scepclient: Some code cleanup.

2025-10-17 00:00:59 -04:00 · 2012-05-04 14:17:59 +02:00 · 2012-05-04 14:17:59 +02:00 · 25924d3e45
commit 25924d3e45
parent 07f0abd7ac
3 changed files with 319 additions and 335 deletions
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@ -1,10 +1,3 @@
 /**
 * @file scep.c
 * @brief SCEP specific functions
 *
 * Contains functions to build SCEP request's and to parse SCEP reply's.
 */
 /*
 * Copyright (C) 2005 Jan Hutter, Martin Willi
 * Hochschule fuer Technik Rapperswil
@ -39,16 +32,6 @@
 #include "scep.h"
 static const chunk_t ASN1_messageType_oid = chunk_from_chars(
 	0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
 );
 static const chunk_t ASN1_senderNonce_oid = chunk_from_chars(
 	0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
 );
 static const chunk_t ASN1_transId_oid = chunk_from_chars(
 	0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
 );
 static const char *pkiStatus_values[] = { "0", "2", "3" };
 static const char *pkiStatus_names[] = {
@ -153,10 +136,14 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
 	}
 	if (type == ASN1_EOC)
 	{
 		return TRUE;
 	}
 	if (!asn1_parse_simple_object(&object, type, level+1, name))
 	{
 		return FALSE;
 	}
 	switch (oid)
 	{
@ -178,8 +165,8 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
 			DBG(DBG_CONTROL,
 				DBG_log("messageType:  %s", msgType_names[attrs->msgType])
 			)
 		}
 			break;
 		}
 		case OID_PKI_STATUS:
 		{
 			pkiStatus_t s;
@ -187,22 +174,28 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
 			for (s = SCEP_SUCCESS; s < SCEP_UNKNOWN; s++)
 			{
 				if (strncmp(pkiStatus_values[s], object.ptr, object.len) == 0)
 				{
 					attrs->pkiStatus = s;
 				}
 			}
 			DBG(DBG_CONTROL,
 				DBG_log("pkiStatus:    %s", pkiStatus_names[attrs->pkiStatus])
 			)
 		}
 			break;
 		}
 		case OID_PKI_FAIL_INFO:
-		if (object.len == 1
+		{
-		&& *object.ptr >= '0' && *object.ptr <= '4')
+			if (object.len == 1 &&
 				*object.ptr >= '0' && *object.ptr <= '4')
 			{
 				attrs->failInfo = (failInfo_t)(*object.ptr - '0');
 			}
 			if (attrs->failInfo != SCEP_unknown_REASON)
 			{
 				plog("failInfo:     %s", failInfo_reasons[attrs->failInfo]);
 			}
 			break;
 		}
 		case OID_PKI_SENDER_NONCE:
 			attrs->senderNonce = object;
 			break;
@ -211,6 +204,7 @@ static bool extract_attribute(int oid, chunk_t object, u_int level,
 			break;
 		case OID_PKI_TRANS_ID:
 			attrs->transID = object;
 			break;
 	}
 	return TRUE;
 }
@ -239,10 +233,13 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs)
 				oid = asn1_known_oid(object);
 				break;
 			case ATTRIBUTE_OBJ_VALUE:
 			{
 				if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
 				{
 					goto end;
 				}
 				break;
 			}
 		}
 	}
 	success = parser->success(parser);
@ -318,12 +315,10 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
 */
 chunk_t scep_transId_attribute(chunk_t transID)
 {
-	return asn1_wrap(ASN1_SEQUENCE, "cm"
+	return asn1_wrap(ASN1_SEQUENCE, "cm",
-				, ASN1_transId_oid
+				asn1_build_known_oid(OID_PKI_TRANS_ID),
-				, asn1_wrap(ASN1_SET, "m"
+				asn1_wrap(ASN1_SET, "m",
-					, asn1_simple_object(ASN1_PRINTABLESTRING, transID)
+					asn1_simple_object(ASN1_PRINTABLESTRING, transID)));
 				  )
 			  );
 }
 /**
@ -336,12 +331,10 @@ chunk_t scep_messageType_attribute(scep_msg_t m)
 		strlen(msgType_values[m])
 	};
-	return asn1_wrap(ASN1_SEQUENCE, "cm"
+	return asn1_wrap(ASN1_SEQUENCE, "mm",
-				, ASN1_messageType_oid
+				asn1_build_known_oid(OID_PKI_MESSAGE_TYPE),
-				, asn1_wrap(ASN1_SET, "m"
+				asn1_wrap(ASN1_SET, "m",
-					, asn1_simple_object(ASN1_PRINTABLESTRING, msgType)
+					asn1_simple_object(ASN1_PRINTABLESTRING, msgType)));
 				  )
 			  );
 }
 /**
@ -358,12 +351,10 @@ chunk_t scep_senderNonce_attribute(void)
 	rng->get_bytes(rng, nonce_len, nonce_buf);
 	rng->destroy(rng);
-	return asn1_wrap(ASN1_SEQUENCE, "cm"
+	return asn1_wrap(ASN1_SEQUENCE, "cm",
-				, ASN1_senderNonce_oid
+				asn1_build_known_oid(OID_PKI_SENDER_NONCE),
-				, asn1_wrap(ASN1_SET, "m"
+				asn1_wrap(ASN1_SET, "m",
-					, asn1_simple_object(ASN1_OCTET_STRING, senderNonce)
+					asn1_simple_object(ASN1_OCTET_STRING, senderNonce)));
 				  )
 			  );
 }
 /**
@ -378,16 +369,15 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
 	envelopedData = pkcs7_build_envelopedData(data, enc_cert, enc_alg);
-	attributes = asn1_wrap(ASN1_SET, "mmmmm"
+	attributes = asn1_wrap(ASN1_SET, "mmmmm",
-					, pkcs7_contentType_attribute()
+					pkcs7_contentType_attribute(),
-					, pkcs7_messageDigest_attribute(envelopedData
+					pkcs7_messageDigest_attribute(envelopedData, digest_alg),
-						, digest_alg)
+					scep_transId_attribute(transID),
-					, scep_transId_attribute(transID)
+					scep_messageType_attribute(msg),
-					, scep_messageType_attribute(msg)
+					scep_senderNonce_attribute());
 					, scep_senderNonce_attribute());
-	request = pkcs7_build_signedData(envelopedData, attributes
+	request = pkcs7_build_signedData(envelopedData, attributes,
-					, signer_cert, digest_alg, private_key);
+									 signer_cert, digest_alg, private_key);
 	free(envelopedData.ptr);
 	free(attributes.ptr);
 	return request;
@ -420,8 +410,10 @@ static char* escape_http_request(chunk_t req)
 	while (*p1 != '\0')
 	{
 		if (*p1++ == '+')
 		{
 			plus++;
 		}
 	}
 	escaped_req = malloc(len + 3*(lines + plus));
@ -513,8 +505,8 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
 		/* form complete url */
 		len = strlen(url) + 32 + strlen(operation) + 1;
 		complete_url = malloc(len);
-		snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier"
+		snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier",
-				, url, operation);
+				 url, operation);
 		status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
 									 FETCH_END);
--- a/src/scepclient/scep.h
+++ b/src/scepclient/scep.h
@ -1,10 +1,3 @@
 /**
 * @file scep.h
 * @brief SCEP specific functions
 *
 * Contains functions to build and parse SCEP requests and replies
 */
 /*
 * Copyright (C) 2005 Jan Hutter, Martin Willi
 * Hochschule fuer Technik Rapperswil
@ -74,21 +67,21 @@ typedef struct {
 extern const scep_attributes_t empty_scep_attributes;
-extern bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
+bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
-extern void scep_generate_transaction_id(public_key_t *key,
+void scep_generate_transaction_id(public_key_t *key,
 								  chunk_t *transID,
 								  chunk_t *serialNumber);
-extern chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
+chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
-extern chunk_t scep_transId_attribute(chunk_t transaction_id);
+chunk_t scep_transId_attribute(chunk_t transaction_id);
-extern chunk_t scep_messageType_attribute(scep_msg_t m);
+chunk_t scep_messageType_attribute(scep_msg_t m);
-extern chunk_t scep_senderNonce_attribute(void);
+chunk_t scep_senderNonce_attribute(void);
-extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
+chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
 						   certificate_t *enc_cert, int enc_alg,
 						   certificate_t *signer_cert, int digest_alg,
 						   private_key_t *private_key);
-extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
+bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
 							  bool http_get_request, chunk_t *response);
-extern err_t scep_parse_response(chunk_t response, chunk_t transID,
+err_t scep_parse_response(chunk_t response, chunk_t transID,
 						  contentInfo_t *data, scep_attributes_t *attrs,
 						  certificate_t *signer_cert);
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@ -13,17 +13,6 @@
 * for more details.
 */
 /**
 * @file main.c
 * @brief scepclient main program
 */
 /**
 * @mainpage SCEP for Linux strongSwan
 *
 * Documentation of SCEP for Linux StrongSwan
 */
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -153,8 +142,7 @@ certificate_t *pkcs10_req      = NULL;
 *
 * @param status 0 = OK, 1 = general discomfort
 */
-static void
+static void exit_scepclient(err_t message, ...)
 exit_scepclient(err_t message, ...)
 {
 	int status = 0;
@ -201,8 +189,7 @@ exit_scepclient(err_t message, ...)
 * @brief prints the program version and exits
 *
 */
-static void
+static void version(void)
 version(void)
 {
 	printf("scepclient %s\n", scepclient_version);
 	exit_scepclient(NULL);
@ -214,8 +201,7 @@ version(void)
 * If message is set, program is exitet with 1 (error)
 * @param message message in case of an error
 */
-static void
+static void usage(const char *message)
 usage(const char *message)
 {
 	fprintf(stderr,
 		"Usage: scepclient\n"
@ -563,7 +549,10 @@ int main(int argc, char **argv)
 			case 'D':       /* --days */
 				if (optarg == NULL || !isdigit(optarg[0]))
 				{
 					usage("missing number of days");
 				}
 				else
 				{
 					char *endptr;
 					long days = strtol(optarg, &endptr, 0);
@ -577,7 +566,10 @@ int main(int argc, char **argv)
 			case 'S':       /* --startdate */
 				if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
 				{
 					usage("date format must be YYMMDDHHMMSSZ");
 				}
 				else
 				{
 					chunk_t date = { optarg, 13 };
 					notBefore = asn1_to_time(&date, ASN1_UTCTIME);
@ -586,7 +578,10 @@ int main(int argc, char **argv)
 			case 'E':       /* --enddate */
 				if (optarg == NULL || strlen(optarg) != 13 || optarg[12] != 'Z')
 				{
 					usage("date format must be YYMMDDHHMMSSZ");
 				}
 				else
 				{
 					chunk_t date = { optarg, 13 };
 					notAfter = asn1_to_time(&date, ASN1_UTCTIME);
@ -595,7 +590,9 @@ int main(int argc, char **argv)
 			case 'd':       /* --dn */
 				if (distinguishedName)
 				{
 					usage("only one distinguished name allowed");
 				}
 				distinguishedName = optarg;
 				continue;
@ -634,7 +631,8 @@ int main(int argc, char **argv)
 				if (strcaseeq("%prompt", optarg))
 				{
 					printf("Challenge password: ");
-				if (fgets(challenge_password_buffer, sizeof(challenge_password_buffer)-1, stdin))
+					if (fgets(challenge_password_buffer,
 							sizeof(challenge_password_buffer) - 1, stdin))
 					{
 						challengePassword.ptr = challenge_password_buffer;
 						/* discard the terminating '\n' from the input */
@ -807,8 +805,8 @@ int main(int argc, char **argv)
 	/* check for minimum key length */
 	if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
 	{
-		exit_scepclient("length of RSA key has to be at least %d bits"
+		exit_scepclient("length of RSA key has to be at least %d bits",
-			,RSA_MIN_OCTETS * BITS_PER_BYTE);
+						RSA_MIN_OCTETS * BITS_PER_BYTE);
 	}
 	/*
@ -1002,8 +1000,9 @@ int main(int argc, char **argv)
 		char *path = concatenate_paths(REQ_PATH, file_out_pkcs7);
 		if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force))
 		{
 			exit_scepclient("could not write pkcs7 file '%s'", path);
-;
+		}
 		filetype_out &= ~PKCS7;   /* delete PKCS7 flag */
 	}
@ -1041,8 +1040,8 @@ int main(int argc, char **argv)
 		{
 			exit_scepclient("did not receive a valid scep response");
 		}
-		ugh = scep_parse_response(scep_response, transID, &data, &attrs
+		ugh = scep_parse_response(scep_response, transID, &data, &attrs,
-								 , x509_ca_sig);
+								  x509_ca_sig);
 		if (ugh != NULL)
 		{
 			exit_scepclient(ugh);
@ -1053,8 +1052,8 @@ int main(int argc, char **argv)
 		{
 			identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig);
-			plog("  scep request pending, polling every %d seconds"
+			plog("  scep request pending, polling every %d seconds",
-				, poll_interval);
+				 poll_interval);
 			poll_start = time_monotonic(NULL);
 			issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc",
 									issuer->get_encoding(issuer),
@ -1062,8 +1061,8 @@ int main(int argc, char **argv)
 		}
 		while (attrs.pkiStatus == SCEP_PENDING)
 		{
-			if (max_poll_time > 0
+			if (max_poll_time > 0 &&
-			&& (time_monotonic(NULL) - poll_start >= max_poll_time))
+				(time_monotonic(NULL) - poll_start >= max_poll_time))
 			{
 				exit_scepclient("maximum poll time reached: %d seconds"
 							   , max_poll_time);
@ -1080,18 +1079,18 @@ int main(int argc, char **argv)
 			)
 			chunk_free(&getCertInitial);
-			getCertInitial = scep_build_request(issuerAndSubject
+			getCertInitial = scep_build_request(issuerAndSubject,
-								, transID, SCEP_GetCertInitial_MSG
+									transID, SCEP_GetCertInitial_MSG,
-								, x509_ca_enc, pkcs7_symmetric_cipher
+									x509_ca_enc, pkcs7_symmetric_cipher,
-								, x509_signer, pkcs7_digest_alg, private_key);
+									x509_signer, pkcs7_digest_alg, private_key);
 			if (!scep_http_request(scep_url, getCertInitial, SCEP_PKI_OPERATION,
 				http_get_request, &scep_response))
 			{
 				exit_scepclient("did not receive a valid scep response");
 			}
-			ugh = scep_parse_response(scep_response, transID, &data, &attrs
+			ugh = scep_parse_response(scep_response, transID, &data, &attrs,
-									 , x509_ca_sig);
+									  x509_ca_sig);
 			if (ugh != NULL)
 			{
 				exit_scepclient(ugh);
@ -1105,13 +1104,13 @@ int main(int argc, char **argv)
 		envelopedData = data.content;
-		if (data.type != OID_PKCS7_DATA
+		if (data.type != OID_PKCS7_DATA ||
-		|| !asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
+			!asn1_parse_simple_object(&envelopedData, ASN1_OCTET_STRING, 0, "data"))
 		{
 			exit_scepclient("contentInfo is not of type 'data'");
 		}
-		if (!pkcs7_parse_envelopedData(envelopedData, &certData
+		if (!pkcs7_parse_envelopedData(envelopedData, &certData,
-			, serialNumber, private_key))
+				serialNumber, private_key))
 		{
 			exit_scepclient("could not decrypt envelopedData");
 		}