yubico-piv-tool: use ykpiv_util_read_cert
This commit is contained in:
+40
-43
@@ -991,73 +991,70 @@ static bool delete_certificate(ykpiv_state *state, enum enum_slot slot) {
|
|||||||
static bool read_certificate(ykpiv_state *state, enum enum_slot slot,
|
static bool read_certificate(ykpiv_state *state, enum enum_slot slot,
|
||||||
enum enum_key_format key_format, const char *output_file_name) {
|
enum enum_key_format key_format, const char *output_file_name) {
|
||||||
FILE *output_file;
|
FILE *output_file;
|
||||||
int object = get_object_id(slot);
|
uint8_t *data = NULL;
|
||||||
unsigned char data[3072];
|
const unsigned char *ptr = NULL;
|
||||||
const unsigned char *ptr = data;
|
|
||||||
unsigned long len = sizeof(data);
|
|
||||||
int cert_len;
|
|
||||||
bool ret = false;
|
|
||||||
X509 *x509 = NULL;
|
X509 *x509 = NULL;
|
||||||
|
bool ret = false;
|
||||||
|
size_t cert_len = 0;
|
||||||
|
|
||||||
if(key_format != key_format_arg_PEM &&
|
if (key_format != key_format_arg_PEM &&
|
||||||
key_format != key_format_arg_DER &&
|
key_format != key_format_arg_DER &&
|
||||||
key_format != key_format_arg_SSH) {
|
key_format != key_format_arg_SSH) {
|
||||||
fprintf(stderr, "Only PEM, DER and SSH format are supported for read-certificate.\n");
|
fprintf(stderr, "Only PEM, DER and SSH format are supported for read-certificate.\n");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
output_file = open_file(output_file_name, OUTPUT);
|
output_file = open_file(output_file_name, OUTPUT);
|
||||||
if(!output_file) {
|
if (!output_file) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ykpiv_fetch_object(state, object, data, &len) != YKPIV_OK) {
|
if (ykpiv_util_read_cert(state, get_slot_hex(slot), &data, &cert_len) != YKPIV_OK) {
|
||||||
fprintf(stderr, "Failed fetching certificate.\n");
|
fprintf(stderr, "Failed fetching certificate.\n");
|
||||||
goto read_cert_out;
|
goto read_cert_out;
|
||||||
}
|
}
|
||||||
|
ptr = data;
|
||||||
|
|
||||||
if(*ptr++ == 0x70) {
|
if (key_format == key_format_arg_PEM ||
|
||||||
ptr += get_length(ptr, &cert_len);
|
key_format == key_format_arg_SSH) {
|
||||||
if(key_format == key_format_arg_PEM ||
|
x509 = X509_new();
|
||||||
key_format == key_format_arg_SSH) {
|
if (!x509) {
|
||||||
x509 = X509_new();
|
fprintf(stderr, "Failed allocating x509 structure.\n");
|
||||||
if(!x509) {
|
goto read_cert_out;
|
||||||
fprintf(stderr, "Failed allocating x509 structure.\n");
|
}
|
||||||
goto read_cert_out;
|
x509 = d2i_X509(NULL, (const unsigned char**)&ptr, cert_len);
|
||||||
}
|
if (!x509) {
|
||||||
x509 = d2i_X509(NULL, &ptr, cert_len);
|
fprintf(stderr, "Failed parsing x509 information.\n");
|
||||||
if(!x509) {
|
goto read_cert_out;
|
||||||
fprintf(stderr, "Failed parsing x509 information.\n");
|
}
|
||||||
goto read_cert_out;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (key_format == key_format_arg_PEM) {
|
if (key_format == key_format_arg_PEM) {
|
||||||
PEM_write_X509(output_file, x509);
|
PEM_write_X509(output_file, x509);
|
||||||
ret = true;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if (!SSH_write_X509(output_file, x509)) {
|
|
||||||
fprintf(stderr, "Unable to extract public key or not an RSA key.\n");
|
|
||||||
goto read_cert_out;
|
|
||||||
}
|
|
||||||
ret = true;
|
|
||||||
}
|
|
||||||
} else { /* key_format_arg_DER */
|
|
||||||
/* XXX: This will just dump the raw data in tag 0x70.. */
|
|
||||||
fwrite(ptr, (size_t)cert_len, 1, output_file);
|
|
||||||
ret = true;
|
ret = true;
|
||||||
}
|
}
|
||||||
} else {
|
else {
|
||||||
fprintf(stderr, "Failed parsing data.\n");
|
if (!SSH_write_X509(output_file, x509)) {
|
||||||
|
fprintf(stderr, "Unable to extract public key or not an RSA key.\n");
|
||||||
|
goto read_cert_out;
|
||||||
|
}
|
||||||
|
ret = true;
|
||||||
|
}
|
||||||
|
} else { /* key_format_arg_DER */
|
||||||
|
/* XXX: This will just dump the raw data in tag 0x70.. */
|
||||||
|
fwrite(ptr, (size_t)cert_len, 1, output_file);
|
||||||
|
ret = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
read_cert_out:
|
read_cert_out:
|
||||||
if(output_file != stdout) {
|
if (output_file != stdout) {
|
||||||
fclose(output_file);
|
fclose(output_file);
|
||||||
}
|
}
|
||||||
if(x509) {
|
if (x509) {
|
||||||
X509_free(x509);
|
X509_free(x509);
|
||||||
}
|
}
|
||||||
|
if (data) {
|
||||||
|
ykpiv_util_free(state, data);
|
||||||
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user