x509.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#define POSTFIX ".srl"
#define DEF_DAYS 30
static char *x509_usage[]={
"usage: x509 args\n",
" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
" -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
" -keyform arg - private key format - default PEM\n",
" -CAform arg - CA format - default PEM\n",
" -CAkeyform arg - CA key format - default PEM\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -passin arg - private key password source\n",
" -serial - print serial number value\n",
" -hash - print hash value\n",
" -subject - print subject DN\n",
" -issuer - print issuer DN\n",
" -email - print email address(es)\n",
" -startdate - notBefore field\n",
" -enddate - notAfter field\n",
" -purpose - print out certificate purposes\n",
" -dates - both Before and After dates\n",
" -modulus - print the RSA key modulus\n",
" -pubkey - output the public key\n",
" -fingerprint - print the certificate fingerprint\n",
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
" -ocspid - print OCSP hash values for the subject name and public key\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
" -clrreject - clear all rejected purposes\n",
" -addtrust arg - trust certificate for a given purpose\n",
" -addreject arg - reject certificate for a given purpose\n",
" -setalias arg - set certificate alias\n",
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
" -checkend arg - check whether the cert expires in the next arg seconds\n",
" exit 1 if so, 0 if not\n",
" -signkey arg - self sign cert with arg\n",
" -x509toreq - output a certification request object\n",
" -req - input is a certificate request, sign and output.\n",
" -CA arg - set the CA certificate, must be PEM format.\n",
" -CAkey arg - set the CA key, must be PEM format\n",
" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
" -CAserial arg - serial file\n",
" -set_serial - serial number to use\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
#endif
" -certopt arg - various certificate text options\n",
};
ASN1_INTEGER *sno);
static int reqfile=0;
int MAIN(int, char **);
{
int ret=1;
int ocspid=0;
int C=0;
int pprint = 0;
char **pp;
int fingerprint=0;
char buf[256];
int need_rand = 0;
int checkend=0,checkoffset=0;
#ifndef OPENSSL_NO_ENGINE
#endif
reqfile=0;
apps_startup();
goto end;
#ifdef OPENSSL_SYS_VMS
{
}
#endif
argc--;
argv++;
num=0;
while (argc >= 1)
{
{
}
{
}
{
}
{
reqfile=1;
need_rand = 1;
}
{
}
{
}
{
if (days == 0)
{
goto bad;
}
}
{
}
{
}
{
}
{
}
{
}
{
need_rand = 1;
}
{
need_rand = 1;
}
{
}
{
}
{
goto bad;
}
{
{
"Invalid trust object value %s\n", *argv);
goto bad;
}
trustout = 1;
}
{
{
"Invalid reject object value %s\n", *argv);
goto bad;
}
trustout = 1;
}
{
trustout = 1;
}
{
}
{
}
#ifndef OPENSSL_NO_ENGINE
{
}
#endif
C= ++num;
fingerprint= ++num;
{
}
{
checkend=1;
}
trustout= 1;
CA_createserial= ++num;
clrext = 1;
#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
{
clrext = 1;
}
#endif
{
/* ok */
}
else
{
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
goto end;
}
#ifndef OPENSSL_NO_ENGINE
#endif
if (need_rand)
{
goto end;
}
if (!X509_STORE_set_default_paths(ctx))
{
goto end;
}
{
goto end;
}
if (extfile)
{
long errorline = -1;
{
if (errorline <= 0)
"error loading the config file '%s'\n",
extfile);
else
"error on line %ld of config file '%s'\n"
goto end;
}
if (!extsect)
{
if (!extsect)
{
extsect = "default";
}
}
{
"Error Loading extension section %s\n",
extsect);
goto end;
}
}
if (reqfile)
{
{
goto end;
}
{
goto end;
}
else
{
{
goto end;
}
}
{
goto end;
}
{
goto end;
}
{
goto end;
}
if (i < 0)
{
goto end;
}
if (i == 0)
{
goto end;
}
else
if (sno)
{
if (!X509_set_serialNumber(x, sno))
goto end;
}
X509_set_pubkey(x,pkey);
}
else
if (CA_flag)
{
}
{
OBJ_create("2.99999.3",
"SET.ex3","SET x509v3 extension 3");
{
goto end;
}
{
#ifdef OPENSSL_SYS_VMS
{
}
#endif
}
else
{
{
goto end;
}
}
}
if (clrtrust) X509_trust_clear(x);
if (clrreject) X509_reject_clear(x);
if (trust)
{
for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
{
}
}
if (reject)
{
for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
{
}
}
if (num)
{
for (i=1; i<=num; i++)
{
if (issuer == i)
{
X509_get_issuer_name(x), nmflag);
}
else if (subject == i)
{
X509_get_subject_name(x), nmflag);
}
else if (serial == i)
{
}
else if (email == i)
{
int j;
emlst = X509_get1_email(x);
}
else if (aliasout == i)
{
unsigned char *alstr;
}
else if (hash == i)
{
}
else if (pprint == i)
{
int j;
for (j = 0; j < X509_PURPOSE_get_count(); j++)
{
ptmp = X509_PURPOSE_get0(j);
}
}
else
if (modulus == i)
{
pkey=X509_get_pubkey(x);
{
goto end;
}
#ifndef OPENSSL_NO_RSA
else
#endif
#ifndef OPENSSL_NO_DSA
else
#endif
}
else
if (pubkey == i)
{
pkey=X509_get_pubkey(x);
{
goto end;
}
}
else
if (C == i)
{
unsigned char *d;
char *m;
int y,z;
sizeof buf);
m=OPENSSL_malloc(z);
d=(unsigned char *)m;
z=i2d_X509_NAME(X509_get_subject_name(x),&d);
d=(unsigned char *)m;
for (y=0; y<z; y++)
{
}
z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
d=(unsigned char *)m;
for (y=0; y<z; y++)
{
if ((y & 0x0f) == 0x0f)
}
z=i2d_X509(x,&d);
d=(unsigned char *)m;
for (y=0; y<z; y++)
{
if ((y & 0x0f) == 0x0f)
}
OPENSSL_free(m);
}
else if (text == i)
{
}
else if (startdate == i)
{
}
else if (enddate == i)
{
}
else if (fingerprint == i)
{
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
{
goto end;
}
for (j=0; j<(int)n; j++)
{
(j+1 == (int)n)
?'\n':':');
}
}
/* should be in the library */
{
{
passin, e, "Private key");
}
#ifndef OPENSSL_NO_DSA
#endif
}
else if (CA_flag == i)
{
{
0, passin, e,
"CA Private Key");
}
#ifndef OPENSSL_NO_DSA
#endif
goto end;
}
else if (x509req == i)
{
{
goto end;
}
else
{
keyfile, FORMAT_PEM, 0,
passin, e, "request key");
}
#ifndef OPENSSL_NO_DSA
#endif
{
goto end;
}
if (!noout)
{
}
noout=1;
}
else if (ocspid == i)
{
X509_ocspid_print(out, x);
}
}
}
if (checkend)
{
{
ret=1;
}
else
{
ret=0;
}
goto end;
}
if (noout)
{
ret=0;
goto end;
}
if (outformat == FORMAT_ASN1)
i=i2d_X509_bio(out,x);
else if (outformat == FORMAT_PEM)
{
else i=PEM_write_bio_X509(out,x);
}
else if (outformat == FORMAT_NETSCAPE)
{
/* no macro for this one yet */
}
else {
goto end;
}
if (!i)
{
goto end;
}
ret=0;
end:
if (need_rand)
OBJ_cleanup();
X509_free(x);
}
{
if (serialfile == NULL)
{
for (p=buf; *p; p++)
if (*p == '.')
{
*p='\0';
break;
}
}
else
{
goto end;
}
end:
return bs;
}
{
int ret=0;
{
goto end;
}
goto end;
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
* a certificate request in which case it is not. */
goto end;
{
goto end;
}
goto end;
/* hardwired expired */
goto end;
if (clrext)
{
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if (conf)
{
}
ret=1;
end:
if (!ret)
return ret;
}
{
int err;
/* it is ok to use a self signed certificate
* This case will catch both the initial ok == 0 and the
* final ok == 1 calls to this function */
return 1;
/* BAD we should have gotten an error. Normally if everything
* worked X509_STORE_CTX_get_error(ctx) will still be set to
* DEPTH_ZERO_SELF_.... */
if (ok)
{
return 0;
}
else
{
return 1;
}
}
/* self sign */
{
pktmp = X509_get_pubkey(x);
/* Lets just make it 12:00am GMT, Jan 1 1970 */
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
/* 28 days to be certified */
goto err;
if (clrext)
{
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if (conf)
{
}
return 1;
err:
return 0;
}
{
char *pname;
for (i = 0; i < 2; i++)
{
}
return 1;
}