search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / hx509 / hxtool-commands.c
blob520f9751f630fcd0a6a02ca7ff68af572c6054ca
1 #include <stdio.h>
2 #include <getarg.h>
3 #include <sl.h>
4 #include "hxtool-commands.h"
5
6 static int
7 cms_create_sd_wrap(int argc, char **argv)
8 {
9 struct cms_create_sd_options opt;
10 int ret;
11 int optidx = 0;
12 struct getargs args[] = {
13 { "certificate", 'c', arg_strings, NULL, "certificate stores to pull certificates from", "certificate-store" },
14 { "signer", 's', arg_string, NULL, "certificate to sign with", "signer-friendly-name" },
15 { "anchors", 0, arg_strings, NULL, "trust anchors", "certificate-store" },
16 { "pool", 0, arg_strings, NULL, "certificate store to pull certificates from", "certificate-pool" },
17 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
18 { "peer-alg", 0, arg_strings, NULL, "oid that the peer support", "oid" },
19 { "content-type", 0, arg_string, NULL, "content type oid", "oid" },
20 { "content-info", 0, arg_flag, NULL, "wrapped out-data in a ContentInfo", NULL },
21 { "pem", 0, arg_flag, NULL, "wrap out-data in PEM armor", NULL },
22 { "detached-signature", 0, arg_flag, NULL, "create a detached signature", NULL },
23 { "id-by-name", 0, arg_flag, NULL, "use subject name for CMS Identifier", NULL },
24 { "help", 'h', arg_flag, NULL, NULL, NULL }
25 };
26 int help_flag = 0;
27 opt.certificate_strings.num_strings = 0;
28 opt.certificate_strings.strings = NULL;
29 opt.signer_string = NULL;
30 opt.anchors_strings.num_strings = 0;
31 opt.anchors_strings.strings = NULL;
32 opt.pool_strings.num_strings = 0;
33 opt.pool_strings.strings = NULL;
34 opt.pass_strings.num_strings = 0;
35 opt.pass_strings.strings = NULL;
36 opt.peer_alg_strings.num_strings = 0;
37 opt.peer_alg_strings.strings = NULL;
38 opt.content_type_string = NULL;
39 opt.content_info_flag = 0;
40 opt.pem_flag = 0;
41 opt.detached_signature_flag = 0;
42 opt.id_by_name_flag = 0;
43 args[0].value = &opt.certificate_strings;
44 args[1].value = &opt.signer_string;
45 args[2].value = &opt.anchors_strings;
46 args[3].value = &opt.pool_strings;
47 args[4].value = &opt.pass_strings;
48 args[5].value = &opt.peer_alg_strings;
49 args[6].value = &opt.content_type_string;
50 args[7].value = &opt.content_info_flag;
51 args[8].value = &opt.pem_flag;
52 args[9].value = &opt.detached_signature_flag;
53 args[10].value = &opt.id_by_name_flag;
54 args[11].value = &help_flag;
55 if(getarg(args, 12, argc, argv, &optidx))
56 goto usage;
57 if(argc - optidx != 2) {
58 fprintf(stderr, "Need exactly 2 parameters (%u given).\n\n", argc - optidx);
59 goto usage;
60 }
61 if(help_flag)
62 goto usage;
63 ret = cms_create_sd(&opt, argc - optidx, argv + optidx);
64 free_getarg_strings (&opt.certificate_strings);
65 free_getarg_strings (&opt.anchors_strings);
66 free_getarg_strings (&opt.pool_strings);
67 free_getarg_strings (&opt.pass_strings);
68 free_getarg_strings (&opt.peer_alg_strings);
69 return ret;
70 usage:
71 arg_printusage (args, 12, "cms-create-sd", "in-file out-file");
72 free_getarg_strings (&opt.certificate_strings);
73 free_getarg_strings (&opt.anchors_strings);
74 free_getarg_strings (&opt.pool_strings);
75 free_getarg_strings (&opt.pass_strings);
76 free_getarg_strings (&opt.peer_alg_strings);
77 return 0;
78 }
79
80 static int
81 cms_verify_sd_wrap(int argc, char **argv)
82 {
83 struct cms_verify_sd_options opt;
84 int ret;
85 int optidx = 0;
86 struct getargs args[] = {
87 { "anchors", 0, arg_strings, NULL, "trust anchors", "certificate-store" },
88 { "certificate", 'c', arg_strings, NULL, "certificate store to pull certificates from", "certificate-store" },
89 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
90 { "missing-revoke", 0, arg_flag, NULL, "missing CRL/OCSP is ok", NULL },
91 { "content-info", 0, arg_flag, NULL, "unwrap in-data that's in a ContentInfo", NULL },
92 { "signed-content", 0, arg_string, NULL, "file containing content", NULL },
93 { "help", 'h', arg_flag, NULL, NULL, NULL }
94 };
95 int help_flag = 0;
96 opt.anchors_strings.num_strings = 0;
97 opt.anchors_strings.strings = NULL;
98 opt.certificate_strings.num_strings = 0;
99 opt.certificate_strings.strings = NULL;
100 opt.pass_strings.num_strings = 0;
101 opt.pass_strings.strings = NULL;
102 opt.missing_revoke_flag = 0;
103 opt.content_info_flag = 0;
104 opt.signed_content_string = NULL;
105 args[0].value = &opt.anchors_strings;
106 args[1].value = &opt.certificate_strings;
107 args[2].value = &opt.pass_strings;
108 args[3].value = &opt.missing_revoke_flag;
109 args[4].value = &opt.content_info_flag;
110 args[5].value = &opt.signed_content_string;
111 args[6].value = &help_flag;
112 if(getarg(args, 7, argc, argv, &optidx))
113 goto usage;
114 if(argc - optidx != 2) {
115 fprintf(stderr, "Need exactly 2 parameters (%u given).\n\n", argc - optidx);
116 goto usage;
117 }
118 if(help_flag)
119 goto usage;
120 ret = cms_verify_sd(&opt, argc - optidx, argv + optidx);
121 free_getarg_strings (&opt.anchors_strings);
122 free_getarg_strings (&opt.certificate_strings);
123 free_getarg_strings (&opt.pass_strings);
124 return ret;
125 usage:
126 arg_printusage (args, 7, "cms-verify-sd", "in-file out-file");
127 free_getarg_strings (&opt.anchors_strings);
128 free_getarg_strings (&opt.certificate_strings);
129 free_getarg_strings (&opt.pass_strings);
130 return 0;
131 }
132
133 static int
134 cms_unenvelope_wrap(int argc, char **argv)
135 {
136 struct cms_unenvelope_options opt;
137 int ret;
138 int optidx = 0;
139 struct getargs args[] = {
140 { "certificate", 'c', arg_strings, NULL, "certificate used to decrypt the data", "certificate-store" },
141 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
142 { "content-info", 0, arg_flag, NULL, "wrapped out-data in a ContentInfo", NULL },
143 { "help", 'h', arg_flag, NULL, NULL, NULL }
144 };
145 int help_flag = 0;
146 opt.certificate_strings.num_strings = 0;
147 opt.certificate_strings.strings = NULL;
148 opt.pass_strings.num_strings = 0;
149 opt.pass_strings.strings = NULL;
150 opt.content_info_flag = 0;
151 args[0].value = &opt.certificate_strings;
152 args[1].value = &opt.pass_strings;
153 args[2].value = &opt.content_info_flag;
154 args[3].value = &help_flag;
155 if(getarg(args, 4, argc, argv, &optidx))
156 goto usage;
157 if(argc - optidx < 2) {
158 fprintf(stderr, "Arguments given (%u) are less than expected (2).\n\n", argc - optidx);
159 goto usage;
160 }
161 if(help_flag)
162 goto usage;
163 ret = cms_unenvelope(&opt, argc - optidx, argv + optidx);
164 free_getarg_strings (&opt.certificate_strings);
165 free_getarg_strings (&opt.pass_strings);
166 return ret;
167 usage:
168 arg_printusage (args, 4, "cms-unenvelope", "in-file out-file");
169 free_getarg_strings (&opt.certificate_strings);
170 free_getarg_strings (&opt.pass_strings);
171 return 0;
172 }
173
174 static int
175 cms_envelope_wrap(int argc, char **argv)
176 {
177 struct cms_envelope_options opt;
178 int ret;
179 int optidx = 0;
180 struct getargs args[] = {
181 { "certificate", 'c', arg_strings, NULL, "certificates used to receive the data", "certificate-store" },
182 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
183 { "encryption-type", 0, arg_string, NULL, "enctype", "enctype" },
184 { "content-type", 0, arg_string, NULL, "content type oid", "oid" },
185 { "content-info", 0, arg_flag, NULL, "wrapped out-data in a ContentInfo", NULL },
186 { "help", 'h', arg_flag, NULL, NULL, NULL }
187 };
188 int help_flag = 0;
189 opt.certificate_strings.num_strings = 0;
190 opt.certificate_strings.strings = NULL;
191 opt.pass_strings.num_strings = 0;
192 opt.pass_strings.strings = NULL;
193 opt.encryption_type_string = NULL;
194 opt.content_type_string = NULL;
195 opt.content_info_flag = 0;
196 args[0].value = &opt.certificate_strings;
197 args[1].value = &opt.pass_strings;
198 args[2].value = &opt.encryption_type_string;
199 args[3].value = &opt.content_type_string;
200 args[4].value = &opt.content_info_flag;
201 args[5].value = &help_flag;
202 if(getarg(args, 6, argc, argv, &optidx))
203 goto usage;
204 if(argc - optidx < 2) {
205 fprintf(stderr, "Arguments given (%u) are less than expected (2).\n\n", argc - optidx);
206 goto usage;
207 }
208 if(help_flag)
209 goto usage;
210 ret = cms_create_enveloped(&opt, argc - optidx, argv + optidx);
211 free_getarg_strings (&opt.certificate_strings);
212 free_getarg_strings (&opt.pass_strings);
213 return ret;
214 usage:
215 arg_printusage (args, 6, "cms-envelope", "in-file out-file");
216 free_getarg_strings (&opt.certificate_strings);
217 free_getarg_strings (&opt.pass_strings);
218 return 0;
219 }
220
221 static int
222 verify_wrap(int argc, char **argv)
223 {
224 struct verify_options opt;
225 int ret;
226 int optidx = 0;
227 struct getargs args[] = {
228 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
229 { "allow-proxy-certificate", 0, arg_flag, NULL, "allow proxy certificates", NULL },
230 { "missing-revoke", 0, arg_flag, NULL, "missing CRL/OCSP is ok", NULL },
231 { "time", 0, arg_string, NULL, "time when to validate the chain", NULL },
232 { "verbose", 'v', arg_flag, NULL, "verbose logging", NULL },
233 { "max-depth", 0, arg_integer, NULL, "maximum search length of certificate trust anchor", NULL },
234 { "hostname", 0, arg_string, NULL, "match hostname to certificate", NULL },
235 { "help", 'h', arg_flag, NULL, NULL, NULL }
236 };
237 int help_flag = 0;
238 opt.pass_strings.num_strings = 0;
239 opt.pass_strings.strings = NULL;
240 opt.allow_proxy_certificate_flag = 0;
241 opt.missing_revoke_flag = 0;
242 opt.time_string = NULL;
243 opt.verbose_flag = 0;
244 opt.max_depth_integer = 0;
245 opt.hostname_string = NULL;
246 args[0].value = &opt.pass_strings;
247 args[1].value = &opt.allow_proxy_certificate_flag;
248 args[2].value = &opt.missing_revoke_flag;
249 args[3].value = &opt.time_string;
250 args[4].value = &opt.verbose_flag;
251 args[5].value = &opt.max_depth_integer;
252 args[6].value = &opt.hostname_string;
253 args[7].value = &help_flag;
254 if(getarg(args, 8, argc, argv, &optidx))
255 goto usage;
256 if(help_flag)
257 goto usage;
258 ret = pcert_verify(&opt, argc - optidx, argv + optidx);
259 free_getarg_strings (&opt.pass_strings);
260 return ret;
261 usage:
262 arg_printusage (args, 8, "verify", "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2");
263 free_getarg_strings (&opt.pass_strings);
264 return 0;
265 }
266
267 static int
268 print_wrap(int argc, char **argv)
269 {
270 struct print_options opt;
271 int ret;
272 int optidx = 0;
273 struct getargs args[] = {
274 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
275 { "content", 0, arg_flag, NULL, "print the content of the certificates", NULL },
276 { "info", 0, arg_flag, NULL, "print the information about the certificate store", NULL },
277 { "help", 'h', arg_flag, NULL, NULL, NULL }
278 };
279 int help_flag = 0;
280 opt.pass_strings.num_strings = 0;
281 opt.pass_strings.strings = NULL;
282 opt.content_flag = 0;
283 opt.info_flag = 0;
284 args[0].value = &opt.pass_strings;
285 args[1].value = &opt.content_flag;
286 args[2].value = &opt.info_flag;
287 args[3].value = &help_flag;
288 if(getarg(args, 4, argc, argv, &optidx))
289 goto usage;
290 if(argc - optidx < 1) {
291 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
292 goto usage;
293 }
294 if(help_flag)
295 goto usage;
296 ret = pcert_print(&opt, argc - optidx, argv + optidx);
297 free_getarg_strings (&opt.pass_strings);
298 return ret;
299 usage:
300 arg_printusage (args, 4, "print", "certificate ...");
301 free_getarg_strings (&opt.pass_strings);
302 return 0;
303 }
304
305 static int
306 validate_wrap(int argc, char **argv)
307 {
308 struct validate_options opt;
309 int ret;
310 int optidx = 0;
311 struct getargs args[] = {
312 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
313 { "help", 'h', arg_flag, NULL, NULL, NULL }
314 };
315 int help_flag = 0;
316 opt.pass_strings.num_strings = 0;
317 opt.pass_strings.strings = NULL;
318 args[0].value = &opt.pass_strings;
319 args[1].value = &help_flag;
320 if(getarg(args, 2, argc, argv, &optidx))
321 goto usage;
322 if(argc - optidx < 1) {
323 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
324 goto usage;
325 }
326 if(help_flag)
327 goto usage;
328 ret = pcert_validate(&opt, argc - optidx, argv + optidx);
329 free_getarg_strings (&opt.pass_strings);
330 return ret;
331 usage:
332 arg_printusage (args, 2, "validate", "certificate ...");
333 free_getarg_strings (&opt.pass_strings);
334 return 0;
335 }
336
337 static int
338 certificate_copy_wrap(int argc, char **argv)
339 {
340 struct certificate_copy_options opt;
341 int ret;
342 int optidx = 0;
343 struct getargs args[] = {
344 { "in-pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
345 { "out-pass", 0, arg_string, NULL, "password, prompter, or environment", "password" },
346 { "help", 'h', arg_flag, NULL, NULL, NULL }
347 };
348 int help_flag = 0;
349 opt.in_pass_strings.num_strings = 0;
350 opt.in_pass_strings.strings = NULL;
351 opt.out_pass_string = NULL;
352 args[0].value = &opt.in_pass_strings;
353 args[1].value = &opt.out_pass_string;
354 args[2].value = &help_flag;
355 if(getarg(args, 3, argc, argv, &optidx))
356 goto usage;
357 if(argc - optidx < 2) {
358 fprintf(stderr, "Arguments given (%u) are less than expected (2).\n\n", argc - optidx);
359 goto usage;
360 }
361 if(help_flag)
362 goto usage;
363 ret = certificate_copy(&opt, argc - optidx, argv + optidx);
364 free_getarg_strings (&opt.in_pass_strings);
365 return ret;
366 usage:
367 arg_printusage (args, 3, "certificate-copy", "in-certificates-1 ... out-certificate");
368 free_getarg_strings (&opt.in_pass_strings);
369 return 0;
370 }
371
372 static int
373 ocsp_fetch_wrap(int argc, char **argv)
374 {
375 struct ocsp_fetch_options opt;
376 int ret;
377 int optidx = 0;
378 struct getargs args[] = {
379 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
380 { "sign", 0, arg_string, NULL, "certificate use to sign the request", "certificate" },
381 { "url-path", 0, arg_string, NULL, "part after host in url to put in the request", "url" },
382 { "nonce", 0, arg_negative_flag, NULL, "don't include nonce in request", NULL },
383 { "pool", 0, arg_strings, NULL, "pool to find parent certificate in", "certificate-store" },
384 { "help", 'h', arg_flag, NULL, NULL, NULL }
385 };
386 int help_flag = 0;
387 opt.pass_strings.num_strings = 0;
388 opt.pass_strings.strings = NULL;
389 opt.sign_string = NULL;
390 opt.url_path_string = NULL;
391 opt.nonce_flag = 1;
392 opt.pool_strings.num_strings = 0;
393 opt.pool_strings.strings = NULL;
394 args[0].value = &opt.pass_strings;
395 args[1].value = &opt.sign_string;
396 args[2].value = &opt.url_path_string;
397 args[3].value = &opt.nonce_flag;
398 args[4].value = &opt.pool_strings;
399 args[5].value = &help_flag;
400 if(getarg(args, 6, argc, argv, &optidx))
401 goto usage;
402 if(argc - optidx < 2) {
403 fprintf(stderr, "Arguments given (%u) are less than expected (2).\n\n", argc - optidx);
404 goto usage;
405 }
406 if(help_flag)
407 goto usage;
408 ret = ocsp_fetch(&opt, argc - optidx, argv + optidx);
409 free_getarg_strings (&opt.pass_strings);
410 free_getarg_strings (&opt.pool_strings);
411 return ret;
412 usage:
413 arg_printusage (args, 6, "ocsp-fetch", "outfile certs ...");
414 free_getarg_strings (&opt.pass_strings);
415 free_getarg_strings (&opt.pool_strings);
416 return 0;
417 }
418
419 static int
420 ocsp_verify_wrap(int argc, char **argv)
421 {
422 struct ocsp_verify_options opt;
423 int ret;
424 int optidx = 0;
425 struct getargs args[] = {
426 { "ocsp-file", 0, arg_string, NULL, "OCSP file", NULL },
427 { "help", 'h', arg_flag, NULL, NULL, NULL }
428 };
429 int help_flag = 0;
430 opt.ocsp_file_string = NULL;
431 args[0].value = &opt.ocsp_file_string;
432 args[1].value = &help_flag;
433 if(getarg(args, 2, argc, argv, &optidx))
434 goto usage;
435 if(argc - optidx < 1) {
436 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
437 goto usage;
438 }
439 if(help_flag)
440 goto usage;
441 ret = ocsp_verify(&opt, argc - optidx, argv + optidx);
442 return ret;
443 usage:
444 arg_printusage (args, 2, "ocsp-verify", "certificates ...");
445 return 0;
446 }
447
448 static int
449 ocsp_print_wrap(int argc, char **argv)
450 {
451 struct ocsp_print_options opt;
452 int ret;
453 int optidx = 0;
454 struct getargs args[] = {
455 { "verbose", 0, arg_flag, NULL, "verbose", NULL },
456 { "help", 'h', arg_flag, NULL, NULL, NULL }
457 };
458 int help_flag = 0;
459 opt.verbose_flag = 0;
460 args[0].value = &opt.verbose_flag;
461 args[1].value = &help_flag;
462 if(getarg(args, 2, argc, argv, &optidx))
463 goto usage;
464 if(argc - optidx < 1) {
465 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
466 goto usage;
467 }
468 if(help_flag)
469 goto usage;
470 ret = ocsp_print(&opt, argc - optidx, argv + optidx);
471 return ret;
472 usage:
473 arg_printusage (args, 2, "ocsp-print", "ocsp-response-file ...");
474 return 0;
475 }
476
477 static int
478 request_create_wrap(int argc, char **argv)
479 {
480 struct request_create_options opt;
481 int ret;
482 int optidx = 0;
483 struct getargs args[] = {
484 { "subject", 0, arg_string, NULL, "Subject DN", NULL },
485 { "email", 0, arg_strings, NULL, "Email address in SubjectAltName", NULL },
486 { "dnsname", 0, arg_strings, NULL, "Hostname or domainname in SubjectAltName", NULL },
487 { "type", 0, arg_string, NULL, "Type of request CRMF or PKCS10, defaults to PKCS10", NULL },
488 { "key", 0, arg_string, NULL, "Key-pair", NULL },
489 { "generate-key", 0, arg_string, NULL, "keytype", NULL },
490 { "key-bits", 0, arg_integer, NULL, "number of bits in the generated key", NULL },
491 { "verbose", 0, arg_flag, NULL, "verbose status", NULL },
492 { "help", 'h', arg_flag, NULL, NULL, NULL }
493 };
494 int help_flag = 0;
495 opt.subject_string = NULL;
496 opt.email_strings.num_strings = 0;
497 opt.email_strings.strings = NULL;
498 opt.dnsname_strings.num_strings = 0;
499 opt.dnsname_strings.strings = NULL;
500 opt.type_string = NULL;
501 opt.key_string = NULL;
502 opt.generate_key_string = NULL;
503 opt.key_bits_integer = 0;
504 opt.verbose_flag = 0;
505 args[0].value = &opt.subject_string;
506 args[1].value = &opt.email_strings;
507 args[2].value = &opt.dnsname_strings;
508 args[3].value = &opt.type_string;
509 args[4].value = &opt.key_string;
510 args[5].value = &opt.generate_key_string;
511 args[6].value = &opt.key_bits_integer;
512 args[7].value = &opt.verbose_flag;
513 args[8].value = &help_flag;
514 if(getarg(args, 9, argc, argv, &optidx))
515 goto usage;
516 if(argc - optidx != 1) {
517 fprintf(stderr, "Need exactly 1 parameters (%u given).\n\n", argc - optidx);
518 goto usage;
519 }
520 if(help_flag)
521 goto usage;
522 ret = request_create(&opt, argc - optidx, argv + optidx);
523 free_getarg_strings (&opt.email_strings);
524 free_getarg_strings (&opt.dnsname_strings);
525 return ret;
526 usage:
527 arg_printusage (args, 9, "request-create", "output-file");
528 free_getarg_strings (&opt.email_strings);
529 free_getarg_strings (&opt.dnsname_strings);
530 return 0;
531 }
532
533 static int
534 request_print_wrap(int argc, char **argv)
535 {
536 struct request_print_options opt;
537 int ret;
538 int optidx = 0;
539 struct getargs args[] = {
540 { "verbose", 0, arg_flag, NULL, "verbose printing", NULL },
541 { "help", 'h', arg_flag, NULL, NULL, NULL }
542 };
543 int help_flag = 0;
544 opt.verbose_flag = 0;
545 args[0].value = &opt.verbose_flag;
546 args[1].value = &help_flag;
547 if(getarg(args, 2, argc, argv, &optidx))
548 goto usage;
549 if(argc - optidx < 1) {
550 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
551 goto usage;
552 }
553 if(help_flag)
554 goto usage;
555 ret = request_print(&opt, argc - optidx, argv + optidx);
556 return ret;
557 usage:
558 arg_printusage (args, 2, "request-print", "requests ...");
559 return 0;
560 }
561
562 static int
563 query_wrap(int argc, char **argv)
564 {
565 struct query_options opt;
566 int ret;
567 int optidx = 0;
568 struct getargs args[] = {
569 { "exact", 0, arg_flag, NULL, "exact match", NULL },
570 { "private-key", 0, arg_flag, NULL, "search for private key", NULL },
571 { "friendlyname", 0, arg_string, NULL, "match on friendly name", "name" },
572 { "keyEncipherment", 0, arg_flag, NULL, "match keyEncipherment certificates", NULL },
573 { "digitalSignature", 0, arg_flag, NULL, "match digitalSignature certificates", NULL },
574 { "print", 0, arg_flag, NULL, "print matches", NULL },
575 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
576 { "help", 'h', arg_flag, NULL, NULL, NULL }
577 };
578 int help_flag = 0;
579 opt.exact_flag = 0;
580 opt.private_key_flag = 0;
581 opt.friendlyname_string = NULL;
582 opt.keyEncipherment_flag = 0;
583 opt.digitalSignature_flag = 0;
584 opt.print_flag = 0;
585 opt.pass_strings.num_strings = 0;
586 opt.pass_strings.strings = NULL;
587 args[0].value = &opt.exact_flag;
588 args[1].value = &opt.private_key_flag;
589 args[2].value = &opt.friendlyname_string;
590 args[3].value = &opt.keyEncipherment_flag;
591 args[4].value = &opt.digitalSignature_flag;
592 args[5].value = &opt.print_flag;
593 args[6].value = &opt.pass_strings;
594 args[7].value = &help_flag;
595 if(getarg(args, 8, argc, argv, &optidx))
596 goto usage;
597 if(argc - optidx < 1) {
598 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
599 goto usage;
600 }
601 if(help_flag)
602 goto usage;
603 ret = query(&opt, argc - optidx, argv + optidx);
604 free_getarg_strings (&opt.pass_strings);
605 return ret;
606 usage:
607 arg_printusage (args, 8, "query", "certificates ...");
608 free_getarg_strings (&opt.pass_strings);
609 return 0;
610 }
611
612 static int
613 info_wrap(int argc, char **argv)
614 {
615 int ret;
616 int optidx = 0;
617 struct getargs args[] = {
618 { "help", 'h', arg_flag, NULL, NULL, NULL }
619 };
620 int help_flag = 0;
621 args[0].value = &help_flag;
622 if(getarg(args, 1, argc, argv, &optidx))
623 goto usage;
624 if(argc - optidx > 0) {
625 fprintf(stderr, "Arguments given (%u) are more than expected (0).\n\n", argc - optidx);
626 goto usage;
627 }
628 if(help_flag)
629 goto usage;
630 ret = info(NULL, argc - optidx, argv + optidx);
631 return ret;
632 usage:
633 arg_printusage (args, 1, "info", "");
634 return 0;
635 }
636
637 static int
638 random_data_wrap(int argc, char **argv)
639 {
640 int ret;
641 int optidx = 0;
642 struct getargs args[] = {
643 { "help", 'h', arg_flag, NULL, NULL, NULL }
644 };
645 int help_flag = 0;
646 args[0].value = &help_flag;
647 if(getarg(args, 1, argc, argv, &optidx))
648 goto usage;
649 if(argc - optidx < 1) {
650 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
651 goto usage;
652 }
653 if(help_flag)
654 goto usage;
655 ret = random_data(NULL, argc - optidx, argv + optidx);
656 return ret;
657 usage:
658 arg_printusage (args, 1, "random-data", "bytes");
659 return 0;
660 }
661
662 static int
663 crypto_available_wrap(int argc, char **argv)
664 {
665 struct crypto_available_options opt;
666 int ret;
667 int optidx = 0;
668 struct getargs args[] = {
669 { "type", 0, arg_string, NULL, "type of CMS algorithm", NULL },
670 { "help", 'h', arg_flag, NULL, NULL, NULL }
671 };
672 int help_flag = 0;
673 opt.type_string = NULL;
674 args[0].value = &opt.type_string;
675 args[1].value = &help_flag;
676 if(getarg(args, 2, argc, argv, &optidx))
677 goto usage;
678 if(argc - optidx > 0) {
679 fprintf(stderr, "Arguments given (%u) are more than expected (0).\n\n", argc - optidx);
680 goto usage;
681 }
682 if(help_flag)
683 goto usage;
684 ret = crypto_available(&opt, argc - optidx, argv + optidx);
685 return ret;
686 usage:
687 arg_printusage (args, 2, "crypto-available", "");
688 return 0;
689 }
690
691 static int
692 crypto_select_wrap(int argc, char **argv)
693 {
694 struct crypto_select_options opt;
695 int ret;
696 int optidx = 0;
697 struct getargs args[] = {
698 { "type", 0, arg_string, NULL, "type of CMS algorithm", NULL },
699 { "certificate", 0, arg_string, NULL, "source certificate limiting the choices", NULL },
700 { "peer-cmstype", 0, arg_strings, NULL, "peer limiting cmstypes", NULL },
701 { "help", 'h', arg_flag, NULL, NULL, NULL }
702 };
703 int help_flag = 0;
704 opt.type_string = NULL;
705 opt.certificate_string = NULL;
706 opt.peer_cmstype_strings.num_strings = 0;
707 opt.peer_cmstype_strings.strings = NULL;
708 args[0].value = &opt.type_string;
709 args[1].value = &opt.certificate_string;
710 args[2].value = &opt.peer_cmstype_strings;
711 args[3].value = &help_flag;
712 if(getarg(args, 4, argc, argv, &optidx))
713 goto usage;
714 if(argc - optidx > 0) {
715 fprintf(stderr, "Arguments given (%u) are more than expected (0).\n\n", argc - optidx);
716 goto usage;
717 }
718 if(help_flag)
719 goto usage;
720 ret = crypto_select(&opt, argc - optidx, argv + optidx);
721 free_getarg_strings (&opt.peer_cmstype_strings);
722 return ret;
723 usage:
724 arg_printusage (args, 4, "crypto-select", "");
725 free_getarg_strings (&opt.peer_cmstype_strings);
726 return 0;
727 }
728
729 static int
730 hex_wrap(int argc, char **argv)
731 {
732 struct hex_options opt;
733 int ret;
734 int optidx = 0;
735 struct getargs args[] = {
736 { "decode", 'd', arg_flag, NULL, "decode instead of encode", NULL },
737 { "help", 'h', arg_flag, NULL, NULL, NULL }
738 };
739 int help_flag = 0;
740 opt.decode_flag = 0;
741 args[0].value = &opt.decode_flag;
742 args[1].value = &help_flag;
743 if(getarg(args, 2, argc, argv, &optidx))
744 goto usage;
745 if(argc - optidx > 0) {
746 fprintf(stderr, "Arguments given (%u) are more than expected (0).\n\n", argc - optidx);
747 goto usage;
748 }
749 if(help_flag)
750 goto usage;
751 ret = hxtool_hex(&opt, argc - optidx, argv + optidx);
752 return ret;
753 usage:
754 arg_printusage (args, 2, "hex", "");
755 return 0;
756 }
757
758 static int
759 certificate_sign_wrap(int argc, char **argv)
760 {
761 struct certificate_sign_options opt;
762 int ret;
763 int optidx = 0;
764 struct getargs args[] = {
765 { "issue-ca", 0, arg_flag, NULL, "Issue a CA certificate", NULL },
766 { "issue-proxy", 0, arg_flag, NULL, "Issue a proxy certificate", NULL },
767 { "domain-controller", 0, arg_flag, NULL, "Issue a MS domaincontroller certificate", NULL },
768 { "subject", 0, arg_string, NULL, "Subject of issued certificate", NULL },
769 { "ca-certificate", 0, arg_string, NULL, "Issuing CA certificate", NULL },
770 { "self-signed", 0, arg_flag, NULL, "Issuing a self-signed certificate", NULL },
771 { "ca-private-key", 0, arg_string, NULL, "Private key for self-signed certificate", NULL },
772 { "certificate", 0, arg_string, NULL, "Issued certificate", NULL },
773 { "type", 0, arg_strings, NULL, "Type of certificate to issue", NULL },
774 { "lifetime", 0, arg_string, NULL, "Lifetime of certificate", NULL },
775 { "serial-number", 0, arg_string, NULL, "serial-number of certificate", NULL },
776 { "path-length", 0, arg_integer, NULL, "Maximum path length (CA and proxy certificates), -1 no limit", NULL },
777 { "hostname", 0, arg_strings, NULL, "DNS names this certificate is allowed to serve", NULL },
778 { "email", 0, arg_strings, NULL, "email addresses assigned to this certificate", NULL },
779 { "pk-init-principal", 0, arg_string, NULL, "PK-INIT principal (for SAN)", NULL },
780 { "ms-upn", 0, arg_string, NULL, "Microsoft UPN (for SAN)", NULL },
781 { "jid", 0, arg_string, NULL, "XMPP jabber id (for SAN)", NULL },
782 { "req", 0, arg_string, NULL, "certificate request", NULL },
783 { "certificate-private-key", 0, arg_string, NULL, "private-key", NULL },
784 { "generate-key", 0, arg_string, NULL, "keytype", NULL },
785 { "key-bits", 0, arg_integer, NULL, "number of bits in the generated key", NULL },
786 { "crl-uri", 0, arg_string, NULL, "URI to CRL", NULL },
787 { "template-certificate", 0, arg_string, NULL, "certificate", NULL },
788 { "template-fields", 0, arg_string, NULL, "flag", NULL },
789 { "help", 'h', arg_flag, NULL, NULL, NULL }
790 };
791 int help_flag = 0;
792 opt.issue_ca_flag = 0;
793 opt.issue_proxy_flag = 0;
794 opt.domain_controller_flag = 0;
795 opt.subject_string = NULL;
796 opt.ca_certificate_string = NULL;
797 opt.self_signed_flag = 0;
798 opt.ca_private_key_string = NULL;
799 opt.certificate_string = NULL;
800 opt.type_strings.num_strings = 0;
801 opt.type_strings.strings = NULL;
802 opt.lifetime_string = NULL;
803 opt.serial_number_string = NULL;
804 opt.path_length_integer = -1;
805 opt.hostname_strings.num_strings = 0;
806 opt.hostname_strings.strings = NULL;
807 opt.email_strings.num_strings = 0;
808 opt.email_strings.strings = NULL;
809 opt.pk_init_principal_string = NULL;
810 opt.ms_upn_string = NULL;
811 opt.jid_string = NULL;
812 opt.req_string = NULL;
813 opt.certificate_private_key_string = NULL;
814 opt.generate_key_string = NULL;
815 opt.key_bits_integer = 0;
816 opt.crl_uri_string = NULL;
817 opt.template_certificate_string = NULL;
818 opt.template_fields_string = NULL;
819 args[0].value = &opt.issue_ca_flag;
820 args[1].value = &opt.issue_proxy_flag;
821 args[2].value = &opt.domain_controller_flag;
822 args[3].value = &opt.subject_string;
823 args[4].value = &opt.ca_certificate_string;
824 args[5].value = &opt.self_signed_flag;
825 args[6].value = &opt.ca_private_key_string;
826 args[7].value = &opt.certificate_string;
827 args[8].value = &opt.type_strings;
828 args[9].value = &opt.lifetime_string;
829 args[10].value = &opt.serial_number_string;
830 args[11].value = &opt.path_length_integer;
831 args[12].value = &opt.hostname_strings;
832 args[13].value = &opt.email_strings;
833 args[14].value = &opt.pk_init_principal_string;
834 args[15].value = &opt.ms_upn_string;
835 args[16].value = &opt.jid_string;
836 args[17].value = &opt.req_string;
837 args[18].value = &opt.certificate_private_key_string;
838 args[19].value = &opt.generate_key_string;
839 args[20].value = &opt.key_bits_integer;
840 args[21].value = &opt.crl_uri_string;
841 args[22].value = &opt.template_certificate_string;
842 args[23].value = &opt.template_fields_string;
843 args[24].value = &help_flag;
844 if(getarg(args, 25, argc, argv, &optidx))
845 goto usage;
846 if(argc - optidx > 0) {
847 fprintf(stderr, "Arguments given (%u) are more than expected (0).\n\n", argc - optidx);
848 goto usage;
849 }
850 if(help_flag)
851 goto usage;
852 ret = hxtool_ca(&opt, argc - optidx, argv + optidx);
853 free_getarg_strings (&opt.type_strings);
854 free_getarg_strings (&opt.hostname_strings);
855 free_getarg_strings (&opt.email_strings);
856 return ret;
857 usage:
858 arg_printusage (args, 25, "certificate-sign", "");
859 free_getarg_strings (&opt.type_strings);
860 free_getarg_strings (&opt.hostname_strings);
861 free_getarg_strings (&opt.email_strings);
862 return 0;
863 }
864
865 static int
866 test_crypto_wrap(int argc, char **argv)
867 {
868 struct test_crypto_options opt;
869 int ret;
870 int optidx = 0;
871 struct getargs args[] = {
872 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
873 { "verbose", 0, arg_flag, NULL, "verbose printing", NULL },
874 { "help", 'h', arg_flag, NULL, NULL, NULL }
875 };
876 int help_flag = 0;
877 opt.pass_strings.num_strings = 0;
878 opt.pass_strings.strings = NULL;
879 opt.verbose_flag = 0;
880 args[0].value = &opt.pass_strings;
881 args[1].value = &opt.verbose_flag;
882 args[2].value = &help_flag;
883 if(getarg(args, 3, argc, argv, &optidx))
884 goto usage;
885 if(argc - optidx < 1) {
886 fprintf(stderr, "Arguments given (%u) are less than expected (1).\n\n", argc - optidx);
887 goto usage;
888 }
889 if(help_flag)
890 goto usage;
891 ret = test_crypto(&opt, argc - optidx, argv + optidx);
892 free_getarg_strings (&opt.pass_strings);
893 return ret;
894 usage:
895 arg_printusage (args, 3, "test-crypto", "certificates...");
896 free_getarg_strings (&opt.pass_strings);
897 return 0;
898 }
899
900 static int
901 statistic_print_wrap(int argc, char **argv)
902 {
903 struct statistic_print_options opt;
904 int ret;
905 int optidx = 0;
906 struct getargs args[] = {
907 { "type", 0, arg_integer, NULL, "type of statistics", NULL },
908 { "help", 'h', arg_flag, NULL, NULL, NULL }
909 };
910 int help_flag = 0;
911 opt.type_integer = 0;
912 args[0].value = &opt.type_integer;
913 args[1].value = &help_flag;
914 if(getarg(args, 2, argc, argv, &optidx))
915 goto usage;
916 if(argc - optidx > 0) {
917 fprintf(stderr, "Arguments given (%u) are more than expected (0).\n\n", argc - optidx);
918 goto usage;
919 }
920 if(help_flag)
921 goto usage;
922 ret = statistic_print(&opt, argc - optidx, argv + optidx);
923 return ret;
924 usage:
925 arg_printusage (args, 2, "statistic-print", "");
926 return 0;
927 }
928
929 static int
930 crl_sign_wrap(int argc, char **argv)
931 {
932 struct crl_sign_options opt;
933 int ret;
934 int optidx = 0;
935 struct getargs args[] = {
936 { "signer", 0, arg_string, NULL, "signer certificate", NULL },
937 { "pass", 0, arg_strings, NULL, "password, prompter, or environment", "password" },
938 { "crl-file", 0, arg_string, NULL, "CRL output file", NULL },
939 { "lifetime", 0, arg_string, NULL, "time the crl will be valid", NULL },
940 { "help", 'h', arg_flag, NULL, NULL, NULL }
941 };
942 int help_flag = 0;
943 opt.signer_string = NULL;
944 opt.pass_strings.num_strings = 0;
945 opt.pass_strings.strings = NULL;
946 opt.crl_file_string = NULL;
947 opt.lifetime_string = NULL;
948 args[0].value = &opt.signer_string;
949 args[1].value = &opt.pass_strings;
950 args[2].value = &opt.crl_file_string;
951 args[3].value = &opt.lifetime_string;
952 args[4].value = &help_flag;
953 if(getarg(args, 5, argc, argv, &optidx))
954 goto usage;
955 if(argc - optidx < 0) {
956 fprintf(stderr, "Arguments given (%u) are less than expected (0).\n\n", argc - optidx);
957 goto usage;
958 }
959 if(help_flag)
960 goto usage;
961 ret = crl_sign(&opt, argc - optidx, argv + optidx);
962 free_getarg_strings (&opt.pass_strings);
963 return ret;
964 usage:
965 arg_printusage (args, 5, "crl-sign", "certificates...");
966 free_getarg_strings (&opt.pass_strings);
967 return 0;
968 }
969
970 static int
971 help_wrap(int argc, char **argv)
972 {
973 int ret;
974 int optidx = 0;
975 struct getargs args[] = {
976 { "help", 'h', arg_flag, NULL, NULL, NULL }
977 };
978 int help_flag = 0;
979 args[0].value = &help_flag;
980 if(getarg(args, 1, argc, argv, &optidx))
981 goto usage;
982 if(argc - optidx > 1) {
983 fprintf(stderr, "Arguments given (%u) are more than expected (1).\n\n", argc - optidx);
984 goto usage;
985 }
986 if(argc - optidx < 0) {
987 fprintf(stderr, "Arguments given (%u) are less than expected (0).\n\n", argc - optidx);
988 goto usage;
989 }
990 if(help_flag)
991 goto usage;
992 ret = help(NULL, argc - optidx, argv + optidx);
993 return ret;
994 usage:
995 arg_printusage (args, 1, "help", "[command]");
996 return 0;
997 }
998
999 SL_cmd commands[] = {
1000 { "cms-create-sd", cms_create_sd_wrap, "cms-create-sd in-file out-file", "Wrap a file within a SignedData object" },
1001
1002 { "cms-verify-sd", cms_verify_sd_wrap, "cms-verify-sd in-file out-file", "Verify a file within a SignedData object" },
1003
1004 { "cms-unenvelope", cms_unenvelope_wrap, "cms-unenvelope in-file out-file", "Unenvelope a file containing a EnvelopedData object" },
1005
1006 { "cms-envelope", cms_envelope_wrap, "cms-envelope in-file out-file", "Envelope a file containing a EnvelopedData object" },
1007
1008 { "verify", verify_wrap, "verify cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2", "Verify certificate chain" },
1009
1010 { "print", print_wrap, "print certificate ...", "Print certificates" },
1011
1012 { "validate", validate_wrap, "validate certificate ...", "Validate content of certificates" },
1013
1014 { "certificate-copy", certificate_copy_wrap, "certificate-copy in-certificates-1 ... out-certificate", "Copy in certificates stores into out certificate store" },
1015 { "cc" },
1016
1017 { "ocsp-fetch", ocsp_fetch_wrap, "ocsp-fetch outfile certs ...", "Fetch OCSP responses for the following certs" },
1018
1019 { "ocsp-verify", ocsp_verify_wrap, "ocsp-verify certificates ...", "Check that certificates are in OCSP file and valid" },
1020
1021 { "ocsp-print", ocsp_print_wrap, "ocsp-print ocsp-response-file ...", "Print the OCSP responses" },
1022
1023 { "request-create", request_create_wrap, "request-create output-file", "Create a CRMF or PKCS10 request" },
1024
1025 { "request-print", request_print_wrap, "request-print requests ...", "Print requests" },
1026
1027 { "query", query_wrap, "query certificates ...", "Query the certificates for a match" },
1028
1029 { "info", info_wrap, "info", NULL },
1030
1031 { "random-data", random_data_wrap, "random-data bytes", "Generates random bytes and prints them to standard output" },
1032
1033 { "crypto-available", crypto_available_wrap, "crypto-available", "Print available CMS crypto types" },
1034
1035 { "crypto-select", crypto_select_wrap, "crypto-select", "Print selected CMS type" },
1036
1037 { "hex", hex_wrap, "hex", "Encode input to hex" },
1038
1039 { "certificate-sign", certificate_sign_wrap, "certificate-sign", "Issue a certificate" },
1040 { "cert-sign" },
1041 { "issue-certificate" },
1042 { "ca" },
1043
1044 { "test-crypto", test_crypto_wrap, "test-crypto certificates...", "Test crypto system related to the certificates" },
1045
1046 { "statistic-print", statistic_print_wrap, "statistic-print", "Print statistics" },
1047
1048 { "crl-sign", crl_sign_wrap, "crl-sign certificates...", "Create a CRL" },
1049
1050 { "help", help_wrap, "help [command]", "Help! I need somebody" },
1051 { "?" },
1052
1053 { NULL }
1054 };
NetBSD on the FriendlyARM MINI2440