oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add query, add more options to verify-sd and create-sd

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15784 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-07-27 19:01:44 +00:00
parent 03717b6fd4
commit ed0a230297
1 changed files with 70 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
lib/hx509/hxtool.c
View File

@@ -56,37 +56,35 @@ usage(int code)
int
cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
{
int ret;
hx509_verify_ctx ctx = NULL;
heim_oid type;
heim_octet_string c;
hx509_certs signers = NULL;
hx509_certs anchors = NULL;
hx509_lock lock;
int ret, i;
size_t sz;
void *p;
printf("cms verify signed data\n");
hx509_lock_init(&lock);
hx509_lock_add_password(lock, "foobar");
ret = _hx509_map_file(argv[0], &p, &sz);
if (ret)
err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_verify_init_ctx(&ctx);
argc--;
argv++;
ret = hx509_certs_init("MEMORY:cms-anchors", 0, NULL, &anchors);
while (argc > 0) {
ret = hx509_certs_append(anchors, NULL, argv[0]);
for (i = 0; i < opt->anchors_strings.num_strings; i++) {
ret = hx509_certs_append(anchors, lock,
opt->anchors_strings.strings[i]);
if (ret)
errx(1, "hx509_certs_append: %d", ret);
argc--;
argv++;
errx(1, "hx509_certs_append: chain: %d", ret);
}
hx509_verify_attach_anchors(ctx, anchors);
@@ -103,7 +101,13 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
hx509_certs_free(&anchors);
hx509_certs_free(&signers);
hx509_lock_free(lock);
ret = _hx509_write_file(argv[1], c.data, c.length);
if (ret)
errx(1, "hx509_write_file: %d", ret);
free_octet_string(&c);
_hx509_unmap_file(p, sz);
return 0;
@@ -141,18 +145,23 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
errx(1, "hx509_certs_append: chain: %d", ret);
}
ret = _hx509_map_file(argv[0], &p, &sz);
if (ret)
err(1, "map_file: %s: %d", argv[0], ret);
_hx509_query_clear(&q);
q.match |= HX509_QUERY_PRIVATE_KEY;
q.match |= HX509_QUERY_KU_DIGITALSIGNATURE;
if (opt->signer_string) {
q.match |= HX509_QUERY_MATCH_FRIENDLY_NAME;
q.friendlyname = opt->signer_string;
}
ret = _hx509_certs_find(store, &q, &cert);
if (ret)
errx(1, "hx509_certs_find: %d", ret);
ret = _hx509_map_file(argv[0], &p, &sz);
if (ret)
err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_cms_create_signed_1(contentType,
p,
sz,
@@ -276,9 +285,6 @@ validate_print(int argc, char **argv, int flags)
hx509_certs certs;
hx509_lock lock;
if (argc < 1)
errx(1, "argc");
hx509_lock_init(&lock);
hx509_lock_add_password(lock, "foobar");
@@ -347,9 +353,6 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
ret = hx509_certs_init("MEMORY:chain", 0, NULL, &chain);
ret = hx509_certs_init("MEMORY:certs", 0, NULL, &certs);
if (argc < 1)
errx(1, "argc");
while(argc--) {
char *s = *argv++;
@@ -401,9 +404,6 @@ pcert_pkcs11(void *opt, int argc, char **argv)
{
int ret;
if (argc < 1)
errx(1, "argc");
ret = hx509_keyset_init(argv[0], NULL);
if (ret) {
printf("hx509_keyset_init: %d\n", ret);
@@ -413,6 +413,52 @@ pcert_pkcs11(void *opt, int argc, char **argv)
return 0;
}
int
query(struct query_options *opt, int argc, char **argv)
{
hx509_lock lock;
hx509_query q;
hx509_certs certs;
hx509_cert c;
int ret;
_hx509_query_clear(&q);
hx509_lock_init(&lock);
hx509_lock_add_password(lock, "foobar");
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs);
while (argc > 0) {
ret = hx509_certs_append(certs, lock, argv[0]);
if (ret)
errx(1, "hx509_certs_append: %d", ret);
argc--;
argv++;
}
if (opt->friendlyname_string) {
q.match |= HX509_QUERY_MATCH_FRIENDLY_NAME;
q.friendlyname = opt->friendlyname_string;
}
if (opt->private_key_flag)
q.match |= HX509_QUERY_PRIVATE_KEY;
ret = _hx509_certs_find(certs, &q, &c);
if (ret)
warnx("_hx509_certs_find: %d", ret);
else
printf("match found\n");
hx509_lock_free(lock);
return ret;
}
int
help(void *opt, int argc, char **argv)
{