yubico-piv-tool: use ykpiv_util_read_cert

This commit is contained in:
Trevor Bentley
2017-09-19 17:33:58 +02:00
parent 3bca63c39c
commit 248980fe27
+40 -43
View File
@@ -991,73 +991,70 @@ static bool delete_certificate(ykpiv_state *state, enum enum_slot slot) {
static bool read_certificate(ykpiv_state *state, enum enum_slot slot, static bool read_certificate(ykpiv_state *state, enum enum_slot slot,
enum enum_key_format key_format, const char *output_file_name) { enum enum_key_format key_format, const char *output_file_name) {
FILE *output_file; FILE *output_file;
int object = get_object_id(slot); uint8_t *data = NULL;
unsigned char data[3072]; const unsigned char *ptr = NULL;
const unsigned char *ptr = data;
unsigned long len = sizeof(data);
int cert_len;
bool ret = false;
X509 *x509 = NULL; X509 *x509 = NULL;
bool ret = false;
size_t cert_len = 0;
if(key_format != key_format_arg_PEM && if (key_format != key_format_arg_PEM &&
key_format != key_format_arg_DER && key_format != key_format_arg_DER &&
key_format != key_format_arg_SSH) { key_format != key_format_arg_SSH) {
fprintf(stderr, "Only PEM, DER and SSH format are supported for read-certificate.\n"); fprintf(stderr, "Only PEM, DER and SSH format are supported for read-certificate.\n");
return false; return false;
} }
output_file = open_file(output_file_name, OUTPUT); output_file = open_file(output_file_name, OUTPUT);
if(!output_file) { if (!output_file) {
return false; return false;
} }
if(ykpiv_fetch_object(state, object, data, &len) != YKPIV_OK) { if (ykpiv_util_read_cert(state, get_slot_hex(slot), &data, &cert_len) != YKPIV_OK) {
fprintf(stderr, "Failed fetching certificate.\n"); fprintf(stderr, "Failed fetching certificate.\n");
goto read_cert_out; goto read_cert_out;
} }
ptr = data;
if(*ptr++ == 0x70) { if (key_format == key_format_arg_PEM ||
ptr += get_length(ptr, &cert_len); key_format == key_format_arg_SSH) {
if(key_format == key_format_arg_PEM || x509 = X509_new();
key_format == key_format_arg_SSH) { if (!x509) {
x509 = X509_new(); fprintf(stderr, "Failed allocating x509 structure.\n");
if(!x509) { goto read_cert_out;
fprintf(stderr, "Failed allocating x509 structure.\n"); }
goto read_cert_out; x509 = d2i_X509(NULL, (const unsigned char**)&ptr, cert_len);
} if (!x509) {
x509 = d2i_X509(NULL, &ptr, cert_len); fprintf(stderr, "Failed parsing x509 information.\n");
if(!x509) { goto read_cert_out;
fprintf(stderr, "Failed parsing x509 information.\n"); }
goto read_cert_out;
}
if (key_format == key_format_arg_PEM) { if (key_format == key_format_arg_PEM) {
PEM_write_X509(output_file, x509); PEM_write_X509(output_file, x509);
ret = true;
}
else {
if (!SSH_write_X509(output_file, x509)) {
fprintf(stderr, "Unable to extract public key or not an RSA key.\n");
goto read_cert_out;
}
ret = true;
}
} else { /* key_format_arg_DER */
/* XXX: This will just dump the raw data in tag 0x70.. */
fwrite(ptr, (size_t)cert_len, 1, output_file);
ret = true; ret = true;
} }
} else { else {
fprintf(stderr, "Failed parsing data.\n"); if (!SSH_write_X509(output_file, x509)) {
fprintf(stderr, "Unable to extract public key or not an RSA key.\n");
goto read_cert_out;
}
ret = true;
}
} else { /* key_format_arg_DER */
/* XXX: This will just dump the raw data in tag 0x70.. */
fwrite(ptr, (size_t)cert_len, 1, output_file);
ret = true;
} }
read_cert_out: read_cert_out:
if(output_file != stdout) { if (output_file != stdout) {
fclose(output_file); fclose(output_file);
} }
if(x509) { if (x509) {
X509_free(x509); X509_free(x509);
} }
if (data) {
ykpiv_util_free(state, data);
}
return ret; return ret;
} }