aboutsummaryrefslogtreecommitdiffstats
path: root/src/openac
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2007-04-10 19:31:42 +0000
committerAndreas Steffen <andreas.steffen@strongswan.org>2007-04-10 19:31:42 +0000
commit241ab32c10e44a261e8ad3ab42a0311de0413ad7 (patch)
tree025b07ad9893048bb93bfc7cff4a7c90e9e61548 /src/openac
parent00ccb87671ac7c4844458aa630f101b27e4e0860 (diff)
downloadstrongswan-241ab32c10e44a261e8ad3ab42a0311de0413ad7.tar.bz2
strongswan-241ab32c10e44a261e8ad3ab42a0311de0413ad7.tar.xz
changed tab spacing from 8 to 4
Diffstat (limited to 'src/openac')
-rw-r--r--src/openac/build.c261
-rwxr-xr-xsrc/openac/openac.c628
2 files changed, 440 insertions, 449 deletions
diff --git a/src/openac/build.c b/src/openac/build.c
index bd3df6fee..0c6a2be3b 100644
--- a/src/openac/build.c
+++ b/src/openac/build.c
@@ -31,212 +31,201 @@
#include "build.h"
static u_char ASN1_group_oid_str[] = {
- 0x06, 0x08,
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04
+ 0x06, 0x08,
+ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04
};
static const chunk_t ASN1_group_oid = strchunk(ASN1_group_oid_str);
static u_char ASN1_authorityKeyIdentifier_oid_str[] = {
- 0x06, 0x03,
- 0x55, 0x1d, 0x23
+ 0x06, 0x03,
+ 0x55, 0x1d, 0x23
};
static const chunk_t ASN1_authorityKeyIdentifier_oid
= strchunk(ASN1_authorityKeyIdentifier_oid_str);
static u_char ASN1_noRevAvail_ext_str[] = {
- 0x30, 0x09,
- 0x06, 0x03,
- 0x55, 0x1d, 0x38,
- 0x04, 0x02,
- 0x05, 0x00
+ 0x30, 0x09,
+ 0x06, 0x03,
+ 0x55, 0x1d, 0x38,
+ 0x04, 0x02,
+ 0x05, 0x00
};
static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str);
-/*
+/**
* build directoryName
*/
-static chunk_t
-build_directoryName(asn1_t tag, chunk_t name)
+static chunk_t build_directoryName(asn1_t tag, chunk_t name)
{
- return asn1_wrap(tag, "m"
- , asn1_simple_object(ASN1_CONTEXT_C_4, name));
+ return asn1_wrap(tag, "m",
+ asn1_simple_object(ASN1_CONTEXT_C_4, name));
}
-/*
+/**
* build holder
*/
-static chunk_t
-build_holder(void)
+static chunk_t build_holder(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "mm"
- , asn1_wrap(ASN1_CONTEXT_C_0, "mm"
- , build_directoryName(ASN1_SEQUENCE, user->issuer)
- , asn1_simple_object(ASN1_INTEGER, user->serialNumber)
- )
- , build_directoryName(ASN1_CONTEXT_C_1, user->subject));
+ return asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_wrap(ASN1_CONTEXT_C_0, "mm",
+ build_directoryName(ASN1_SEQUENCE, user->issuer),
+ asn1_simple_object(ASN1_INTEGER, user->serialNumber)
+ ),
+ build_directoryName(ASN1_CONTEXT_C_1, user->subject));
}
-/*
+/**
* build v2Form
*/
-static chunk_t
-build_v2_form(void)
+static chunk_t build_v2_form(void)
{
- return asn1_wrap(ASN1_CONTEXT_C_0, "m"
- , build_directoryName(ASN1_SEQUENCE, signer->subject));
+ return asn1_wrap(ASN1_CONTEXT_C_0, "m",
+ build_directoryName(ASN1_SEQUENCE, signer->subject));
}
-/*
+/**
* build attrCertValidityPeriod
*/
-static chunk_t
-build_attr_cert_validity(void)
+static chunk_t build_attr_cert_validity(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "mm"
- , timetoasn1(&notBefore, ASN1_GENERALIZEDTIME)
- , timetoasn1(&notAfter, ASN1_GENERALIZEDTIME));
+ return asn1_wrap(ASN1_SEQUENCE, "mm",
+ timetoasn1(&notBefore, ASN1_GENERALIZEDTIME),
+ timetoasn1(&notAfter, ASN1_GENERALIZEDTIME));
}
-/*
+/**
* build attributes
*/
-static chunk_t
-build_ietfAttributes(ietfAttrList_t *list)
+static chunk_t build_ietfAttributes(ietfAttrList_t *list)
{
- chunk_t ietfAttributes;
- ietfAttrList_t *item = list;
- size_t size = 0;
- u_char *pos;
-
- /* precalculate the total size of all values */
- while (item != NULL)
- {
- size_t len = item->attr->value.len;
-
- size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
- item = item->next;
- }
- pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);
-
- while (list != NULL)
- {
- ietfAttr_t *attr = list->attr;
- asn1_t type = ASN1_NULL;
-
- switch (attr->kind)
+ chunk_t ietfAttributes;
+ ietfAttrList_t *item = list;
+ size_t size = 0;
+ u_char *pos;
+
+ /* precalculate the total size of all values */
+ while (item != NULL)
{
- case IETF_ATTRIBUTE_OCTETS:
- type = ASN1_OCTET_STRING;
- break;
- case IETF_ATTRIBUTE_STRING:
- type = ASN1_UTF8STRING;
- break;
- case IETF_ATTRIBUTE_OID:
- type = ASN1_OID;
- break;
+ size_t len = item->attr->value.len;
+
+ size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
+ item = item->next;
}
- mv_chunk(&pos, asn1_simple_object(type, attr->value));
+ pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);
- list = list->next;
- }
+ while (list != NULL)
+ {
+ ietfAttr_t *attr = list->attr;
+ asn1_t type = ASN1_NULL;
+
+ switch (attr->kind)
+ {
+ case IETF_ATTRIBUTE_OCTETS:
+ type = ASN1_OCTET_STRING;
+ break;
+ case IETF_ATTRIBUTE_STRING:
+ type = ASN1_UTF8STRING;
+ break;
+ case IETF_ATTRIBUTE_OID:
+ type = ASN1_OID;
+ break;
+ }
+ mv_chunk(&pos, asn1_simple_object(type, attr->value));
+
+ list = list->next;
+ }
- return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
+ return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
}
-/*
+/**
* build attribute type
*/
-static chunk_t
-build_attribute_type(const chunk_t type, chunk_t content)
+static chunk_t build_attribute_type(const chunk_t type, chunk_t content)
{
- return asn1_wrap(ASN1_SEQUENCE, "cm"
- , type
- , asn1_wrap(ASN1_SET, "m", content));
+ return asn1_wrap(ASN1_SEQUENCE, "cm",
+ type,
+ asn1_wrap(ASN1_SET, "m", content));
}
-/*
+/**
* build attributes
*/
-static chunk_t
-build_attributes(void)
+static chunk_t build_attributes(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "m"
- , build_attribute_type(ASN1_group_oid
- , build_ietfAttributes(groups)));
+ return asn1_wrap(ASN1_SEQUENCE, "m",
+ build_attribute_type(ASN1_group_oid,
+ build_ietfAttributes(groups)));
}
-/*
+/**
* build authorityKeyIdentifier
*/
-static chunk_t
-build_authorityKeyID(x509cert_t *signer)
+static chunk_t build_authorityKeyID(x509cert_t *signer)
{
- chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL)
- ? empty_chunk
- : asn1_simple_object(ASN1_CONTEXT_S_0
- , signer->subjectKeyID);
-
- chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1
- , signer->issuer);
-
- chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2
- , signer->serialNumber);
-
- return asn1_wrap(ASN1_SEQUENCE, "cm"
- , ASN1_authorityKeyIdentifier_oid
- , asn1_wrap(ASN1_OCTET_STRING, "m"
- , asn1_wrap(ASN1_SEQUENCE, "mmm"
- , keyIdentifier
- , authorityCertIssuer
- , authorityCertSerialNumber
- )
- )
- );
+ chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL)
+ ? empty_chunk
+ : asn1_simple_object(ASN1_CONTEXT_S_0,
+ signer->subjectKeyID);
+
+ chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1,
+ signer->issuer);
+
+ chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2,
+ signer->serialNumber);
+
+ return asn1_wrap(ASN1_SEQUENCE, "cm",
+ ASN1_authorityKeyIdentifier_oid,
+ asn1_wrap(ASN1_OCTET_STRING, "m",
+ asn1_wrap(ASN1_SEQUENCE, "mmm",
+ keyIdentifier,
+ authorityCertIssuer,
+ authorityCertSerialNumber
+ )
+ )
+ );
}
-/*
+/**
* build extensions
*/
-static chunk_t
-build_extensions(void)
+static chunk_t build_extensions(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "mc"
- , build_authorityKeyID(signer)
- , ASN1_noRevAvail_ext);
+ return asn1_wrap(ASN1_SEQUENCE, "mc",
+ build_authorityKeyID(signer),
+ ASN1_noRevAvail_ext);
}
-/*
+/**
* build attributeCertificateInfo
*/
-static chunk_t
-build_attr_cert_info(void)
+static chunk_t build_attr_cert_info(void)
{
- return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm"
- , ASN1_INTEGER_1
- , build_holder()
- , build_v2_form()
- , ASN1_sha1WithRSA_id
- , asn1_simple_object(ASN1_INTEGER, serial)
- , build_attr_cert_validity()
- , build_attributes()
- , build_extensions());
+ return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm",
+ ASN1_INTEGER_1,
+ build_holder(),
+ build_v2_form(),
+ ASN1_sha1WithRSA_id,
+ asn1_simple_object(ASN1_INTEGER, serial),
+ build_attr_cert_validity(),
+ build_attributes(),
+ build_extensions());
}
-/*
+/**
* build an X.509 attribute certificate
*/
-chunk_t
-build_attr_cert(void)
+chunk_t build_attr_cert(void)
{
- chunk_t attributeCertificateInfo = build_attr_cert_info();
- chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo
- , OID_SHA1, signerkey, TRUE);
-
- return asn1_wrap(ASN1_SEQUENCE, "mcm"
- , attributeCertificateInfo
- , ASN1_sha1WithRSA_id
- , signatureValue);
+ chunk_t attributeCertificateInfo = build_attr_cert_info();
+ chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo,
+ OID_SHA1, signerkey, TRUE);
+
+ return asn1_wrap(ASN1_SEQUENCE, "mcm",
+ attributeCertificateInfo,
+ ASN1_sha1WithRSA_id,
+ signatureValue);
}
diff --git a/src/openac/openac.c b/src/openac/openac.c
index 00f287b3a..e3f92fbd2 100755
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -57,107 +57,113 @@ bool pkcs11_keep_state = FALSE;
static void
usage(const char *mess)
{
- if (mess != NULL && *mess != '\0')
- fprintf(stderr, "%s\n", mess);
- fprintf(stderr
- , "Usage: openac"
- " [--help]"
- " [--version]"
- " [--optionsfrom <filename>]"
- " [--quiet]"
+ if (mess != NULL && *mess != '\0')
+ {
+ fprintf(stderr, "%s\n", mess);
+ }
+ fprintf(stderr, "Usage: openac"
+ " [--help]"
+ " [--version]"
+ " [--optionsfrom <filename>]"
+ " [--quiet]"
#ifdef DEBUG
- " \\\n\t"
- " [--debug-all]"
- " [--debug-parsing]"
- " [--debug-raw]"
- " [--debug-private]"
+ " \\\n\t"
+ " [--debug-all]"
+ " [--debug-parsing]"
+ " [--debug-raw]"
+ " [--debug-private]"
#endif
- " \\\n\t"
- " [--days <days>]"
- " [--hours <hours>]"
- " \\\n\t"
- " [--startdate <YYYYMMDDHHMMSSZ>]"
- " [--enddate <YYYYMMDDHHMMSSZ>]"
- " \\\n\t"
- " --cert <certfile>"
- " --key <keyfile>"
- " [--password <password>]"
- " \\\n\t"
- " --usercert <certfile>"
- " --groups <attr1,attr2,..>"
- " --out <filename>"
- "\n"
- );
- exit(mess == NULL? 0 : 1);
+ " \\\n\t"
+ " [--days <days>]"
+ " [--hours <hours>]"
+ " \\\n\t"
+ " [--startdate <YYYYMMDDHHMMSSZ>]"
+ " [--enddate <YYYYMMDDHHMMSSZ>]"
+ " \\\n\t"
+ " --cert <certfile>"
+ " --key <keyfile>"
+ " [--password <password>]"
+ " \\\n\t"
+ " --usercert <certfile>"
+ " --groups <attr1,attr2,..>"
+ " --out <filename>"
+ "\n"
+ );
+ exit(mess == NULL? 0 : 1);
}
-/*
+/**
* read the last serial number from file
*/
-static chunk_t
-read_serial(void)
+static chunk_t read_serial(void)
{
- MP_INT number;
+ MP_INT number;
- char buf[BUF_LEN];
- char bytes[BUF_LEN];
+ char buf[BUF_LEN];
+ char bytes[BUF_LEN];
- FILE *fd = fopen(OPENAC_SERIAL, "r");
+ FILE *fd = fopen(OPENAC_SERIAL, "r");
- /* serial number defaults to 0 */
- size_t len = 1;
- bytes[0] = 0x00;
+ /* serial number defaults to 0 */
+ size_t len = 1;
+ bytes[0] = 0x00;
- if (fd)
- {
- if (fscanf(fd, "%s", buf))
+ if (fd)
{
- err_t ugh = ttodata(buf, 0, 16, bytes, BUF_LEN, &len);
-
- if (ugh != NULL)
- plog(" error reading serial number from %s: %s"
- , OPENAC_SERIAL, ugh);
+ if (fscanf(fd, "%s", buf))
+ {
+ err_t ugh = ttodata(buf, 0, 16, bytes, BUF_LEN, &len);
+
+ if (ugh != NULL)
+ {
+ plog(" error reading serial number from %s: %s"
+ , OPENAC_SERIAL, ugh);
+ }
+ }
+ fclose(fd);
}
- fclose(fd);
- }
- else
- plog(" file '%s' does not exist yet - serial number set to 01"
+ else
+ {
+ plog(" file '%s' does not exist yet - serial number set to 01"
, OPENAC_SERIAL);
+ }
- /* conversion of read serial number to a multiprecision integer
- * and incrementing it by one
- * and representing it as a two's complement octet string
- */
- n_to_mpz(&number, bytes, len);
- mpz_add_ui(&number, &number, 0x01);
- serial = mpz_to_n(&number, 1 + mpz_sizeinbase(&number, 2)/BITS_PER_BYTE);
- mpz_clear(&number);
-
- return serial;
+ /**
+ * conversion of read serial number to a multiprecision integer
+ * and incrementing it by one
+ * and representing it as a two's complement octet string
+ */
+ n_to_mpz(&number, bytes, len);
+ mpz_add_ui(&number, &number, 0x01);
+ serial = mpz_to_n(&number, 1 + mpz_sizeinbase(&number, 2)/BITS_PER_BYTE);
+ mpz_clear(&number);
+
+ return serial;
}
-/*
+/**
* write back the last serial number to file
*/
-static void
-write_serial(chunk_t serial)
+static void write_serial(chunk_t serial)
{
- char buf[BUF_LEN];
-
- FILE *fd = fopen(OPENAC_SERIAL, "w");
-
- if (fd)
- {
- datatot(serial.ptr, serial.len, 16, buf, BUF_LEN);
- plog(" serial number is %s", buf);
- fprintf(fd, "%s\n", buf);
- fclose(fd);
- }
- else
- plog(" could not open file '%s' for writing", OPENAC_SERIAL);
+ char buf[BUF_LEN];
+
+ FILE *fd = fopen(OPENAC_SERIAL, "w");
+
+ if (fd)
+ {
+ datatot(serial.ptr, serial.len, 16, buf, BUF_LEN);
+ plog(" serial number is %s", buf);
+ fprintf(fd, "%s\n", buf);
+ fclose(fd);
+ }
+ else
+ {
+ plog(" could not open file '%s' for writing", OPENAC_SERIAL);
+ }
}
-/*
+/**
* global variables accessible by both main() and build.c
*/
x509cert_t *user = NULL;
@@ -171,268 +177,264 @@ time_t notAfter = 0;
chunk_t serial;
-
-int
-main(int argc, char **argv)
+int main(int argc, char **argv)
{
- char *keyfile = NULL;
- char *certfile = NULL;
- char *usercertfile = NULL;
- char *outfile = NULL;
+ char *keyfile = NULL;
+ char *certfile = NULL;
+ char *usercertfile = NULL;
+ char *outfile = NULL;
- cert_t signercert = empty_cert;
- cert_t usercert = empty_cert;
+ cert_t signercert = empty_cert;
+ cert_t usercert = empty_cert;
- chunk_t attr_cert = empty_chunk;
- x509acert_t *ac = NULL;
+ chunk_t attr_cert = empty_chunk;
+ x509acert_t *ac = NULL;
- const time_t default_validity = 24*3600; /* 24 hours */
- time_t validity = 0;
+ const time_t default_validity = 24*3600; /* 24 hours */
+ time_t validity = 0;
- prompt_pass_t pass;
+ prompt_pass_t pass;
- pass.secret[0] = '\0';
- pass.prompt = TRUE;
- pass.fd = STDIN_FILENO;
+ pass.secret[0] = '\0';
+ pass.prompt = TRUE;
+ pass.fd = STDIN_FILENO;
- log_to_stderr = TRUE;
+ log_to_stderr = TRUE;
- /* handle arguments */
- for (;;)
- {
+ /* handle arguments */
+ for (;;)
+ {
# define DBG_OFFSET 256
- static const struct option long_opts[] = {
- /* name, has_arg, flag, val */
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, 'v' },
- { "optionsfrom", required_argument, NULL, '+' },
- { "quiet", no_argument, NULL, 'q' },
- { "cert", required_argument, NULL, 'c' },
- { "key", required_argument, NULL, 'k' },
- { "password", required_argument, NULL, 'p' },
- { "usercert", required_argument, NULL, 'u' },
- { "groups", required_argument, NULL, 'g' },
- { "days", required_argument, NULL, 'D' },
- { "hours", required_argument, NULL, 'H' },
- { "startdate", required_argument, NULL, 'S' },
- { "enddate", required_argument, NULL, 'E' },
- { "out", required_argument, NULL, 'o' },
+ static const struct option long_opts[] = {
+ /* name, has_arg, flag, val */
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, 'v' },
+ { "optionsfrom", required_argument, NULL, '+' },
+ { "quiet", no_argument, NULL, 'q' },
+ { "cert", required_argument, NULL, 'c' },
+ { "key", required_argument, NULL, 'k' },
+ { "password", required_argument, NULL, 'p' },
+ { "usercert", required_argument, NULL, 'u' },
+ { "groups", required_argument, NULL, 'g' },
+ { "days", required_argument, NULL, 'D' },
+ { "hours", required_argument, NULL, 'H' },
+ { "startdate", required_argument, NULL, 'S' },
+ { "enddate", required_argument, NULL, 'E' },
+ { "out", required_argument, NULL, 'o' },
#ifdef DEBUG
- { "debug-all", no_argument, NULL, 'A' },
- { "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET },
- { "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET },
- { "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET },
+ { "debug-all", no_argument, NULL, 'A' },
+ { "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET },
+ { "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET },
+ { "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET },
#endif
- { 0,0,0,0 }
- };
+ { 0,0,0,0 }
+ };
- int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:", long_opts, NULL);
-
- /* Note: "breaking" from case terminates loop */
- switch (c)
- {
- case EOF: /* end of flags */
- break;
-
- case 0: /* long option already handled */
- continue;
-
- case ':': /* diagnostic already printed by getopt_long */
- case '?': /* diagnostic already printed by getopt_long */
- usage(NULL);
- break; /* not actually reached */
-
- case 'h': /* --help */
- usage(NULL);
- break; /* not actually reached */
-
- case 'v': /* --version */
- printf("%s\n", openac_version);
- exit(0);
- break; /* not actually reached */
-
- case '+': /* --optionsfrom <filename> */
- {
- char path[BUF_LEN];
-
- if (*optarg == '/') /* absolute pathname */
- strncpy(path, optarg, BUF_LEN);
- else /* relative pathname */
- snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg);
- optionsfrom(path, &argc, &argv, optind, stderr);
- /* does not return on error */
- }
- continue;
-
- case 'q': /* --quiet */
- log_to_stderr = TRUE;
- continue;
-
- case 'c': /* --cert */
- certfile = optarg;
- continue;
-
- case 'k': /* --key */
- keyfile = optarg;
- continue;
-
- case 'p': /* --key */
- pass.prompt = FALSE;
- strncpy(pass.secret, optarg, sizeof(pass.secret));
- continue;
-
- case 'u': /* --usercert */
- usercertfile = optarg;
- continue;
-
- case 'g': /* --groups */
- decode_groups(optarg, &groups);
- continue;
-
- case 'D': /* --days */
- if (optarg == NULL || !isdigit(optarg[0]))
- usage("missing number of days");
- {
- char *endptr;
- long days = strtol(optarg, &endptr, 0);
-
- if (*endptr != '\0' || endptr == optarg
- || days <= 0)
- usage("<days> must be a positive number");
- validity += 24*3600*days;
- }
- continue;
-
- case 'H': /* --hours */
- if (optarg == NULL || !isdigit(optarg[0]))
- usage("missing number of hours");
- {
- char *endptr;
- long hours = strtol(optarg, &endptr, 0);
-
- if (*endptr != '\0' || endptr == optarg
- || hours <= 0)
- usage("<hours> must be a positive number");
- validity += 3600*hours;
- }
- continue;
-
- case 'S': /* --startdate */
- if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
- usage("date format must be YYYYMMDDHHMMSSZ");
- {
- chunk_t date = { optarg, 15 };
- notBefore = asn1totime(&date, ASN1_GENERALIZEDTIME);
- }
- continue;
-
- case 'E': /* --enddate */
- if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
- usage("date format must be YYYYMMDDHHMMSSZ");
- {
- chunk_t date = { optarg, 15 };
- notAfter = asn1totime(&date, ASN1_GENERALIZEDTIME);
- }
- continue;
-
- case 'o': /* --outt */
- outfile = optarg;
- continue ;
+ int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:", long_opts, NULL);
+
+ /* Note: "breaking" from case terminates loop */
+ switch (c)
+ {
+ case EOF: /* end of flags */
+ break;
+
+ case 0: /* long option already handled */
+ continue;
+
+ case ':': /* diagnostic already printed by getopt_long */
+ case '?': /* diagnostic already printed by getopt_long */
+ usage(NULL);
+ break; /* not actually reached */
+
+ case 'h': /* --help */
+ usage(NULL);
+ break; /* not actually reached */
+
+ case 'v': /* --version */
+ printf("%s\n", openac_version);
+ exit(0);
+ break; /* not actually reached */
+
+ case '+': /* --optionsfrom <filename> */
+ {
+ char path[BUF_LEN];
+
+ if (*optarg == '/') /* absolute pathname */
+ strncpy(path, optarg, BUF_LEN);
+ else /* relative pathname */
+ snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg);
+ optionsfrom(path, &argc, &argv, optind, stderr);
+ /* does not return on error */
+ }
+ continue;
+
+ case 'q': /* --quiet */
+ log_to_stderr = TRUE;
+ continue;
+
+ case 'c': /* --cert */
+ certfile = optarg;
+ continue;
+
+ case 'k': /* --key */
+ keyfile = optarg;
+ continue;
+
+ case 'p': /* --key */
+ pass.prompt = FALSE;
+ strncpy(pass.secret, optarg, sizeof(pass.secret));
+ continue;
+
+ case 'u': /* --usercert */
+ usercertfile = optarg;
+ continue;
+
+ case 'g': /* --groups */
+ decode_groups(optarg, &groups);
+ continue;
+
+ case 'D': /* --days */
+ if (optarg == NULL || !isdigit(optarg[0]))
+ usage("missing number of days");
+ {
+ char *endptr;
+ long days = strtol(optarg, &endptr, 0);
+
+ if (*endptr != '\0' || endptr == optarg || days <= 0)
+ usage("<days> must be a positive number");
+ validity += 24*3600*days;
+ }
+ continue;
+
+ case 'H': /* --hours */
+ if (optarg == NULL || !isdigit(optarg[0]))
+ usage("missing number of hours");
+ {
+ char *endptr;
+ long hours = strtol(optarg, &endptr, 0);
+
+ if (*endptr != '\0' || endptr == optarg || hours <= 0)
+ usage("<hours> must be a positive number");
+ validity += 3600*hours;
+ }
+ continue;
+
+ case 'S': /* --startdate */
+ if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
+ usage("date format must be YYYYMMDDHHMMSSZ");
+ {
+ chunk_t date = { optarg, 15 };
+ notBefore = asn1totime(&date, ASN1_GENERALIZEDTIME);
+ }
+ continue;
+
+ case 'E': /* --enddate */
+ if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
+ usage("date format must be YYYYMMDDHHMMSSZ");
+ {
+ chunk_t date = { optarg, 15 };
+ notAfter = asn1totime(&date, ASN1_GENERALIZEDTIME);
+ }
+ continue;
+
+ case 'o': /* --outt */
+ outfile = optarg;
+ continue;
#ifdef DEBUG
- case 'A': /* --debug-all */
- base_debugging = DBG_ALL;
- continue;
+ case 'A': /* --debug-all */
+ base_debugging = DBG_ALL;
+ continue;
#endif
- default:
+ default:
#ifdef DEBUG
- if (c >= DBG_OFFSET)
- {
- base_debugging |= c - DBG_OFFSET;
- continue;
- }
+ if (c >= DBG_OFFSET)
+ {
+ base_debugging |= c - DBG_OFFSET;
+ continue;
+ }
#undef DBG_OFFSET
#endif
- bad_case(c);
+ bad_case(c);
+ }
+ break;
}
- break;
- }
- init_log("openac");
- cur_debugging = base_debugging;
+ init_log("openac");
+ cur_debugging = base_debugging;
- if (optind != argc)
- usage("unexpected argument");
+ if (optind != argc)
+ usage("unexpected argument");
- /* load the signer's RSA private key */
- if (keyfile != NULL)
- {
- err_t ugh = NULL;
+ /* load the signer's RSA private key */
+ if (keyfile != NULL)
+ {
+ err_t ugh = NULL;
+
+ signerkey = alloc_thing(RSA_private_key_t, "RSA private key");
+ ugh = load_rsa_private_key(keyfile, &pass, signerkey);
+
+ if (ugh != NULL)
+ {
+ free_RSA_private_content(signerkey);
+ pfree(signerkey);
+ plog("%s", ugh);
+ exit(1);
+ }
+ }
- signerkey = alloc_thing(RSA_private_key_t, "RSA private key");
- ugh = load_rsa_private_key(keyfile, &pass, signerkey);
+ /* load the signer's X.509 certificate */
+ if (certfile != NULL)
+ {
+ if (!load_cert(certfile, "signer cert", &signercert))
+ exit(1);
+ signer = signercert.u.x509;
+ }
- if (ugh != NULL)
+ /* load the users's X.509 certificate */
+ if (usercertfile != NULL)
{
- free_RSA_private_content(signerkey);
- pfree(signerkey);
- plog("%s", ugh);
- exit(1);
+ if (!load_cert(usercertfile, "user cert", &usercert))
+ exit(1);
+ user = usercert.u.x509;
}
- }
-
- /* load the signer's X.509 certificate */
- if (certfile != NULL)
- {
- if (!load_cert(certfile, "signer cert", &signercert))
- exit(1);
- signer = signercert.u.x509;
- }
-
- /* load the users's X.509 certificate */
- if (usercertfile != NULL)
- {
- if (!load_cert(usercertfile, "user cert", &usercert))
- exit(1);
- user = usercert.u.x509;
- }
-
- /* compute validity interval */
- validity = (validity)? validity : default_validity;
- notBefore = (notBefore) ? notBefore : time(NULL);
- notAfter = (notAfter) ? notAfter : notBefore + validity;
-
- /* build and parse attribute certificate */
- if (user != NULL && signer != NULL && signerkey != NULL)
- {
- /* read the serial number and increment it by one */
- serial = read_serial();
-
- attr_cert = build_attr_cert();
- ac = alloc_thing(x509acert_t, "x509acert");
- *ac = empty_ac;
- parse_ac(attr_cert, ac);
+
+ /* compute validity interval */
+ validity = (validity)? validity : default_validity;
+ notBefore = (notBefore) ? notBefore : time(NULL);
+ notAfter = (notAfter) ? notAfter : notBefore + validity;
+
+ /* build and parse attribute certificate */
+ if (user != NULL && signer != NULL && signerkey != NULL)
+ {
+ /* read the serial number and increment it by one */
+ serial = read_serial();
+
+ attr_cert = build_attr_cert();
+ ac = alloc_thing(x509acert_t, "x509acert");
+ *ac = empty_ac;
+ parse_ac(attr_cert, ac);
- /* write the attribute certificate to file */
- if (write_chunk(outfile, "attribute cert", attr_cert, 0022, TRUE))
- write_serial(serial);
- }
-
- /* delete all dynamic objects */
- if (signerkey != NULL)
- {
- free_RSA_private_content(signerkey);
- pfree(signerkey);
- }
- free_x509cert(signercert.u.x509);
- free_x509cert(usercert.u.x509);
- free_ietfAttrList(groups);
- free_acert(ac);
- pfree(serial.ptr);
+ /* write the attribute certificate to file */
+ if (write_chunk(outfile, "attribute cert", attr_cert, 0022, TRUE))
+ write_serial(serial);
+ }
+
+ /* delete all dynamic objects */
+ if (signerkey != NULL)
+ {
+ free_RSA_private_content(signerkey);
+ pfree(signerkey);
+ }
+ free_x509cert(signercert.u.x509);
+ free_x509cert(usercert.u.x509);
+ free_ietfAttrList(groups);
+ free_acert(ac);
+ pfree(serial.ptr);
#ifdef LEAK_DETECTIVE
- report_leaks();
+ report_leaks();
#endif /* LEAK_DETECTIVE */
- close_log();
- exit(0);
+ close_log();
+ exit(0);
}