aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2012-05-04 14:17:59 +0200
committerTobias Brunner <tobias@strongswan.org>2012-06-11 17:09:19 +0200
commit25924d3e453570d1adcfcb2908910cc9958dc17e (patch)
treec6eb17cb07326d18c729fedd3da2a4eb9bd727e0 /src
parent07f0abd7acd5e731705eae45f77c55ed5b53eaa0 (diff)
downloadstrongswan-25924d3e453570d1adcfcb2908910cc9958dc17e.tar.bz2
strongswan-25924d3e453570d1adcfcb2908910cc9958dc17e.tar.xz
scepclient: Some code cleanup.
Diffstat (limited to 'src')
-rw-r--r--src/scepclient/scep.c222
-rw-r--r--src/scepclient/scep.h39
-rw-r--r--src/scepclient/scepclient.c393
3 files changed, 319 insertions, 335 deletions
diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index 29f6eab70..45a079db5 100644
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -1,10 +1,3 @@
-/**
- * @file scep.c
- * @brief SCEP specific functions
- *
- * Contains functions to build SCEP request's and to parse SCEP reply's.
- */
-
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
@@ -39,16 +32,6 @@
#include "scep.h"
-static const chunk_t ASN1_messageType_oid = chunk_from_chars(
- 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
-);
-static const chunk_t ASN1_senderNonce_oid = chunk_from_chars(
- 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
-);
-static const chunk_t ASN1_transId_oid = chunk_from_chars(
- 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
-);
-
static const char *pkiStatus_values[] = { "0", "2", "3" };
static const char *pkiStatus_names[] = {
@@ -112,61 +95,65 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
switch (oid)
{
- case OID_PKCS9_CONTENT_TYPE:
- type = ASN1_OID;
- name = "contentType";
- break;
- case OID_PKCS9_SIGNING_TIME:
- type = ASN1_UTCTIME;
- name = "signingTime";
- break;
- case OID_PKCS9_MESSAGE_DIGEST:
- type = ASN1_OCTET_STRING;
- name = "messageDigest";
- break;
- case OID_PKI_MESSAGE_TYPE:
- type = ASN1_PRINTABLESTRING;
- name = "messageType";
- break;
- case OID_PKI_STATUS:
- type = ASN1_PRINTABLESTRING;
- name = "pkiStatus";
- break;
- case OID_PKI_FAIL_INFO:
- type = ASN1_PRINTABLESTRING;
- name = "failInfo";
- break;
- case OID_PKI_SENDER_NONCE:
- type = ASN1_OCTET_STRING;
- name = "senderNonce";
- break;
- case OID_PKI_RECIPIENT_NONCE:
- type = ASN1_OCTET_STRING;
- name = "recipientNonce";
- break;
- case OID_PKI_TRANS_ID:
- type = ASN1_PRINTABLESTRING;
- name = "transID";
- break;
- default:
- break;
+ case OID_PKCS9_CONTENT_TYPE:
+ type = ASN1_OID;
+ name = "contentType";
+ break;
+ case OID_PKCS9_SIGNING_TIME:
+ type = ASN1_UTCTIME;
+ name = "signingTime";
+ break;
+ case OID_PKCS9_MESSAGE_DIGEST:
+ type = ASN1_OCTET_STRING;
+ name = "messageDigest";
+ break;
+ case OID_PKI_MESSAGE_TYPE:
+ type = ASN1_PRINTABLESTRING;
+ name = "messageType";
+ break;
+ case OID_PKI_STATUS:
+ type = ASN1_PRINTABLESTRING;
+ name = "pkiStatus";
+ break;
+ case OID_PKI_FAIL_INFO:
+ type = ASN1_PRINTABLESTRING;
+ name = "failInfo";
+ break;
+ case OID_PKI_SENDER_NONCE:
+ type = ASN1_OCTET_STRING;
+ name = "senderNonce";
+ break;
+ case OID_PKI_RECIPIENT_NONCE:
+ type = ASN1_OCTET_STRING;
+ name = "recipientNonce";
+ break;
+ case OID_PKI_TRANS_ID:
+ type = ASN1_PRINTABLESTRING;
+ name = "transID";
+ break;
+ default:
+ break;
}
if (type == ASN1_EOC)
+ {
return TRUE;
+ }
if (!asn1_parse_simple_object(&object, type, level+1, name))
+ {
return FALSE;
+ }
switch (oid)
{
- case OID_PKCS9_CONTENT_TYPE:
- break;
- case OID_PKCS9_SIGNING_TIME:
- break;
- case OID_PKCS9_MESSAGE_DIGEST:
- break;
- case OID_PKI_MESSAGE_TYPE:
+ case OID_PKCS9_CONTENT_TYPE:
+ break;
+ case OID_PKCS9_SIGNING_TIME:
+ break;
+ case OID_PKCS9_MESSAGE_DIGEST:
+ break;
+ case OID_PKI_MESSAGE_TYPE:
{
scep_msg_t m;
@@ -178,39 +165,46 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
DBG(DBG_CONTROL,
DBG_log("messageType: %s", msgType_names[attrs->msgType])
)
+ break;
}
- break;
- case OID_PKI_STATUS:
+ case OID_PKI_STATUS:
{
pkiStatus_t s;
for (s = SCEP_SUCCESS; s < SCEP_UNKNOWN; s++)
{
if (strncmp(pkiStatus_values[s], object.ptr, object.len) == 0)
+ {
attrs->pkiStatus = s;
+ }
}
DBG(DBG_CONTROL,
DBG_log("pkiStatus: %s", pkiStatus_names[attrs->pkiStatus])
)
+ break;
}
- break;
- case OID_PKI_FAIL_INFO:
- if (object.len == 1
- && *object.ptr >= '0' && *object.ptr <= '4')
+ case OID_PKI_FAIL_INFO:
{
- attrs->failInfo = (failInfo_t)(*object.ptr - '0');
+ if (object.len == 1 &&
+ *object.ptr >= '0' && *object.ptr <= '4')
+ {
+ attrs->failInfo = (failInfo_t)(*object.ptr - '0');
+ }
+ if (attrs->failInfo != SCEP_unknown_REASON)
+ {
+ plog("failInfo: %s", failInfo_reasons[attrs->failInfo]);
+ }
+ break;
}
- if (attrs->failInfo != SCEP_unknown_REASON)
- plog("failInfo: %s", failInfo_reasons[attrs->failInfo]);
- break;
- case OID_PKI_SENDER_NONCE:
- attrs->senderNonce = object;
- break;
- case OID_PKI_RECIPIENT_NONCE:
- attrs->recipientNonce = object;
- break;
- case OID_PKI_TRANS_ID:
- attrs->transID = object;
+ case OID_PKI_SENDER_NONCE:
+ attrs->senderNonce = object;
+ break;
+ case OID_PKI_RECIPIENT_NONCE:
+ attrs->recipientNonce = object;
+ break;
+ case OID_PKI_TRANS_ID:
+ attrs->transID = object;
+ break;
}
return TRUE;
}
@@ -235,13 +229,16 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs)
{
switch (objectID)
{
- case ATTRIBUTE_OBJ_TYPE:
- oid = asn1_known_oid(object);
- break;
- case ATTRIBUTE_OBJ_VALUE:
- if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
+ case ATTRIBUTE_OBJ_TYPE:
+ oid = asn1_known_oid(object);
+ break;
+ case ATTRIBUTE_OBJ_VALUE:
{
- goto end;
+ if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
+ {
+ goto end;
+ }
+ break;
}
}
}
@@ -318,12 +315,10 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
*/
chunk_t scep_transId_attribute(chunk_t transID)
{
- return asn1_wrap(ASN1_SEQUENCE, "cm"
- , ASN1_transId_oid
- , asn1_wrap(ASN1_SET, "m"
- , asn1_simple_object(ASN1_PRINTABLESTRING, transID)
- )
- );
+ return asn1_wrap(ASN1_SEQUENCE, "cm",
+ asn1_build_known_oid(OID_PKI_TRANS_ID),
+ asn1_wrap(ASN1_SET, "m",
+ asn1_simple_object(ASN1_PRINTABLESTRING, transID)));
}
/**
@@ -336,12 +331,10 @@ chunk_t scep_messageType_attribute(scep_msg_t m)
strlen(msgType_values[m])
};
- return asn1_wrap(ASN1_SEQUENCE, "cm"
- , ASN1_messageType_oid
- , asn1_wrap(ASN1_SET, "m"
- , asn1_simple_object(ASN1_PRINTABLESTRING, msgType)
- )
- );
+ return asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_build_known_oid(OID_PKI_MESSAGE_TYPE),
+ asn1_wrap(ASN1_SET, "m",
+ asn1_simple_object(ASN1_PRINTABLESTRING, msgType)));
}
/**
@@ -358,12 +351,10 @@ chunk_t scep_senderNonce_attribute(void)
rng->get_bytes(rng, nonce_len, nonce_buf);
rng->destroy(rng);
- return asn1_wrap(ASN1_SEQUENCE, "cm"
- , ASN1_senderNonce_oid
- , asn1_wrap(ASN1_SET, "m"
- , asn1_simple_object(ASN1_OCTET_STRING, senderNonce)
- )
- );
+ return asn1_wrap(ASN1_SEQUENCE, "cm",
+ asn1_build_known_oid(OID_PKI_SENDER_NONCE),
+ asn1_wrap(ASN1_SET, "m",
+ asn1_simple_object(ASN1_OCTET_STRING, senderNonce)));
}
/**
@@ -378,16 +369,15 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
envelopedData = pkcs7_build_envelopedData(data, enc_cert, enc_alg);
- attributes = asn1_wrap(ASN1_SET, "mmmmm"
- , pkcs7_contentType_attribute()
- , pkcs7_messageDigest_attribute(envelopedData
- , digest_alg)
- , scep_transId_attribute(transID)
- , scep_messageType_attribute(msg)
- , scep_senderNonce_attribute());
+ attributes = asn1_wrap(ASN1_SET, "mmmmm",
+ pkcs7_contentType_attribute(),
+ pkcs7_messageDigest_attribute(envelopedData, digest_alg),
+ scep_transId_attribute(transID),
+ scep_messageType_attribute(msg),
+ scep_senderNonce_attribute());
- request = pkcs7_build_signedData(envelopedData, attributes
- , signer_cert, digest_alg, private_key);
+ request = pkcs7_build_signedData(envelopedData, attributes,
+ signer_cert, digest_alg, private_key);
free(envelopedData.ptr);
free(attributes.ptr);
return request;
@@ -420,7 +410,9 @@ static char* escape_http_request(chunk_t req)
while (*p1 != '\0')
{
if (*p1++ == '+')
+ {
plus++;
+ }
}
escaped_req = malloc(len + 3*(lines + plus));
@@ -513,8 +505,8 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
/* form complete url */
len = strlen(url) + 32 + strlen(operation) + 1;
complete_url = malloc(len);
- snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier"
- , url, operation);
+ snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier",
+ url, operation);
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_END);
diff --git a/src/scepclient/scep.h b/src/scepclient/scep.h
index f64c6b1cc..76bf21033 100644
--- a/src/scepclient/scep.h
+++ b/src/scepclient/scep.h
@@ -1,10 +1,3 @@
-/**
- * @file scep.h
- * @brief SCEP specific functions
- *
- * Contains functions to build and parse SCEP requests and replies
- */
-
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
@@ -74,22 +67,22 @@ typedef struct {
extern const scep_attributes_t empty_scep_attributes;
-extern bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
-extern void scep_generate_transaction_id(public_key_t *key,
- chunk_t *transID,
- chunk_t *serialNumber);
-extern chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
-extern chunk_t scep_transId_attribute(chunk_t transaction_id);
-extern chunk_t scep_messageType_attribute(scep_msg_t m);
-extern chunk_t scep_senderNonce_attribute(void);
-extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
- certificate_t *enc_cert, int enc_alg,
- certificate_t *signer_cert, int digest_alg,
- private_key_t *private_key);
-extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
+bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
+void scep_generate_transaction_id(public_key_t *key,
+ chunk_t *transID,
+ chunk_t *serialNumber);
+chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
+chunk_t scep_transId_attribute(chunk_t transaction_id);
+chunk_t scep_messageType_attribute(scep_msg_t m);
+chunk_t scep_senderNonce_attribute(void);
+chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
+ certificate_t *enc_cert, int enc_alg,
+ certificate_t *signer_cert, int digest_alg,
+ private_key_t *private_key);
+bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
bool http_get_request, chunk_t *response);
-extern err_t scep_parse_response(chunk_t response, chunk_t transID,
- contentInfo_t *data, scep_attributes_t *attrs,
- certificate_t *signer_cert);
+err_t scep_parse_response(chunk_t response, chunk_t transID,
+ contentInfo_t *data, scep_attributes_t *attrs,
+ certificate_t *signer_cert);
#endif /* _SCEP_H */
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 0b54eeee3..44c078655 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -13,17 +13,6 @@
* for more details.
*/
-/**
- * @file main.c
- * @brief scepclient main program
- */
-
-/**
- * @mainpage SCEP for Linux strongSwan
- *
- * Documentation of SCEP for Linux StrongSwan
- */
-
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -153,8 +142,7 @@ certificate_t *pkcs10_req = NULL;
*
* @param status 0 = OK, 1 = general discomfort
*/
-static void
-exit_scepclient(err_t message, ...)
+static void exit_scepclient(err_t message, ...)
{
int status = 0;
@@ -201,8 +189,7 @@ exit_scepclient(err_t message, ...)
* @brief prints the program version and exits
*
*/
-static void
-version(void)
+static void version(void)
{
printf("scepclient %s\n", scepclient_version);
exit_scepclient(NULL);
@@ -214,8 +201,7 @@ version(void)
* If message is set, program is exitet with 1 (error)
* @param message message in case of an error
*/
-static void
-usage(const char *message)
+static void usage(const char *message)
{
fprintf(stderr,
"Usage: scepclient\n"
@@ -429,20 +415,20 @@ int main(int argc, char **argv)
switch (c)
{
- case EOF: /* end of flags */
- break;
+ case EOF: /* end of flags */
+ break;
- case 'h': /* --help */
- usage(NULL);
+ case 'h': /* --help */
+ usage(NULL);
- case 'v': /* --version */
- version();
+ case 'v': /* --version */
+ version();
- case 'q': /* --quiet */
- log_to_stderr = FALSE;
- continue;
+ case 'q': /* --quiet */
+ log_to_stderr = FALSE;
+ continue;
- case 'i': /* --in <type> [= <filename>] */
+ case 'i': /* --in <type> [= <filename>] */
{
char *filename = strstr(optarg, "=");
@@ -478,7 +464,7 @@ int main(int argc, char **argv)
continue;
}
- case 'o': /* --out <type> [= <filename>] */
+ case 'o': /* --out <type> [= <filename>] */
{
char *filename = strstr(optarg, "=");
@@ -532,18 +518,18 @@ int main(int argc, char **argv)
continue;
}
- case 'f': /* --force */
- force = TRUE;
- continue;
+ case 'f': /* --force */
+ force = TRUE;
+ continue;
- case '+': /* --optionsfrom <filename> */
- if (!options->from(options, optarg, &argc, &argv, optind))
- {
- exit_scepclient("optionsfrom failed");
- }
- continue;
+ case '+': /* --optionsfrom <filename> */
+ if (!options->from(options, optarg, &argc, &argv, optind))
+ {
+ exit_scepclient("optionsfrom failed");
+ }
+ continue;
- case 'k': /* --keylength <length> */
+ case 'k': /* --keylength <length> */
{
div_t q;
@@ -561,45 +547,56 @@ int main(int argc, char **argv)
continue;
}
- case 'D': /* --days */
- if (optarg == NULL || !isdigit(optarg[0]))
- usage("missing number of days");
- {
- char *endptr;
- long days = strtol(optarg, &endptr, 0);
+ case 'D': /* --days */
+ if (optarg == NULL || !isdigit(optarg[0]))
+ {
+ usage("missing number of days");
+ }
+ else
+ {
+ char *endptr;
+ long days = strtol(optarg, &endptr, 0);
- if (*endptr != '\0' || endptr == optarg
- || days <= 0)
- usage("<days> must be a positive number");
- validity = 24*3600*days;
- }
- continue;
+ if (*endptr != '\0' || endptr == optarg
+ || days <= 0)
+ usage("<days> must be a positive number");
+ validity = 24*3600*days;
+ }
+ continue;
- case 'S': /* --startdate */
- if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
- usage("date format must be YYMMDDHHMMSSZ");
- {
- chunk_t date = { optarg, 13 };
- notBefore = asn1_to_time(&date, ASN1_UTCTIME);
- }
- continue;
+ case 'S': /* --startdate */
+ if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
+ {
+ usage("date format must be YYMMDDHHMMSSZ");
+ }
+ else
+ {
+ chunk_t date = { optarg, 13 };
+ notBefore = asn1_to_time(&date, ASN1_UTCTIME);
+ }
+ continue;
- case 'E': /* --enddate */
- if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
- usage("date format must be YYMMDDHHMMSSZ");
- {
- chunk_t date = { optarg, 13 };
- notAfter = asn1_to_time(&date, ASN1_UTCTIME);
- }
- continue;
+ case 'E': /* --enddate */
+ if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
+ {
+ usage("date format must be YYMMDDHHMMSSZ");
+ }
+ else
+ {
+ chunk_t date = { optarg, 13 };
+ notAfter = asn1_to_time(&date, ASN1_UTCTIME);
+ }
+ continue;
- case 'd': /* --dn */
- if (distinguishedName)
- usage("only one distinguished name allowed");
- distinguishedName = optarg;
- continue;
+ case 'd': /* --dn */
+ if (distinguishedName)
+ {
+ usage("only one distinguished name allowed");
+ }
+ distinguishedName = optarg;
+ continue;
- case 's': /* --subjectAltName */
+ case 's': /* --subjectAltName */
{
char *value = strstr(optarg, "=");
@@ -612,7 +609,7 @@ int main(int argc, char **argv)
}
if (strcaseeq("email", optarg) ||
- strcaseeq("dns", optarg) ||
+ strcaseeq("dns", optarg) ||
strcaseeq("ip", optarg))
{
subjectAltNames->insert_last(subjectAltNames,
@@ -626,106 +623,107 @@ int main(int argc, char **argv)
}
}
- case 'p': /* --password */
- if (challengePassword.len > 0)
- {
- usage("only one challenge password allowed");
- }
- if (strcaseeq("%prompt", optarg))
- {
- printf("Challenge password: ");
- if (fgets(challenge_password_buffer, sizeof(challenge_password_buffer)-1, stdin))
+ case 'p': /* --password */
+ if (challengePassword.len > 0)
+ {
+ usage("only one challenge password allowed");
+ }
+ if (strcaseeq("%prompt", optarg))
{
- challengePassword.ptr = challenge_password_buffer;
- /* discard the terminating '\n' from the input */
- challengePassword.len = strlen(challenge_password_buffer) - 1;
+ printf("Challenge password: ");
+ if (fgets(challenge_password_buffer,
+ sizeof(challenge_password_buffer) - 1, stdin))
+ {
+ challengePassword.ptr = challenge_password_buffer;
+ /* discard the terminating '\n' from the input */
+ challengePassword.len = strlen(challenge_password_buffer) - 1;
+ }
+ else
+ {
+ usage("challenge password could not be read");
+ }
}
else
{
- usage("challenge password could not be read");
+ challengePassword.ptr = optarg;
+ challengePassword.len = strlen(optarg);
}
- }
- else
- {
- challengePassword.ptr = optarg;
- challengePassword.len = strlen(optarg);
- }
- continue;
-
- case 'u': /* -- url */
- if (scep_url)
- {
- usage("only one URL argument allowed");
- }
- scep_url = optarg;
- continue;
+ continue;
- case 'm': /* --method */
- if (strcaseeq("get", optarg))
- {
- http_get_request = TRUE;
- }
- else if (strcaseeq("post", optarg))
- {
- http_get_request = FALSE;
- }
- else
- {
- usage("invalid http request method specified");
- }
- continue;
+ case 'u': /* -- url */
+ if (scep_url)
+ {
+ usage("only one URL argument allowed");
+ }
+ scep_url = optarg;
+ continue;
- case 't': /* --interval */
- poll_interval = atoi(optarg);
- if (poll_interval <= 0)
- {
- usage("invalid interval specified");
- }
- continue;
+ case 'm': /* --method */
+ if (strcaseeq("get", optarg))
+ {
+ http_get_request = TRUE;
+ }
+ else if (strcaseeq("post", optarg))
+ {
+ http_get_request = FALSE;
+ }
+ else
+ {
+ usage("invalid http request method specified");
+ }
+ continue;
- case 'x': /* --maxpolltime */
- max_poll_time = atoi(optarg);
- continue;
+ case 't': /* --interval */
+ poll_interval = atoi(optarg);
+ if (poll_interval <= 0)
+ {
+ usage("invalid interval specified");
+ }
+ continue;
- case 'a': /*--algorithm */
- {
- const proposal_token_t *token;
+ case 'x': /* --maxpolltime */
+ max_poll_time = atoi(optarg);
+ continue;
- token = proposal_get_token(optarg, strlen(optarg));
- if (token == NULL || token->type != ENCRYPTION_ALGORITHM)
- {
- usage("invalid algorithm specified");
- }
- pkcs7_symmetric_cipher = encryption_algorithm_to_oid(
- token->algorithm, token->keysize);
- if (pkcs7_symmetric_cipher == OID_UNKNOWN)
+ case 'a': /*--algorithm */
{
- usage("unsupported encryption algorithm specified");
+ const proposal_token_t *token;
+
+ token = proposal_get_token(optarg, strlen(optarg));
+ if (token == NULL || token->type != ENCRYPTION_ALGORITHM)
+ {
+ usage("invalid algorithm specified");
+ }
+ pkcs7_symmetric_cipher = encryption_algorithm_to_oid(
+ token->algorithm, token->keysize);
+ if (pkcs7_symmetric_cipher == OID_UNKNOWN)
+ {
+ usage("unsupported encryption algorithm specified");
+ }
+ continue;
}
- continue;
- }
#ifdef DEBUG
- case 'A': /* --debug-all */
- base_debugging |= DBG_ALL;
- continue;
- case 'P': /* debug parsing */
- base_debugging |= DBG_PARSING;
- continue;
- case 'R': /* debug raw */
- base_debugging |= DBG_RAW;
- continue;
- case 'C': /* debug control */
- base_debugging |= DBG_CONTROL;
- continue;
- case 'M': /* debug control more */
- base_debugging |= DBG_CONTROLMORE;
- continue;
- case 'X': /* debug private */
- base_debugging |= DBG_PRIVATE;
- continue;
+ case 'A': /* --debug-all */
+ base_debugging |= DBG_ALL;
+ continue;
+ case 'P': /* debug parsing */
+ base_debugging |= DBG_PARSING;
+ continue;
+ case 'R': /* debug raw */
+ base_debugging |= DBG_RAW;
+ continue;
+ case 'C': /* debug control */
+ base_debugging |= DBG_CONTROL;
+ continue;
+ case 'M': /* debug control more */
+ base_debugging |= DBG_CONTROLMORE;
+ continue;
+ case 'X': /* debug private */
+ base_debugging |= DBG_PRIVATE;
+ continue;
#endif
- default:
- usage("unknown option");
+ default:
+ usage("unknown option");
}
/* break from loop */
break;
@@ -807,8 +805,8 @@ int main(int argc, char **argv)
/* check for minimum key length */
if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
{
- exit_scepclient("length of RSA key has to be at least %d bits"
- ,RSA_MIN_OCTETS * BITS_PER_BYTE);
+ exit_scepclient("length of RSA key has to be at least %d bits",
+ RSA_MIN_OCTETS * BITS_PER_BYTE);
}
/*
@@ -853,13 +851,13 @@ int main(int argc, char **argv)
DBG_log("building pkcs10 object:")
)
pkcs10_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
- CERT_PKCS10_REQUEST,
- BUILD_SIGNING_KEY, private_key,
- BUILD_SUBJECT, subject,
- BUILD_SUBJECT_ALTNAMES, subjectAltNames,
- BUILD_CHALLENGE_PWD, challengePassword,
- BUILD_DIGEST_ALG, pkcs10_signature_alg,
- BUILD_END);
+ CERT_PKCS10_REQUEST,
+ BUILD_SIGNING_KEY, private_key,
+ BUILD_SUBJECT, subject,
+ BUILD_SUBJECT_ALTNAMES, subjectAltNames,
+ BUILD_CHALLENGE_PWD, challengePassword,
+ BUILD_DIGEST_ALG, pkcs10_signature_alg,
+ BUILD_END);
if (!pkcs10_req)
{
exit_scepclient("generating pkcs10 request failed");
@@ -919,14 +917,14 @@ int main(int argc, char **argv)
/* generate a self-signed X.509 certificate */
x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_SIGNING_KEY, private_key,
- BUILD_PUBLIC_KEY, public_key,
- BUILD_SUBJECT, subject,
- BUILD_NOT_BEFORE_TIME, notBefore,
- BUILD_NOT_AFTER_TIME, notAfter,
- BUILD_SERIAL, serialNumber,
- BUILD_SUBJECT_ALTNAMES, subjectAltNames,
- BUILD_END);
+ BUILD_SIGNING_KEY, private_key,
+ BUILD_PUBLIC_KEY, public_key,
+ BUILD_SUBJECT, subject,
+ BUILD_NOT_BEFORE_TIME, notBefore,
+ BUILD_NOT_AFTER_TIME, notAfter,
+ BUILD_SERIAL, serialNumber,
+ BUILD_SUBJECT_ALTNAMES, subjectAltNames,
+ BUILD_END);
if (!x509_signer)
{
exit_scepclient("generating certificate failed");
@@ -989,9 +987,9 @@ int main(int argc, char **argv)
DBG_log("building pkcs7 request")
)
pkcs7 = scep_build_request(pkcs10_encoding,
- transID, SCEP_PKCSReq_MSG,
- x509_ca_enc, pkcs7_symmetric_cipher,
- x509_signer, pkcs7_digest_alg, private_key);
+ transID, SCEP_PKCSReq_MSG,
+ x509_ca_enc, pkcs7_symmetric_cipher,
+ x509_signer, pkcs7_digest_alg, private_key);
}
/*
@@ -1002,8 +1000,9 @@ int main(int argc, char **argv)
char *path = concatenate_paths(REQ_PATH, file_out_pkcs7);
if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force))
+ {
exit_scepclient("could not write pkcs7 file '%s'", path);
-;
+ }
filetype_out &= ~PKCS7; /* delete PKCS7 flag */
}
@@ -1037,12 +1036,12 @@ int main(int argc, char **argv)
}
if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION,
- http_get_request, &scep_response))
+ http_get_request, &scep_response))
{
exit_scepclient("did not receive a valid scep response");
}
- ugh = scep_parse_response(scep_response, transID, &data, &attrs
- , x509_ca_sig);
+ ugh = scep_parse_response(scep_response, transID, &data, &attrs,
+ x509_ca_sig);
if (ugh != NULL)
{
exit_scepclient(ugh);
@@ -1053,8 +1052,8 @@ int main(int argc, char **argv)
{
identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig);
- plog(" scep request pending, polling every %d seconds"
- , poll_interval);
+ plog(" scep request pending, polling every %d seconds",
+ poll_interval);
poll_start = time_monotonic(NULL);
issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc",
issuer->get_encoding(issuer),
@@ -1062,8 +1061,8 @@ int main(int argc, char **argv)
}
while (attrs.pkiStatus == SCEP_PENDING)
{
- if (max_poll_time > 0
- && (time_monotonic(NULL) - poll_start >= max_poll_time))
+ if (max_poll_time > 0 &&
+ (time_monotonic(NULL) - poll_start >= max_poll_time))
{
exit_scepclient("maximum poll time reached: %d seconds"
, max_poll_time);
@@ -1080,18 +1079,18 @@ int main(int argc, char **argv)
)
chunk_free(&getCertInitial);
- getCertInitial = scep_build_request(issuerAndSubject
- , transID, SCEP_GetCertInitial_MSG
- , x509_ca_enc, pkcs7_symmetric_cipher
- , x509_signer, pkcs7_digest_alg, private_key);
+ getCertInitial = scep_build_request(issuerAndSubject,
+ transID, SCEP_GetCertInitial_MSG,
+ x509_ca_enc, pkcs7_symmetric_cipher,
+ x509_signer, pkcs7_digest_alg, private_key);
if (!scep_http_request(scep_url, getCertInitial, SCEP_PKI_OPERATION,
http_get_request, &scep_response))
{
exit_scepclient("did not receive a valid scep response");
}
- ugh = scep_parse_response(scep_response, transID, &data, &attrs
- , x509_ca_sig);
+ ugh = scep_parse_response(scep_response, transID, &data, &attrs,
+ x509_ca_sig);
if (ugh != NULL)
{
exit_scepclient(ugh);
@@ -1105,13 +1104,13 @@ int main(int argc, char **argv)
envelopedData = data.content;
- if (data.type != OID_PKCS7_DATA
- || !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
+ if (data.type != OID_PKCS7_DATA ||
+ !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
{
exit_scepclient("contentInfo is not of type 'data'");
}
- if (!pkcs7_parse_envelopedData(envelopedData, &certData
- , serialNumber, private_key))
+ if (!pkcs7_parse_envelopedData(envelopedData, &certData,
+ serialNumber, private_key))
{
exit_scepclient("could not decrypt envelopedData");
}