add DER format for certificate import
This commit is contained in:
+1
-1
@@ -47,7 +47,7 @@ option "pin-retries" - "Number of retries before the pin code is blocked" int op
|
|||||||
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
|
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
|
||||||
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
||||||
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
||||||
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP" enum optional default="PEM"
|
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP","DER" enum optional default="PEM"
|
||||||
option "password" p "Password for decryption of private key file" string optional
|
option "password" p "Password for decryption of private key file" string optional
|
||||||
option "subject" S "The subject to use for certificate request" string optional
|
option "subject" S "The subject to use for certificate request" string optional
|
||||||
text "
|
text "
|
||||||
|
|||||||
@@ -32,6 +32,8 @@
|
|||||||
|
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
|
|
||||||
|
#include "cmdline.h"
|
||||||
|
|
||||||
#define INPUT 1
|
#define INPUT 1
|
||||||
#define OUTPUT 2
|
#define OUTPUT 2
|
||||||
|
|
||||||
|
|||||||
+10
-3
@@ -405,7 +405,7 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
|||||||
PKCS12 *p12 = NULL;
|
PKCS12 *p12 = NULL;
|
||||||
EVP_PKEY *private_key = NULL;
|
EVP_PKEY *private_key = NULL;
|
||||||
int compress = 0;
|
int compress = 0;
|
||||||
int cert_len;
|
int cert_len = -1;
|
||||||
|
|
||||||
input_file = open_file(input_file_name, INPUT);
|
input_file = open_file(input_file_name, INPUT);
|
||||||
if(!input_file) {
|
if(!input_file) {
|
||||||
@@ -418,7 +418,12 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
|||||||
fprintf(stderr, "Failed loading certificate for import.\n");
|
fprintf(stderr, "Failed loading certificate for import.\n");
|
||||||
goto import_cert_out;
|
goto import_cert_out;
|
||||||
}
|
}
|
||||||
cert_len = i2d_X509(cert, NULL);
|
} else if(cert_format == key_format_arg_DER) {
|
||||||
|
cert = d2i_X509_fp(input_file, NULL);
|
||||||
|
if(!cert) {
|
||||||
|
fprintf(stderr, "Failed loading certificate for import.\n");
|
||||||
|
goto import_cert_out;
|
||||||
|
}
|
||||||
} else if(cert_format == key_format_arg_PKCS12) {
|
} else if(cert_format == key_format_arg_PKCS12) {
|
||||||
p12 = d2i_PKCS12_fp(input_file, NULL);
|
p12 = d2i_PKCS12_fp(input_file, NULL);
|
||||||
if(!p12) {
|
if(!p12) {
|
||||||
@@ -429,7 +434,6 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
|||||||
fprintf(stderr, "Failed to parse PKCS12 structure.\n");
|
fprintf(stderr, "Failed to parse PKCS12 structure.\n");
|
||||||
goto import_cert_out;
|
goto import_cert_out;
|
||||||
}
|
}
|
||||||
cert_len = i2d_X509(cert, NULL);
|
|
||||||
} else if (cert_format == key_format_arg_GZIP) {
|
} else if (cert_format == key_format_arg_GZIP) {
|
||||||
struct stat st;
|
struct stat st;
|
||||||
|
|
||||||
@@ -444,6 +448,9 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
|||||||
fprintf(stderr, "Unknown key format.\n");
|
fprintf(stderr, "Unknown key format.\n");
|
||||||
goto import_cert_out;
|
goto import_cert_out;
|
||||||
}
|
}
|
||||||
|
if(cert_len == -1) {
|
||||||
|
cert_len = i2d_X509(cert, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
unsigned char certdata[2100];
|
unsigned char certdata[2100];
|
||||||
|
|||||||
Reference in New Issue
Block a user