benchmark time was increased.
[gnutls.git] / src / certtool-cfg.c
blob768c58d7c83923ee89a011183264565c4f8099d8
1 /*
2 * Copyright (C) 2004-2012 Free Software Foundation, Inc.
4 * This file is part of GnuTLS.
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
20 * Written by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
23 #include <config.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <certtool-cfg.h>
28 #include <gnutls/x509.h>
29 #include <string.h>
30 #include <limits.h>
31 #include <inttypes.h>
32 #include <time.h>
33 #include <autoopts/options.h>
35 /* for inet_pton */
36 #include <sys/types.h>
38 #if HAVE_SYS_SOCKET_H
39 # include <sys/socket.h>
40 #elif HAVE_WS2TCPIP_H
41 # include <ws2tcpip.h>
42 #endif
43 #include <arpa/inet.h>
45 /* Gnulib portability files. */
46 #include <getpass.h>
47 #include "certtool-common.h"
49 extern int batch;
51 #define MAX_ENTRIES 128
53 typedef struct _cfg_ctx
55 char *organization;
56 char *unit;
57 char *locality;
58 char *state;
59 char *cn;
60 char *uid;
61 char *challenge_password;
62 char *pkcs9_email;
63 char *country;
64 char **dc;
65 char **dns_name;
66 char **uri;
67 char **ip_addr;
68 char **email;
69 char **dn_oid;
70 char *crl_dist_points;
71 char *password;
72 char *pkcs12_key_name;
73 int serial;
74 int expiration_days;
75 int ca;
76 int path_len;
77 int tls_www_client;
78 int tls_www_server;
79 int signing_key;
80 int encryption_key;
81 int cert_sign_key;
82 int crl_sign_key;
83 int code_sign_key;
84 int ocsp_sign_key;
85 int time_stamping_key;
86 int ipsec_ike_key;
87 char **key_purpose_oids;
88 int crl_next_update;
89 int crl_number;
90 int crq_extensions;
91 char *proxy_policy_language;
92 char **ocsp_uris;
93 char **ca_issuers_uris;
94 } cfg_ctx;
96 cfg_ctx cfg;
98 void
99 cfg_init (void)
101 memset (&cfg, 0, sizeof (cfg));
102 cfg.path_len = -1;
103 cfg.serial = -1;
106 #define READ_MULTI_LINE(name, s_name) \
107 val = optionGetValue(pov, name); \
108 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
110 if (s_name == NULL) { \
111 i = 0; \
112 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
113 do { \
114 if (val && !strcmp(val->pzName, name)==0) \
115 continue; \
116 s_name[i] = strdup(val->v.strVal); \
117 i++; \
118 if (i>=MAX_ENTRIES) \
119 break; \
120 } while((val = optionNextValue(pov, val)) != NULL); \
121 s_name[i] = NULL; \
125 #define READ_MULTI_LINE_TOKENIZED(name, s_name) \
126 val = optionGetValue(pov, name); \
127 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
129 char str[512]; \
130 char * p; \
131 if (s_name == NULL) { \
132 i = 0; \
133 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
134 do { \
135 if (val && !strcmp(val->pzName, name)==0) \
136 continue; \
137 strncpy(str, val->v.strVal, sizeof(str)-1); \
138 str[sizeof(str)-1] = 0; \
139 if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
140 fprintf(stderr, "Error parsing %s\n", name); \
141 exit(1); \
143 p[0] = 0; \
144 p++; \
145 s_name[i] = strdup(str); \
146 while(*p==' ' || *p == '\t') p++; \
147 if (p[0] == 0) { \
148 fprintf(stderr, "Error (2) parsing %s\n", name); \
149 exit(1); \
151 s_name[i+1] = strdup(p); \
152 i+=2; \
153 if (i>=MAX_ENTRIES) \
154 break; \
155 } while((val = optionNextValue(pov, val)) != NULL); \
156 s_name[i] = NULL; \
160 #define READ_BOOLEAN(name, s_name) \
161 val = optionGetValue(pov, name); \
162 if (val != NULL) \
164 s_name = 1; \
167 #define READ_NUMERIC(name, s_name) \
168 val = optionGetValue(pov, name); \
169 if (val != NULL) \
171 if (val->valType == OPARG_TYPE_NUMERIC) \
172 s_name = val->v.longVal; \
173 else if (val->valType == OPARG_TYPE_STRING) \
174 s_name = atoi(val->v.strVal); \
178 template_parse (const char *template)
180 /* Parsing return code */
181 int ret;
182 unsigned int i;
183 tOptionValue const * pov;
184 const tOptionValue* val;
186 pov = configFileLoad(template);
187 if (pov == NULL)
189 perror("configFileLoad");
190 fprintf(stderr, "Error loading template: %s\n", template);
191 exit(1);
194 /* Option variables */
195 val = optionGetValue(pov, "organization");
196 if (val != NULL && val->valType == OPARG_TYPE_STRING)
197 cfg.organization = strdup(val->v.strVal);
199 val = optionGetValue(pov, "unit");
200 if (val != NULL && val->valType == OPARG_TYPE_STRING)
201 cfg.unit = strdup(val->v.strVal);
203 val = optionGetValue(pov, "locality");
204 if (val != NULL && val->valType == OPARG_TYPE_STRING)
205 cfg.locality = strdup(val->v.strVal);
207 val = optionGetValue(pov, "state");
208 if (val != NULL && val->valType == OPARG_TYPE_STRING)
209 cfg.state = strdup(val->v.strVal);
211 val = optionGetValue(pov, "cn");
212 if (val != NULL && val->valType == OPARG_TYPE_STRING)
213 cfg.cn = strdup(val->v.strVal);
215 val = optionGetValue(pov, "uid");
216 if (val != NULL && val->valType == OPARG_TYPE_STRING)
217 cfg.uid = strdup(val->v.strVal);
219 val = optionGetValue(pov, "challenge_password");
220 if (val != NULL && val->valType == OPARG_TYPE_STRING)
221 cfg.challenge_password = strdup(val->v.strVal);
223 val = optionGetValue(pov, "password");
224 if (val != NULL && val->valType == OPARG_TYPE_STRING)
225 cfg.password = strdup(val->v.strVal);
227 val = optionGetValue(pov, "pkcs9_email");
228 if (val != NULL && val->valType == OPARG_TYPE_STRING)
229 cfg.pkcs9_email = strdup(val->v.strVal);
231 val = optionGetValue(pov, "country");
232 if (val != NULL && val->valType == OPARG_TYPE_STRING)
233 cfg.country = strdup(val->v.strVal);
235 READ_MULTI_LINE("dc", cfg.dc);
236 READ_MULTI_LINE("dns_name", cfg.dns_name);
237 READ_MULTI_LINE("uri", cfg.uri);
239 READ_MULTI_LINE("ip_address", cfg.ip_addr);
240 READ_MULTI_LINE("email", cfg.email);
241 READ_MULTI_LINE("key_purpose_oid", cfg.key_purpose_oids);
243 READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid);
245 val = optionGetValue(pov, "crl_dist_points");
246 if (val != NULL && val->valType == OPARG_TYPE_STRING)
247 cfg.crl_dist_points = strdup(val->v.strVal);
249 val = optionGetValue(pov, "pkcs12_key_name");
250 if (val != NULL && val->valType == OPARG_TYPE_STRING)
251 cfg.pkcs12_key_name = strdup(val->v.strVal);
254 READ_NUMERIC("serial", cfg.serial);
255 READ_NUMERIC("expiration_days", cfg.expiration_days);
256 READ_NUMERIC("crl_next_update", cfg.crl_next_update);
257 READ_NUMERIC("crl_number", cfg.crl_number);
259 val = optionGetValue(pov, "proxy_policy_language");
260 if (val != NULL && val->valType == OPARG_TYPE_STRING)
261 cfg.proxy_policy_language = strdup(val->v.strVal);
263 READ_MULTI_LINE("ocsp_uri", cfg.ocsp_uris);
264 READ_MULTI_LINE("ca_issuers_uri", cfg.ca_issuers_uris);
266 READ_BOOLEAN("ca", cfg.ca);
267 READ_BOOLEAN("honor_crq_extensions", cfg.crq_extensions);
268 READ_BOOLEAN("path_len", cfg.path_len);
269 READ_BOOLEAN("tls_www_client", cfg.tls_www_client);
270 READ_BOOLEAN("tls_www_server", cfg.tls_www_server);
271 READ_BOOLEAN("signing_key", cfg.signing_key);
272 READ_BOOLEAN("encryption_key", cfg.encryption_key);
273 READ_BOOLEAN("cert_signing_key", cfg.cert_sign_key);
274 READ_BOOLEAN("crl_signing_key", cfg.crl_sign_key);
275 READ_BOOLEAN("code_signing_key", cfg.code_sign_key);
276 READ_BOOLEAN("ocsp_signing_key", cfg.ocsp_sign_key);
277 READ_BOOLEAN("time_stamping_key", cfg.time_stamping_key);
278 READ_BOOLEAN("ipsec_ike_key", cfg.ipsec_ike_key);
280 optionUnloadNested(pov);
282 return 0;
285 #define IS_NEWLINE(x) ((x[0] == '\n') || (x[0] == '\r'))
287 void
288 read_crt_set (gnutls_x509_crt_t crt, const char *input_str, const char *oid)
290 char input[128];
291 int ret;
293 fputs (input_str, stderr);
294 if (fgets (input, sizeof (input), stdin) == NULL)
295 return;
297 if (IS_NEWLINE(input))
298 return;
300 ret =
301 gnutls_x509_crt_set_dn_by_oid (crt, oid, 0, input, strlen (input) - 1);
302 if (ret < 0)
304 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
305 exit (1);
309 void
310 read_crq_set (gnutls_x509_crq_t crq, const char *input_str, const char *oid)
312 char input[128];
313 int ret;
315 fputs (input_str, stderr);
316 if (fgets (input, sizeof (input), stdin) == NULL)
317 return;
319 if (IS_NEWLINE(input))
320 return;
322 ret =
323 gnutls_x509_crq_set_dn_by_oid (crq, oid, 0, input, strlen (input) - 1);
324 if (ret < 0)
326 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
327 exit (1);
331 /* The input_str should contain %d or %u to print the default.
333 static int
334 read_int_with_default (const char *input_str, int def)
336 char *endptr;
337 long l, len;
338 static char input[128];
340 fprintf (stderr, input_str, def);
341 if (fgets (input, sizeof (input), stdin) == NULL)
342 return def;
344 if (IS_NEWLINE(input))
345 return def;
347 len = strlen (input);
349 l = strtol (input, &endptr, 0);
351 if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n')
353 fprintf (stderr, "Trailing garbage ignored: `%s'\n", endptr);
354 return 0;
357 if (l <= INT_MIN || l >= INT_MAX)
359 fprintf (stderr, "Integer out of range: `%s'\n", input);
360 return 0;
363 if (input == endptr)
364 l = def;
366 return (int) l;
370 read_int (const char *input_str)
372 return read_int_with_default (input_str, 0);
375 const char *
376 read_str (const char *input_str)
378 static char input[128];
379 int len;
381 fputs (input_str, stderr);
382 if (fgets (input, sizeof (input), stdin) == NULL)
383 return NULL;
385 if (IS_NEWLINE(input))
386 return NULL;
388 len = strlen (input);
389 if ((len > 0) && (input[len - 1] == '\n'))
390 input[len - 1] = 0;
391 if (input[0] == 0)
392 return NULL;
394 return input;
397 /* Default is no
400 read_yesno (const char *input_str)
402 char input[128];
404 fputs (input_str, stderr);
405 if (fgets (input, sizeof (input), stdin) == NULL)
406 return 0;
408 if (IS_NEWLINE(input))
409 return 0;
411 if (input[0] == 'y' || input[0] == 'Y')
412 return 1;
414 return 0;
418 /* Wrapper functions for non-interactive mode.
420 const char *
421 get_pass (void)
423 if (batch)
424 return cfg.password;
425 else
426 return getpass ("Enter password: ");
429 const char *
430 get_confirmed_pass (bool empty_ok)
432 if (batch)
433 return cfg.password;
434 else
436 const char *pass = NULL;
437 char *copy = NULL;
441 if (pass)
442 fprintf (stderr, "Password missmatch, try again.\n");
444 free (copy);
446 pass = getpass ("Enter password: ");
447 copy = strdup (pass);
448 pass = getpass ("Confirm password: ");
450 while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0'));
452 free (copy);
454 return pass;
458 const char *
459 get_challenge_pass (void)
461 if (batch)
462 return cfg.challenge_password;
463 else
464 return getpass ("Enter a challenge password: ");
467 const char *
468 get_crl_dist_point_url (void)
470 if (batch)
471 return cfg.crl_dist_points;
472 else
473 return read_str ("Enter the URI of the CRL distribution point: ");
476 void
477 get_country_crt_set (gnutls_x509_crt_t crt)
479 int ret;
481 if (batch)
483 if (!cfg.country)
484 return;
485 ret =
486 gnutls_x509_crt_set_dn_by_oid (crt,
487 GNUTLS_OID_X520_COUNTRY_NAME, 0,
488 cfg.country, strlen (cfg.country));
489 if (ret < 0)
491 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
492 exit (1);
495 else
497 read_crt_set (crt, "Country name (2 chars): ",
498 GNUTLS_OID_X520_COUNTRY_NAME);
503 void
504 get_organization_crt_set (gnutls_x509_crt_t crt)
506 int ret;
508 if (batch)
510 if (!cfg.organization)
511 return;
513 ret =
514 gnutls_x509_crt_set_dn_by_oid (crt,
515 GNUTLS_OID_X520_ORGANIZATION_NAME,
516 0, cfg.organization,
517 strlen (cfg.organization));
518 if (ret < 0)
520 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
521 exit (1);
524 else
526 read_crt_set (crt, "Organization name: ",
527 GNUTLS_OID_X520_ORGANIZATION_NAME);
532 void
533 get_unit_crt_set (gnutls_x509_crt_t crt)
535 int ret;
537 if (batch)
539 if (!cfg.unit)
540 return;
542 ret =
543 gnutls_x509_crt_set_dn_by_oid (crt,
544 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
545 0, cfg.unit, strlen (cfg.unit));
546 if (ret < 0)
548 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
549 exit (1);
552 else
554 read_crt_set (crt, "Organizational unit name: ",
555 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
560 void
561 get_state_crt_set (gnutls_x509_crt_t crt)
563 int ret;
565 if (batch)
567 if (!cfg.state)
568 return;
569 ret =
570 gnutls_x509_crt_set_dn_by_oid (crt,
571 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
572 0, cfg.state, strlen (cfg.state));
573 if (ret < 0)
575 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
576 exit (1);
579 else
581 read_crt_set (crt, "State or province name: ",
582 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
587 void
588 get_locality_crt_set (gnutls_x509_crt_t crt)
590 int ret;
592 if (batch)
594 if (!cfg.locality)
595 return;
596 ret =
597 gnutls_x509_crt_set_dn_by_oid (crt,
598 GNUTLS_OID_X520_LOCALITY_NAME, 0,
599 cfg.locality, strlen (cfg.locality));
600 if (ret < 0)
602 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
603 exit (1);
606 else
608 read_crt_set (crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
613 void
614 get_cn_crt_set (gnutls_x509_crt_t crt)
616 int ret;
618 if (batch)
620 if (!cfg.cn)
621 return;
622 ret =
623 gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
624 0, cfg.cn, strlen (cfg.cn));
625 if (ret < 0)
627 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
628 exit (1);
631 else
633 read_crt_set (crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
638 void
639 get_uid_crt_set (gnutls_x509_crt_t crt)
641 int ret;
643 if (batch)
645 if (!cfg.uid)
646 return;
647 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0,
648 cfg.uid, strlen (cfg.uid));
649 if (ret < 0)
651 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
652 exit (1);
655 else
657 read_crt_set (crt, "UID: ", GNUTLS_OID_LDAP_UID);
662 void
663 get_oid_crt_set (gnutls_x509_crt_t crt)
665 int ret, i;
667 if (batch)
669 if (!cfg.dn_oid)
670 return;
671 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
673 if (cfg.dn_oid[i + 1] == NULL)
675 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
676 cfg.dn_oid[i]);
677 exit (1);
679 ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
680 cfg.dn_oid[i + 1],
681 strlen (cfg.dn_oid[i + 1]));
683 if (ret < 0)
685 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
686 exit (1);
692 void
693 get_key_purpose_set (gnutls_x509_crt_t crt)
695 int ret, i;
697 if (batch)
699 if (!cfg.key_purpose_oids)
700 return;
701 for (i = 0; cfg.key_purpose_oids[i] != NULL; i++)
703 ret =
704 gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i],
707 if (ret < 0)
709 fprintf (stderr, "set_key_purpose_oid (%s): %s\n",
710 cfg.key_purpose_oids[i], gnutls_strerror (ret));
711 exit (1);
717 void
718 get_ocsp_issuer_set (gnutls_x509_crt_t crt)
720 int ret, i;
721 gnutls_datum_t uri;
723 if (batch)
725 if (!cfg.ocsp_uris)
726 return;
727 for (i = 0; cfg.ocsp_uris[i] != NULL; i++)
729 uri.data = cfg.ocsp_uris[i];
730 uri.size = strlen(cfg.ocsp_uris[i]);
731 ret =
732 gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_OCSP_URI,
733 &uri);
734 if (ret < 0)
736 fprintf (stderr, "set OCSP URI (%s): %s\n",
737 cfg.ocsp_uris[i], gnutls_strerror (ret));
738 exit (1);
744 void
745 get_ca_issuers_set (gnutls_x509_crt_t crt)
747 int ret, i;
748 gnutls_datum_t uri;
750 if (batch)
752 if (!cfg.ca_issuers_uris)
753 return;
754 for (i = 0; cfg.ca_issuers_uris[i] != NULL; i++)
756 uri.data = cfg.ca_issuers_uris[i];
757 uri.size = strlen(cfg.ca_issuers_uris[i]);
758 ret =
759 gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_CAISSUERS_URI,
760 &uri);
761 if (ret < 0)
763 fprintf (stderr, "set CA ISSUERS URI (%s): %s\n",
764 cfg.ca_issuers_uris[i], gnutls_strerror (ret));
765 exit (1);
772 void
773 get_pkcs9_email_crt_set (gnutls_x509_crt_t crt)
775 int ret;
777 if (batch)
779 if (!cfg.pkcs9_email)
780 return;
781 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0,
782 cfg.pkcs9_email,
783 strlen (cfg.pkcs9_email));
784 if (ret < 0)
786 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
787 exit (1);
790 else
792 read_crt_set (crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL);
798 get_serial (void)
800 int default_serial = time (NULL);
802 if (batch)
804 if (cfg.serial < 0)
805 return default_serial;
806 return cfg.serial;
808 else
810 return read_int_with_default
811 ("Enter the certificate's serial number in decimal (default: %u): ",
812 default_serial);
817 get_days (void)
819 int days;
821 if (batch)
823 if (cfg.expiration_days <= 0)
824 return 365;
825 else
826 return cfg.expiration_days;
828 else
832 days = read_int ("The certificate will expire in (days): ");
834 while (days == 0);
835 return days;
840 get_ca_status (void)
842 if (batch)
844 return cfg.ca;
846 else
848 return
849 read_yesno ("Does the certificate belong to an authority? (y/N): ");
854 get_crq_extensions_status (void)
856 if (batch)
858 return cfg.crq_extensions;
860 else
862 return
863 read_yesno
864 ("Do you want to honour the extensions from the request? (y/N): ");
869 get_crl_number (void)
871 if (batch)
873 return cfg.crl_number;
875 else
877 return read_int_with_default ("CRL Number: ", 1);
882 get_path_len (void)
884 if (batch)
886 return cfg.path_len;
888 else
890 return read_int_with_default
891 ("Path length constraint (decimal, %d for no constraint): ", -1);
895 const char *
896 get_pkcs12_key_name (void)
898 const char *name;
900 if (batch)
902 if (!cfg.pkcs12_key_name)
903 return "Anonymous";
904 return cfg.pkcs12_key_name;
906 else
910 name = read_str ("Enter a name for the key: ");
912 while (name == NULL);
914 return name;
918 get_tls_client_status (void)
920 if (batch)
922 return cfg.tls_www_client;
924 else
926 return read_yesno ("Is this a TLS web client certificate? (y/N): ");
931 get_tls_server_status (void)
933 if (batch)
935 return cfg.tls_www_server;
937 else
939 return
940 read_yesno ("Is this also a TLS web server certificate? (y/N): ");
944 /* convert a printable IP to binary */
945 static int
946 string_to_ip (unsigned char *ip, const char *str)
948 int len = strlen (str);
949 int ret;
951 #if HAVE_IPV6
952 if (strchr (str, ':') != NULL || len > 16)
953 { /* IPv6 */
954 ret = inet_pton (AF_INET6, str, ip);
955 if (ret <= 0)
957 fprintf (stderr, "Error in IPv6 address %s\n", str);
958 exit (1);
961 /* To be done */
962 return 16;
964 else
965 #endif
966 { /* IPv4 */
967 ret = inet_pton (AF_INET, str, ip);
968 if (ret <= 0)
970 fprintf (stderr, "Error in IPv4 address %s\n", str);
971 exit (1);
974 return 4;
979 void
980 get_ip_addr_set (int type, void *crt)
982 int ret = 0, i;
983 unsigned char ip[16];
984 int len;
986 if (batch)
988 if (!cfg.ip_addr)
989 return;
991 for (i = 0; cfg.ip_addr[i] != NULL; i++)
993 len = string_to_ip (ip, cfg.ip_addr[i]);
994 if (len <= 0)
996 fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]);
997 exit (1);
1000 if (type == TYPE_CRT)
1001 ret =
1002 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1003 ip, len,
1004 GNUTLS_FSAN_APPEND);
1005 else
1006 ret =
1007 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1008 ip, len,
1009 GNUTLS_FSAN_APPEND);
1011 if (ret < 0)
1012 break;
1015 else
1017 const char *p;
1020 read_str ("Enter the IP address of the subject of the certificate: ");
1021 if (!p)
1022 return;
1024 len = string_to_ip (ip, p);
1025 if (len <= 0)
1027 fprintf (stderr, "Error parsing address: %s\n", p);
1028 exit (1);
1031 if (type == TYPE_CRT)
1032 ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1033 ip, len,
1034 GNUTLS_FSAN_APPEND);
1035 else
1036 ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1037 ip, len,
1038 GNUTLS_FSAN_APPEND);
1041 if (ret < 0)
1043 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1044 exit (1);
1048 void
1049 get_email_set (int type, void *crt)
1051 int ret = 0, i;
1053 if (batch)
1055 if (!cfg.email)
1056 return;
1058 for (i = 0; cfg.email[i] != NULL; i++)
1060 if (type == TYPE_CRT)
1061 ret =
1062 gnutls_x509_crt_set_subject_alt_name (crt,
1063 GNUTLS_SAN_RFC822NAME,
1064 cfg.email[i],
1065 strlen (cfg.email[i]),
1066 GNUTLS_FSAN_APPEND);
1067 else
1068 ret =
1069 gnutls_x509_crq_set_subject_alt_name (crt,
1070 GNUTLS_SAN_RFC822NAME,
1071 cfg.email[i],
1072 strlen (cfg.email[i]),
1073 GNUTLS_FSAN_APPEND);
1075 if (ret < 0)
1076 break;
1079 else
1081 const char *p;
1083 p = read_str ("Enter the e-mail of the subject of the certificate: ");
1084 if (!p)
1085 return;
1087 if (type == TYPE_CRT)
1088 ret =
1089 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
1090 strlen (p),
1091 GNUTLS_FSAN_APPEND);
1092 else
1093 ret =
1094 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
1095 strlen (p),
1096 GNUTLS_FSAN_APPEND);
1099 if (ret < 0)
1101 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1102 exit (1);
1107 void
1108 get_dc_set (int type, void *crt)
1110 int ret = 0, i;
1112 if (batch)
1114 if (!cfg.dc)
1115 return;
1117 for (i = 0; cfg.dc[i] != NULL; i++)
1119 if (type == TYPE_CRT)
1120 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1121 0, cfg.dc[i], strlen (cfg.dc[i]));
1122 else
1123 ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1124 0, cfg.dc[i], strlen (cfg.dc[i]));
1126 if (ret < 0)
1127 break;
1130 else
1132 const char *p;
1136 p = read_str ("Enter the subject's domain component (DC): ");
1137 if (!p)
1138 return;
1140 if (type == TYPE_CRT)
1141 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1142 0, p, strlen (p));
1143 else
1144 ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1145 0, p, strlen (p));
1147 while(p != NULL);
1150 if (ret < 0)
1152 fprintf (stderr, "set_dn_by_oid: %s\n", gnutls_strerror (ret));
1153 exit (1);
1157 void
1158 get_dns_name_set (int type, void *crt)
1160 int ret = 0, i;
1162 if (batch)
1164 if (!cfg.dns_name)
1165 return;
1167 for (i = 0; cfg.dns_name[i] != NULL; i++)
1169 if (type == TYPE_CRT)
1170 ret =
1171 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
1172 cfg.dns_name[i],
1173 strlen (cfg.dns_name[i]),
1174 GNUTLS_FSAN_APPEND);
1175 else
1176 ret =
1177 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
1178 cfg.dns_name[i],
1179 strlen (cfg.dns_name[i]),
1180 GNUTLS_FSAN_APPEND);
1182 if (ret < 0)
1183 break;
1186 else
1188 const char *p;
1193 read_str ("Enter a dnsName of the subject of the certificate: ");
1194 if (!p)
1195 return;
1197 if (type == TYPE_CRT)
1198 ret = gnutls_x509_crt_set_subject_alt_name
1199 (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
1200 else
1201 ret = gnutls_x509_crq_set_subject_alt_name
1202 (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
1204 while (p);
1207 if (ret < 0)
1209 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1210 exit (1);
1214 void
1215 get_uri_set (int type, void *crt)
1217 int ret = 0, i;
1219 if (batch)
1221 if (!cfg.uri)
1222 return;
1224 for (i = 0; cfg.uri[i] != NULL; i++)
1226 if (type == TYPE_CRT)
1227 ret =
1228 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_URI,
1229 cfg.uri[i],
1230 strlen (cfg.uri[i]),
1231 GNUTLS_FSAN_APPEND);
1232 else
1233 ret =
1234 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_URI,
1235 cfg.uri[i],
1236 strlen (cfg.uri[i]),
1237 GNUTLS_FSAN_APPEND);
1239 if (ret < 0)
1240 break;
1243 else
1245 const char *p;
1250 read_str ("Enter a URI of the subject of the certificate: ");
1251 if (!p)
1252 return;
1254 if (type == TYPE_CRT)
1255 ret = gnutls_x509_crt_set_subject_alt_name
1256 (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
1257 else
1258 ret = gnutls_x509_crq_set_subject_alt_name
1259 (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
1261 while (p);
1264 if (ret < 0)
1266 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1267 exit (1);
1274 get_sign_status (int server)
1276 const char *msg;
1278 if (batch)
1280 return cfg.signing_key;
1282 else
1284 if (server)
1285 msg =
1286 "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): ";
1287 else
1288 msg =
1289 "Will the certificate be used for signing (required for TLS)? (y/N): ";
1290 return read_yesno (msg);
1295 get_encrypt_status (int server)
1297 const char *msg;
1299 if (batch)
1301 return cfg.encryption_key;
1303 else
1305 if (server)
1306 msg =
1307 "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): ";
1308 else
1309 msg =
1310 "Will the certificate be used for encryption (not required for TLS)? (y/N): ";
1311 return read_yesno (msg);
1316 get_cert_sign_status (void)
1318 if (batch)
1320 return cfg.cert_sign_key;
1322 else
1324 return
1325 read_yesno
1326 ("Will the certificate be used to sign other certificates? (y/N): ");
1331 get_crl_sign_status (void)
1333 if (batch)
1335 return cfg.crl_sign_key;
1337 else
1339 return
1340 read_yesno ("Will the certificate be used to sign CRLs? (y/N): ");
1345 get_code_sign_status (void)
1347 if (batch)
1349 return cfg.code_sign_key;
1351 else
1353 return
1354 read_yesno ("Will the certificate be used to sign code? (y/N): ");
1359 get_ocsp_sign_status (void)
1361 if (batch)
1363 return cfg.ocsp_sign_key;
1365 else
1367 return
1368 read_yesno
1369 ("Will the certificate be used to sign OCSP requests? (y/N): ");
1374 get_time_stamp_status (void)
1376 if (batch)
1378 return cfg.time_stamping_key;
1380 else
1382 return
1383 read_yesno
1384 ("Will the certificate be used for time stamping? (y/N): ");
1389 get_ipsec_ike_status (void)
1391 if (batch)
1393 return cfg.ipsec_ike_key;
1395 else
1397 return
1398 read_yesno
1399 ("Will the certificate be used for IPsec IKE operations? (y/N): ");
1404 get_crl_next_update (void)
1406 int days;
1408 if (batch)
1410 if (cfg.crl_next_update <= 0)
1411 return 365;
1412 else
1413 return cfg.crl_next_update;
1415 else
1419 days = read_int ("The next CRL will be issued in (days): ");
1421 while (days == 0);
1422 return days;
1426 const char *
1427 get_proxy_policy (char **policy, size_t * policylen)
1429 const char *ret;
1431 if (batch)
1433 ret = cfg.proxy_policy_language;
1434 if (!ret)
1435 ret = "1.3.6.1.5.5.7.21.1";
1437 else
1441 ret = read_str ("Enter the OID of the proxy policy language: ");
1443 while (ret == NULL);
1446 *policy = NULL;
1447 *policylen = 0;
1449 if (strcmp (ret, "1.3.6.1.5.5.7.21.1") != 0 &&
1450 strcmp (ret, "1.3.6.1.5.5.7.21.2") != 0)
1452 fprintf (stderr, "Reading non-standard proxy policy not supported.\n");
1455 return ret;
1458 /* CRQ stuff.
1460 void
1461 get_country_crq_set (gnutls_x509_crq_t crq)
1463 int ret;
1465 if (batch)
1467 if (!cfg.country)
1468 return;
1469 ret =
1470 gnutls_x509_crq_set_dn_by_oid (crq,
1471 GNUTLS_OID_X520_COUNTRY_NAME, 0,
1472 cfg.country, strlen (cfg.country));
1473 if (ret < 0)
1475 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1476 exit (1);
1479 else
1481 read_crq_set (crq, "Country name (2 chars): ",
1482 GNUTLS_OID_X520_COUNTRY_NAME);
1487 void
1488 get_organization_crq_set (gnutls_x509_crq_t crq)
1490 int ret;
1492 if (batch)
1494 if (!cfg.organization)
1495 return;
1497 ret =
1498 gnutls_x509_crq_set_dn_by_oid (crq,
1499 GNUTLS_OID_X520_ORGANIZATION_NAME,
1500 0, cfg.organization,
1501 strlen (cfg.organization));
1502 if (ret < 0)
1504 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1505 exit (1);
1508 else
1510 read_crq_set (crq, "Organization name: ",
1511 GNUTLS_OID_X520_ORGANIZATION_NAME);
1516 void
1517 get_unit_crq_set (gnutls_x509_crq_t crq)
1519 int ret;
1521 if (batch)
1523 if (!cfg.unit)
1524 return;
1526 ret =
1527 gnutls_x509_crq_set_dn_by_oid (crq,
1528 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
1529 0, cfg.unit, strlen (cfg.unit));
1530 if (ret < 0)
1532 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1533 exit (1);
1536 else
1538 read_crq_set (crq, "Organizational unit name: ",
1539 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
1544 void
1545 get_state_crq_set (gnutls_x509_crq_t crq)
1547 int ret;
1549 if (batch)
1551 if (!cfg.state)
1552 return;
1553 ret =
1554 gnutls_x509_crq_set_dn_by_oid (crq,
1555 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
1556 0, cfg.state, strlen (cfg.state));
1557 if (ret < 0)
1559 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1560 exit (1);
1563 else
1565 read_crq_set (crq, "State or province name: ",
1566 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
1571 void
1572 get_locality_crq_set (gnutls_x509_crq_t crq)
1574 int ret;
1576 if (batch)
1578 if (!cfg.locality)
1579 return;
1580 ret =
1581 gnutls_x509_crq_set_dn_by_oid (crq,
1582 GNUTLS_OID_X520_LOCALITY_NAME, 0,
1583 cfg.locality, strlen (cfg.locality));
1584 if (ret < 0)
1586 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1587 exit (1);
1590 else
1592 read_crq_set (crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
1597 void
1598 get_cn_crq_set (gnutls_x509_crq_t crq)
1600 int ret;
1602 if (batch)
1604 if (!cfg.cn)
1605 return;
1606 ret =
1607 gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
1608 0, cfg.cn, strlen (cfg.cn));
1609 if (ret < 0)
1611 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1612 exit (1);
1615 else
1617 read_crq_set (crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
1622 void
1623 get_uid_crq_set (gnutls_x509_crq_t crq)
1625 int ret;
1627 if (batch)
1629 if (!cfg.uid)
1630 return;
1631 ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0,
1632 cfg.uid, strlen (cfg.uid));
1633 if (ret < 0)
1635 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1636 exit (1);
1639 else
1641 read_crq_set (crq, "UID: ", GNUTLS_OID_LDAP_UID);
1646 void
1647 get_oid_crq_set (gnutls_x509_crq_t crq)
1649 int ret, i;
1651 if (batch)
1653 if (!cfg.dn_oid)
1654 return;
1655 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
1657 if (cfg.dn_oid[i + 1] == NULL)
1659 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
1660 cfg.dn_oid[i]);
1661 exit (1);
1663 ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
1664 cfg.dn_oid[i + 1],
1665 strlen (cfg.dn_oid[i + 1]));
1667 if (ret < 0)
1669 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
1670 exit (1);