summaryrefslogtreecommitdiff
path: root/src/scepclient
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-02-23 10:34:14 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-02-23 10:34:14 +0000
commited7d79f96177044949744da10f4431c1d6242241 (patch)
tree3aabaa55ed3b5291daef891cfee9befb5235e2b8 /src/scepclient
parent7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (diff)
downloadvyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.tar.gz
vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.3.6)
Diffstat (limited to 'src/scepclient')
-rw-r--r--src/scepclient/Makefile.am41
-rw-r--r--src/scepclient/Makefile.in318
-rw-r--r--src/scepclient/loglite.c4
-rw-r--r--src/scepclient/pkcs10.c224
-rw-r--r--src/scepclient/pkcs10.h60
-rw-r--r--src/scepclient/scep.c63
-rw-r--r--src/scepclient/scep.h10
-rw-r--r--src/scepclient/scepclient.c274
8 files changed, 368 insertions, 626 deletions
diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am
index 20bf76065..3693b7532 100644
--- a/src/scepclient/Makefile.am
+++ b/src/scepclient/Makefile.am
@@ -1,5 +1,5 @@
ipsec_PROGRAMS = scepclient
-scepclient_SOURCES = scepclient.c pkcs10.c pkcs10.h scep.c scep.h loglite.c
+scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c
PLUTODIR=$(top_srcdir)/src/pluto
OPENACDIR=$(top_srcdir)/src/openac
@@ -16,18 +16,15 @@ INCLUDES = \
-I$(WHACKDIR)
AM_CFLAGS = \
--DIPSEC_CONFDIR=\"${confdir}\" \
--DIPSEC_PLUGINDIR=\"${plugindir}\" \
+-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-DPLUGINS=\""${pluto_plugins}\"" \
--DSTRONGSWAN_CONF=\"${strongswan_conf}\" \
-DDEBUG -DNO_PLUTO
LIBSTRONGSWANBUILDDIR=$(top_builddir)/src/libstrongswan
LIBFREESWANBUILDDIR=$(top_builddir)/src/libfreeswan
scepclient_LDADD = \
-ca.o crl.o certs.o constants.o defs.o fetch.o id.o keys.o lex.o \
-ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \
+constants.o defs.o lex.o pkcs7.o \
$(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \
$(LIBFREESWANBUILDDIR)/libfreeswan.a
@@ -39,47 +36,15 @@ endif
dist_man_MANS = scepclient.8
-ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-pgpcert.o : $(PLUTODIR)/pgpcert.c $(PLUTODIR)/pgpcert.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
pkcs7.o : $(PLUTODIR)/pkcs7.c $(PLUTODIR)/pkcs7.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 72cefb3b6..8438b81f9 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -1,8 +1,9 @@
-# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# Makefile.in generated by automake 1.11 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -16,8 +17,9 @@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@@ -41,26 +43,33 @@ subdir = src/scepclient
DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"
-ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(ipsec_PROGRAMS)
-am_scepclient_OBJECTS = scepclient.$(OBJEXT) pkcs10.$(OBJEXT) \
- scep.$(OBJEXT) loglite.$(OBJEXT)
+am_scepclient_OBJECTS = scepclient.$(OBJEXT) scep.$(OBJEXT) \
+ loglite.$(OBJEXT)
scepclient_OBJECTS = $(am_scepclient_OBJECTS)
am__DEPENDENCIES_1 =
@USE_SMARTCARD_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
-scepclient_DEPENDENCIES = ca.o crl.o certs.o constants.o defs.o \
- fetch.o id.o keys.o lex.o ocsp.o pem.o pgpcert.o pkcs7.o \
- smartcard.o x509.o $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \
+scepclient_DEPENDENCIES = constants.o defs.o lex.o pkcs7.o \
+ $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \
$(LIBFREESWANBUILDDIR)/libfreeswan.a $(am__DEPENDENCIES_2)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
+am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
@@ -72,6 +81,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(scepclient_SOURCES)
DIST_SOURCES = $(scepclient_SOURCES)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(dist_man_MANS)
@@ -111,25 +141,22 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
-IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
-LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
-LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
-LINUX_HEADERS = @LINUX_HEADERS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
@@ -141,11 +168,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
+RTLIB = @RTLIB@
RUBY = @RUBY@
RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
@@ -174,9 +204,9 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
-confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
@@ -199,7 +229,7 @@ ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
libstrongswan_plugins = @libstrongswan_plugins@
-linuxdir = @linuxdir@
+linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
@@ -207,6 +237,7 @@ mandir = @mandir@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
@@ -215,10 +246,12 @@ pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+random_device = @random_device@
resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
-simreader = @simreader@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
@@ -226,9 +259,10 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-scepclient_SOURCES = scepclient.c pkcs10.c pkcs10.h scep.c scep.h loglite.c
+scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c
PLUTODIR = $(top_srcdir)/src/pluto
OPENACDIR = $(top_srcdir)/src/openac
WHACKDIR = $(top_srcdir)/src/whack
@@ -242,15 +276,12 @@ INCLUDES = \
-I$(LIBCRYPTODIR) \
-I$(WHACKDIR)
-AM_CFLAGS = -DIPSEC_CONFDIR=\"${confdir}\" \
- -DIPSEC_PLUGINDIR=\"${plugindir}\" \
- -DPLUGINS=\""${pluto_plugins}\"" \
- -DSTRONGSWAN_CONF=\"${strongswan_conf}\" -DDEBUG -DNO_PLUTO \
+AM_CFLAGS = -DIPSEC_CONFDIR=\"${sysconfdir}\" \
+ -DPLUGINS=\""${pluto_plugins}\"" -DDEBUG -DNO_PLUTO \
$(am__append_1)
LIBSTRONGSWANBUILDDIR = $(top_builddir)/src/libstrongswan
LIBFREESWANBUILDDIR = $(top_builddir)/src/libfreeswan
-scepclient_LDADD = ca.o crl.o certs.o constants.o defs.o fetch.o id.o \
- keys.o lex.o ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \
+scepclient_LDADD = constants.o defs.o lex.o pkcs7.o \
$(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \
$(LIBFREESWANBUILDDIR)/libfreeswan.a $(am__append_2)
dist_man_MANS = scepclient.8
@@ -267,9 +298,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \
- cd $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/scepclient/Makefile
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/scepclient/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -287,34 +318,50 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)"
- @list='$(ipsec_PROGRAMS)'; for p in $$list; do \
- p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- if test -f $$p \
- || test -f $$p1 \
- ; then \
- f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \
- else :; fi; \
- done
+ @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
+ } \
+ ; done
uninstall-ipsecPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(ipsec_PROGRAMS)'; for p in $$list; do \
- f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
- echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \
- rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \
- done
+ @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
clean-ipsecPROGRAMS:
- @list='$(ipsec_PROGRAMS)'; for p in $$list; do \
- f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f $$p $$f"; \
- rm -f $$p $$f ; \
- done
+ @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
scepclient$(EXEEXT): $(scepclient_OBJECTS) $(scepclient_DEPENDENCIES)
@rm -f scepclient$(EXEEXT)
$(LINK) $(scepclient_OBJECTS) $(scepclient_LDADD) $(LIBS)
@@ -326,27 +373,26 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/loglite.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs10.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scep.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scepclient.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
@@ -356,51 +402,44 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man8_MANS) $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
- @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.8*) list="$$list $$i" ;; \
- esac; \
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ { for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
done; \
- for i in $$list; do \
- if test -f $$i; then file=$$i; \
- else file=$(srcdir)/$$i; fi; \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 8*) ;; \
- *) ext='8' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
- done
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
uninstall-man8:
@$(NORMAL_UNINSTALL)
- @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
- l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
- for i in $$l2; do \
- case "$$i" in \
- *.8*) list="$$list $$i" ;; \
- esac; \
- done; \
- for i in $$list; do \
- ext=`echo $$i | sed -e 's/^.*\\.//'`; \
- case "$$ext" in \
- 8*) ;; \
- *) ext='8' ;; \
- esac; \
- inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
- inst=`echo $$inst | sed -e 's/^.*\///'`; \
- inst=`echo $$inst | sed '$(transform)'`.$$ext; \
- echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
- rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
- done
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ test -z "$$files" || { \
+ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -414,7 +453,7 @@ tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
+ set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -422,34 +461,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$tags $$unique; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
- tags=; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$tags $$unique
+ $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
- && cd $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) $$here
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
+ @list='$(MANS)'; if test -n "$$list"; then \
+ list=`for p in $$list; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+ if test -n "$$list" && \
+ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
+ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+ echo " typically \`make maintainer-clean' will remove them" >&2; \
+ exit 1; \
+ else :; fi; \
+ else :; fi
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -465,13 +522,17 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
- cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
- test -f $(distdir)/$$file \
- || cp -p $$d/$$file $(distdir)/$$file \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@@ -502,6 +563,7 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -523,6 +585,8 @@ dvi-am:
html: html-am
+html-am:
+
info: info-am
info-am:
@@ -531,18 +595,28 @@ install-data-am: install-ipsecPROGRAMS install-man
install-dvi: install-dvi-am
+install-dvi-am:
+
install-exec-am:
install-html: install-html-am
+install-html-am:
+
install-info: install-info-am
+install-info-am:
+
install-man: install-man8
install-pdf: install-pdf-am
+install-pdf-am:
+
install-ps: install-ps-am
+install-ps-am:
+
installcheck-am:
maintainer-clean: maintainer-clean-am
@@ -585,50 +659,18 @@ uninstall-man: uninstall-man8
uninstall-man uninstall-man8
-ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-pgpcert.o : $(PLUTODIR)/pgpcert.c $(PLUTODIR)/pgpcert.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
pkcs7.o : $(PLUTODIR)/pkcs7.c $(PLUTODIR)/pkcs7.h
$(COMPILE) $(INCLUDES) -c -o $@ $<
-smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
-
-x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h
- $(COMPILE) $(INCLUDES) -c -o $@ $<
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/scepclient/loglite.c b/src/scepclient/loglite.c
index 87041f114..539bb5f72 100644
--- a/src/scepclient/loglite.c
+++ b/src/scepclient/loglite.c
@@ -56,12 +56,12 @@ static void scepclient_dbg(int level, char *fmt, ...)
else if (cur_debugging & DBG_RAW)
{
debug_level = 3;
- }
+ }
else if (cur_debugging & DBG_PARSING)
{
debug_level = 2;
}
- else
+ else
{
debug_level = 1;
}
diff --git a/src/scepclient/pkcs10.c b/src/scepclient/pkcs10.c
deleted file mode 100644
index cdd68431e..000000000
--- a/src/scepclient/pkcs10.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/**
- * @file pkcs10.c
- * @brief Functions to build PKCS#10 requests
- *
- * Contains functions to build DER encoded pkcs#10 certificate requests
- */
-
-/* Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <freeswan.h>
-#include <asn1/asn1.h>
-#include <asn1/oid.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-#include "../pluto/x509.h"
-
-#include "pkcs10.h"
-
-/* some pre-coded OIDs */
-
-static u_char ASN1_challengePassword_oid_str[] = {
- 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07
-};
-
-static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str);
-
-static u_char ASN1_extensionRequest_oid_str[] = {
- 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E
-};
-
-static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str);
-
-/**
- * @brief Adds a subjectAltName in DER-coded form to a linked list
- *
- * @param[in,out] subjectAltNames head of the linked list of subjectAltNames
- * @param[in] kind type of the subjectAltName (which is a generalName)
- * @param[in] value value of the subjectAltName as an ASCII string
- */
-void
-pkcs10_add_subjectAltName(generalName_t **subjectAltNames, generalNames_t kind
-, char *value)
-{
- generalName_t *gn;
- asn1_t asn1_type = ASN1_EOC;
- chunk_t name = { value, strlen(value) };
-
- switch (kind)
- {
- case GN_RFC822_NAME:
- asn1_type = ASN1_CONTEXT_S_1;
- break;
- case GN_DNS_NAME:
- asn1_type = ASN1_CONTEXT_S_2;
- break;
- case GN_IP_ADDRESS:
- {
- struct in_addr addr;
-
- /* convert an ASCII dotted IPv4 address (e.g. 123.456.78.90)
- * to a byte representation in network order
- */
- if (!inet_aton(value, &addr))
- {
- fprintf(stderr, "error in IPv4 subjectAltName\n");
- return;
- }
- asn1_type = ASN1_CONTEXT_S_7;
- name.ptr = (u_char *) &addr.s_addr;
- name.len = sizeof(addr.s_addr);
- break;
- }
- default:
- break;
- }
-
- gn = malloc_thing(generalName_t);
- gn->kind = kind;
- gn->name = asn1_simple_object(asn1_type, name);
- gn->next = *subjectAltNames;
- *subjectAltNames = gn;
-}
-
-/**
- * @brief Builds the requestInfoAttributes of the certificationRequestInfo-field
- *
- * challenge password ans subjectAltNames are only included,
- * when avaiable in given #pkcs10_t structure
- *
- * @param[in] pkcs10 Pointer to a #pkcs10_t structure
- * @return 1 if succeeded, 0 otherwise
- */
-static chunk_t
-build_req_info_attributes(pkcs10_t* pkcs10)
-{
-
- chunk_t subjectAltNames = chunk_empty;
- chunk_t challengePassword = chunk_empty;
-
- if (pkcs10->subjectAltNames != NULL)
- {
-
- subjectAltNames = asn1_wrap(ASN1_SEQUENCE, "cm"
- , ASN1_extensionRequest_oid
- , asn1_wrap(ASN1_SET, "m"
- , asn1_wrap(ASN1_SEQUENCE, "m"
- , build_subjectAltNames(pkcs10->subjectAltNames)
- )
- )
- );
- }
-
- if (pkcs10->challengePassword.len > 0)
- {
- asn1_t type = asn1_is_printablestring(pkcs10->challengePassword)
- ? ASN1_PRINTABLESTRING : ASN1_T61STRING;
-
- challengePassword = asn1_wrap(ASN1_SEQUENCE, "cm"
- , ASN1_challengePassword_oid
- , asn1_wrap(ASN1_SET, "m"
- , asn1_simple_object(type, pkcs10->challengePassword)
- )
- );
- }
-
- return asn1_wrap(ASN1_CONTEXT_C_0, "mm"
- , subjectAltNames
- , challengePassword);
-}
-
-/**
- * @brief Builds a DER-code pkcs#10 certificate request
- *
- * @param[in] pkcs10 pointer to a pkcs10_t struct
- * @return DER-code pkcs10 request
- */
-static chunk_t
-pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
-{
- chunk_t key = pkcs10->public_key->get_encoding(pkcs10->public_key);
-
- chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
- asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
- asn1_bitstring("m", key));
-
- chunk_t cert_req_info = asn1_wrap(ASN1_SEQUENCE, "ccmm",
- ASN1_INTEGER_0,
- pkcs10->subject,
- keyInfo,
- build_req_info_attributes(pkcs10));
-
- chunk_t signature = x509_build_signature(cert_req_info, signature_alg,
- pkcs10->private_key, TRUE);
-
- return asn1_wrap(ASN1_SEQUENCE, "mcm",
- cert_req_info,
- asn1_algorithmIdentifier(signature_alg),
- signature);
-}
-
-/**
- * @brief Creates a pkcs#10 certificate request object
- *
- * To create a certificate request, the RSA key and the
- * names to be included as subject in the certificate request
- * (e.g. commonName, organization) are needed. An optional challenge
- * password or some subjectAltNames may be included.
- *
- * @param[in] key rsakey of type #rsakey_t
- * @param[in] subject DER-coded subject distinguished name
- * @param[in] challengePassword challenge password or chunk_empty
- * @param[in] subjectAltNames linked list of subjectAltNames or NULL
- * @return pointer to a #pkcs10_t object
- */
-pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public,
- chunk_t subject, chunk_t challengePassword,
- generalName_t *subjectAltNames, int signature_alg)
-{
- pkcs10_t *pkcs10 = malloc_thing(pkcs10_t);
-
- pkcs10->subject = subject;
- pkcs10->private_key = private;
- pkcs10->public_key = public;
- pkcs10->challengePassword = challengePassword;
- pkcs10->subjectAltNames = subjectAltNames;
-
- pkcs10->request = pkcs10_build_request(pkcs10, signature_alg);
- return pkcs10;
-}
-
-/**
- * @brief Frees the resources used by an #pkcs10_t object
- *
- * @param[in] pkcs10 #pkcs10_t to free
- */
-void
-pkcs10_free(pkcs10_t *pkcs10)
-{
- if (pkcs10 != NULL)
- {
- free(pkcs10->request.ptr);
- free(pkcs10);
- }
-}
diff --git a/src/scepclient/pkcs10.h b/src/scepclient/pkcs10.h
deleted file mode 100644
index 3f29f019a..000000000
--- a/src/scepclient/pkcs10.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * @file pkcs10.h
- * @brief Functions to build PKCS#10 Request's
- *
- * Contains functions to build DER encoded pkcs#10 certificate requests
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef _PKCS10_H
-#define _PKCS10_H
-
-#include <credentials/keys/private_key.h>
-#include <credentials/keys/public_key.h>
-
-#include "../pluto/defs.h"
-#include "../pluto/x509.h"
-
-typedef struct pkcs10_struct pkcs10_t;
-
-/**
- * @brief type representating a pkcs#10 request.
- *
- * A pkcs#10 request contains a distinguished name, an optional
- * challenge password, a public key and optional subjectAltNames.
- *
- * The RSA private key is needed to compute the signature of the given request
- */
-struct pkcs10_struct {
- private_key_t *private_key;
- public_key_t *public_key;
- chunk_t request;
- chunk_t subject;
- chunk_t challengePassword;
- generalName_t *subjectAltNames;
-};
-
-extern const pkcs10_t empty_pkcs10;
-
-extern void pkcs10_add_subjectAltName(generalName_t **subjectAltNames,
- generalNames_t kind, char *value);
-extern pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public,
- chunk_t subject, chunk_t challengePassword,
- generalName_t *subjectAltNames, int signature_alg);
-extern void pkcs10_free(pkcs10_t *pkcs10);
-
-#endif /* _PKCS10_H */
diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index a788c6f41..598705636 100644
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -1,7 +1,7 @@
/**
* @file scep.c
* @brief SCEP specific functions
- *
+ *
* Contains functions to build SCEP request's and to parse SCEP reply's.
*/
@@ -39,24 +39,15 @@
#include "scep.h"
-static char ASN1_messageType_oid_str[] = {
+static const chunk_t ASN1_messageType_oid = chunk_from_chars(
0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
-};
-
-static char ASN1_senderNonce_oid_str[] = {
+);
+static const chunk_t ASN1_senderNonce_oid = chunk_from_chars(
0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
-};
-
-static char ASN1_transId_oid_str[] = {
+);
+static const chunk_t ASN1_transId_oid = chunk_from_chars(
0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
-};
-
-static const chunk_t ASN1_messageType_oid =
- chunk_from_buf(ASN1_messageType_oid_str);
-static const chunk_t ASN1_senderNonce_oid =
- chunk_from_buf(ASN1_senderNonce_oid_str);
-static const chunk_t ASN1_transId_oid =
- chunk_from_buf(ASN1_transId_oid_str);
+);
static const char *pkiStatus_values[] = { "0", "2", "3" };
@@ -239,7 +230,7 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs)
DBG(DBG_CONTROL | DBG_PARSING,
DBG_log("parsing attributes")
)
-
+
while (parser->iterate(parser, &objectID, &object))
{
switch (objectID)
@@ -255,24 +246,23 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs)
}
}
success = parser->success(parser);
-
+
end:
parser->destroy(parser);
return success;
}
/**
- * Generates a unique fingerprint of the pkcs10 request
+ * Generates a unique fingerprint of the pkcs10 request
* by computing an MD5 hash over it
*/
chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10)
{
- char digest_buf[HASH_SIZE_MD5];
- chunk_t digest = chunk_from_buf(digest_buf);
+ chunk_t digest = chunk_alloca(HASH_SIZE_MD5);
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
- hasher->get_hash(hasher, pkcs10, digest_buf);
+ hasher->get_hash(hasher, pkcs10, digest.ptr);
hasher->destroy(hasher);
return chunk_to_hex(digest, NULL, FALSE);
@@ -285,21 +275,20 @@ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10)
void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
chunk_t *serialNumber)
{
- char digest_buf[HASH_SIZE_MD5];
- chunk_t digest = chunk_from_buf(digest_buf);
- chunk_t keyEncoding, keyInfo;
+ chunk_t digest = chunk_alloca(HASH_SIZE_MD5);
+ chunk_t keyEncoding = chunk_empty, keyInfo;
hasher_t *hasher;
bool msb_set;
u_char *pos;
-
- keyEncoding = key->get_encoding(key);
- keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
- asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
- asn1_bitstring("m", keyEncoding));
+ key->get_encoding(key, KEY_PUB_ASN1_DER, &keyEncoding);
+
+ keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
+ asn1_bitstring("m", keyEncoding));
hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
- hasher->get_hash(hasher, keyInfo, digest_buf);
+ hasher->get_hash(hasher, keyInfo, digest.ptr);
hasher->destroy(hasher);
free(keyInfo.ptr);
@@ -381,8 +370,8 @@ chunk_t scep_senderNonce_attribute(void)
* Builds a pkcs7 enveloped and signed scep request
*/
chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
- const x509cert_t *enc_cert, int enc_alg,
- const x509cert_t *signer_cert, int digest_alg,
+ certificate_t *enc_cert, int enc_alg,
+ certificate_t *signer_cert, int digest_alg,
private_key_t *private_key)
{
chunk_t envelopedData, attributes, request;
@@ -497,7 +486,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
free(escaped_req);
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
- FETCH_HTTP_VERSION_1_0,
+ FETCH_HTTP_VERSION_1_0,
FETCH_REQUEST_HEADER, "Pragma:",
FETCH_REQUEST_HEADER, "Host:",
FETCH_REQUEST_HEADER, "Accept:",
@@ -510,7 +499,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
complete_url = malloc(len);
snprintf(complete_url, len, "%s?operation=%s", url, operation);
- status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
+ status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_REQUEST_DATA, pkcs7,
FETCH_REQUEST_TYPE, "",
FETCH_REQUEST_HEADER, "Expect:",
@@ -527,7 +516,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier"
, url, operation);
- status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
+ status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_END);
}
@@ -536,7 +525,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
}
err_t scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data,
- scep_attributes_t *attrs, x509cert_t *signer_cert)
+ scep_attributes_t *attrs, certificate_t *signer_cert)
{
chunk_t attributes;
diff --git a/src/scepclient/scep.h b/src/scepclient/scep.h
index e8dc87591..f64c6b1cc 100644
--- a/src/scepclient/scep.h
+++ b/src/scepclient/scep.h
@@ -1,7 +1,7 @@
/**
* @file scep.h
* @brief SCEP specific functions
- *
+ *
* Contains functions to build and parse SCEP requests and replies
*/
@@ -23,6 +23,8 @@
#ifndef _SCEP_H
#define _SCEP_H
+#include <credentials/certificates/certificate.h>
+
#include "../pluto/defs.h"
#include "../pluto/pkcs7.h"
@@ -81,13 +83,13 @@ extern chunk_t scep_transId_attribute(chunk_t transaction_id);
extern chunk_t scep_messageType_attribute(scep_msg_t m);
extern chunk_t scep_senderNonce_attribute(void);
extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
- const x509cert_t *enc_cert, int enc_alg,
- const x509cert_t *signer_cert, int digest_alg,
+ certificate_t *enc_cert, int enc_alg,
+ certificate_t *signer_cert, int digest_alg,
private_key_t *private_key);
extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
bool http_get_request, chunk_t *response);
extern err_t scep_parse_response(chunk_t response, chunk_t transID,
contentInfo_t *data, scep_attributes_t *attrs,
- x509cert_t *signer_cert);
+ certificate_t *signer_cert);
#endif /* _SCEP_H */
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 6c0166d66..576ce1dc5 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -41,18 +41,22 @@
#include <asn1/oid.h>
#include <utils/optionsfrom.h>
#include <utils/enumerator.h>
+#include <utils/linked_list.h>
+#include <crypto/hashers/hasher.h>
#include <crypto/crypters/crypter.h>
#include <crypto/proposal/proposal_keywords.h>
#include <credentials/keys/private_key.h>
#include <credentials/keys/public_key.h>
+#include <credentials/certificates/certificate.h>
+#include <credentials/certificates/x509.h>
+#include <credentials/certificates/pkcs10.h>
#include "../pluto/constants.h"
#include "../pluto/defs.h"
#include "../pluto/log.h"
-#include "../pluto/pkcs7.h"
#include "../pluto/certs.h"
+#include "../pluto/pkcs7.h"
-#include "pkcs10.h"
#include "scep.h"
/*
@@ -121,26 +125,27 @@ options_t *options;
* Global variables
*/
-private_key_t *private_key = NULL;
-public_key_t *public_key = NULL;
-
chunk_t pkcs1;
chunk_t pkcs7;
-chunk_t subject;
chunk_t challengePassword;
chunk_t serialNumber;
chunk_t transID;
chunk_t fingerprint;
+chunk_t encoding;
+chunk_t pkcs10_encoding;
chunk_t issuerAndSubject;
chunk_t getCertInitial;
chunk_t scep_response;
-cert_t cert;
-x509cert_t *x509_signer = NULL;
-x509cert_t *x509_ca_enc = NULL;
-x509cert_t *x509_ca_sig = NULL;
-generalName_t *subjectAltNames = NULL;
-pkcs10_t *pkcs10 = NULL;
+linked_list_t *subjectAltNames;
+
+identification_t *subject = NULL;
+private_key_t *private_key = NULL;
+public_key_t *public_key = NULL;
+certificate_t *x509_signer = NULL;
+certificate_t *x509_ca_enc = NULL;
+certificate_t *x509_ca_sig = NULL;
+certificate_t *pkcs10_req = NULL;
/**
* @brief exit scepclient
@@ -152,27 +157,25 @@ exit_scepclient(err_t message, ...)
{
int status = 0;
+ DESTROY_IF(subject);
DESTROY_IF(private_key);
DESTROY_IF(public_key);
+ DESTROY_IF(x509_signer);
+ DESTROY_IF(x509_ca_enc);
+ DESTROY_IF(x509_ca_sig);
+ DESTROY_IF(pkcs10_req);
+ subjectAltNames->destroy_offset(subjectAltNames,
+ offsetof(identification_t, destroy));
free(pkcs1.ptr);
free(pkcs7.ptr);
- free(subject.ptr);
free(serialNumber.ptr);
free(transID.ptr);
free(fingerprint.ptr);
+ free(encoding.ptr);
+ free(pkcs10_encoding.ptr);
free(issuerAndSubject.ptr);
free(getCertInitial.ptr);
free(scep_response.ptr);
-
- free_generalNames(subjectAltNames, TRUE);
- if (x509_signer != NULL)
- {
- x509_signer->subjectAltName = NULL;
- }
- free_x509cert(x509_signer);
- free_x509cert(x509_ca_enc);
- free_x509cert(x509_ca_sig);
- pkcs10_free(pkcs10);
options->destroy(options);
/* print any error message to stderr */
@@ -279,7 +282,7 @@ static void print_plugins()
char buf[BUF_LEN], *plugin;
int len = 0;
enumerator_t *enumerator;
-
+
enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin))
{
@@ -357,8 +360,8 @@ int main(int argc, char **argv)
/* digest algorithm used by pkcs7, default is SHA-1 */
int pkcs7_digest_alg = OID_SHA1;
- /* signature algorithm used by pkcs10, default is SHA-1 with RSA encryption */
- int pkcs10_signature_alg = OID_SHA1;
+ /* signature algorithm used by pkcs10, default is SHA-1 */
+ hash_algorithm_t pkcs10_signature_alg = HASH_SHA1;
/* URL of the SCEP-Server */
char *scep_url = NULL;
@@ -374,20 +377,8 @@ int main(int argc, char **argv)
err_t ugh = NULL;
- /* initialize global variables */
- pkcs1 = chunk_empty;
- pkcs7 = chunk_empty;
- serialNumber = chunk_empty;
- transID = chunk_empty;
- fingerprint = chunk_empty;
- issuerAndSubject = chunk_empty;
- challengePassword = chunk_empty;
- getCertInitial = chunk_empty;
- scep_response = chunk_empty;
- log_to_stderr = TRUE;
-
/* initialize library */
- if (!library_init(STRONGSWAN_CONF))
+ if (!library_init(NULL))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -400,8 +391,21 @@ int main(int argc, char **argv)
exit(SS_RC_DAEMON_INTEGRITY);
}
- /* initialize optionsfrom */
- options = options_create();
+ /* initialize global variables */
+ pkcs1 = chunk_empty;
+ pkcs7 = chunk_empty;
+ serialNumber = chunk_empty;
+ transID = chunk_empty;
+ fingerprint = chunk_empty;
+ encoding = chunk_empty;
+ pkcs10_encoding = chunk_empty;
+ issuerAndSubject = chunk_empty;
+ challengePassword = chunk_empty;
+ getCertInitial = chunk_empty;
+ scep_response = chunk_empty;
+ subjectAltNames = linked_list_create();
+ options = options_create();
+ log_to_stderr = TRUE;
for (;;)
{
@@ -544,7 +548,7 @@ int main(int argc, char **argv)
}
continue;
}
-
+
case 'f': /* --force */
force = TRUE;
continue;
@@ -614,7 +618,6 @@ int main(int argc, char **argv)
case 's': /* --subjectAltName */
{
- generalNames_t kind;
char *value = strstr(optarg, "=");
if (value)
@@ -625,25 +628,19 @@ int main(int argc, char **argv)
value++;
}
- if (strcaseeq("email", optarg))
- {
- kind = GN_RFC822_NAME;
- }
- else if (strcaseeq("dns", optarg))
+ if (strcaseeq("email", optarg) ||
+ strcaseeq("dns", optarg) ||
+ strcaseeq("ip", optarg))
{
- kind = GN_DNS_NAME;
- }
- else if (strcaseeq("ip", optarg))
- {
- kind = GN_IP_ADDRESS;
+ subjectAltNames->insert_last(subjectAltNames,
+ identification_create_from_string(value));
+ continue;
}
else
{
usage("invalid --subjectAltName type");
continue;
}
- pkcs10_add_subjectAltName(&subjectAltNames, kind, value);
- continue;
}
case 'p': /* --password */
@@ -748,7 +745,7 @@ int main(int argc, char **argv)
base_debugging |= DBG_PRIVATE;
continue;
#endif
- default:
+ default:
usage("unknown option");
}
/* break from loop */
@@ -759,8 +756,11 @@ int main(int argc, char **argv)
init_log("scepclient");
/* load plugins, further infrastructure may need it */
- lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
- lib->settings->get_str(lib->settings, "scepclient.load", PLUGINS));
+ if (!lib->plugins->load(lib->plugins, NULL,
+ lib->settings->get_str(lib->settings, "scepclient.load", PLUGINS)))
+ {
+ exit_scepclient("plugin loading failed");
+ }
print_plugins();
if ((filetype_out == 0) && (!request_ca_certificate))
@@ -787,18 +787,18 @@ int main(int argc, char **argv)
/*
* input of PKCS#1 file
*/
- if (filetype_in & PKCS1) /* load an RSA key pair from file */
+ if (filetype_in & PKCS1) /* load an RSA key pair from file */
{
- prompt_pass_t pass = { "", FALSE, STDIN_FILENO };
char *path = concatenate_paths(PRIVATE_KEY_PATH, file_in_pkcs1);
- private_key = load_private_key(path, &pass, KEY_RSA);
+ private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ BUILD_FROM_FILE, path, BUILD_END);
}
else /* generate an RSA key pair */
{
private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
BUILD_KEY_SIZE, rsa_keylength,
- BUILD_END);
+ BUILD_END);
}
if (private_key == NULL)
{
@@ -828,11 +828,6 @@ int main(int argc, char **argv)
}
else
{
- char buf[IDTOA_BUF];
- chunk_t dn = chunk_empty;
-
- dn.ptr = buf;
-
if (distinguishedName == NULL)
{
char buf[BUF_LEN];
@@ -850,34 +845,43 @@ int main(int argc, char **argv)
DBG(DBG_CONTROL,
DBG_log("dn: '%s'", distinguishedName);
)
- ugh = atodn(distinguishedName, &dn);
- if (ugh != NULL)
+ subject = identification_create_from_string(distinguishedName);
+ if (subject->get_type(subject) != ID_DER_ASN1_DN)
{
- exit_scepclient(ugh);
+ exit_scepclient("parsing of distinguished name failed");
}
- subject = chunk_clone(dn);
-
DBG(DBG_CONTROL,
DBG_log("building pkcs10 object:")
)
- pkcs10 = pkcs10_build(private_key, public_key, subject,
- challengePassword, subjectAltNames,
- pkcs10_signature_alg);
- fingerprint = scep_generate_pkcs10_fingerprint(pkcs10->request);
+ pkcs10_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ CERT_PKCS10_REQUEST,
+ BUILD_SIGNING_KEY, private_key,
+ BUILD_SUBJECT, subject,
+ BUILD_SUBJECT_ALTNAMES, subjectAltNames,
+ BUILD_PASSPHRASE, challengePassword,
+ BUILD_DIGEST_ALG, pkcs10_signature_alg,
+ BUILD_END);
+ if (!pkcs10_req)
+ {
+ exit_scepclient("generating pkcs10 request failed");
+ }
+ pkcs10_encoding = pkcs10_req->get_encoding(pkcs10_req);
+ fingerprint = scep_generate_pkcs10_fingerprint(pkcs10_encoding);
plog(" fingerprint: %s", fingerprint.ptr);
}
- /*
+ /*
* output of PKCS#10 file
*/
if (filetype_out & PKCS10)
{
char *path = concatenate_paths(REQ_PATH, file_out_pkcs10);
- if (!chunk_write(pkcs10->request, path, "pkcs10", 0022, force))
+ if (!chunk_write(pkcs10_encoding, path, "pkcs10", 0022, force))
+ {
exit_scepclient("could not write pkcs10 file '%s'", path);
-
+ }
filetype_out &= ~PKCS10; /* delete PKCS10 flag */
}
@@ -896,11 +900,11 @@ int main(int argc, char **argv)
DBG(DBG_CONTROL,
DBG_log("building pkcs1 object:")
)
- pkcs1 = private_key->get_encoding(private_key);
-
- if (!chunk_write(pkcs1, path, "pkcs1", 0066, force))
+ if (!private_key->get_encoding(private_key, KEY_PRIV_ASN1_DER, &pkcs1) ||
+ !chunk_write(pkcs1, path, "pkcs1", 0066, force))
+ {
exit_scepclient("could not write pkcs1 file '%s'", path);
-
+ }
filetype_out &= ~PKCS1; /* delete PKCS1 flag */
}
@@ -912,19 +916,23 @@ int main(int argc, char **argv)
scep_generate_transaction_id(public_key, &transID, &serialNumber);
plog(" transaction ID: %.*s", (int)transID.len, transID.ptr);
+ notBefore = notBefore ? notBefore : time(NULL);
+ notAfter = notAfter ? notAfter : (notBefore + validity);
+
/* generate a self-signed X.509 certificate */
- x509_signer = malloc_thing(x509cert_t);
- *x509_signer = empty_x509cert;
- x509_signer->serialNumber = serialNumber;
- x509_signer->sigAlg = OID_SHA1_WITH_RSA;
- x509_signer->issuer = subject;
- x509_signer->notBefore = (notBefore)? notBefore
- : time(NULL);
- x509_signer->notAfter = (notAfter)? notAfter
- : x509_signer->notBefore + validity;
- x509_signer->subject = subject;
- x509_signer->subjectAltName = subjectAltNames;
- build_x509cert(x509_signer, public_key, private_key);
+ x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_SIGNING_KEY, private_key,
+ BUILD_PUBLIC_KEY, public_key,
+ BUILD_SUBJECT, subject,
+ BUILD_NOT_BEFORE_TIME, notBefore,
+ BUILD_NOT_AFTER_TIME, notAfter,
+ BUILD_SERIAL, serialNumber,
+ BUILD_SUBJECT_ALTNAMES, subjectAltNames,
+ BUILD_END);
+ if (!x509_signer)
+ {
+ exit_scepclient("generating certificate failed");
+ }
/*
* output of self-signed X.509 certificate file
@@ -933,9 +941,16 @@ int main(int argc, char **argv)
{
char *path = concatenate_paths(HOST_CERT_PATH, file_out_cert_self);
- if (!chunk_write(x509_signer->certificate, path, "self-signed cert", 0022, force))
+ encoding = x509_signer->get_encoding(x509_signer);
+ if (!encoding.ptr)
+ {
+ exit_scepclient("encoding certificate failed");
+ }
+ if (!chunk_write(encoding, path, "self-signed cert", 0022, force))
+ {
exit_scepclient("could not write self-signed cert file '%s'", path);
-;
+ }
+ chunk_free(&encoding);
filetype_out &= ~CERT_SELF; /* delete CERT_SELF flag */
}
@@ -949,16 +964,16 @@ int main(int argc, char **argv)
*/
{
char *path = concatenate_paths(CA_CERT_PATH, file_in_cacert_enc);
- cert_t cert;
-
- if (!load_cert(path, "encryption cacert", &cert))
+
+ x509_ca_enc = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_FROM_FILE, path, BUILD_END);
+ if (!x509_ca_enc)
{
exit_scepclient("could not load encryption cacert file '%s'", path);
}
- x509_ca_enc = cert.u.x509;
}
- /*
+ /*
* input of PKCS#7 file
*/
if (filetype_in & PKCS7)
@@ -976,10 +991,10 @@ int main(int argc, char **argv)
DBG(DBG_CONTROL,
DBG_log("building pkcs7 request")
)
- pkcs7 = scep_build_request(pkcs10->request
- , transID, SCEP_PKCSReq_MSG
- , x509_ca_enc, pkcs7_symmetric_cipher
- , x509_signer, pkcs7_digest_alg, private_key);
+ pkcs7 = scep_build_request(pkcs10_encoding,
+ transID, SCEP_PKCSReq_MSG,
+ x509_ca_enc, pkcs7_symmetric_cipher,
+ x509_signer, pkcs7_digest_alg, private_key);
}
/*
@@ -1005,19 +1020,23 @@ int main(int argc, char **argv)
*/
if (filetype_out & CERT)
{
+ certificate_t *cert;
+ enumerator_t *enumerator;
char *path = concatenate_paths(CA_CERT_PATH, file_in_cacert_sig);
- cert_t cert;
- time_t poll_start;
+ time_t poll_start = 0;
- x509cert_t *certs = NULL;
+ linked_list_t *certs = linked_list_create();
chunk_t envelopedData = chunk_empty;
chunk_t certData = chunk_empty;
contentInfo_t data = empty_contentInfo;
scep_attributes_t attrs = empty_scep_attributes;
- if (!load_cert(path, "signature cacert", &cert))
+ x509_ca_sig = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_FROM_FILE, path, BUILD_END);
+ if (!x509_ca_sig)
+ {
exit_scepclient("could not load signature cacert file '%s'", path);
- x509_ca_sig = cert.u.x509;
+ }
if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION,
http_get_request, &scep_response))
@@ -1034,17 +1053,19 @@ int main(int argc, char **argv)
/* in case of manual mode, we are going into a polling loop */
if (attrs.pkiStatus == SCEP_PENDING)
{
+ identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig);
+
plog(" scep request pending, polling every %d seconds"
, poll_interval);
- time(&poll_start);
- issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc"
- , x509_ca_sig->subject
- , subject);
+ poll_start = time_monotonic(NULL);
+ issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc",
+ issuer->get_encoding(issuer),
+ subject);
}
while (attrs.pkiStatus == SCEP_PENDING)
{
if (max_poll_time > 0
- && (time(NULL) - poll_start >= max_poll_time))
+ && (time_monotonic(NULL) - poll_start >= max_poll_time))
{
exit_scepclient("maximum poll time reached: %d seconds"
, max_poll_time);
@@ -1096,7 +1117,7 @@ int main(int argc, char **argv)
{
exit_scepclient("could not decrypt envelopedData");
}
- if (!pkcs7_parse_signedData(certData, NULL, &certs, NULL, NULL))
+ if (!pkcs7_parse_signedData(certData, NULL, certs, NULL, NULL))
{
exit_scepclient("error parsing the scep response");
}
@@ -1104,22 +1125,29 @@ int main(int argc, char **argv)
/* store the end entity certificate */
path = concatenate_paths(HOST_CERT_PATH, file_out_cert);
- while (certs != NULL)
+
+ enumerator = certs->create_enumerator(certs);
+ while (enumerator->enumerate(enumerator, &cert))
{
bool stored = FALSE;
- x509cert_t *cert = certs;
+ x509_t *x509 = (x509_t*)cert;
- if (!cert->isCA)
+ if (!(x509->get_flags(x509) & X509_CA))
{
if (stored)
+ {
exit_scepclient("multiple certs received, only first stored");
- if (!chunk_write(cert->certificate, path, "requested cert", 0022, force))
+ }
+ encoding = cert->get_encoding(cert);
+ if (!chunk_write(encoding, path, "requested cert", 0022, force))
+ {
exit_scepclient("could not write cert file '%s'", path);
+ }
+ chunk_free(&encoding);
stored = TRUE;
}
- certs = certs->next;
- free_x509cert(cert);
}
+ certs->destroy_offset(certs, offsetof(certificate_t, destroy));
filetype_out &= ~CERT; /* delete CERT flag */
}