Lines Matching +full:wo +full:- +full:data
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 #include <hxtool-commands.h>
48 { "statistic-file", 0, arg_string, &stat_file_string, NULL, NULL },
70 for (i = 0; i < pass->num_strings; i++) { in lock_strings()
71 int ret = hx509_lock_command_string(lock, pass->strings[i]); in lock_strings()
74 pass->strings[i], ret); in lock_strings()
88 for (i = 0; i < s->num_strings; i++) { in certs_strings()
89 ret = hx509_certs_append(contextp, certs, lock, s->strings[i]); in certs_strings()
92 "hx509_certs_append: %s %s", type, s->strings[i]); in certs_strings()
128 val = calloc(s->num_strings, sizeof(*val)); in peer_strings()
132 for (i = 0; i < s->num_strings; i++) in peer_strings()
133 parse_oid(s->strings[i], NULL, &val[i].algorithm); in peer_strings()
135 ret = hx509_peer_info_set_cms_algs(contextp, *peer, val, s->num_strings); in peer_strings()
139 for (i = 0; i < s->num_strings; i++) in peer_strings()
156 const void *data , size_t length, void *ctx) in pem_reader() argument
161 p->os->data = malloc(length); in pem_reader()
162 if (p->os->data == NULL) in pem_reader()
164 memcpy(p->os->data, data, length); in pem_reader()
165 p->os->length = length; in pem_reader()
167 h = hx509_pem_find_header(headers, "Content-disposition"); in pem_reader()
169 p->detached_data = 1; in pem_reader()
193 if (opt->missing_revoke_flag) in cms_verify_sd()
197 lock_strings(lock, &opt->pass_strings); in cms_verify_sd()
203 ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors); in cms_verify_sd()
206 ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store); in cms_verify_sd()
210 certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings); in cms_verify_sd()
211 certs_strings(context, "store", store, lock, &opt->certificate_strings); in cms_verify_sd()
213 if (opt->pem_flag) { in cms_verify_sd()
229 if (pd.detached_data && opt->signed_content_string == NULL) { in cms_verify_sd()
235 s[r - argv[0]] = '\0'; in cms_verify_sd()
249 co.data = p; in cms_verify_sd()
253 if (opt->signed_content_string) { in cms_verify_sd()
254 ret = _hx509_map_file_os(opt->signed_content_string, &signeddata); in cms_verify_sd()
256 errx(1, "map_file: %s: %d", opt->signed_content_string, ret); in cms_verify_sd()
260 if (opt->content_info_flag) { in cms_verify_sd()
283 if (!opt->signer_allowed_flag) in cms_verify_sd()
285 if (opt->allow_wrong_oid_flag) in cms_verify_sd()
288 ret = hx509_cms_verify_signed(context, ctx, flags, co.data, co.length, sd, in cms_verify_sd()
290 if (p != co.data) in cms_verify_sd()
320 ret = _hx509_write_file(argv[1], c.data, c.length); in cms_verify_sd()
376 opt->pem_flag ? "pem" : "cms-signeddata"); in cms_create_sd()
383 lock_strings(lock, &opt->pass_strings); in cms_create_sd()
385 ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store); in cms_create_sd()
387 ret = hx509_certs_init(context, "MEMORY:cert-pool", 0, NULL, &pool); in cms_create_sd()
390 certs_strings(context, "store", store, lock, &opt->certificate_strings); in cms_create_sd()
391 certs_strings(context, "pool", pool, lock, &opt->pool_strings); in cms_create_sd()
393 if (opt->anchors_strings.num_strings) { in cms_create_sd()
394 ret = hx509_certs_init(context, "MEMORY:cert-anchors", in cms_create_sd()
397 certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings); in cms_create_sd()
401 if (opt->detached_signature_flag) in cms_create_sd()
403 if (opt->id_by_name_flag) in cms_create_sd()
405 if (!opt->signer_flag) { in cms_create_sd()
410 if (opt->signer_flag) { in cms_create_sd()
418 if (opt->signer_string) in cms_create_sd()
419 hx509_query_match_friendly_name(q, opt->signer_string); in cms_create_sd()
426 if (!opt->embedded_certs_flag) in cms_create_sd()
428 if (opt->embed_leaf_only_flag) in cms_create_sd()
435 if (opt->peer_alg_strings.num_strings) in cms_create_sd()
436 peer_strings(context, &peer, &opt->peer_alg_strings); in cms_create_sd()
438 parse_oid(opt->content_type_string, &asn1_oid_id_pkcs7_data, &contentType); in cms_create_sd()
462 if (opt->content_info_flag) { in cms_create_sd()
463 heim_octet_string wo; in cms_create_sd() local
465 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &o, &wo); in cms_create_sd()
470 o = wo; in cms_create_sd()
473 if (opt->pem_flag) { in cms_create_sd()
477 hx509_pem_add_header(&header, "Content-disposition", in cms_create_sd()
478 opt->detached_signature_flag ? in cms_create_sd()
491 o.data, o.length); in cms_create_sd()
498 ret = _hx509_write_file(outfile, o.data, o.length); in cms_create_sd()
504 free(o.data); in cms_create_sd()
522 lock_strings(lock, &opt->pass_strings); in cms_unenvelope()
528 co.data = p; in cms_unenvelope()
531 if (opt->content_info_flag) { in cms_unenvelope()
546 ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); in cms_unenvelope()
550 certs_strings(context, "store", certs, lock, &opt->certificate_strings); in cms_unenvelope()
552 if (opt->allow_weak_crypto_flag) in cms_unenvelope()
555 ret = hx509_cms_unenvelope(context, certs, flags, co.data, co.length, in cms_unenvelope()
557 if (co.data != p) in cms_unenvelope()
567 ret = _hx509_write_file(argv[1], o.data, o.length); in cms_unenvelope()
594 lock_strings(lock, &opt->pass_strings); in cms_create_enveloped()
600 ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); in cms_create_enveloped()
603 certs_strings(context, "store", certs, lock, &opt->certificate_strings); in cms_create_enveloped()
605 if (opt->allow_weak_crypto_flag) in cms_create_enveloped()
608 if (opt->encryption_type_string) { in cms_create_enveloped()
609 enctype = hx509_crypto_enctype_by_name(opt->encryption_type_string); in cms_create_enveloped()
612 opt->encryption_type_string); in cms_create_enveloped()
626 parse_oid(opt->content_type_string, &asn1_oid_id_pkcs7_data, &contentType); in cms_create_enveloped()
638 if (opt->content_info_flag) { in cms_create_enveloped()
639 heim_octet_string wo; in cms_create_enveloped() local
641 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_envelopedData, &o, &wo); in cms_create_enveloped()
646 o = wo; in cms_create_enveloped()
651 ret = _hx509_write_file(argv[1], o.data, o.length); in cms_create_enveloped()
701 printf("cert: %d\n", s->counter++); in print_f()
702 print_certificate(context, cert, s->verbose); in print_f()
715 s.verbose = opt->content_flag; in pcert_print()
718 lock_strings(lock, &opt->pass_strings); in pcert_print()
720 while(argc--) { in pcert_print()
724 if (opt->never_fail_flag) { in pcert_print()
730 if (opt->info_flag) in pcert_print()
758 lock_strings(lock, &opt->pass_strings); in pcert_validate()
764 while(argc--) { in pcert_validate()
788 lock_strings(inlock, &opt->in_pass_strings); in certificate_copy()
790 if (opt->out_pass_string) { in certificate_copy()
792 ret = hx509_lock_command_string(outlock, opt->out_pass_string); in certificate_copy()
795 opt->out_pass_string, ret); in certificate_copy()
798 ret = hx509_certs_init(context, argv[argc - 1], in certificate_copy()
803 while(argc-- > 1) { in certificate_copy()
836 ret = hx509_verify_path(hxcontext, v->ctx, c, v->chain); in verify_f()
841 v->errors++; in verify_f()
843 v->count++; in verify_f()
847 if (v->hostname) { in verify_f()
849 v->hostname, NULL, 0); in verify_f()
852 v->errors++; in verify_f()
870 if (opt->missing_revoke_flag) in pcert_verify()
886 if (opt->allow_proxy_certificate_flag) in pcert_verify()
889 if (opt->time_string) { in pcert_verify()
896 p = strptime (opt->time_string, "%Y-%m-%d", &tm); in pcert_verify()
898 errx(1, "Failed to parse time %s, need to be on format %%Y-%%m-%%d", in pcert_verify()
899 opt->time_string); in pcert_verify()
906 if (opt->hostname_string) in pcert_verify()
907 v.hostname = opt->hostname_string; in pcert_verify()
908 if (opt->max_depth_integer) in pcert_verify()
909 hx509_verify_set_max_depth(ctx, opt->max_depth_integer); in pcert_verify()
915 while(argc--) { in pcert_verify()
1003 lock_strings(lock, &opt->pass_strings); in query()
1005 ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); in query()
1014 argc--; in query()
1018 if (opt->friendlyname_string) in query()
1019 hx509_query_match_friendly_name(q, opt->friendlyname_string); in query()
1021 if (opt->eku_string) { in query()
1024 parse_oid(opt->eku_string, NULL, &oid); in query()
1032 if (opt->private_key_flag) in query()
1035 if (opt->keyEncipherment_flag) in query()
1038 if (opt->digitalSignature_flag) in query()
1041 if (opt->expr_string) in query()
1042 hx509_query_match_expr(context, q, opt->expr_string); in query()
1050 if (opt->print_flag) in query()
1075 lock_strings(lock, &opt->pass_strings); in ocsp_fetch()
1078 if (!opt->nonce_flag) in ocsp_fetch()
1081 if (opt->url_path_string) in ocsp_fetch()
1082 url = opt->url_path_string; in ocsp_fetch()
1084 ret = hx509_certs_init(context, "MEMORY:ocsp-pool", 0, NULL, &pool); in ocsp_fetch()
1087 certs_strings(context, "ocsp-pool", pool, lock, &opt->pool_strings); in ocsp_fetch()
1091 ret = hx509_certs_init(context, "MEMORY:ocsp-req", 0, NULL, &reqcerts); in ocsp_fetch()
1113 "Content-Type: application/ocsp-request\r\n" in ocsp_fetch()
1114 "Content-Length: %ld\r\n" in ocsp_fetch()
1118 fwrite(req.data, req.length, 1, f); in ocsp_fetch()
1150 os->data, os->length, &expiration); in verify_o()
1172 if (opt->ocsp_file_string == NULL) in ocsp_verify()
1175 ret = _hx509_map_file_os(opt->ocsp_file_string, &os); in ocsp_verify()
1179 ret = hx509_certs_init(context, "MEMORY:test-certs", 0, NULL, &certs); in ocsp_verify()
1293 get_key(opt->key_string, in request_create()
1294 opt->generate_key_string, in request_create()
1295 opt->key_bits_integer, in request_create()
1300 if (opt->subject_string) { in request_create()
1303 ret = hx509_parse_name(context, opt->subject_string, &name); in request_create()
1308 if (opt->verbose_flag) { in request_create()
1316 for (i = 0; i < opt->email_strings.num_strings; i++) { in request_create()
1318 opt->email_strings.strings[i]); in request_create()
1323 for (i = 0; i < opt->dnsname_strings.num_strings; i++) { in request_create()
1325 opt->dnsname_strings.strings[i]); in request_create()
1353 rk_dumpdata(outfile, request.data, request.length); in request_create()
1400 printf("ecdsa: ECDSA_METHOD-not-export\n"); in info()
1423 fprintf(stderr, "bad argument to random-data\n"); in random_data()
1455 if (opt->type_string) { in crypto_available()
1456 if (strcmp(opt->type_string, "all") == 0) in crypto_available()
1458 else if (strcmp(opt->type_string, "digest") == 0) in crypto_available()
1460 else if (strcmp(opt->type_string, "public-sig") == 0) in crypto_available()
1462 else if (strcmp(opt->type_string, "secret") == 0) in crypto_available()
1465 errx(1, "unknown type: %s", opt->type_string); in crypto_available()
1492 if (opt->type_string) { in crypto_select()
1493 if (strcmp(opt->type_string, "digest") == 0) in crypto_select()
1495 else if (strcmp(opt->type_string, "public-sig") == 0) in crypto_select()
1497 else if (strcmp(opt->type_string, "secret") == 0) in crypto_select()
1500 errx(1, "unknown type: %s", opt->type_string); in crypto_select()
1503 if (opt->peer_cmstype_strings.num_strings) in crypto_select()
1504 peer_strings(context, &peer, &opt->peer_cmstype_strings); in crypto_select()
1524 if (opt->decode_flag) { in hxtool_hex()
1580 opt->pkinit++; in pkinit_kdc()
1589 opt->pkinit++; in pkinit_client()
1614 "https-server",
1619 "https-client",
1624 "email-client",
1629 "pkinit-client",
1630 "Certificate used for Kerberos PK-INIT client certificates",
1634 "pkinit-kdc",
1635 "Certificates used for Kerberos PK-INIT KDC certificates",
1639 "peap-server",
1676 for (i = 0; i < opt->type_strings.num_strings; i++) { in eval_types()
1677 const char *type = opt->type_strings.strings[i]; in eval_types()
1696 if (opt->pk_init_principal_string) { in eval_types()
1698 errx(1, "pk-init principal given but no pk-init oid"); in eval_types()
1701 opt->pk_init_principal_string); in eval_types()
1706 if (opt->ms_upn_string) { in eval_types()
1708 errx(1, "MS upn given but no pk-init oid"); in eval_types()
1710 ret = hx509_ca_tbs_add_san_ms_upn(contextp, tbs, opt->ms_upn_string); in eval_types()
1716 for (i = 0; i < opt->hostname_strings.num_strings; i++) { in eval_types()
1717 const char *hostname = opt->hostname_strings.strings[i]; in eval_types()
1724 for (i = 0; i < opt->email_strings.num_strings; i++) { in eval_types()
1725 const char *email = opt->email_strings.strings[i]; in eval_types()
1737 if (opt->jid_string) { in eval_types()
1738 ret = hx509_ca_tbs_add_san_jid(contextp, tbs, opt->jid_string); in eval_types()
1760 if (opt->ca_certificate_string == NULL && !opt->self_signed_flag) in hxtool_ca()
1761 errx(1, "--ca-certificate argument missing (not using --self-signed)"); in hxtool_ca()
1762 …if (opt->ca_private_key_string == NULL && opt->generate_key_string == NULL && opt->self_signed_fla… in hxtool_ca()
1763 errx(1, "--ca-private-key argument missing (using --self-signed)"); in hxtool_ca()
1764 if (opt->certificate_string == NULL) in hxtool_ca()
1765 errx(1, "--certificate argument missing"); in hxtool_ca()
1767 if (opt->template_certificate_string) { in hxtool_ca()
1768 if (opt->template_fields_string == NULL) in hxtool_ca()
1769 errx(1, "--template-certificate not no --template-fields"); in hxtool_ca()
1772 if (opt->lifetime_string) { in hxtool_ca()
1773 delta = parse_time(opt->lifetime_string, "day"); in hxtool_ca()
1775 errx(1, "Invalid lifetime: %s", opt->lifetime_string); in hxtool_ca()
1778 if (opt->ca_certificate_string) { in hxtool_ca()
1782 ret = hx509_certs_init(context, opt->ca_certificate_string, 0, in hxtool_ca()
1786 "hx509_certs_init: %s", opt->ca_certificate_string); in hxtool_ca()
1793 if (!opt->issue_proxy_flag) in hxtool_ca()
1801 } else if (opt->self_signed_flag) { in hxtool_ca()
1802 if (opt->generate_key_string == NULL in hxtool_ca()
1803 && opt->ca_private_key_string == NULL) in hxtool_ca()
1806 if (opt->req_string) in hxtool_ca()
1807 errx(1, "can't be self-signing and have a request at the same time"); in hxtool_ca()
1811 if (opt->ca_private_key_string) { in hxtool_ca()
1813 ret = read_private_key(opt->ca_private_key_string, &private_key); in hxtool_ca()
1821 if (opt->self_signed_flag) in hxtool_ca()
1825 if (opt->req_string) { in hxtool_ca()
1828 ret = _hx509_request_parse(context, opt->req_string, &req); in hxtool_ca()
1830 hx509_err(context, 1, ret, "parse_request: %s", opt->req_string); in hxtool_ca()
1840 if (opt->generate_key_string) { in hxtool_ca()
1849 if (opt->issue_ca_flag) in hxtool_ca()
1852 if (opt->key_bits_integer) in hxtool_ca()
1854 opt->key_bits_integer); in hxtool_ca()
1866 if (opt->self_signed_flag) in hxtool_ca()
1870 if (opt->certificate_private_key_string) { in hxtool_ca()
1871 ret = read_private_key(opt->certificate_private_key_string, &cert_key); in hxtool_ca()
1876 if (opt->subject_string) { in hxtool_ca()
1879 ret = hx509_parse_name(context, opt->subject_string, &subject); in hxtool_ca()
1892 if (opt->template_certificate_string) { in hxtool_ca()
1897 ret = hx509_certs_init(context, opt->template_certificate_string, 0, in hxtool_ca()
1901 "hx509_certs_init: %s", opt->template_certificate_string); in hxtool_ca()
1909 flags = parse_units(opt->template_fields_string, in hxtool_ca()
1919 if (opt->serial_number_string) { in hxtool_ca()
1922 ret = der_parse_hex_heim_integer(opt->serial_number_string, in hxtool_ca()
1944 if (opt->crl_uri_string) { in hxtool_ca()
1946 opt->crl_uri_string, NULL); in hxtool_ca()
1953 if (opt->issue_ca_flag) { in hxtool_ca()
1954 ret = hx509_ca_tbs_set_ca(context, tbs, opt->path_length_integer); in hxtool_ca()
1958 if (opt->issue_proxy_flag) { in hxtool_ca()
1959 ret = hx509_ca_tbs_set_proxy(context, tbs, opt->path_length_integer); in hxtool_ca()
1963 if (opt->domain_controller_flag) { in hxtool_ca()
1975 if (opt->self_signed_flag) { in hxtool_ca()
1994 ret = hx509_certs_init(context, opt->certificate_string, in hxtool_ca()
2043 ret = hx509_cms_verify_signed(context, vctx, 0, sd.data, sd.length, in test_one_cert()
2045 free(sd.data); in test_one_cert()
2049 printf("create-signature verify-sigature done\n"); in test_one_cert()
2051 free(c.data); in test_one_cert()
2065 lock_strings(lock, &opt->pass_strings); in test_crypto()
2067 ret = hx509_certs_init(context, "MEMORY:test-crypto", 0, NULL, &certs); in test_crypto()
2099 if (opt->type_integer) in statistic_print()
2100 type = opt->type_integer; in statistic_print()
2120 lock_strings(lock, &opt->pass_strings); in crl_sign()
2126 if (opt->signer_string == NULL) in crl_sign()
2133 ret = hx509_certs_init(context, opt->signer_string, 0, in crl_sign()
2137 "hx509_certs_init: %s", opt->signer_string); in crl_sign()
2152 if (opt->lifetime_string) { in crl_sign()
2155 delta = parse_time(opt->lifetime_string, "day"); in crl_sign()
2157 errx(1, "Invalid lifetime: %s", opt->lifetime_string); in crl_sign()
2166 ret = hx509_certs_init(context, "MEMORY:revoked-certs", 0, in crl_sign()
2184 if (opt->crl_file_string) in crl_sign()
2185 rk_dumpdata(opt->crl_file_string, os.data, os.length); in crl_sign()
2187 free(os.data); in crl_sign()
2223 argc -= optidx; in main()
2236 if(ret == -1) in main()