MercurialSymaptic / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/ossrv/ssl/tsrc/topenssl/src/spkac.c
author sl
Tue, 10 Jun 2014 14:32:02 +0200
changeset 1 260cb5ec6c19
permissions -rw-r--r--
Update contrib. 
     1 /* apps/spkac.c */

     2 

     3 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL

     4  * project 1999. Based on an original idea by Massimiliano Pala

     5  * (madwolf@openca.org).

     6  */

     7 /* ====================================================================

     8  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

     9  *

    10  * Redistribution and use in source and binary forms, with or without

    11  * modification, are permitted provided that the following conditions

    12  * are met:

    13  *

    14  * 1. Redistributions of source code must retain the above copyright

    15  *    notice, this list of conditions and the following disclaimer. 

    16  *

    17  * 2. Redistributions in binary form must reproduce the above copyright

    18  *    notice, this list of conditions and the following disclaimer in

    19  *    the documentation and/or other materials provided with the

    20  *    distribution.

    21  *

    22  * 3. All advertising materials mentioning features or use of this

    23  *    software must display the following acknowledgment:

    24  *    "This product includes software developed by the OpenSSL Project

    25  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

    26  *

    27  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

    28  *    endorse or promote products derived from this software without

    29  *    prior written permission. For written permission, please contact

    30  *    licensing@OpenSSL.org.

    31  *

    32  * 5. Products derived from this software may not be called "OpenSSL"

    33  *    nor may "OpenSSL" appear in their names without prior written

    34  *    permission of the OpenSSL Project.

    35  *

    36  * 6. Redistributions of any form whatsoever must retain the following

    37  *    acknowledgment:

    38  *    "This product includes software developed by the OpenSSL Project

    39  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

    40  *

    41  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

    42  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

    44  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

    45  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    46  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

    47  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

    48  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    49  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

    50  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    51  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

    52  * OF THE POSSIBILITY OF SUCH DAMAGE.

    53  * ====================================================================

    54  *

    55  * This product includes cryptographic software written by Eric Young

    56  * (eay@cryptsoft.com).  This product includes software written by Tim

    57  * Hudson (tjh@cryptsoft.com).

    58  *

    59  */

    60 #include <stdio.h>

    61 #include <stdlib.h>

    62 #include <string.h>

    63 #include <time.h>

    64 #include "apps.h"

    65 #include <openssl/bio.h>

    66 #include <openssl/conf.h>

    67 #include <openssl/err.h>

    68 #include <openssl/evp.h>

    69 #include <openssl/lhash.h>

    70 #include <openssl/x509.h>

    71 #include <openssl/pem.h>

    72 

    73 #undef PROG

    74 #define PROG	spkac_main

    75 

    76 /* -in arg	- input file - default stdin

    77  * -out arg	- output file - default stdout

    78  */

    79 

    80 

    81 int MAIN(int, char **);

    82 

    83 int MAIN(int argc, char **argv)

    84 	{

    85 	ENGINE *e = NULL;

    86 	int i,badops=0, ret = 1;

    87 	BIO *in = NULL,*out = NULL;

    88 	int verify=0,noout=0,pubkey=0;

    89 	char *infile = NULL,*outfile = NULL,*prog;

    90 	char *passargin = NULL, *passin = NULL;

    91 	const char *spkac = "SPKAC", *spksect = "default";

    92 	char *spkstr = NULL;

    93 	char *challenge = NULL, *keyfile = NULL;

    94 	CONF *conf = NULL;

    95 	NETSCAPE_SPKI *spki = NULL;

    96 	EVP_PKEY *pkey = NULL;

    97 #ifndef OPENSSL_NO_ENGINE

    98 	char *engine=NULL;

    99 #endif

   100 

   101 	apps_startup();

   102 

   103 	if (!bio_err)

   104 	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

   105 

   106 

   107 	if (!load_config(bio_err, NULL))

   108 		goto end;

   109 

   110 	prog=argv[0];

   111 	argc--;

   112 	argv++;

   113 	while (argc >= 1)

   114 		{

   115 		if (strcmp(*argv,"-in") == 0)

   116 			{

   117 			if (--argc < 1) goto bad;

   118 			infile= *(++argv);

   119 			}

   120 		else if (strcmp(*argv,"-out") == 0)

   121 			{

   122 			if (--argc < 1) goto bad;

   123 			outfile= *(++argv);

   124 			}

   125 		else if (strcmp(*argv,"-passin") == 0)

   126 			{

   127 			if (--argc < 1) goto bad;

   128 			passargin= *(++argv);

   129 			}

   130 		else if (strcmp(*argv,"-key") == 0)

   131 			{

   132 			if (--argc < 1) goto bad;

   133 			keyfile= *(++argv);

   134 			}

   135 		else if (strcmp(*argv,"-challenge") == 0)

   136 			{

   137 			if (--argc < 1) goto bad;

   138 			challenge= *(++argv);

   139 			}

   140 		else if (strcmp(*argv,"-spkac") == 0)

   141 			{

   142 			if (--argc < 1) goto bad;

   143 			spkac= *(++argv);

   144 			}

   145 		else if (strcmp(*argv,"-spksect") == 0)

   146 			{

   147 			if (--argc < 1) goto bad;

   148 			spksect= *(++argv);

   149 			}

   150 #ifndef OPENSSL_NO_ENGINE

   151 		else if (strcmp(*argv,"-engine") == 0)

   152 			{

   153 			if (--argc < 1) goto bad;

   154 			engine= *(++argv);

   155 			}

   156 #endif

   157 		else if (strcmp(*argv,"-noout") == 0)

   158 			noout=1;

   159 		else if (strcmp(*argv,"-pubkey") == 0)

   160 			pubkey=1;

   161 		else if (strcmp(*argv,"-verify") == 0)

   162 			verify=1;

   163 		else badops = 1;

   164 		argc--;

   165 		argv++;

   166 		}

   167 

   168 	if (badops)

   169 		{

   170 bad:

   171 		BIO_printf(bio_err,"%s [options]\n",prog);

   172 		BIO_printf(bio_err,"where options are\n");

   173 		BIO_printf(bio_err," -in arg        input file\n");

   174 		BIO_printf(bio_err," -out arg       output file\n");

   175 		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");

   176 		BIO_printf(bio_err," -passin arg    input file pass phrase source\n");

   177 		BIO_printf(bio_err," -challenge arg challenge string\n");

   178 		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");

   179 		BIO_printf(bio_err," -noout         don't print SPKAC\n");

   180 		BIO_printf(bio_err," -pubkey        output public key\n");

   181 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");

   182 #ifndef OPENSSL_NO_ENGINE

   183 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");

   184 #endif

   185 		goto end;

   186 		}

   187 

   188 	ERR_load_crypto_strings();

   189 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {

   190 		BIO_printf(bio_err, "Error getting password\n");

   191 		goto end;

   192 	}

   193 

   194 #ifndef OPENSSL_NO_ENGINE

   195         e = setup_engine(bio_err, engine, 0);

   196 #endif

   197 

   198 	if(keyfile) {

   199 		pkey = load_key(bio_err,

   200 				strcmp(keyfile, "-") ? keyfile : NULL,

   201 				FORMAT_PEM, 1, passin, e, "private key");

   202 		if(!pkey) {

   203 			goto end;

   204 		}

   205 		spki = NETSCAPE_SPKI_new();

   206 		if(challenge) ASN1_STRING_set(spki->spkac->challenge,

   207 						 challenge, (int)strlen(challenge));

   208 		NETSCAPE_SPKI_set_pubkey(spki, pkey);

   209 		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());

   210 		spkstr = NETSCAPE_SPKI_b64_encode(spki);

   211 

   212 		if (outfile) out = BIO_new_file(outfile, "w");

   213 		else {

   214 			out = BIO_new_fp(stdout, BIO_NOCLOSE);

   215 #ifdef OPENSSL_SYS_VMS

   216 			{

   217 			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

   218 			    out = BIO_push(tmpbio, out);

   219 			}

   220 #endif

   221 		}

   222 

   223 		if(!out) {

   224 			BIO_printf(bio_err, "Error opening output file\n");

   225 			ERR_print_errors(bio_err);

   226 			goto end;

   227 		}

   228 		BIO_printf(out, "SPKAC=%s\n", spkstr);

   229 		OPENSSL_free(spkstr);

   230 		ret = 0;

   231 		goto end;

   232 	}

   233 

   234 	

   235 

   236 	if (infile) in = BIO_new_file(infile, "r");

   237 	else in = BIO_new_fp(stdin, BIO_NOCLOSE);

   238 

   239 	if(!in) {

   240 		BIO_printf(bio_err, "Error opening input file\n");

   241 		ERR_print_errors(bio_err);

   242 		goto end;

   243 	}

   244 

   245 	conf = NCONF_new(NULL);

   246 	i = NCONF_load_bio(conf, in, NULL);

   247 

   248 	if(!i) {

   249 		BIO_printf(bio_err, "Error parsing config file\n");

   250 		ERR_print_errors(bio_err);

   251 		goto end;

   252 	}

   253 

   254 	spkstr = NCONF_get_string(conf, spksect, spkac);

   255 		

   256 	if(!spkstr) {

   257 		BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);

   258 		ERR_print_errors(bio_err);

   259 		goto end;

   260 	}

   261 

   262 	spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);

   263 	

   264 	if(!spki) {

   265 		BIO_printf(bio_err, "Error loading SPKAC\n");

   266 		ERR_print_errors(bio_err);

   267 		goto end;

   268 	}

   269 

   270 	if (outfile) out = BIO_new_file(outfile, "w");

   271 	else {

   272 		out = BIO_new_fp(stdout, BIO_NOCLOSE);

   273 #ifdef OPENSSL_SYS_VMS

   274 		{

   275 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());

   276 		    out = BIO_push(tmpbio, out);

   277 		}

   278 #endif

   279 	}

   280 

   281 	if(!out) {

   282 		BIO_printf(bio_err, "Error opening output file\n");

   283 		ERR_print_errors(bio_err);

   284 		goto end;

   285 	}

   286 

   287 	if(!noout) NETSCAPE_SPKI_print(out, spki);

   288 	pkey = NETSCAPE_SPKI_get_pubkey(spki);

   289 	if(verify) {

   290 		i = NETSCAPE_SPKI_verify(spki, pkey);

   291 		if(i) BIO_printf(bio_err, "Signature OK\n");

   292 		else {

   293 			BIO_printf(bio_err, "Signature Failure\n");

   294 			ERR_print_errors(bio_err);

   295 			goto end;

   296 		}

   297 	}

   298 	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);

   299 

   300 	ret = 0;

   301 

   302 end:

   303 	NCONF_free(conf);

   304 	NETSCAPE_SPKI_free(spki);

   305 	BIO_free(in);

   306 	BIO_free_all(out);

   307 	EVP_PKEY_free(pkey);

   308 	if(passin) OPENSSL_free(passin);

   309 	apps_shutdown();

   310 	OPENSSL_EXIT(ret);

   311 	}
Symaptic