From b244ea47fd09326d8b48da7c02fe8cebe93a0534 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sat, 2 Jun 2007 03:29:44 +0000 Subject: [PATCH] Sign CRL command. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20799 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/hxtool.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c index 19ff3844d..acfe989a5 100644 --- a/lib/hx509/hxtool.c +++ b/lib/hx509/hxtool.c @@ -1724,6 +1724,69 @@ statistic_print(struct statistic_print_options*opt, int argc, char **argv) return 0; } +/* + * + */ + +int +crl_sign(struct crl_sign_options *opt, int argc, char **argv) +{ + hx509_crl crl; + heim_octet_string os; + hx509_cert signer = NULL; + hx509_lock lock; + int ret; + + hx509_lock_init(context, &lock); + lock_strings(lock, &opt->pass_strings); + + ret = hx509_crl_alloc(context, &crl); + if (ret) _hx509_abort("hx509_crl_alloc"); + + if (opt->signer_string == NULL) + errx(1, "signer missing"); + + { + hx509_certs certs = NULL; + hx509_query *q; + + ret = hx509_certs_init(context, opt->signer_string, 0, + NULL, &certs); + if (ret) + hx509_err(context, 1, ret, + "hx509_certs_init: %s", opt->signer_string); + + ret = hx509_query_alloc(context, &q); + if (ret) + hx509_err(context, 1, ret, "hx509_query_alloc: %d", ret); + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + + ret = hx509_certs_find(context, certs, q, &signer); + hx509_query_free(context, q); + hx509_certs_free(&certs); + if (ret) + hx509_err(context, 1, ret, "no signer certificate found"); + } + + + hx509_crl_sign(context, signer, crl, &os); + + hx509_crl_free(context, crl); + + hx509_cert_free(signer); + + if (opt->crl_file_string) + rk_dumpdata(opt->crl_file_string, os.data, os.length); + + free(os.data); + + return 0; +} + +/* + * + */ int help(void *opt, int argc, char **argv)