If OCSP revocation data are invalid or too old set appropriate verification flags.
[gnutls.git] / src / p11tool.c
blob1ee3edf5cc1c7dbab17cdec1af118e0f89bfbc6e
1 /*
2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * GnuTLS is free software: you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see
20 * <http://www.gnu.org/licenses/>.
23 #include <config.h>
25 #include <gnutls/gnutls.h>
26 #include <gnutls/x509.h>
27 #include <gnutls/openpgp.h>
28 #include <gnutls/pkcs12.h>
29 #include <gnutls/pkcs11.h>
30 #include <gnutls/abstract.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <ctype.h>
36 #include <time.h>
37 #include <unistd.h>
38 #include <errno.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <fcntl.h>
42 #include <error.h>
44 /* Gnulib portability files. */
45 #include <read-file.h>
46 #include <progname.h>
47 #include <version-etc.h>
49 #include "p11tool-args.h"
50 #include "p11tool.h"
51 #include "certtool-common.h"
53 static void cmd_parser (int argc, char **argv);
55 static FILE *outfile;
56 int batch = 0;
58 static void
59 tls_log_func (int level, const char *str)
61 fprintf (stderr, "|<%d>| %s", level, str);
65 int
66 main (int argc, char **argv)
68 set_program_name (argv[0]);
69 cmd_parser (argc, argv);
71 return 0;
74 static void
75 cmd_parser (int argc, char **argv)
77 int ret, debug = 0;
78 common_info_st cinfo;
79 unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
80 const char* url = NULL;
81 unsigned int detailed_url = 0, optct;
82 unsigned int login = 0, bits = 0;
83 const char* label = NULL, *sec_param = NULL;
85 optct = optionProcess( &p11toolOptions, argc, argv);
86 argc += optct;
87 argv += optct;
89 if (url == NULL && argc > 0)
90 url = argv[0];
91 else
92 url = "pkcs11:";
94 if (HAVE_OPT(DEBUG))
95 debug = OPT_VALUE_DEBUG;
97 gnutls_global_set_log_function (tls_log_func);
98 gnutls_global_set_log_level (debug);
99 if (debug > 1)
100 printf ("Setting log level to %d\n", debug);
102 if ((ret = gnutls_global_init ()) < 0)
103 error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
105 if (HAVE_OPT(PROVIDER))
107 ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
108 if (ret < 0)
109 fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
110 else
112 ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL);
113 if (ret < 0)
114 error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
115 gnutls_strerror (ret));
118 else
120 ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
121 if (ret < 0)
122 fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
125 if (HAVE_OPT(OUTFILE))
127 outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
128 if (outfile == NULL)
129 error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
131 else
132 outfile = stdout;
134 memset (&cinfo, 0, sizeof (cinfo));
136 if (HAVE_OPT(SECRET_KEY))
137 cinfo.secret_key = OPT_ARG(SECRET_KEY);
139 if (HAVE_OPT(LOAD_PRIVKEY))
140 cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
142 if (HAVE_OPT(PKCS8))
143 cinfo.pkcs8 = 1;
145 if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
146 cinfo.incert_format = GNUTLS_X509_FMT_DER;
147 else
148 cinfo.incert_format = GNUTLS_X509_FMT_PEM;
150 if (HAVE_OPT(LOAD_CERTIFICATE))
151 cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
153 if (HAVE_OPT(LOAD_PUBKEY))
154 cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
156 if (ENABLED_OPT(DETAILED_URL))
157 detailed_url = 1;
159 if (ENABLED_OPT(LOGIN))
160 login = 1;
162 if (HAVE_OPT(LABEL))
164 label = OPT_ARG(LABEL);
167 if (HAVE_OPT(BITS))
169 bits = OPT_VALUE_BITS;
172 if (HAVE_OPT(SEC_PARAM))
174 sec_param = OPT_ARG(SEC_PARAM);
177 if (debug > 0)
179 if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no");
180 fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no");
181 fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no");
182 fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no");
183 fprintf(stderr, "\n");
186 /* handle actions
188 if (HAVE_OPT(LIST_TOKENS))
189 pkcs11_token_list (outfile, detailed_url, &cinfo);
190 else if (HAVE_OPT(LIST_MECHANISMS))
191 pkcs11_mechanism_list (outfile, url, login,
192 &cinfo);
193 else if (HAVE_OPT(LIST_ALL))
195 pkcs11_type = PKCS11_TYPE_ALL;
196 pkcs11_list (outfile, url, pkcs11_type,
197 login, detailed_url, &cinfo);
199 else if (HAVE_OPT(LIST_ALL_CERTS))
201 pkcs11_type = PKCS11_TYPE_CRT_ALL;
202 pkcs11_list (outfile, url, pkcs11_type,
203 login, detailed_url, &cinfo);
205 else if (HAVE_OPT(LIST_CERTS))
207 pkcs11_type = PKCS11_TYPE_PK;
208 pkcs11_list (outfile, url, pkcs11_type,
209 login, detailed_url, &cinfo);
211 else if (HAVE_OPT(LIST_ALL_PRIVKEYS))
213 pkcs11_type = PKCS11_TYPE_PRIVKEY;
214 pkcs11_list (outfile, url, pkcs11_type,
215 login, detailed_url, &cinfo);
217 else if (HAVE_OPT(LIST_ALL_TRUSTED))
219 pkcs11_type = PKCS11_TYPE_TRUSTED;
220 pkcs11_list (outfile, url, pkcs11_type,
221 login, detailed_url, &cinfo);
223 else if (HAVE_OPT(EXPORT))
225 pkcs11_export (outfile, url, login, &cinfo);
227 else if (HAVE_OPT(WRITE))
229 int priv;
231 if (HAVE_OPT(PRIVATE))
232 priv = ENABLED_OPT(PRIVATE);
233 else priv = -1;
234 pkcs11_write (outfile, url, label,
235 ENABLED_OPT(TRUSTED), priv, login, &cinfo);
237 else if (HAVE_OPT(INITIALIZE))
238 pkcs11_init (outfile, url, label, &cinfo);
239 else if (HAVE_OPT(DELETE))
240 pkcs11_delete (outfile, url, 0, login, &cinfo);
241 else if (HAVE_OPT(GENERATE_ECC))
243 key_type = GNUTLS_PK_EC;
244 pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
245 label, ENABLED_OPT(PRIVATE), detailed_url, login,
246 &cinfo);
248 else if (HAVE_OPT(GENERATE_RSA))
250 key_type = GNUTLS_PK_RSA;
251 pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
252 label, ENABLED_OPT(PRIVATE), detailed_url, login,
253 &cinfo);
255 else if (HAVE_OPT(GENERATE_DSA))
257 key_type = GNUTLS_PK_DSA;
258 pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
259 label, ENABLED_OPT(PRIVATE), detailed_url, login,
260 &cinfo);
262 else
264 USAGE(1);
267 fclose (outfile);
269 #ifdef ENABLE_PKCS11
270 gnutls_pkcs11_deinit ();
271 #endif
272 gnutls_global_deinit ();