📄 simpleca.c
字号:
void print_semicolon_list(struct stringlist *lst){ printf("%s\n", semicolon_list(lst));}/* Given a certificate, read key usage information from the certificate and print it as a list of usages separated by semicolons. */char *dump_usage(CRYPT_CERTIFICATE cert){ struct stringlist *lst; int i, res, val; lst = NULL; res = cryptGetAttribute(cert, CRYPT_CERTINFO_KEYUSAGE, &val); if(res) die("Could not retrieve key usage information."); for(i=0; i<NUM_USAGE; i++) { if(val & usagetable[i].code) stringlist_append(&lst, usagetable[i].txt); } return(semicolon_list(lst));}/* Given a certificate, read key usage information from the certificate and print it as a list of usages separated by semicolons. */char *dump_ext_usage(CRYPT_CERTIFICATE cert){ struct stringlist *lst; int i, res, val; lst = NULL; for(i=0; i<NUM_EXTUSAGE; i++) { res = cryptGetAttribute(cert, extusagetable[i].code, &val); if(!res) stringlist_append(&lst, extusagetable[i].txt); } return(semicolon_list(lst));}/* Given a number of seconds since 1970, print it as a nice local time (human readable). */void print_time(long t) { struct tm *time; time = localtime(&t); printf("%s", asctime(time));}/* Given data in global variables, try to interpret and show the user the contents of a file. The file may be a key, a certificate, a certificate request, or a CRL. */void view(void){ int res; int isakeyset, length, selfsigned, ca; char buffer[MAXBUF]; char *tmp; CRYPT_KEYSET keyset; CRYPT_CONTEXT pubkey; CRYPT_CERTIFICATE cert; int type, version; isakeyset=FALSE; /* Try to open it as a keyset */ res = cryptKeysetOpen(&keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, inputfile, CRYPT_KEYOPT_READONLY); if(!res) isakeyset=TRUE; if(isakeyset) { printf("KEY\n"); res = cryptGetPublicKey(keyset, &pubkey, CRYPT_KEYID_NAME, "private"); if(res) die("Could not retrieve public key from keyset."); res = cryptGetAttributeString(pubkey, CRYPT_CTXINFO_NAME_ALGO, buffer, &length); if(res) die("Could not get algorithm name."); buffer[length]=0; printf("Algorithm = %s\n", buffer); res = cryptGetAttribute(pubkey, CRYPT_CTXINFO_KEYSIZE, &length); if(res) die("Could not get key size."); printf("Key size = %d\n", length*8); res = cryptGetAttribute(pubkey, CRYPT_CERTINFO_CA, &length); if(!res && length>0) printf("CA = true\n"); else printf("CA = false\n"); res = cryptKeysetClose(keyset); if(res) die("Could not close keyset."); res = cryptDestroyContext(pubkey); if(res) die("Could not free public key."); return; } else { /* It is not a keyset. */ /* Now try to import it as some sort of certificate. */ cert = import_cert(inputfile); /* Determine which of certificate/request/crl it is. */ res = cryptGetAttribute(cert, CRYPT_CERTINFO_CERTTYPE, &type); if(res) die("Could not determine certificate type."); switch(type) { case CRYPT_CERTTYPE_CERTREQUEST: printf("CERTIFICATE REQUEST\n"); break; case CRYPT_CERTTYPE_CERTIFICATE: printf("CERTIFICATE\n"); break; case CRYPT_CERTTYPE_CRL: printf("CERTIFICATE REVOCATION LIST\n"); break; } /* Depending on the type, extract and display different information. */ if(type==CRYPT_CERTTYPE_CERTIFICATE) { res = cryptGetAttribute(cert, CRYPT_CERTINFO_VERSION, &version); if(res) die("Could not determine certificate version."); printf("Version = X509v%d\n", version); res = cryptGetAttributeString(cert, CRYPT_CERTINFO_SERIALNUMBER, buffer, &length); if(res) die("Could not retrieve certificate serial number."); printf("Serial number = %s\n", sn_to_string((unsigned char *)buffer)); } if(type==CRYPT_CERTTYPE_CERTIFICATE || type==CRYPT_CERTTYPE_CERTREQUEST) { res=cryptGetAttributeString(cert, CRYPT_CTXINFO_NAME_ALGO, buffer, &length); if(res) die("Could not get algorithm name."); buffer[length]=0; printf("Algorithm = %s\n", buffer); res=cryptGetAttribute(cert, CRYPT_CTXINFO_KEYSIZE, &length); if(res) die("Could not get key size."); printf("Key size (bits) = %d\n", length*8); } if(type==CRYPT_CERTTYPE_CERTIFICATE || type==CRYPT_CERTTYPE_CERTREQUEST) { strcpy(buffer, get_dn(cert)); printf("Subject = %s\n", buffer); res=cryptSetAttribute(cert, CRYPT_CERTINFO_CURRENT_EXTENSION, CRYPT_CERTINFO_SUBJECTALTNAME); if(!res) { strcpy(buffer, get_gn(cert)); if(strcmp(buffer, "")) printf("Subject alternate name = %s\n", buffer); } } if(type==CRYPT_CERTTYPE_CERTIFICATE) { res=cryptSetAttribute(cert, CRYPT_CERTINFO_ISSUERNAME, CRYPT_UNUSED); if(res) die("Could not switch to certificate issuer."); strcpy(buffer, get_dn(cert)); printf("Issuer = %s\n", buffer); res=cryptSetAttribute(cert, CRYPT_CERTINFO_CURRENT_EXTENSION, CRYPT_CERTINFO_ISSUERALTNAME); if(!res) { strcpy(buffer, get_gn(cert)); if(strcmp(buffer, "")) printf("Issuer alternate name = %s\n", buffer); } /* THIS CODE DOES NOT WORK, it just gets the subject algorithm res=cryptGetAttributeString(cert, CRYPT_CTXINFO_NAME_ALGO, buffer, &length); if(res) die("Could not get algorithm name."); buffer[length]=0; printf("Signature algorithm = %s\n", buffer); */ res=cryptGetAttributeString(cert, CRYPT_CERTINFO_VALIDFROM, buffer, &length); if(res) die("Could not get valid-from date in certificate."); printf("Start-date = "); print_time(*((int *)buffer)); res=cryptGetAttributeString(cert, CRYPT_CERTINFO_VALIDTO, buffer, &length); if(res) die("Could not get valid-to date in certificate."); printf("End-date = "); print_time(*((int *)buffer)); } if(type==CRYPT_CERTTYPE_CRL) { res=cryptGetAttributeString(cert, CRYPT_CERTINFO_THISUPDATE, buffer, &length); if(res) die("Could not get CRL-this-update date in certificate."); printf("CRL-this-update = "); print_time(*((int *)buffer)); res=cryptGetAttributeString(cert, CRYPT_CERTINFO_NEXTUPDATE, buffer, &length); if(res) die("Could not get CRL-next-update date in certificate."); printf("CRL-next-update = "); print_time(*((int *)buffer)); } selfsigned=FALSE; if(type==CRYPT_CERTTYPE_CERTIFICATE || type==CRYPT_CERTTYPE_CERTREQUEST) { res=cryptGetAttribute(cert, CRYPT_CERTINFO_SELFSIGNED, &selfsigned); if(res) selfsigned=0; if(selfsigned) { printf("Self-signed = true\n"); res=cryptCheckCert(cert, CRYPT_UNUSED); if(res) printf("Valid-signature = false\n"); else printf("Valid-signature = true\n"); } else printf("Self-signed = false\n"); } ca=FALSE; if(type==CRYPT_CERTTYPE_CERTIFICATE) { res=cryptGetAttribute(cert, CRYPT_CERTINFO_CA, &ca); if(res) ca=FALSE; if(ca) printf("CA certificate = true\n"); else printf("CA certificate = false\n"); tmp = dump_usage(cert); if(strlen(tmp)>0) printf("Key usage = %s\n", tmp); tmp = dump_ext_usage(cert); if(strlen(tmp)>0) printf("Extended key usage = %s\n", tmp); if(ca) { /* Show CRLDP if present */ res=cryptSetAttribute(cert, CRYPT_CERTINFO_CURRENT_FIELD, CRYPT_CERTINFO_CRLDIST_FULLNAME); if(!res) { res=cryptGetAttributeString(cert, CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER, buffer, &length); if(!res) { buffer[length]=0; printf("CRL Distribution point = %s\n", buffer); } } } } if(type==CRYPT_CERTTYPE_CRL) { printf("Serial Number\t\tRevocation Date\n"); res=cryptSetAttribute(cert, CRYPT_CERTINFO_CURRENT_CERTIFICATE, CRYPT_CURSOR_FIRST); if(res) { printf("NONE\n"); } else { while(TRUE) { res=cryptGetAttributeString(cert, CRYPT_CERTINFO_SERIALNUMBER, buffer, &length); if(res) die("Could not retrieve serial number of revoked certificate in CRL."); printf("%s\t", sn_to_string((unsigned char *)buffer)); res=cryptGetAttributeString(cert, CRYPT_CERTINFO_REVOCATIONDATE, buffer, &length); if(res) die("Could not retrive revocation date of revoked certificate in CRL."); print_time(*((int *)buffer)); res=cryptSetAttribute(cert, CRYPT_CERTINFO_CURRENT_CERTIFICATE, CRYPT_CURSOR_NEXT); if(res) break; } } } }}/* Show the allowable fields for subjects and key-usages. */void values(void){ int i; printf("The following fields are legal for the subject:\n"); /* printf("\t bc (business category)\n"); */ printf("\t c (2 letter country code)\n"); printf("\t cn (common name)\n"); /* printf("\t d (description)\n"); printf("\t dc (domain component)\n"); printf("\t g (given name)\n"); printf("\t i (initials)\n"); printf("\t isdn (international isdn number)\n"); */ printf("\t l (locality)\n"); printf("\t o (organization name)\n"); printf("\t ou (organizational unit)\n"); /* printf("\t s (surname)\n"); printf("\t sn (serial number)\n"); */ printf("\t sp (state or province)\n"); /* printf("\t st (street address)\n"); printf("\t t (title)\n"); */ /* printf("Fields should be listed from most specific to least specific.\n\n"); */ printf("The following fields are valid in the subject alt-name:\n"); for(i=0; i<NUM_SUBJ_ALT_ATTR; i++) printf("\t%s\n", subjalttable[i].txt); printf("The following fields are legal for key usage:\n"); for(i=0; i<NUM_USAGE; i++) printf("\t%s\n", usagetable[i].txt); printf("The following fields are legal for extended key usage:\n"); for(i=0; i<NUM_EXTUSAGE; i++) printf("\t%s\n", extusagetable[i].txt); printf("\n");}/* Given an action set in the global variable action, do the right thing.*/void do_action(void){ if(show_values) { if(subject) { printf("subj = "); print_semicolon_list(subject); printf("\n"); } if(subject_alt) { printf("subj-alt = "); print_semicolon_list(subject_alt); printf("\n"); } if(usage) { printf("key-usage = "); print_semicolon_list(usage); printf("\n"); } if(ext_usage) { printf("ext-key-usage = "); print_semicolon_list(ext_usage); printf("\n"); } if(action==ACTION_CREATECA || action==ACTION_CREATECERT) { printf("start-date = "); print_time(validfrom); printf("end-date = "); print_time(validto); } if(action==ACTION_CREATECRL) printf("crl-next-update = %d\n", crl_next_update); if(crldp) printf("crldp = %s\n", crldp); if(inputfile) switch(action) { case ACTION_VIEW: printf("view = %s\n", inputfile); break; case ACTION_CREATECRL: printf("crl-contents = %s\n", inputfile); break; case ACTION_CREATECERT: printf("request = %s\n", inputfile); break; default: printf("input-file = %s\n", inputfile); break; } if(outputfile) switch(action) { case ACTION_CREATECA: printf("create-new-ca = %s\n", outputfile); break; case ACTION_CREATECERT: printf("create-cert = %s\n", outputfile); break; case ACTION_CREATECRL: printf("create-crl = %s\n", outputfile); break; case ACTION_CREATEREQUEST: printf("create-request = %s\n", outputfile); break; case ACTION_CREATEKEYS: printf("create-keys = %s\n", outputfile); break; default: printf("output-file = %s\n", outputfile); break; } if(keyfile) printf("priv-key = %s\n", keyfile); if(cert_dup_dir) printf("crldp = %s\n", cert_dup_dir); if(password) printf("password = %s\n", password); if(keysize>0) printf("key-size = %d\n", keysize); } switch(action) { case ACTION_NONE: die("No action specified."); break; case ACTION_CREATECA: create_new_ca(); break; case ACTION_CREATEKEYS: create_keys(); break; case ACTION_CREATEREQUEST: create_request(); break; case ACTION_CREATECERT: create_cert(); break; case ACTION_CREATECRL: create_crl(); break; case ACTION_VIEW: view(); break; case ACTION_VALUES: values(); break; default: die("Unknown action."); }}/* Remove spaces from the front and end of a string. */char *squeeze_spaces(char *txt){ char *p; char *res; res = strdup(txt); while(*res==' ') res++; p = res + strlen(res) - 1; while(*p == ' ' && p>=res) { *p = 0; p--; } return res;}/* Remove possible quotation marks surrounding a string. */char *squeeze_quotes(char *txt){ char *res; res = strdup(txt); if(res[0]=='"' && res[strlen(res)-1]=='"') { res[strlen(res)-1]=0; res++; } return res; }/* Given a line of text, process it as a command line option. */void process_line(char *line){ char *left, *right, *p; if(entirely_spaces(line)) return; if(comment(line)) return; line = squeeze_spaces(line); line = squeeze_quotes(line); line = squeeze_spaces(line); p=strchr(line, '='); if(p==NULL) { process_singleton(line); } else { *p = 0; left = line; right = p+1; left = squeeze_spaces(left); left = squeeze_quotes(left); left = squeeze_spaces(left); right = squeeze_spaces(right); right = squeeze_quotes(right); right = squeeze_spaces(right); process_pair(left, right); }}/* Given a configuration file, use it if it exists, give a warning and continue if it does not exist. */void process_default_file(char *filename){ FILE *fp; fp=fopen(filename, "rt"); if(!fp) { /* printf("WARNING: Could not open default configuration file %s.\n", filename); */ return; } fclose(fp); process_file(filename);}/* Given a file, consider each line to be an argument to the program. */void process_file(char *filename){ FILE *fp; char buffer[MAXBUF]; fp=fopen(filename, "rt"); if(!fp) { printf("ERROR: Could not open %s for reading.\n", filename); exit(EXIT_FAILURE); } while(!(feof(fp))) { memset(buffer, 0, MAXBUF); fgets(buffer, MAXBUF, fp); process_line(chomp(buffer)); } fclose(fp);}/* Process the actual command line arguments passed to the program. */void process_args(int argc, char *argv[]){ int i; for(i=1; i<argc; i++) { process_line(argv[i]); }}/* MAIN */int main(int argc, char *argv[]){ /* Initialize cryptlib */ cryptInit(); /* Set default values for all global variables. */ set_defaults(); /* Process the original config file in preset location. */ /* Later values may overwrite anything this does. */ process_default_file(DEFAULT_CONFIG_FILE); /* Process the arguments passed by the user. */ process_args(argc, argv); /* All global variables set, do the action. */ do_action(); /* Close cryptlib and we're done. */ cryptEnd(); return 0;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -