
{ |
{ |
.name = "spkac", |
.name = "spkac", |
.argname = "name", |
.argname = "name", |
.desc = "SPKAC name (default \"SPKAC\")", |
.desc = "SPKAC name (default \"SPKAC\")", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &spkac_config.spkac, |
.opt.arg = &cfg.spkac, |
}, |
}, |
{ |
{ |
.name = "spksect", |
.name = "spksect", |
|
|
.desc = "Name of the section containing SPKAC (default" |
.desc = "Name of the section containing SPKAC (default" |
" \"default\")", |
" \"default\")", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &spkac_config.spksect, |
.opt.arg = &cfg.spksect, |
}, |
}, |
{ |
{ |
.name = "verify", |
.name = "verify", |
.desc = "Verify digital signature on supplied SPKAC", |
.desc = "Verify digital signature on supplied SPKAC", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &spkac_config.verify, |
.opt.flag = &cfg.verify, |
}, |
}, |
{ NULL } |
{ NULL } |
}; |
}; |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
memset(&spkac_config, 0, sizeof(spkac_config)); |
memset(&cfg, 0, sizeof(cfg)); |
spkac_config.spkac = "SPKAC"; |
cfg.spkac = "SPKAC"; |
spkac_config.spksect = "default"; |
cfg.spksect = "default"; |
|
|
if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) { |
if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) { |
spkac_usage(); |
spkac_usage(); |
return (1); |
return (1); |
} |
} |
|
|
if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) { |
if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { |
BIO_printf(bio_err, "Error getting password\n"); |
BIO_printf(bio_err, "Error getting password\n"); |
goto end; |
goto end; |
} |
} |
|
|
if (spkac_config.keyfile) { |
if (cfg.keyfile) { |
pkey = load_key(bio_err, |
pkey = load_key(bio_err, |
strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile |
strcmp(cfg.keyfile, "-") ? cfg.keyfile |
: NULL, FORMAT_PEM, 1, passin, "private key"); |
: NULL, FORMAT_PEM, 1, passin, "private key"); |
if (!pkey) { |
if (!pkey) { |
goto end; |
goto end; |
} |
} |
spki = NETSCAPE_SPKI_new(); |
spki = NETSCAPE_SPKI_new(); |
if (spkac_config.challenge) |
if (cfg.challenge) |
ASN1_STRING_set(spki->spkac->challenge, |
ASN1_STRING_set(spki->spkac->challenge, |
spkac_config.challenge, |
cfg.challenge, |
(int) strlen(spkac_config.challenge)); |
(int) strlen(cfg.challenge)); |
NETSCAPE_SPKI_set_pubkey(spki, pkey); |
NETSCAPE_SPKI_set_pubkey(spki, pkey); |
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); |
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); |
spkstr = NETSCAPE_SPKI_b64_encode(spki); |
spkstr = NETSCAPE_SPKI_b64_encode(spki); |
|
|
goto end; |
goto end; |
} |
} |
|
|
if (spkac_config.outfile) |
if (cfg.outfile) |
out = BIO_new_file(spkac_config.outfile, "w"); |
out = BIO_new_file(cfg.outfile, "w"); |
else |
else |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|
|
|
|
free(spkstr); |
free(spkstr); |
goto end; |
goto end; |
} |
} |
if (spkac_config.infile) |
if (cfg.infile) |
in = BIO_new_file(spkac_config.infile, "r"); |
in = BIO_new_file(cfg.infile, "r"); |
else |
else |
in = BIO_new_fp(stdin, BIO_NOCLOSE); |
in = BIO_new_fp(stdin, BIO_NOCLOSE); |
|
|
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
spkstr = NCONF_get_string(conf, spkac_config.spksect, |
spkstr = NCONF_get_string(conf, cfg.spksect, |
spkac_config.spkac); |
cfg.spkac); |
|
|
if (!spkstr) { |
if (!spkstr) { |
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", |
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", |
spkac_config.spkac); |
cfg.spkac); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (spkac_config.outfile) |
if (cfg.outfile) |
out = BIO_new_file(spkac_config.outfile, "w"); |
out = BIO_new_file(cfg.outfile, "w"); |
else { |
else { |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
} |
} |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (!spkac_config.noout) |
if (!cfg.noout) |
NETSCAPE_SPKI_print(out, spki); |
NETSCAPE_SPKI_print(out, spki); |
pkey = NETSCAPE_SPKI_get_pubkey(spki); |
pkey = NETSCAPE_SPKI_get_pubkey(spki); |
if (spkac_config.verify) { |
if (cfg.verify) { |
i = NETSCAPE_SPKI_verify(spki, pkey); |
i = NETSCAPE_SPKI_verify(spki, pkey); |
if (i > 0) |
if (i > 0) |
BIO_printf(bio_err, "Signature OK\n"); |
BIO_printf(bio_err, "Signature OK\n"); |
|
|
goto end; |
goto end; |
} |
} |
} |
} |
if (spkac_config.pubkey) |
if (cfg.pubkey) |
PEM_write_bio_PUBKEY(out, pkey); |
PEM_write_bio_PUBKEY(out, pkey); |
|
|
ret = 0; |
ret = 0; |