diff options
author | Tobias Brunner <tobias@strongswan.org> | 2012-06-01 14:43:12 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2012-06-11 17:33:29 +0200 |
commit | cea9bf563a83a229f68fbc68116cea7fc40c6ca1 (patch) | |
tree | 38f274efe7ed36b100f37cfa056c7df7c7a1f32c /src/scepclient/scepclient.c | |
parent | 3a7c6b39b530a5671b8bac8e9f117b3d38224a3f (diff) | |
download | strongswan-cea9bf563a83a229f68fbc68116cea7fc40c6ca1.tar.bz2 strongswan-cea9bf563a83a229f68fbc68116cea7fc40c6ca1.tar.xz |
scepclient: Option added to read self-signed certificate from a file.
Diffstat (limited to 'src/scepclient/scepclient.c')
-rw-r--r-- | src/scepclient/scepclient.c | 67 |
1 files changed, 47 insertions, 20 deletions
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 2df6d7a5f..40fbc8502 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -317,9 +317,12 @@ static void usage(const char *message) " --version (-v) show version and exit\n" " --quiet (-q) do not write log output to stderr\n" " --in (-i) <type>[=<filename>] use <filename> of <type> for input \n" - " <type> = pkcs1 | cacert-enc | cacert-sig\n" - " - if no pkcs1 input is defined, a \n" - " RSA key will be generated\n" + " <type> = pkcs1 | cacert-enc | cacert-sig |\n" + " cert-self\n" + " - if no pkcs1 input is defined, an RSA\n" + " key will be generated\n" + " - if no cert-self input is defined, a\n" + " self-signed certificate will be generated\n" " - if no filename is given, default is used\n" " --out (-o) <type>[=<filename>] write output of <type> to <filename>\n" " multiple outputs are allowed\n" @@ -389,7 +392,7 @@ int main(int argc, char **argv) CERT_SELF = 0x08, CERT = 0x10, CACERT_ENC = 0x20, - CACERT_SIG = 0x40 + CACERT_SIG = 0x40, } scep_filetype_t; /* filetype to read from, defaults to "generate a key" */ @@ -400,6 +403,7 @@ int main(int argc, char **argv) /* input files */ char *file_in_pkcs1 = DEFAULT_FILENAME_PKCS1; + char *file_in_cert_self = DEFAULT_FILENAME_CERT_SELF; char *file_in_cacert_enc = DEFAULT_FILENAME_CACERT_ENC; char *file_in_cacert_sig = DEFAULT_FILENAME_CACERT_SIG; @@ -560,7 +564,13 @@ int main(int argc, char **argv) { filetype_in |= CACERT_SIG; if (filename) - file_in_cacert_sig = filename; + file_in_cacert_sig = filename; + } + else if (strcaseeq("cert-self", optarg)) + { + filetype_in |= CERT_SELF; + if (filename) + file_in_cert_self = filename; } else { @@ -1110,22 +1120,39 @@ int main(int argc, char **argv) scep_generate_transaction_id(public_key, &transID, &serialNumber); DBG1(DBG_APP, " transaction ID: %.*s", (int)transID.len, transID.ptr); - notBefore = notBefore ? notBefore : time(NULL); - notAfter = notAfter ? notAfter : (notBefore + validity); - - /* generate a self-signed X.509 certificate */ - x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_SIGNING_KEY, private_key, - BUILD_PUBLIC_KEY, public_key, - BUILD_SUBJECT, subject, - BUILD_NOT_BEFORE_TIME, notBefore, - BUILD_NOT_AFTER_TIME, notAfter, - BUILD_SERIAL, serialNumber, - BUILD_SUBJECT_ALTNAMES, subjectAltNames, - BUILD_END); - if (!x509_signer) + /* + * read or generate self-signed X.509 certificate + */ + if (filetype_in & CERT_SELF) + { + char path[PATH_MAX]; + + join_paths(path, sizeof(path), HOST_CERT_PATH, file_in_cert_self); + + x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, path, BUILD_END); + if (!x509_signer) + { + exit_scepclient("could not read certificate file '%s'", path); + } + } + else { - exit_scepclient("generating certificate failed"); + notBefore = notBefore ? notBefore : time(NULL); + notAfter = notAfter ? notAfter : (notBefore + validity); + x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_SIGNING_KEY, private_key, + BUILD_PUBLIC_KEY, public_key, + BUILD_SUBJECT, subject, + BUILD_NOT_BEFORE_TIME, notBefore, + BUILD_NOT_AFTER_TIME, notAfter, + BUILD_SERIAL, serialNumber, + BUILD_SUBJECT_ALTNAMES, subjectAltNames, + BUILD_END); + if (!x509_signer) + { + exit_scepclient("generating certificate failed"); + } } /* |