summaryrefslogtreecommitdiff
path: root/src/pki/commands
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki/commands')
-rw-r--r--src/pki/commands/gen.c4
-rw-r--r--src/pki/commands/issue.c24
-rw-r--r--src/pki/commands/keyid.c6
-rw-r--r--src/pki/commands/pkcs7.c8
-rw-r--r--src/pki/commands/print.c8
-rw-r--r--src/pki/commands/pub.c28
-rw-r--r--src/pki/commands/req.c11
-rw-r--r--src/pki/commands/self.c10
-rw-r--r--src/pki/commands/signcrl.c12
-rw-r--r--src/pki/commands/verify.c9
10 files changed, 82 insertions, 38 deletions
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index e3602f0c3..b74be7d98 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -151,7 +151,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
gen, 'g', "gen", "generate a new private key",
{" [--type rsa|ecdsa] [--size bits] [--safe-primes]",
- "[--shares n] [--threshold l] [--outform der|pem|pgp]"},
+ "[--shares n] [--threshold l] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"type", 't', 1, "type of key, default: rsa"},
@@ -159,7 +159,7 @@ static void __attribute__ ((constructor))reg()
{"safe-primes", 'p', 0, "generate rsa safe primes"},
{"shares", 'n', 1, "number of private rsa key shares"},
{"threshold", 'l', 1, "minimum number of participating rsa key shares"},
- {"outform", 'f', 1, "encoding of generated private key"},
+ {"outform", 'f', 1, "encoding of generated private key, default: der"},
}
});
}
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 5f098ba41..000f63d1a 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -380,9 +380,13 @@ static int issue()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_PKCS10_REQUEST,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cert_req)
{
@@ -419,8 +423,12 @@ static int issue()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
}
if (!public)
@@ -514,14 +522,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
- {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex",
+ {"[--in file] [--type pub|pkcs10] --cakey file|--cakeyid hex",
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
- "[--lifetime days] [--serial hex] [--crl uri [--crlissuer i] ]+ [--ocsp uri]+",
- "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
- "[--nc-permitted name] [--nc-excluded name]",
- "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+",
- "[--policy-map issuer-oid:subject-oid]",
+ "[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
+ "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
+ "[--crl uri [--crlissuer i]]+ [--ocsp uri]+ [--nc-permitted name]",
+ "[--nc-excluded name] [--policy-mapping issuer-oid:subject-oid]",
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
+ "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 6d2f7b915..353670e32 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -87,8 +87,12 @@ static int keyid()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cred)
{
diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c
index 790656c62..6c75693ab 100644
--- a/src/pki/commands/pkcs7.c
+++ b/src/pki/commands/pkcs7.c
@@ -445,8 +445,8 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
pkcs7, '7', "pkcs7", "PKCS#7 wrap/unwrap functions",
- {"--sign | --verify | --encrypt | --decrypt",
- "--certificate+ [--key]"},
+ {"--sign|--verify|--encrypt|--decrypt|--show",
+ "[--in file] [--cert file]+ [--key file]"},
{
{"help", 'h', 0, "show usage information"},
{"sign", 's', 0, "create PKCS#7 signed-data"},
@@ -455,8 +455,8 @@ static void __attribute__ ((constructor))reg()
{"decrypt", 'd', 0, "decrypt PKCS#7 enveloped-data"},
{"show", 'p', 0, "show info about PKCS#7, print certificates"},
{"in", 'i', 1, "input file, default: stdin"},
- {"key", 'k', 1, "path to private key for sign/decryp"},
- {"cert", 'c', 1, "path to certificate for sign/verify/encryp"},
+ {"key", 'k', 1, "path to private key for sign/decrypt"},
+ {"cert", 'c', 1, "path to certificate for sign/verify/encrypt"},
}
});
}
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 90cf254c8..2261e44ff 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -338,7 +338,7 @@ static void print_crl(crl_t *crl)
if (crl->is_delta_crl(crl, &chunk))
{
- chunk = chunk_skip_zero(chunk);
+ chunk = chunk_skip_zero(chunk);
printf("delta CRL: for serial %#B\n", &chunk);
}
chunk = crl->get_authKeyIdentifier(crl);
@@ -508,8 +508,12 @@ static int print()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cred)
{
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 9912061f4..7f88055ef 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -51,6 +51,11 @@ static int pub()
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
+ else if (streq(arg, "pub"))
+ {
+ type = CRED_PUBLIC_KEY;
+ subtype = KEY_ANY;
+ }
else if (streq(arg, "pkcs10"))
{
type = CRED_CERTIFICATE;
@@ -96,13 +101,17 @@ static int pub()
chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
- BUILD_PKCS11_KEYID, chunk, BUILD_END);
+ BUILD_PKCS11_KEYID, chunk, BUILD_END);
free(chunk.ptr);
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (type == CRED_PRIVATE_KEY)
@@ -116,6 +125,15 @@ static int pub()
public = private->get_public_key(private);
private->destroy(private);
}
+ else if (type == CRED_PUBLIC_KEY)
+ {
+ public = cred;
+ if (!public)
+ {
+ fprintf(stderr, "parsing public key failed\n");
+ return 1;
+ }
+ }
else
{
cert = cred;
@@ -157,14 +175,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
pub, 'p', "pub",
"extract the public key from a private key/certificate",
- {"[--in file|--keyid hex] [--type rsa|ecdsa|pkcs10|x509]",
- "[--outform der|pem|pgp|dnskey]"},
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|pub|pkcs10|x509]",
+ "[--outform der|pem|dnskey|sshkey]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
{"type", 't', 1, "type of credential, default: rsa"},
- {"outform", 'f', 1, "encoding of extracted public key"},
+ {"outform", 'f', 1, "encoding of extracted public key, default: der"},
}
});
}
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index d90ddc251..628463e7b 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -116,8 +116,12 @@ static int req()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!private)
{
@@ -174,9 +178,8 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {"[--in file] [--type rsa|ecdsa]",
- " --dn distinguished-name [--san subjectAltName]+",
- "[--password challengePassword]",
+ {" [--in file] [--type rsa|ecdsa] --dn distinguished-name",
+ "[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 448360821..6bf0b1353 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -271,8 +271,12 @@ static int self()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!private)
{
@@ -378,14 +382,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
- {"[--in file | --keyid hex] [--type rsa|ecdsa]",
+ {" [--in file|--keyid hex] [--type rsa|ecdsa]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
"[--nc-permitted name] [--nc-excluded name]",
- "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+",
"[--policy-map issuer-oid:subject-oid]",
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
+ "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index f9746cca7..4f9dd291d 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -429,13 +429,13 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
sign_crl, 'c', "signcrl",
"issue a CRL using a CA certificate and key",
- {"--cacert file --cakey file | --cakeyid hex --lifetime days",
- "[--lastcrl crl] [--basecrl crl] [--crluri uri ]+",
- "[ [--reason key-compromise|ca-compromise|affiliation-changed|",
+ {"--cacert file --cakey file|--cakeyid hex [--lifetime days]",
+ " [--lastcrl crl] [--basecrl crl] [--crluri uri]+",
+ " [[--reason key-compromise|ca-compromise|affiliation-changed|",
" superseded|cessation-of-operation|certificate-hold]",
- " [--date timestamp]",
- " --cert file | --serial hex ]*",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+ " [--date timestamp] --cert file|--serial hex]*",
+ " [--digest md5|sha1|sha224|sha256|sha384|sha512]",
+ " [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"cacert", 'c', 1, "CA certificate file"},
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 3e983d3ec..96b2b5065 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -55,8 +55,12 @@ static int verify()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cert)
{
@@ -125,7 +129,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
verify, 'v', "verify",
"verify a certificate using the CA certificate",
- {"[--in file] [--ca file]"},
+ {"[--in file] [--cacert file]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "X.509 certificate to verify, default: stdin"},
@@ -133,4 +137,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 08:40:25 +0000