- added --reader, --key-usage command line args
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@694 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
b2379d40d5
commit
3ffcfcf110
|
@ -101,6 +101,7 @@ enum {
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct option options[] = {
|
const struct option options[] = {
|
||||||
|
{ "reader", required_argument, 0, 'r' },
|
||||||
{ "erase-card", no_argument, 0, 'E' },
|
{ "erase-card", no_argument, 0, 'E' },
|
||||||
{ "create-pkcs15", no_argument, 0, 'C' },
|
{ "create-pkcs15", no_argument, 0, 'C' },
|
||||||
{ "store-pin", no_argument, 0, 'P' },
|
{ "store-pin", no_argument, 0, 'P' },
|
||||||
|
@ -120,6 +121,7 @@ const struct option options[] = {
|
||||||
{ "passphrase", required_argument, 0, OPT_PASSPHRASE },
|
{ "passphrase", required_argument, 0, OPT_PASSPHRASE },
|
||||||
{ "store-certificate", required_argument, 0, 'X' },
|
{ "store-certificate", required_argument, 0, 'X' },
|
||||||
{ "authority", no_argument, 0, OPT_AUTHORITY },
|
{ "authority", no_argument, 0, OPT_AUTHORITY },
|
||||||
|
{ "key-usage", required_argument, 0, 'u' },
|
||||||
|
|
||||||
{ "extractable", no_argument, 0, OPT_EXTRACTABLE },
|
{ "extractable", no_argument, 0, OPT_EXTRACTABLE },
|
||||||
{ "insecure", no_argument, 0, OPT_UNPROTECTED },
|
{ "insecure", no_argument, 0, OPT_UNPROTECTED },
|
||||||
|
@ -131,6 +133,7 @@ const struct option options[] = {
|
||||||
{ 0, 0, 0, 0 }
|
{ 0, 0, 0, 0 }
|
||||||
};
|
};
|
||||||
const char * option_help[] = {
|
const char * option_help[] = {
|
||||||
|
"Specify which reader to use [default 0]",
|
||||||
"Erase the smart card",
|
"Erase the smart card",
|
||||||
"Creates a new PKCS #15 structure",
|
"Creates a new PKCS #15 structure",
|
||||||
"Store a new PIN/PUK on the card",
|
"Store a new PIN/PUK on the card",
|
||||||
|
@ -150,6 +153,7 @@ const char * option_help[] = {
|
||||||
"Specify passphrase for unlocking secret key",
|
"Specify passphrase for unlocking secret key",
|
||||||
"Store an X.509 certificate",
|
"Store an X.509 certificate",
|
||||||
"Mark certificate as a CA certificate",
|
"Mark certificate as a CA certificate",
|
||||||
|
"Specify X.509 key usage (use \"--key-usage help\" for more information)",
|
||||||
|
|
||||||
"Private key stored as an extractable key",
|
"Private key stored as an extractable key",
|
||||||
"Insecure mode: do not require PIN/passphrase for private key",
|
"Insecure mode: do not require PIN/passphrase for private key",
|
||||||
|
@ -186,7 +190,8 @@ static char * action_names[] = {
|
||||||
static struct sc_context * ctx = NULL;
|
static struct sc_context * ctx = NULL;
|
||||||
static struct sc_card * card = NULL;
|
static struct sc_card * card = NULL;
|
||||||
static struct sc_pkcs15_card * p15card = NULL;
|
static struct sc_pkcs15_card * p15card = NULL;
|
||||||
static int opt_debug = 0,
|
static int opt_reader = 0,
|
||||||
|
opt_debug = 0,
|
||||||
opt_quiet = 0,
|
opt_quiet = 0,
|
||||||
opt_action = 0,
|
opt_action = 0,
|
||||||
opt_erase = 0,
|
opt_erase = 0,
|
||||||
|
@ -206,6 +211,7 @@ static char * opt_serial = 0;
|
||||||
static char * opt_passphrase = 0;
|
static char * opt_passphrase = 0;
|
||||||
static char * opt_newkey = 0;
|
static char * opt_newkey = 0;
|
||||||
static char * opt_outkey = 0;
|
static char * opt_outkey = 0;
|
||||||
|
static unsigned int opt_x509_usage = 0;
|
||||||
|
|
||||||
static struct sc_pkcs15init_callbacks callbacks = {
|
static struct sc_pkcs15init_callbacks callbacks = {
|
||||||
error, /* error() */
|
error, /* error() */
|
||||||
|
@ -218,7 +224,6 @@ int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
struct sc_profile *profile;
|
struct sc_profile *profile;
|
||||||
int opt_reader = 0;
|
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
|
||||||
/* OpenSSL magic */
|
/* OpenSSL magic */
|
||||||
|
@ -465,8 +470,17 @@ do_store_private_key(struct sc_profile *profile)
|
||||||
|
|
||||||
if ((r = do_convert_private_key(&args.key, pkey)) < 0)
|
if ((r = do_convert_private_key(&args.key, pkey)) < 0)
|
||||||
return r;
|
return r;
|
||||||
if (cert)
|
if (cert) {
|
||||||
|
/* If the user requested a specific key usage on the
|
||||||
|
* command line check if it includes _more_
|
||||||
|
* usage bits than the one specified by the cert */
|
||||||
|
if (~cert->ex_kusage & opt_x509_usage) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Warning: requested key usage incompatible with "
|
||||||
|
"key usage specified by X.509 certificate\n");
|
||||||
|
}
|
||||||
args.x509_usage = cert->ex_kusage;
|
args.x509_usage = cert->ex_kusage;
|
||||||
|
}
|
||||||
|
|
||||||
r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL);
|
r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
@ -594,7 +608,8 @@ do_generate_key(struct sc_profile *profile, const char *spec)
|
||||||
return r;
|
return r;
|
||||||
if (!opt_quiet)
|
if (!opt_quiet)
|
||||||
printf("Warning: card doesn't support on-board "
|
printf("Warning: card doesn't support on-board "
|
||||||
"key generation; using software generation\n");
|
"key generation.\n"
|
||||||
|
"Trying software generation\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Generate the key ourselves */
|
/* Generate the key ourselves */
|
||||||
|
@ -644,6 +659,7 @@ init_keyargs(struct sc_pkcs15init_prkeyargs *args)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
args->label = opt_objectlabel;
|
args->label = opt_objectlabel;
|
||||||
|
args->x509_usage = opt_x509_usage;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1108,6 +1124,79 @@ do_convert_cert(sc_pkcs15_der_t *der, X509 *cert)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parse X.509 key usage list
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
parse_x509_usage(const char *list, unsigned int *res)
|
||||||
|
{
|
||||||
|
static const char * x509_usage_names[] = {
|
||||||
|
"digitalSignature",
|
||||||
|
"nonRepudiation",
|
||||||
|
"keyEncipherment",
|
||||||
|
"dataEncipherment",
|
||||||
|
"keyAgreement",
|
||||||
|
"keyCertSign",
|
||||||
|
"cRLSign",
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
static struct {
|
||||||
|
const char * name;
|
||||||
|
const char * list;
|
||||||
|
} x509_usage_aliases[] = {
|
||||||
|
{ "sign", "digitalSignature,nonRepudiation,keyCertSign,cRLSign" },
|
||||||
|
{ "decrypt", "keyEncipherment,dataEncipherment" },
|
||||||
|
{ NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
while (1) {
|
||||||
|
int len, n, match = 0;
|
||||||
|
|
||||||
|
while (*list == ',')
|
||||||
|
list++;
|
||||||
|
if (!*list)
|
||||||
|
break;
|
||||||
|
len = strcspn(list, ",");
|
||||||
|
if (len == 4 && !strncasecmp(list, "help", 4)) {
|
||||||
|
printf("Valid X.509 usage names (vase-insensitive):");
|
||||||
|
for (n = 0; x509_usage_names[n]; n++)
|
||||||
|
printf(" %s", x509_usage_names[n]);
|
||||||
|
printf("\nAliases:\n");
|
||||||
|
for (n = 0; x509_usage_aliases[n].name; n++) {
|
||||||
|
printf(" %-12s %s\n",
|
||||||
|
x509_usage_aliases[n].name,
|
||||||
|
x509_usage_aliases[n].list);
|
||||||
|
}
|
||||||
|
printf("Use commas to separate several usage names; "
|
||||||
|
"abbreviated names are okay if unique (e.g. dataEnc)\n");
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
for (n = 0; x509_usage_names[n]; n++) {
|
||||||
|
if (!strncasecmp(x509_usage_names[n], list, len)) {
|
||||||
|
*res |= (1 << n);
|
||||||
|
match++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for (n = 0; x509_usage_aliases[n].name; n++) {
|
||||||
|
if (!strncasecmp(x509_usage_aliases[n].name, list, len)) {
|
||||||
|
parse_x509_usage(x509_usage_aliases[n].list, res);
|
||||||
|
match++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (match == 0) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Unknown X.509 key usage %.*s\n", len, list);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if (match > 1) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Ambiguous X.509 key usage %.*s\n", len, list);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
list += len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handle one option
|
* Handle one option
|
||||||
*/
|
*/
|
||||||
|
@ -1157,6 +1246,12 @@ handle_option(int c)
|
||||||
case 'p':
|
case 'p':
|
||||||
opt_profile = optarg;
|
opt_profile = optarg;
|
||||||
break;
|
break;
|
||||||
|
case 'r':
|
||||||
|
opt_reader = atoi(optarg);
|
||||||
|
break;
|
||||||
|
case 'u':
|
||||||
|
parse_x509_usage(optarg, &opt_x509_usage);
|
||||||
|
break;
|
||||||
case OPT_OPTIONS:
|
case OPT_OPTIONS:
|
||||||
read_options_file(optarg);
|
read_options_file(optarg);
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue