search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added gnutls_x509_crl_reason_flags_t.
[gnutls.git] / src / p11tool.c
blob1ee3edf5cc1c7dbab17cdec1af118e0f89bfbc6e
1 /*
2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * GnuTLS is free software: you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see
20 * <http://www.gnu.org/licenses/>.
21 */
22
23 #include <config.h>
24
25 #include <gnutls/gnutls.h>
26 #include <gnutls/x509.h>
27 #include <gnutls/openpgp.h>
28 #include <gnutls/pkcs12.h>
29 #include <gnutls/pkcs11.h>
30 #include <gnutls/abstract.h>
31
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <ctype.h>
36 #include <time.h>
37 #include <unistd.h>
38 #include <errno.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <fcntl.h>
42 #include <error.h>
43
44 /* Gnulib portability files. */
45 #include <read-file.h>
46 #include <progname.h>
47 #include <version-etc.h>
48
49 #include "p11tool-args.h"
50 #include "p11tool.h"
51 #include "certtool-common.h"
52
53 static void cmd_parser (int argc, char **argv);
54
55 static FILE *outfile;
56 int batch = 0;
57
58 static void
59 tls_log_func (int level, const char *str)
60 {
61 fprintf (stderr, "|<%d>| %s", level, str);
62 }
63
64
65 int
66 main (int argc, char **argv)
67 {
68 set_program_name (argv[0]);
69 cmd_parser (argc, argv);
70
71 return 0;
72 }
73
74 static void
75 cmd_parser (int argc, char **argv)
76 {
77 int ret, debug = 0;
78 common_info_st cinfo;
79 unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
80 const char* url = NULL;
81 unsigned int detailed_url = 0, optct;
82 unsigned int login = 0, bits = 0;
83 const char* label = NULL, *sec_param = NULL;
84
85 optct = optionProcess( &p11toolOptions, argc, argv);
86 argc += optct;
87 argv += optct;
88
89 if (url == NULL && argc > 0)
90 url = argv[0];
91 else
92 url = "pkcs11:";
93
94 if (HAVE_OPT(DEBUG))
95 debug = OPT_VALUE_DEBUG;
96
97 gnutls_global_set_log_function (tls_log_func);
98 gnutls_global_set_log_level (debug);
99 if (debug > 1)
100 printf ("Setting log level to %d\n", debug);
101
102 if ((ret = gnutls_global_init ()) < 0)
103 error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
104
105 if (HAVE_OPT(PROVIDER))
106 {
107 ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
108 if (ret < 0)
109 fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
110 else
111 {
112 ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL);
113 if (ret < 0)
114 error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
115 gnutls_strerror (ret));
116 }
117 }
118 else
119 {
120 ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
121 if (ret < 0)
122 fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
123 }
124
125 if (HAVE_OPT(OUTFILE))
126 {
127 outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
128 if (outfile == NULL)
129 error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
130 }
131 else
132 outfile = stdout;
133
134 memset (&cinfo, 0, sizeof (cinfo));
135
136 if (HAVE_OPT(SECRET_KEY))
137 cinfo.secret_key = OPT_ARG(SECRET_KEY);
138
139 if (HAVE_OPT(LOAD_PRIVKEY))
140 cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
141
142 if (HAVE_OPT(PKCS8))
143 cinfo.pkcs8 = 1;
144
145 if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
146 cinfo.incert_format = GNUTLS_X509_FMT_DER;
147 else
148 cinfo.incert_format = GNUTLS_X509_FMT_PEM;
149
150 if (HAVE_OPT(LOAD_CERTIFICATE))
151 cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
152
153 if (HAVE_OPT(LOAD_PUBKEY))
154 cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
155
156 if (ENABLED_OPT(DETAILED_URL))
157 detailed_url = 1;
158
159 if (ENABLED_OPT(LOGIN))
160 login = 1;
161
162 if (HAVE_OPT(LABEL))
163 {
164 label = OPT_ARG(LABEL);
165 }
166
167 if (HAVE_OPT(BITS))
168 {
169 bits = OPT_VALUE_BITS;
170 }
171
172 if (HAVE_OPT(SEC_PARAM))
173 {
174 sec_param = OPT_ARG(SEC_PARAM);
175 }
176
177 if (debug > 0)
178 {
179 if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no");
180 fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no");
181 fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no");
182 fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no");
183 fprintf(stderr, "\n");
184 }
185
186 /* handle actions
187 */
188 if (HAVE_OPT(LIST_TOKENS))
189 pkcs11_token_list (outfile, detailed_url, &cinfo);
190 else if (HAVE_OPT(LIST_MECHANISMS))
191 pkcs11_mechanism_list (outfile, url, login,
192 &cinfo);
193 else if (HAVE_OPT(LIST_ALL))
194 {
195 pkcs11_type = PKCS11_TYPE_ALL;
196 pkcs11_list (outfile, url, pkcs11_type,
197 login, detailed_url, &cinfo);
198 }
199 else if (HAVE_OPT(LIST_ALL_CERTS))
200 {
201 pkcs11_type = PKCS11_TYPE_CRT_ALL;
202 pkcs11_list (outfile, url, pkcs11_type,
203 login, detailed_url, &cinfo);
204 }
205 else if (HAVE_OPT(LIST_CERTS))
206 {
207 pkcs11_type = PKCS11_TYPE_PK;
208 pkcs11_list (outfile, url, pkcs11_type,
209 login, detailed_url, &cinfo);
210 }
211 else if (HAVE_OPT(LIST_ALL_PRIVKEYS))
212 {
213 pkcs11_type = PKCS11_TYPE_PRIVKEY;
214 pkcs11_list (outfile, url, pkcs11_type,
215 login, detailed_url, &cinfo);
216 }
217 else if (HAVE_OPT(LIST_ALL_TRUSTED))
218 {
219 pkcs11_type = PKCS11_TYPE_TRUSTED;
220 pkcs11_list (outfile, url, pkcs11_type,
221 login, detailed_url, &cinfo);
222 }
223 else if (HAVE_OPT(EXPORT))
224 {
225 pkcs11_export (outfile, url, login, &cinfo);
226 }
227 else if (HAVE_OPT(WRITE))
228 {
229 int priv;
230
231 if (HAVE_OPT(PRIVATE))
232 priv = ENABLED_OPT(PRIVATE);
233 else priv = -1;
234 pkcs11_write (outfile, url, label,
235 ENABLED_OPT(TRUSTED), priv, login, &cinfo);
236 }
237 else if (HAVE_OPT(INITIALIZE))
238 pkcs11_init (outfile, url, label, &cinfo);
239 else if (HAVE_OPT(DELETE))
240 pkcs11_delete (outfile, url, 0, login, &cinfo);
241 else if (HAVE_OPT(GENERATE_ECC))
242 {
243 key_type = GNUTLS_PK_EC;
244 pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
245 label, ENABLED_OPT(PRIVATE), detailed_url, login,
246 &cinfo);
247 }
248 else if (HAVE_OPT(GENERATE_RSA))
249 {
250 key_type = GNUTLS_PK_RSA;
251 pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
252 label, ENABLED_OPT(PRIVATE), detailed_url, login,
253 &cinfo);
254 }
255 else if (HAVE_OPT(GENERATE_DSA))
256 {
257 key_type = GNUTLS_PK_DSA;
258 pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
259 label, ENABLED_OPT(PRIVATE), detailed_url, login,
260 &cinfo);
261 }
262 else
263 {
264 USAGE(1);
265 }
266
267 fclose (outfile);
268
269 #ifdef ENABLE_PKCS11
270 gnutls_pkcs11_deinit ();
271 #endif
272 gnutls_global_deinit ();
273 }
Implementation of the SSL/TLS protocol