diff options
author | Tobias Brunner <tobias@strongswan.org> | 2012-05-04 14:17:59 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2012-06-11 17:09:19 +0200 |
commit | 25924d3e453570d1adcfcb2908910cc9958dc17e (patch) | |
tree | c6eb17cb07326d18c729fedd3da2a4eb9bd727e0 /src | |
parent | 07f0abd7acd5e731705eae45f77c55ed5b53eaa0 (diff) | |
download | strongswan-25924d3e453570d1adcfcb2908910cc9958dc17e.tar.bz2 strongswan-25924d3e453570d1adcfcb2908910cc9958dc17e.tar.xz |
scepclient: Some code cleanup.
Diffstat (limited to 'src')
-rw-r--r-- | src/scepclient/scep.c | 222 | ||||
-rw-r--r-- | src/scepclient/scep.h | 39 | ||||
-rw-r--r-- | src/scepclient/scepclient.c | 393 |
3 files changed, 319 insertions, 335 deletions
diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index 29f6eab70..45a079db5 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -1,10 +1,3 @@ -/** - * @file scep.c - * @brief SCEP specific functions - * - * Contains functions to build SCEP request's and to parse SCEP reply's. - */ - /* * Copyright (C) 2005 Jan Hutter, Martin Willi * Hochschule fuer Technik Rapperswil @@ -39,16 +32,6 @@ #include "scep.h" -static const chunk_t ASN1_messageType_oid = chunk_from_chars( - 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 -); -static const chunk_t ASN1_senderNonce_oid = chunk_from_chars( - 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 -); -static const chunk_t ASN1_transId_oid = chunk_from_chars( - 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07 -); - static const char *pkiStatus_values[] = { "0", "2", "3" }; static const char *pkiStatus_names[] = { @@ -112,61 +95,65 @@ static bool extract_attribute(int oid, chunk_t object, u_int level, switch (oid) { - case OID_PKCS9_CONTENT_TYPE: - type = ASN1_OID; - name = "contentType"; - break; - case OID_PKCS9_SIGNING_TIME: - type = ASN1_UTCTIME; - name = "signingTime"; - break; - case OID_PKCS9_MESSAGE_DIGEST: - type = ASN1_OCTET_STRING; - name = "messageDigest"; - break; - case OID_PKI_MESSAGE_TYPE: - type = ASN1_PRINTABLESTRING; - name = "messageType"; - break; - case OID_PKI_STATUS: - type = ASN1_PRINTABLESTRING; - name = "pkiStatus"; - break; - case OID_PKI_FAIL_INFO: - type = ASN1_PRINTABLESTRING; - name = "failInfo"; - break; - case OID_PKI_SENDER_NONCE: - type = ASN1_OCTET_STRING; - name = "senderNonce"; - break; - case OID_PKI_RECIPIENT_NONCE: - type = ASN1_OCTET_STRING; - name = "recipientNonce"; - break; - case OID_PKI_TRANS_ID: - type = ASN1_PRINTABLESTRING; - name = "transID"; - break; - default: - break; + case OID_PKCS9_CONTENT_TYPE: + type = ASN1_OID; + name = "contentType"; + break; + case OID_PKCS9_SIGNING_TIME: + type = ASN1_UTCTIME; + name = "signingTime"; + break; + case OID_PKCS9_MESSAGE_DIGEST: + type = ASN1_OCTET_STRING; + name = "messageDigest"; + break; + case OID_PKI_MESSAGE_TYPE: + type = ASN1_PRINTABLESTRING; + name = "messageType"; + break; + case OID_PKI_STATUS: + type = ASN1_PRINTABLESTRING; + name = "pkiStatus"; + break; + case OID_PKI_FAIL_INFO: + type = ASN1_PRINTABLESTRING; + name = "failInfo"; + break; + case OID_PKI_SENDER_NONCE: + type = ASN1_OCTET_STRING; + name = "senderNonce"; + break; + case OID_PKI_RECIPIENT_NONCE: + type = ASN1_OCTET_STRING; + name = "recipientNonce"; + break; + case OID_PKI_TRANS_ID: + type = ASN1_PRINTABLESTRING; + name = "transID"; + break; + default: + break; } if (type == ASN1_EOC) + { return TRUE; + } if (!asn1_parse_simple_object(&object, type, level+1, name)) + { return FALSE; + } switch (oid) { - case OID_PKCS9_CONTENT_TYPE: - break; - case OID_PKCS9_SIGNING_TIME: - break; - case OID_PKCS9_MESSAGE_DIGEST: - break; - case OID_PKI_MESSAGE_TYPE: + case OID_PKCS9_CONTENT_TYPE: + break; + case OID_PKCS9_SIGNING_TIME: + break; + case OID_PKCS9_MESSAGE_DIGEST: + break; + case OID_PKI_MESSAGE_TYPE: { scep_msg_t m; @@ -178,39 +165,46 @@ static bool extract_attribute(int oid, chunk_t object, u_int level, DBG(DBG_CONTROL, DBG_log("messageType: %s", msgType_names[attrs->msgType]) ) + break; } - break; - case OID_PKI_STATUS: + case OID_PKI_STATUS: { pkiStatus_t s; for (s = SCEP_SUCCESS; s < SCEP_UNKNOWN; s++) { if (strncmp(pkiStatus_values[s], object.ptr, object.len) == 0) + { attrs->pkiStatus = s; + } } DBG(DBG_CONTROL, DBG_log("pkiStatus: %s", pkiStatus_names[attrs->pkiStatus]) ) + break; } - break; - case OID_PKI_FAIL_INFO: - if (object.len == 1 - && *object.ptr >= '0' && *object.ptr <= '4') + case OID_PKI_FAIL_INFO: { - attrs->failInfo = (failInfo_t)(*object.ptr - '0'); + if (object.len == 1 && + *object.ptr >= '0' && *object.ptr <= '4') + { + attrs->failInfo = (failInfo_t)(*object.ptr - '0'); + } + if (attrs->failInfo != SCEP_unknown_REASON) + { + plog("failInfo: %s", failInfo_reasons[attrs->failInfo]); + } + break; } - if (attrs->failInfo != SCEP_unknown_REASON) - plog("failInfo: %s", failInfo_reasons[attrs->failInfo]); - break; - case OID_PKI_SENDER_NONCE: - attrs->senderNonce = object; - break; - case OID_PKI_RECIPIENT_NONCE: - attrs->recipientNonce = object; - break; - case OID_PKI_TRANS_ID: - attrs->transID = object; + case OID_PKI_SENDER_NONCE: + attrs->senderNonce = object; + break; + case OID_PKI_RECIPIENT_NONCE: + attrs->recipientNonce = object; + break; + case OID_PKI_TRANS_ID: + attrs->transID = object; + break; } return TRUE; } @@ -235,13 +229,16 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs) { switch (objectID) { - case ATTRIBUTE_OBJ_TYPE: - oid = asn1_known_oid(object); - break; - case ATTRIBUTE_OBJ_VALUE: - if (!extract_attribute(oid, object, parser->get_level(parser), attrs)) + case ATTRIBUTE_OBJ_TYPE: + oid = asn1_known_oid(object); + break; + case ATTRIBUTE_OBJ_VALUE: { - goto end; + if (!extract_attribute(oid, object, parser->get_level(parser), attrs)) + { + goto end; + } + break; } } } @@ -318,12 +315,10 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID, */ chunk_t scep_transId_attribute(chunk_t transID) { - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_transId_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_simple_object(ASN1_PRINTABLESTRING, transID) - ) - ); + return asn1_wrap(ASN1_SEQUENCE, "cm", + asn1_build_known_oid(OID_PKI_TRANS_ID), + asn1_wrap(ASN1_SET, "m", + asn1_simple_object(ASN1_PRINTABLESTRING, transID))); } /** @@ -336,12 +331,10 @@ chunk_t scep_messageType_attribute(scep_msg_t m) strlen(msgType_values[m]) }; - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_messageType_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_simple_object(ASN1_PRINTABLESTRING, msgType) - ) - ); + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_PKI_MESSAGE_TYPE), + asn1_wrap(ASN1_SET, "m", + asn1_simple_object(ASN1_PRINTABLESTRING, msgType))); } /** @@ -358,12 +351,10 @@ chunk_t scep_senderNonce_attribute(void) rng->get_bytes(rng, nonce_len, nonce_buf); rng->destroy(rng); - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_senderNonce_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_simple_object(ASN1_OCTET_STRING, senderNonce) - ) - ); + return asn1_wrap(ASN1_SEQUENCE, "cm", + asn1_build_known_oid(OID_PKI_SENDER_NONCE), + asn1_wrap(ASN1_SET, "m", + asn1_simple_object(ASN1_OCTET_STRING, senderNonce))); } /** @@ -378,16 +369,15 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, envelopedData = pkcs7_build_envelopedData(data, enc_cert, enc_alg); - attributes = asn1_wrap(ASN1_SET, "mmmmm" - , pkcs7_contentType_attribute() - , pkcs7_messageDigest_attribute(envelopedData - , digest_alg) - , scep_transId_attribute(transID) - , scep_messageType_attribute(msg) - , scep_senderNonce_attribute()); + attributes = asn1_wrap(ASN1_SET, "mmmmm", + pkcs7_contentType_attribute(), + pkcs7_messageDigest_attribute(envelopedData, digest_alg), + scep_transId_attribute(transID), + scep_messageType_attribute(msg), + scep_senderNonce_attribute()); - request = pkcs7_build_signedData(envelopedData, attributes - , signer_cert, digest_alg, private_key); + request = pkcs7_build_signedData(envelopedData, attributes, + signer_cert, digest_alg, private_key); free(envelopedData.ptr); free(attributes.ptr); return request; @@ -420,7 +410,9 @@ static char* escape_http_request(chunk_t req) while (*p1 != '\0') { if (*p1++ == '+') + { plus++; + } } escaped_req = malloc(len + 3*(lines + plus)); @@ -513,8 +505,8 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, /* form complete url */ len = strlen(url) + 32 + strlen(operation) + 1; complete_url = malloc(len); - snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier" - , url, operation); + snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier", + url, operation); status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_END); diff --git a/src/scepclient/scep.h b/src/scepclient/scep.h index f64c6b1cc..76bf21033 100644 --- a/src/scepclient/scep.h +++ b/src/scepclient/scep.h @@ -1,10 +1,3 @@ -/** - * @file scep.h - * @brief SCEP specific functions - * - * Contains functions to build and parse SCEP requests and replies - */ - /* * Copyright (C) 2005 Jan Hutter, Martin Willi * Hochschule fuer Technik Rapperswil @@ -74,22 +67,22 @@ typedef struct { extern const scep_attributes_t empty_scep_attributes; -extern bool parse_attributes(chunk_t blob, scep_attributes_t *attrs); -extern void scep_generate_transaction_id(public_key_t *key, - chunk_t *transID, - chunk_t *serialNumber); -extern chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10); -extern chunk_t scep_transId_attribute(chunk_t transaction_id); -extern chunk_t scep_messageType_attribute(scep_msg_t m); -extern chunk_t scep_senderNonce_attribute(void); -extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, - certificate_t *enc_cert, int enc_alg, - certificate_t *signer_cert, int digest_alg, - private_key_t *private_key); -extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, +bool parse_attributes(chunk_t blob, scep_attributes_t *attrs); +void scep_generate_transaction_id(public_key_t *key, + chunk_t *transID, + chunk_t *serialNumber); +chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10); +chunk_t scep_transId_attribute(chunk_t transaction_id); +chunk_t scep_messageType_attribute(scep_msg_t m); +chunk_t scep_senderNonce_attribute(void); +chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, + certificate_t *enc_cert, int enc_alg, + certificate_t *signer_cert, int digest_alg, + private_key_t *private_key); +bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, bool http_get_request, chunk_t *response); -extern err_t scep_parse_response(chunk_t response, chunk_t transID, - contentInfo_t *data, scep_attributes_t *attrs, - certificate_t *signer_cert); +err_t scep_parse_response(chunk_t response, chunk_t transID, + contentInfo_t *data, scep_attributes_t *attrs, + certificate_t *signer_cert); #endif /* _SCEP_H */ diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 0b54eeee3..44c078655 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -13,17 +13,6 @@ * for more details. */ -/** - * @file main.c - * @brief scepclient main program - */ - -/** - * @mainpage SCEP for Linux strongSwan - * - * Documentation of SCEP for Linux StrongSwan - */ - #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -153,8 +142,7 @@ certificate_t *pkcs10_req = NULL; * * @param status 0 = OK, 1 = general discomfort */ -static void -exit_scepclient(err_t message, ...) +static void exit_scepclient(err_t message, ...) { int status = 0; @@ -201,8 +189,7 @@ exit_scepclient(err_t message, ...) * @brief prints the program version and exits * */ -static void -version(void) +static void version(void) { printf("scepclient %s\n", scepclient_version); exit_scepclient(NULL); @@ -214,8 +201,7 @@ version(void) * If message is set, program is exitet with 1 (error) * @param message message in case of an error */ -static void -usage(const char *message) +static void usage(const char *message) { fprintf(stderr, "Usage: scepclient\n" @@ -429,20 +415,20 @@ int main(int argc, char **argv) switch (c) { - case EOF: /* end of flags */ - break; + case EOF: /* end of flags */ + break; - case 'h': /* --help */ - usage(NULL); + case 'h': /* --help */ + usage(NULL); - case 'v': /* --version */ - version(); + case 'v': /* --version */ + version(); - case 'q': /* --quiet */ - log_to_stderr = FALSE; - continue; + case 'q': /* --quiet */ + log_to_stderr = FALSE; + continue; - case 'i': /* --in <type> [= <filename>] */ + case 'i': /* --in <type> [= <filename>] */ { char *filename = strstr(optarg, "="); @@ -478,7 +464,7 @@ int main(int argc, char **argv) continue; } - case 'o': /* --out <type> [= <filename>] */ + case 'o': /* --out <type> [= <filename>] */ { char *filename = strstr(optarg, "="); @@ -532,18 +518,18 @@ int main(int argc, char **argv) continue; } - case 'f': /* --force */ - force = TRUE; - continue; + case 'f': /* --force */ + force = TRUE; + continue; - case '+': /* --optionsfrom <filename> */ - if (!options->from(options, optarg, &argc, &argv, optind)) - { - exit_scepclient("optionsfrom failed"); - } - continue; + case '+': /* --optionsfrom <filename> */ + if (!options->from(options, optarg, &argc, &argv, optind)) + { + exit_scepclient("optionsfrom failed"); + } + continue; - case 'k': /* --keylength <length> */ + case 'k': /* --keylength <length> */ { div_t q; @@ -561,45 +547,56 @@ int main(int argc, char **argv) continue; } - case 'D': /* --days */ - if (optarg == NULL || !isdigit(optarg[0])) - usage("missing number of days"); - { - char *endptr; - long days = strtol(optarg, &endptr, 0); + case 'D': /* --days */ + if (optarg == NULL || !isdigit(optarg[0])) + { + usage("missing number of days"); + } + else + { + char *endptr; + long days = strtol(optarg, &endptr, 0); - if (*endptr != '\0' || endptr == optarg - || days <= 0) - usage("<days> must be a positive number"); - validity = 24*3600*days; - } - continue; + if (*endptr != '\0' || endptr == optarg + || days <= 0) + usage("<days> must be a positive number"); + validity = 24*3600*days; + } + continue; - case 'S': /* --startdate */ - if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z') - usage("date format must be YYMMDDHHMMSSZ"); - { - chunk_t date = { optarg, 13 }; - notBefore = asn1_to_time(&date, ASN1_UTCTIME); - } - continue; + case 'S': /* --startdate */ + if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z') + { + usage("date format must be YYMMDDHHMMSSZ"); + } + else + { + chunk_t date = { optarg, 13 }; + notBefore = asn1_to_time(&date, ASN1_UTCTIME); + } + continue; - case 'E': /* --enddate */ - if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z') - usage("date format must be YYMMDDHHMMSSZ"); - { - chunk_t date = { optarg, 13 }; - notAfter = asn1_to_time(&date, ASN1_UTCTIME); - } - continue; + case 'E': /* --enddate */ + if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z') + { + usage("date format must be YYMMDDHHMMSSZ"); + } + else + { + chunk_t date = { optarg, 13 }; + notAfter = asn1_to_time(&date, ASN1_UTCTIME); + } + continue; - case 'd': /* --dn */ - if (distinguishedName) - usage("only one distinguished name allowed"); - distinguishedName = optarg; - continue; + case 'd': /* --dn */ + if (distinguishedName) + { + usage("only one distinguished name allowed"); + } + distinguishedName = optarg; + continue; - case 's': /* --subjectAltName */ + case 's': /* --subjectAltName */ { char *value = strstr(optarg, "="); @@ -612,7 +609,7 @@ int main(int argc, char **argv) } if (strcaseeq("email", optarg) || - strcaseeq("dns", optarg) || + strcaseeq("dns", optarg) || strcaseeq("ip", optarg)) { subjectAltNames->insert_last(subjectAltNames, @@ -626,106 +623,107 @@ int main(int argc, char **argv) } } - case 'p': /* --password */ - if (challengePassword.len > 0) - { - usage("only one challenge password allowed"); - } - if (strcaseeq("%prompt", optarg)) - { - printf("Challenge password: "); - if (fgets(challenge_password_buffer, sizeof(challenge_password_buffer)-1, stdin)) + case 'p': /* --password */ + if (challengePassword.len > 0) + { + usage("only one challenge password allowed"); + } + if (strcaseeq("%prompt", optarg)) { - challengePassword.ptr = challenge_password_buffer; - /* discard the terminating '\n' from the input */ - challengePassword.len = strlen(challenge_password_buffer) - 1; + printf("Challenge password: "); + if (fgets(challenge_password_buffer, + sizeof(challenge_password_buffer) - 1, stdin)) + { + challengePassword.ptr = challenge_password_buffer; + /* discard the terminating '\n' from the input */ + challengePassword.len = strlen(challenge_password_buffer) - 1; + } + else + { + usage("challenge password could not be read"); + } } else { - usage("challenge password could not be read"); + challengePassword.ptr = optarg; + challengePassword.len = strlen(optarg); } - } - else - { - challengePassword.ptr = optarg; - challengePassword.len = strlen(optarg); - } - continue; - - case 'u': /* -- url */ - if (scep_url) - { - usage("only one URL argument allowed"); - } - scep_url = optarg; - continue; + continue; - case 'm': /* --method */ - if (strcaseeq("get", optarg)) - { - http_get_request = TRUE; - } - else if (strcaseeq("post", optarg)) - { - http_get_request = FALSE; - } - else - { - usage("invalid http request method specified"); - } - continue; + case 'u': /* -- url */ + if (scep_url) + { + usage("only one URL argument allowed"); + } + scep_url = optarg; + continue; - case 't': /* --interval */ - poll_interval = atoi(optarg); - if (poll_interval <= 0) - { - usage("invalid interval specified"); - } - continue; + case 'm': /* --method */ + if (strcaseeq("get", optarg)) + { + http_get_request = TRUE; + } + else if (strcaseeq("post", optarg)) + { + http_get_request = FALSE; + } + else + { + usage("invalid http request method specified"); + } + continue; - case 'x': /* --maxpolltime */ - max_poll_time = atoi(optarg); - continue; + case 't': /* --interval */ + poll_interval = atoi(optarg); + if (poll_interval <= 0) + { + usage("invalid interval specified"); + } + continue; - case 'a': /*--algorithm */ - { - const proposal_token_t *token; + case 'x': /* --maxpolltime */ + max_poll_time = atoi(optarg); + continue; - token = proposal_get_token(optarg, strlen(optarg)); - if (token == NULL || token->type != ENCRYPTION_ALGORITHM) - { - usage("invalid algorithm specified"); - } - pkcs7_symmetric_cipher = encryption_algorithm_to_oid( - token->algorithm, token->keysize); - if (pkcs7_symmetric_cipher == OID_UNKNOWN) + case 'a': /*--algorithm */ { - usage("unsupported encryption algorithm specified"); + const proposal_token_t *token; + + token = proposal_get_token(optarg, strlen(optarg)); + if (token == NULL || token->type != ENCRYPTION_ALGORITHM) + { + usage("invalid algorithm specified"); + } + pkcs7_symmetric_cipher = encryption_algorithm_to_oid( + token->algorithm, token->keysize); + if (pkcs7_symmetric_cipher == OID_UNKNOWN) + { + usage("unsupported encryption algorithm specified"); + } + continue; } - continue; - } #ifdef DEBUG - case 'A': /* --debug-all */ - base_debugging |= DBG_ALL; - continue; - case 'P': /* debug parsing */ - base_debugging |= DBG_PARSING; - continue; - case 'R': /* debug raw */ - base_debugging |= DBG_RAW; - continue; - case 'C': /* debug control */ - base_debugging |= DBG_CONTROL; - continue; - case 'M': /* debug control more */ - base_debugging |= DBG_CONTROLMORE; - continue; - case 'X': /* debug private */ - base_debugging |= DBG_PRIVATE; - continue; + case 'A': /* --debug-all */ + base_debugging |= DBG_ALL; + continue; + case 'P': /* debug parsing */ + base_debugging |= DBG_PARSING; + continue; + case 'R': /* debug raw */ + base_debugging |= DBG_RAW; + continue; + case 'C': /* debug control */ + base_debugging |= DBG_CONTROL; + continue; + case 'M': /* debug control more */ + base_debugging |= DBG_CONTROLMORE; + continue; + case 'X': /* debug private */ + base_debugging |= DBG_PRIVATE; + continue; #endif - default: - usage("unknown option"); + default: + usage("unknown option"); } /* break from loop */ break; @@ -807,8 +805,8 @@ int main(int argc, char **argv) /* check for minimum key length */ if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE) { - exit_scepclient("length of RSA key has to be at least %d bits" - ,RSA_MIN_OCTETS * BITS_PER_BYTE); + exit_scepclient("length of RSA key has to be at least %d bits", + RSA_MIN_OCTETS * BITS_PER_BYTE); } /* @@ -853,13 +851,13 @@ int main(int argc, char **argv) DBG_log("building pkcs10 object:") ) pkcs10_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, - CERT_PKCS10_REQUEST, - BUILD_SIGNING_KEY, private_key, - BUILD_SUBJECT, subject, - BUILD_SUBJECT_ALTNAMES, subjectAltNames, - BUILD_CHALLENGE_PWD, challengePassword, - BUILD_DIGEST_ALG, pkcs10_signature_alg, - BUILD_END); + CERT_PKCS10_REQUEST, + BUILD_SIGNING_KEY, private_key, + BUILD_SUBJECT, subject, + BUILD_SUBJECT_ALTNAMES, subjectAltNames, + BUILD_CHALLENGE_PWD, challengePassword, + BUILD_DIGEST_ALG, pkcs10_signature_alg, + BUILD_END); if (!pkcs10_req) { exit_scepclient("generating pkcs10 request failed"); @@ -919,14 +917,14 @@ int main(int argc, char **argv) /* generate a self-signed X.509 certificate */ x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_SIGNING_KEY, private_key, - BUILD_PUBLIC_KEY, public_key, - BUILD_SUBJECT, subject, - BUILD_NOT_BEFORE_TIME, notBefore, - BUILD_NOT_AFTER_TIME, notAfter, - BUILD_SERIAL, serialNumber, - BUILD_SUBJECT_ALTNAMES, subjectAltNames, - BUILD_END); + BUILD_SIGNING_KEY, private_key, + BUILD_PUBLIC_KEY, public_key, + BUILD_SUBJECT, subject, + BUILD_NOT_BEFORE_TIME, notBefore, + BUILD_NOT_AFTER_TIME, notAfter, + BUILD_SERIAL, serialNumber, + BUILD_SUBJECT_ALTNAMES, subjectAltNames, + BUILD_END); if (!x509_signer) { exit_scepclient("generating certificate failed"); @@ -989,9 +987,9 @@ int main(int argc, char **argv) DBG_log("building pkcs7 request") ) pkcs7 = scep_build_request(pkcs10_encoding, - transID, SCEP_PKCSReq_MSG, - x509_ca_enc, pkcs7_symmetric_cipher, - x509_signer, pkcs7_digest_alg, private_key); + transID, SCEP_PKCSReq_MSG, + x509_ca_enc, pkcs7_symmetric_cipher, + x509_signer, pkcs7_digest_alg, private_key); } /* @@ -1002,8 +1000,9 @@ int main(int argc, char **argv) char *path = concatenate_paths(REQ_PATH, file_out_pkcs7); if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force)) + { exit_scepclient("could not write pkcs7 file '%s'", path); -; + } filetype_out &= ~PKCS7; /* delete PKCS7 flag */ } @@ -1037,12 +1036,12 @@ int main(int argc, char **argv) } if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION, - http_get_request, &scep_response)) + http_get_request, &scep_response)) { exit_scepclient("did not receive a valid scep response"); } - ugh = scep_parse_response(scep_response, transID, &data, &attrs - , x509_ca_sig); + ugh = scep_parse_response(scep_response, transID, &data, &attrs, + x509_ca_sig); if (ugh != NULL) { exit_scepclient(ugh); @@ -1053,8 +1052,8 @@ int main(int argc, char **argv) { identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig); - plog(" scep request pending, polling every %d seconds" - , poll_interval); + plog(" scep request pending, polling every %d seconds", + poll_interval); poll_start = time_monotonic(NULL); issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc", issuer->get_encoding(issuer), @@ -1062,8 +1061,8 @@ int main(int argc, char **argv) } while (attrs.pkiStatus == SCEP_PENDING) { - if (max_poll_time > 0 - && (time_monotonic(NULL) - poll_start >= max_poll_time)) + if (max_poll_time > 0 && + (time_monotonic(NULL) - poll_start >= max_poll_time)) { exit_scepclient("maximum poll time reached: %d seconds" , max_poll_time); @@ -1080,18 +1079,18 @@ int main(int argc, char **argv) ) chunk_free(&getCertInitial); - getCertInitial = scep_build_request(issuerAndSubject - , transID, SCEP_GetCertInitial_MSG - , x509_ca_enc, pkcs7_symmetric_cipher - , x509_signer, pkcs7_digest_alg, private_key); + getCertInitial = scep_build_request(issuerAndSubject, + transID, SCEP_GetCertInitial_MSG, + x509_ca_enc, pkcs7_symmetric_cipher, + x509_signer, pkcs7_digest_alg, private_key); if (!scep_http_request(scep_url, getCertInitial, SCEP_PKI_OPERATION, http_get_request, &scep_response)) { exit_scepclient("did not receive a valid scep response"); } - ugh = scep_parse_response(scep_response, transID, &data, &attrs - , x509_ca_sig); + ugh = scep_parse_response(scep_response, transID, &data, &attrs, + x509_ca_sig); if (ugh != NULL) { exit_scepclient(ugh); @@ -1105,13 +1104,13 @@ int main(int argc, char **argv) envelopedData = data.content; - if (data.type != OID_PKCS7_DATA - || !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data")) + if (data.type != OID_PKCS7_DATA || + !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data")) { exit_scepclient("contentInfo is not of type 'data'"); } - if (!pkcs7_parse_envelopedData(envelopedData, &certData - , serialNumber, private_key)) + if (!pkcs7_parse_envelopedData(envelopedData, &certData, + serialNumber, private_key)) { exit_scepclient("could not decrypt envelopedData"); } |