sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

scepclient: Some code cleanup.

Browse Source
This commit is contained in:
Tobias Brunner 2012-05-04 14:17:59 +02:00
parent 07f0abd7ac
commit 25924d3e45
3 changed files with 319 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
src/scepclient/scep.c
View File

@ -1,10 +1,3 @@
/**
* @file scep.c
* @brief SCEP specific functions
*
* Contains functions to build SCEP request's and to parse SCEP reply's.
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
@ -39,16 +32,6 @@
#include "scep.h"
static const chunk_t ASN1_messageType_oid = chunk_from_chars(
0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
);
static const chunk_t ASN1_senderNonce_oid = chunk_from_chars(
0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
);
static const chunk_t ASN1_transId_oid = chunk_from_chars(
0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
);
static const char *pkiStatus_values[] = { "0", "2", "3" };
static const char *pkiStatus_names[] = {
@ -112,61 +95,65 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
switch (oid)
{
case OID_PKCS9_CONTENT_TYPE:
type = ASN1_OID;
name = "contentType";
break;
case OID_PKCS9_SIGNING_TIME:
type = ASN1_UTCTIME;
name = "signingTime";
break;
case OID_PKCS9_MESSAGE_DIGEST:
type = ASN1_OCTET_STRING;
name = "messageDigest";
break;
case OID_PKI_MESSAGE_TYPE:
type = ASN1_PRINTABLESTRING;
name = "messageType";
break;
case OID_PKI_STATUS:
type = ASN1_PRINTABLESTRING;
name = "pkiStatus";
break;
case OID_PKI_FAIL_INFO:
type = ASN1_PRINTABLESTRING;
name = "failInfo";
break;
case OID_PKI_SENDER_NONCE:
type = ASN1_OCTET_STRING;
name = "senderNonce";
break;
case OID_PKI_RECIPIENT_NONCE:
type = ASN1_OCTET_STRING;
name = "recipientNonce";
break;
case OID_PKI_TRANS_ID:
type = ASN1_PRINTABLESTRING;
name = "transID";
break;
default:
break;
case OID_PKCS9_CONTENT_TYPE:
type = ASN1_OID;
name = "contentType";
break;
case OID_PKCS9_SIGNING_TIME:
type = ASN1_UTCTIME;
name = "signingTime";
break;
case OID_PKCS9_MESSAGE_DIGEST:
type = ASN1_OCTET_STRING;
name = "messageDigest";
break;
case OID_PKI_MESSAGE_TYPE:
type = ASN1_PRINTABLESTRING;
name = "messageType";
break;
case OID_PKI_STATUS:
type = ASN1_PRINTABLESTRING;
name = "pkiStatus";
break;
case OID_PKI_FAIL_INFO:
type = ASN1_PRINTABLESTRING;
name = "failInfo";
break;
case OID_PKI_SENDER_NONCE:
type = ASN1_OCTET_STRING;
name = "senderNonce";
break;
case OID_PKI_RECIPIENT_NONCE:
type = ASN1_OCTET_STRING;
name = "recipientNonce";
break;
case OID_PKI_TRANS_ID:
type = ASN1_PRINTABLESTRING;
name = "transID";
break;
default:
break;
}
if (type == ASN1_EOC)
{
return TRUE;
}
if (!asn1_parse_simple_object(&object, type, level+1, name))
{
return FALSE;
}
switch (oid)
{
case OID_PKCS9_CONTENT_TYPE:
break;
case OID_PKCS9_SIGNING_TIME:
break;
case OID_PKCS9_MESSAGE_DIGEST:
break;
case OID_PKI_MESSAGE_TYPE:
case OID_PKCS9_CONTENT_TYPE:
break;
case OID_PKCS9_SIGNING_TIME:
break;
case OID_PKCS9_MESSAGE_DIGEST:
break;
case OID_PKI_MESSAGE_TYPE:
{
scep_msg_t m;
@ -178,39 +165,46 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
DBG(DBG_CONTROL,
DBG_log("messageType: %s", msgType_names[attrs->msgType])
)
break;
}
break;
case OID_PKI_STATUS:
case OID_PKI_STATUS:
{
pkiStatus_t s;
for (s = SCEP_SUCCESS; s < SCEP_UNKNOWN; s++)
{
if (strncmp(pkiStatus_values[s], object.ptr, object.len) == 0)
{
attrs->pkiStatus = s;
}
}
DBG(DBG_CONTROL,
DBG_log("pkiStatus: %s", pkiStatus_names[attrs->pkiStatus])
)
break;
}
break;
case OID_PKI_FAIL_INFO:
if (object.len == 1
&& *object.ptr >= '0' && *object.ptr <= '4')
case OID_PKI_FAIL_INFO:
{
attrs->failInfo = (failInfo_t)(*object.ptr - '0');
if (object.len == 1 &&
*object.ptr >= '0' && *object.ptr <= '4')
{
attrs->failInfo = (failInfo_t)(*object.ptr - '0');
}
if (attrs->failInfo != SCEP_unknown_REASON)
{
plog("failInfo: %s", failInfo_reasons[attrs->failInfo]);
}
break;
}
if (attrs->failInfo != SCEP_unknown_REASON)
plog("failInfo: %s", failInfo_reasons[attrs->failInfo]);
break;
case OID_PKI_SENDER_NONCE:
attrs->senderNonce = object;
break;
case OID_PKI_RECIPIENT_NONCE:
attrs->recipientNonce = object;
break;
case OID_PKI_TRANS_ID:
attrs->transID = object;
case OID_PKI_SENDER_NONCE:
attrs->senderNonce = object;
break;
case OID_PKI_RECIPIENT_NONCE:
attrs->recipientNonce = object;
break;
case OID_PKI_TRANS_ID:
attrs->transID = object;
break;
}
return TRUE;
}
@ -235,13 +229,16 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs)
{
switch (objectID)
{
case ATTRIBUTE_OBJ_TYPE:
oid = asn1_known_oid(object);
break;
case ATTRIBUTE_OBJ_VALUE:
if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
case ATTRIBUTE_OBJ_TYPE:
oid = asn1_known_oid(object);
break;
case ATTRIBUTE_OBJ_VALUE:
{
goto end;
if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
{
goto end;
}
break;
}
}
}
@ -318,12 +315,10 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
*/
chunk_t scep_transId_attribute(chunk_t transID)
{
return asn1_wrap(ASN1_SEQUENCE, "cm"
, ASN1_transId_oid
, asn1_wrap(ASN1_SET, "m"
, asn1_simple_object(ASN1_PRINTABLESTRING, transID)
)
);
return asn1_wrap(ASN1_SEQUENCE, "cm",
asn1_build_known_oid(OID_PKI_TRANS_ID),
asn1_wrap(ASN1_SET, "m",
asn1_simple_object(ASN1_PRINTABLESTRING, transID)));
}
/**
@ -336,12 +331,10 @@ chunk_t scep_messageType_attribute(scep_msg_t m)
strlen(msgType_values[m])
};
return asn1_wrap(ASN1_SEQUENCE, "cm"
, ASN1_messageType_oid
, asn1_wrap(ASN1_SET, "m"
, asn1_simple_object(ASN1_PRINTABLESTRING, msgType)
)
);
return asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_build_known_oid(OID_PKI_MESSAGE_TYPE),
asn1_wrap(ASN1_SET, "m",
asn1_simple_object(ASN1_PRINTABLESTRING, msgType)));
}
/**
@ -358,12 +351,10 @@ chunk_t scep_senderNonce_attribute(void)
rng->get_bytes(rng, nonce_len, nonce_buf);
rng->destroy(rng);
return asn1_wrap(ASN1_SEQUENCE, "cm"
, ASN1_senderNonce_oid
, asn1_wrap(ASN1_SET, "m"
, asn1_simple_object(ASN1_OCTET_STRING, senderNonce)
)
);
return asn1_wrap(ASN1_SEQUENCE, "cm",
asn1_build_known_oid(OID_PKI_SENDER_NONCE),
asn1_wrap(ASN1_SET, "m",
asn1_simple_object(ASN1_OCTET_STRING, senderNonce)));
}
/**
@ -378,16 +369,15 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
envelopedData = pkcs7_build_envelopedData(data, enc_cert, enc_alg);
attributes = asn1_wrap(ASN1_SET, "mmmmm"
, pkcs7_contentType_attribute()
, pkcs7_messageDigest_attribute(envelopedData
, digest_alg)
, scep_transId_attribute(transID)
, scep_messageType_attribute(msg)
, scep_senderNonce_attribute());
attributes = asn1_wrap(ASN1_SET, "mmmmm",
pkcs7_contentType_attribute(),
pkcs7_messageDigest_attribute(envelopedData, digest_alg),
scep_transId_attribute(transID),
scep_messageType_attribute(msg),
scep_senderNonce_attribute());
request = pkcs7_build_signedData(envelopedData, attributes
, signer_cert, digest_alg, private_key);
request = pkcs7_build_signedData(envelopedData, attributes,
signer_cert, digest_alg, private_key);
free(envelopedData.ptr);
free(attributes.ptr);
return request;
@ -420,7 +410,9 @@ static char* escape_http_request(chunk_t req)
while (*p1 != '\0')
{
if (*p1++ == '+')
{
plus++;
}
}
escaped_req = malloc(len + 3*(lines + plus));
@ -513,8 +505,8 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
/* form complete url */
len = strlen(url) + 32 + strlen(operation) + 1;
complete_url = malloc(len);
snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier"
, url, operation);
snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier",
url, operation);
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_END);

39
src/scepclient/scep.h
View File

@ -1,10 +1,3 @@
/**
* @file scep.h
* @brief SCEP specific functions
*
* Contains functions to build and parse SCEP requests and replies
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
@ -74,22 +67,22 @@ typedef struct {
extern const scep_attributes_t empty_scep_attributes;
extern bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
extern void scep_generate_transaction_id(public_key_t *key,
chunk_t *transID,
chunk_t *serialNumber);
extern chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
extern chunk_t scep_transId_attribute(chunk_t transaction_id);
extern chunk_t scep_messageType_attribute(scep_msg_t m);
extern chunk_t scep_senderNonce_attribute(void);
extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
certificate_t *enc_cert, int enc_alg,
certificate_t *signer_cert, int digest_alg,
private_key_t *private_key);
extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
void scep_generate_transaction_id(public_key_t *key,
chunk_t *transID,
chunk_t *serialNumber);
chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
chunk_t scep_transId_attribute(chunk_t transaction_id);
chunk_t scep_messageType_attribute(scep_msg_t m);
chunk_t scep_senderNonce_attribute(void);
chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
certificate_t *enc_cert, int enc_alg,
certificate_t *signer_cert, int digest_alg,
private_key_t *private_key);
bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
bool http_get_request, chunk_t *response);
extern err_t scep_parse_response(chunk_t response, chunk_t transID,
contentInfo_t *data, scep_attributes_t *attrs,
certificate_t *signer_cert);
err_t scep_parse_response(chunk_t response, chunk_t transID,
contentInfo_t *data, scep_attributes_t *attrs,
certificate_t *signer_cert);
#endif /* _SCEP_H */

393
src/scepclient/scepclient.c
View File

@ -13,17 +13,6 @@
* for more details.
*/
/**
* @file main.c
* @brief scepclient main program
*/
/**
* @mainpage SCEP for Linux strongSwan
*
* Documentation of SCEP for Linux StrongSwan
*/
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@ -153,8 +142,7 @@ certificate_t *pkcs10_req = NULL;
*
* @param status 0 = OK, 1 = general discomfort
*/
static void
exit_scepclient(err_t message, ...)
static void exit_scepclient(err_t message, ...)
{
int status = 0;
@ -201,8 +189,7 @@ exit_scepclient(err_t message, ...)
* @brief prints the program version and exits
*
*/
static void
version(void)
static void version(void)
{
printf("scepclient %s\n", scepclient_version);
exit_scepclient(NULL);
@ -214,8 +201,7 @@ version(void)
* If message is set, program is exitet with 1 (error)
* @param message message in case of an error
*/
static void
usage(const char *message)
static void usage(const char *message)
{
fprintf(stderr,
"Usage: scepclient\n"
@ -429,20 +415,20 @@ int main(int argc, char **argv)
switch (c)
{
case EOF: /* end of flags */
break;
case EOF: /* end of flags */
break;
case 'h': /* --help */
usage(NULL);
case 'h': /* --help */
usage(NULL);
case 'v': /* --version */
version();
case 'v': /* --version */
version();
case 'q': /* --quiet */
log_to_stderr = FALSE;
continue;
case 'q': /* --quiet */
log_to_stderr = FALSE;
continue;
case 'i': /* --in <type> [= <filename>] */
case 'i': /* --in <type> [= <filename>] */
{
char *filename = strstr(optarg, "=");
@ -478,7 +464,7 @@ int main(int argc, char **argv)
continue;
}
case 'o': /* --out <type> [= <filename>] */
case 'o': /* --out <type> [= <filename>] */
{
char *filename = strstr(optarg, "=");
@ -532,18 +518,18 @@ int main(int argc, char **argv)
continue;
}
case 'f': /* --force */
force = TRUE;
continue;
case 'f': /* --force */
force = TRUE;
continue;
case '+': /* --optionsfrom <filename> */
if (!options->from(options, optarg, &argc, &argv, optind))
{
exit_scepclient("optionsfrom failed");
}
continue;
case '+': /* --optionsfrom <filename> */
if (!options->from(options, optarg, &argc, &argv, optind))
{
exit_scepclient("optionsfrom failed");
}
continue;
case 'k': /* --keylength <length> */
case 'k': /* --keylength <length> */
{
div_t q;
@ -561,45 +547,56 @@ int main(int argc, char **argv)
continue;
}
case 'D': /* --days */
if (optarg == NULL || !isdigit(optarg[0]))
usage("missing number of days");
{
char *endptr;
long days = strtol(optarg, &endptr, 0);
case 'D': /* --days */
if (optarg == NULL || !isdigit(optarg[0]))
{
usage("missing number of days");
}
else
{
char *endptr;
long days = strtol(optarg, &endptr, 0);
if (*endptr != '\0' || endptr == optarg
|| days <= 0)
usage("<days> must be a positive number");
validity = 24*3600*days;
}
continue;
if (*endptr != '\0' || endptr == optarg
|| days <= 0)
usage("<days> must be a positive number");
validity = 24*3600*days;
}
continue;
case 'S': /* --startdate */
if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
usage("date format must be YYMMDDHHMMSSZ");
{
chunk_t date = { optarg, 13 };
notBefore = asn1_to_time(&date, ASN1_UTCTIME);
}
continue;
case 'S': /* --startdate */
if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
{
usage("date format must be YYMMDDHHMMSSZ");
}
else
{
chunk_t date = { optarg, 13 };
notBefore = asn1_to_time(&date, ASN1_UTCTIME);
}
continue;
case 'E': /* --enddate */
if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
usage("date format must be YYMMDDHHMMSSZ");
{
chunk_t date = { optarg, 13 };
notAfter = asn1_to_time(&date, ASN1_UTCTIME);
}
continue;
case 'E': /* --enddate */
if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
{
usage("date format must be YYMMDDHHMMSSZ");
}
else
{
chunk_t date = { optarg, 13 };
notAfter = asn1_to_time(&date, ASN1_UTCTIME);
}
continue;
case 'd': /* --dn */
if (distinguishedName)
usage("only one distinguished name allowed");
distinguishedName = optarg;
continue;
case 'd': /* --dn */
if (distinguishedName)
{
usage("only one distinguished name allowed");
}
distinguishedName = optarg;
continue;
case 's': /* --subjectAltName */
case 's': /* --subjectAltName */
{
char *value = strstr(optarg, "=");
@ -612,7 +609,7 @@ int main(int argc, char **argv)
}
if (strcaseeq("email", optarg) ||
strcaseeq("dns", optarg) ||
strcaseeq("dns", optarg) ||
strcaseeq("ip", optarg))
{
subjectAltNames->insert_last(subjectAltNames,
@ -626,106 +623,107 @@ int main(int argc, char **argv)
}
}
case 'p': /* --password */
if (challengePassword.len > 0)
{
usage("only one challenge password allowed");
}
if (strcaseeq("%prompt", optarg))
{
printf("Challenge password: ");
if (fgets(challenge_password_buffer, sizeof(challenge_password_buffer)-1, stdin))
case 'p': /* --password */
if (challengePassword.len > 0)
{
challengePassword.ptr = challenge_password_buffer;
/* discard the terminating '\n' from the input */
challengePassword.len = strlen(challenge_password_buffer) - 1;
usage("only one challenge password allowed");
}
if (strcaseeq("%prompt", optarg))
{
printf("Challenge password: ");
if (fgets(challenge_password_buffer,
sizeof(challenge_password_buffer) - 1, stdin))
{
challengePassword.ptr = challenge_password_buffer;
/* discard the terminating '\n' from the input */
challengePassword.len = strlen(challenge_password_buffer) - 1;
}
else
{
usage("challenge password could not be read");
}
}
else
{
usage("challenge password could not be read");
challengePassword.ptr = optarg;
challengePassword.len = strlen(optarg);
}
}
else
{
challengePassword.ptr = optarg;
challengePassword.len = strlen(optarg);
}
continue;
continue;
case 'u': /* -- url */
if (scep_url)
{
usage("only one URL argument allowed");
}
scep_url = optarg;
continue;
case 'u': /* -- url */
if (scep_url)
{
usage("only one URL argument allowed");
}
scep_url = optarg;
continue;
case 'm': /* --method */
if (strcaseeq("get", optarg))
{
http_get_request = TRUE;
}
else if (strcaseeq("post", optarg))
{
http_get_request = FALSE;
}
else
{
usage("invalid http request method specified");
}
continue;
case 'm': /* --method */
if (strcaseeq("get", optarg))
{
http_get_request = TRUE;
}
else if (strcaseeq("post", optarg))
{
http_get_request = FALSE;
}
else
{
usage("invalid http request method specified");
}
continue;
case 't': /* --interval */
poll_interval = atoi(optarg);
if (poll_interval <= 0)
{
usage("invalid interval specified");
}
continue;
case 't': /* --interval */
poll_interval = atoi(optarg);
if (poll_interval <= 0)
{
usage("invalid interval specified");
}
continue;
case 'x': /* --maxpolltime */
max_poll_time = atoi(optarg);
continue;
case 'x': /* --maxpolltime */
max_poll_time = atoi(optarg);
continue;
case 'a': /*--algorithm */
{
const proposal_token_t *token;
case 'a': /*--algorithm */
{
const proposal_token_t *token;
token = proposal_get_token(optarg, strlen(optarg));
if (token == NULL || token->type != ENCRYPTION_ALGORITHM)
{
usage("invalid algorithm specified");
token = proposal_get_token(optarg, strlen(optarg));
if (token == NULL || token->type != ENCRYPTION_ALGORITHM)
{
usage("invalid algorithm specified");
}
pkcs7_symmetric_cipher = encryption_algorithm_to_oid(
token->algorithm, token->keysize);
if (pkcs7_symmetric_cipher == OID_UNKNOWN)
{
usage("unsupported encryption algorithm specified");
}
continue;
}
pkcs7_symmetric_cipher = encryption_algorithm_to_oid(
token->algorithm, token->keysize);
if (pkcs7_symmetric_cipher == OID_UNKNOWN)
{
usage("unsupported encryption algorithm specified");
}
continue;
}
#ifdef DEBUG
case 'A': /* --debug-all */
base_debugging |= DBG_ALL;
continue;
case 'P': /* debug parsing */
base_debugging |= DBG_PARSING;
continue;
case 'R': /* debug raw */
base_debugging |= DBG_RAW;
continue;
case 'C': /* debug control */
base_debugging |= DBG_CONTROL;
continue;
case 'M': /* debug control more */
base_debugging |= DBG_CONTROLMORE;
continue;
case 'X': /* debug private */
base_debugging |= DBG_PRIVATE;
continue;
case 'A': /* --debug-all */
base_debugging |= DBG_ALL;
continue;
case 'P': /* debug parsing */
base_debugging |= DBG_PARSING;
continue;
case 'R': /* debug raw */
base_debugging |= DBG_RAW;
continue;
case 'C': /* debug control */
base_debugging |= DBG_CONTROL;
continue;
case 'M': /* debug control more */
base_debugging |= DBG_CONTROLMORE;
continue;
case 'X': /* debug private */
base_debugging |= DBG_PRIVATE;
continue;
#endif
default:
usage("unknown option");
default:
usage("unknown option");
}
/* break from loop */
break;
@ -807,8 +805,8 @@ int main(int argc, char **argv)
/* check for minimum key length */
if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
{
exit_scepclient("length of RSA key has to be at least %d bits"
,RSA_MIN_OCTETS * BITS_PER_BYTE);
exit_scepclient("length of RSA key has to be at least %d bits",
RSA_MIN_OCTETS * BITS_PER_BYTE);
}
/*
@ -853,13 +851,13 @@ int main(int argc, char **argv)
DBG_log("building pkcs10 object:")
)
pkcs10_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_PKCS10_REQUEST,
BUILD_SIGNING_KEY, private_key,
BUILD_SUBJECT, subject,
BUILD_SUBJECT_ALTNAMES, subjectAltNames,
BUILD_CHALLENGE_PWD, challengePassword,
BUILD_DIGEST_ALG, pkcs10_signature_alg,
BUILD_END);
CERT_PKCS10_REQUEST,
BUILD_SIGNING_KEY, private_key,
BUILD_SUBJECT, subject,
BUILD_SUBJECT_ALTNAMES, subjectAltNames,
BUILD_CHALLENGE_PWD, challengePassword,
BUILD_DIGEST_ALG, pkcs10_signature_alg,
BUILD_END);
if (!pkcs10_req)
{
exit_scepclient("generating pkcs10 request failed");
@ -919,14 +917,14 @@ int main(int argc, char **argv)
/* generate a self-signed X.509 certificate */
x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_SIGNING_KEY, private_key,
BUILD_PUBLIC_KEY, public_key,
BUILD_SUBJECT, subject,
BUILD_NOT_BEFORE_TIME, notBefore,
BUILD_NOT_AFTER_TIME, notAfter,
BUILD_SERIAL, serialNumber,
BUILD_SUBJECT_ALTNAMES, subjectAltNames,
BUILD_END);
BUILD_SIGNING_KEY, private_key,
BUILD_PUBLIC_KEY, public_key,
BUILD_SUBJECT, subject,
BUILD_NOT_BEFORE_TIME, notBefore,
BUILD_NOT_AFTER_TIME, notAfter,
BUILD_SERIAL, serialNumber,
BUILD_SUBJECT_ALTNAMES, subjectAltNames,
BUILD_END);
if (!x509_signer)
{
exit_scepclient("generating certificate failed");
@ -989,9 +987,9 @@ int main(int argc, char **argv)
DBG_log("building pkcs7 request")
)
pkcs7 = scep_build_request(pkcs10_encoding,
transID, SCEP_PKCSReq_MSG,
x509_ca_enc, pkcs7_symmetric_cipher,
x509_signer, pkcs7_digest_alg, private_key);
transID, SCEP_PKCSReq_MSG,
x509_ca_enc, pkcs7_symmetric_cipher,
x509_signer, pkcs7_digest_alg, private_key);
}
/*
@ -1002,8 +1000,9 @@ int main(int argc, char **argv)
char *path = concatenate_paths(REQ_PATH, file_out_pkcs7);
if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force))
{
exit_scepclient("could not write pkcs7 file '%s'", path);
;
}
filetype_out &= ~PKCS7; /* delete PKCS7 flag */
}
@ -1037,12 +1036,12 @@ int main(int argc, char **argv)
}
if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION,
http_get_request, &scep_response))
http_get_request, &scep_response))
{
exit_scepclient("did not receive a valid scep response");
}
ugh = scep_parse_response(scep_response, transID, &data, &attrs
, x509_ca_sig);
ugh = scep_parse_response(scep_response, transID, &data, &attrs,
x509_ca_sig);
if (ugh != NULL)
{
exit_scepclient(ugh);
@ -1053,8 +1052,8 @@ int main(int argc, char **argv)
{
identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig);
plog(" scep request pending, polling every %d seconds"
, poll_interval);
plog(" scep request pending, polling every %d seconds",
poll_interval);
poll_start = time_monotonic(NULL);
issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc",
issuer->get_encoding(issuer),
@ -1062,8 +1061,8 @@ int main(int argc, char **argv)
}
while (attrs.pkiStatus == SCEP_PENDING)
{
if (max_poll_time > 0
&& (time_monotonic(NULL) - poll_start >= max_poll_time))
if (max_poll_time > 0 &&
(time_monotonic(NULL) - poll_start >= max_poll_time))
{
exit_scepclient("maximum poll time reached: %d seconds"
, max_poll_time);
@ -1080,18 +1079,18 @@ int main(int argc, char **argv)
)
chunk_free(&getCertInitial);
getCertInitial = scep_build_request(issuerAndSubject
, transID, SCEP_GetCertInitial_MSG
, x509_ca_enc, pkcs7_symmetric_cipher
, x509_signer, pkcs7_digest_alg, private_key);
getCertInitial = scep_build_request(issuerAndSubject,
transID, SCEP_GetCertInitial_MSG,
x509_ca_enc, pkcs7_symmetric_cipher,
x509_signer, pkcs7_digest_alg, private_key);
if (!scep_http_request(scep_url, getCertInitial, SCEP_PKI_OPERATION,
http_get_request, &scep_response))
{
exit_scepclient("did not receive a valid scep response");
}
ugh = scep_parse_response(scep_response, transID, &data, &attrs
, x509_ca_sig);
ugh = scep_parse_response(scep_response, transID, &data, &attrs,
x509_ca_sig);
if (ugh != NULL)
{
exit_scepclient(ugh);
@ -1105,13 +1104,13 @@ int main(int argc, char **argv)
envelopedData = data.content;
if (data.type != OID_PKCS7_DATA
|| !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
if (data.type != OID_PKCS7_DATA ||
!asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
{
exit_scepclient("contentInfo is not of type 'data'");
}
if (!pkcs7_parse_envelopedData(envelopedData, &certData
, serialNumber, private_key))
if (!pkcs7_parse_envelopedData(envelopedData, &certData,
serialNumber, private_key))
{
exit_scepclient("could not decrypt envelopedData");
}