1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/tsrc/topenssl/src/spkac.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,311 @@
1.4 +/* apps/spkac.c */
1.5 +
1.6 +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
1.7 + * project 1999. Based on an original idea by Massimiliano Pala
1.8 + * (madwolf@openca.org).
1.9 + */
1.10 +/* ====================================================================
1.11 + * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
1.12 + *
1.13 + * Redistribution and use in source and binary forms, with or without
1.14 + * modification, are permitted provided that the following conditions
1.15 + * are met:
1.16 + *
1.17 + * 1. Redistributions of source code must retain the above copyright
1.18 + * notice, this list of conditions and the following disclaimer.
1.19 + *
1.20 + * 2. Redistributions in binary form must reproduce the above copyright
1.21 + * notice, this list of conditions and the following disclaimer in
1.22 + * the documentation and/or other materials provided with the
1.23 + * distribution.
1.24 + *
1.25 + * 3. All advertising materials mentioning features or use of this
1.26 + * software must display the following acknowledgment:
1.27 + * "This product includes software developed by the OpenSSL Project
1.28 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1.29 + *
1.30 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.31 + * endorse or promote products derived from this software without
1.32 + * prior written permission. For written permission, please contact
1.33 + * licensing@OpenSSL.org.
1.34 + *
1.35 + * 5. Products derived from this software may not be called "OpenSSL"
1.36 + * nor may "OpenSSL" appear in their names without prior written
1.37 + * permission of the OpenSSL Project.
1.38 + *
1.39 + * 6. Redistributions of any form whatsoever must retain the following
1.40 + * acknowledgment:
1.41 + * "This product includes software developed by the OpenSSL Project
1.42 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.45 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.47 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.48 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.49 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.50 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.51 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.52 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.53 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.54 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.55 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.56 + * ====================================================================
1.57 + *
1.58 + * This product includes cryptographic software written by Eric Young
1.59 + * (eay@cryptsoft.com). This product includes software written by Tim
1.60 + * Hudson (tjh@cryptsoft.com).
1.61 + *
1.62 + */
1.63 +#include <stdio.h>
1.64 +#include <stdlib.h>
1.65 +#include <string.h>
1.66 +#include <time.h>
1.67 +#include "apps.h"
1.68 +#include <openssl/bio.h>
1.69 +#include <openssl/conf.h>
1.70 +#include <openssl/err.h>
1.71 +#include <openssl/evp.h>
1.72 +#include <openssl/lhash.h>
1.73 +#include <openssl/x509.h>
1.74 +#include <openssl/pem.h>
1.75 +
1.76 +#undef PROG
1.77 +#define PROG spkac_main
1.78 +
1.79 +/* -in arg - input file - default stdin
1.80 + * -out arg - output file - default stdout
1.81 + */
1.82 +
1.83 +
1.84 +int MAIN(int, char **);
1.85 +
1.86 +int MAIN(int argc, char **argv)
1.87 + {
1.88 + ENGINE *e = NULL;
1.89 + int i,badops=0, ret = 1;
1.90 + BIO *in = NULL,*out = NULL;
1.91 + int verify=0,noout=0,pubkey=0;
1.92 + char *infile = NULL,*outfile = NULL,*prog;
1.93 + char *passargin = NULL, *passin = NULL;
1.94 + const char *spkac = "SPKAC", *spksect = "default";
1.95 + char *spkstr = NULL;
1.96 + char *challenge = NULL, *keyfile = NULL;
1.97 + CONF *conf = NULL;
1.98 + NETSCAPE_SPKI *spki = NULL;
1.99 + EVP_PKEY *pkey = NULL;
1.100 +#ifndef OPENSSL_NO_ENGINE
1.101 + char *engine=NULL;
1.102 +#endif
1.103 +
1.104 + apps_startup();
1.105 +
1.106 + if (!bio_err)
1.107 + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
1.108 +
1.109 +
1.110 + if (!load_config(bio_err, NULL))
1.111 + goto end;
1.112 +
1.113 + prog=argv[0];
1.114 + argc--;
1.115 + argv++;
1.116 + while (argc >= 1)
1.117 + {
1.118 + if (strcmp(*argv,"-in") == 0)
1.119 + {
1.120 + if (--argc < 1) goto bad;
1.121 + infile= *(++argv);
1.122 + }
1.123 + else if (strcmp(*argv,"-out") == 0)
1.124 + {
1.125 + if (--argc < 1) goto bad;
1.126 + outfile= *(++argv);
1.127 + }
1.128 + else if (strcmp(*argv,"-passin") == 0)
1.129 + {
1.130 + if (--argc < 1) goto bad;
1.131 + passargin= *(++argv);
1.132 + }
1.133 + else if (strcmp(*argv,"-key") == 0)
1.134 + {
1.135 + if (--argc < 1) goto bad;
1.136 + keyfile= *(++argv);
1.137 + }
1.138 + else if (strcmp(*argv,"-challenge") == 0)
1.139 + {
1.140 + if (--argc < 1) goto bad;
1.141 + challenge= *(++argv);
1.142 + }
1.143 + else if (strcmp(*argv,"-spkac") == 0)
1.144 + {
1.145 + if (--argc < 1) goto bad;
1.146 + spkac= *(++argv);
1.147 + }
1.148 + else if (strcmp(*argv,"-spksect") == 0)
1.149 + {
1.150 + if (--argc < 1) goto bad;
1.151 + spksect= *(++argv);
1.152 + }
1.153 +#ifndef OPENSSL_NO_ENGINE
1.154 + else if (strcmp(*argv,"-engine") == 0)
1.155 + {
1.156 + if (--argc < 1) goto bad;
1.157 + engine= *(++argv);
1.158 + }
1.159 +#endif
1.160 + else if (strcmp(*argv,"-noout") == 0)
1.161 + noout=1;
1.162 + else if (strcmp(*argv,"-pubkey") == 0)
1.163 + pubkey=1;
1.164 + else if (strcmp(*argv,"-verify") == 0)
1.165 + verify=1;
1.166 + else badops = 1;
1.167 + argc--;
1.168 + argv++;
1.169 + }
1.170 +
1.171 + if (badops)
1.172 + {
1.173 +bad:
1.174 + BIO_printf(bio_err,"%s [options]\n",prog);
1.175 + BIO_printf(bio_err,"where options are\n");
1.176 + BIO_printf(bio_err," -in arg input file\n");
1.177 + BIO_printf(bio_err," -out arg output file\n");
1.178 + BIO_printf(bio_err," -key arg create SPKAC using private key\n");
1.179 + BIO_printf(bio_err," -passin arg input file pass phrase source\n");
1.180 + BIO_printf(bio_err," -challenge arg challenge string\n");
1.181 + BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
1.182 + BIO_printf(bio_err," -noout don't print SPKAC\n");
1.183 + BIO_printf(bio_err," -pubkey output public key\n");
1.184 + BIO_printf(bio_err," -verify verify SPKAC signature\n");
1.185 +#ifndef OPENSSL_NO_ENGINE
1.186 + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
1.187 +#endif
1.188 + goto end;
1.189 + }
1.190 +
1.191 + ERR_load_crypto_strings();
1.192 + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
1.193 + BIO_printf(bio_err, "Error getting password\n");
1.194 + goto end;
1.195 + }
1.196 +
1.197 +#ifndef OPENSSL_NO_ENGINE
1.198 + e = setup_engine(bio_err, engine, 0);
1.199 +#endif
1.200 +
1.201 + if(keyfile) {
1.202 + pkey = load_key(bio_err,
1.203 + strcmp(keyfile, "-") ? keyfile : NULL,
1.204 + FORMAT_PEM, 1, passin, e, "private key");
1.205 + if(!pkey) {
1.206 + goto end;
1.207 + }
1.208 + spki = NETSCAPE_SPKI_new();
1.209 + if(challenge) ASN1_STRING_set(spki->spkac->challenge,
1.210 + challenge, (int)strlen(challenge));
1.211 + NETSCAPE_SPKI_set_pubkey(spki, pkey);
1.212 + NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
1.213 + spkstr = NETSCAPE_SPKI_b64_encode(spki);
1.214 +
1.215 + if (outfile) out = BIO_new_file(outfile, "w");
1.216 + else {
1.217 + out = BIO_new_fp(stdout, BIO_NOCLOSE);
1.218 +#ifdef OPENSSL_SYS_VMS
1.219 + {
1.220 + BIO *tmpbio = BIO_new(BIO_f_linebuffer());
1.221 + out = BIO_push(tmpbio, out);
1.222 + }
1.223 +#endif
1.224 + }
1.225 +
1.226 + if(!out) {
1.227 + BIO_printf(bio_err, "Error opening output file\n");
1.228 + ERR_print_errors(bio_err);
1.229 + goto end;
1.230 + }
1.231 + BIO_printf(out, "SPKAC=%s\n", spkstr);
1.232 + OPENSSL_free(spkstr);
1.233 + ret = 0;
1.234 + goto end;
1.235 + }
1.236 +
1.237 +
1.238 +
1.239 + if (infile) in = BIO_new_file(infile, "r");
1.240 + else in = BIO_new_fp(stdin, BIO_NOCLOSE);
1.241 +
1.242 + if(!in) {
1.243 + BIO_printf(bio_err, "Error opening input file\n");
1.244 + ERR_print_errors(bio_err);
1.245 + goto end;
1.246 + }
1.247 +
1.248 + conf = NCONF_new(NULL);
1.249 + i = NCONF_load_bio(conf, in, NULL);
1.250 +
1.251 + if(!i) {
1.252 + BIO_printf(bio_err, "Error parsing config file\n");
1.253 + ERR_print_errors(bio_err);
1.254 + goto end;
1.255 + }
1.256 +
1.257 + spkstr = NCONF_get_string(conf, spksect, spkac);
1.258 +
1.259 + if(!spkstr) {
1.260 + BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
1.261 + ERR_print_errors(bio_err);
1.262 + goto end;
1.263 + }
1.264 +
1.265 + spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
1.266 +
1.267 + if(!spki) {
1.268 + BIO_printf(bio_err, "Error loading SPKAC\n");
1.269 + ERR_print_errors(bio_err);
1.270 + goto end;
1.271 + }
1.272 +
1.273 + if (outfile) out = BIO_new_file(outfile, "w");
1.274 + else {
1.275 + out = BIO_new_fp(stdout, BIO_NOCLOSE);
1.276 +#ifdef OPENSSL_SYS_VMS
1.277 + {
1.278 + BIO *tmpbio = BIO_new(BIO_f_linebuffer());
1.279 + out = BIO_push(tmpbio, out);
1.280 + }
1.281 +#endif
1.282 + }
1.283 +
1.284 + if(!out) {
1.285 + BIO_printf(bio_err, "Error opening output file\n");
1.286 + ERR_print_errors(bio_err);
1.287 + goto end;
1.288 + }
1.289 +
1.290 + if(!noout) NETSCAPE_SPKI_print(out, spki);
1.291 + pkey = NETSCAPE_SPKI_get_pubkey(spki);
1.292 + if(verify) {
1.293 + i = NETSCAPE_SPKI_verify(spki, pkey);
1.294 + if(i) BIO_printf(bio_err, "Signature OK\n");
1.295 + else {
1.296 + BIO_printf(bio_err, "Signature Failure\n");
1.297 + ERR_print_errors(bio_err);
1.298 + goto end;
1.299 + }
1.300 + }
1.301 + if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
1.302 +
1.303 + ret = 0;
1.304 +
1.305 +end:
1.306 + NCONF_free(conf);
1.307 + NETSCAPE_SPKI_free(spki);
1.308 + BIO_free(in);
1.309 + BIO_free_all(out);
1.310 + EVP_PKEY_free(pkey);
1.311 + if(passin) OPENSSL_free(passin);
1.312 + apps_shutdown();
1.313 + OPENSSL_EXIT(ret);
1.314 + }