Merge branch 'master' of github.com:Yubico/yubico-piv-tool

This commit is contained in:
Simon Josefsson
2014-10-01 15:33:55 +02:00
2 changed files with 44 additions and 15 deletions
+40 -11
View File
@@ -823,8 +823,6 @@ static bool delete_certificate(ykpiv_state *state, enum enum_slot slot) {
int main(int argc, char *argv[]) {
struct gengetopt_args_info args_info;
ykpiv_state *state;
unsigned char key[KEY_LEN];
size_t key_len = sizeof(key);
int verbosity;
enum enum_action action;
unsigned int i;
@@ -846,16 +844,47 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
if(ykpiv_hex_decode(args_info.key_arg, strlen(args_info.key_arg), key, &key_len) != YKPIV_OK) {
return EXIT_FAILURE;
}
for(i = 0; i < args_info.action_given; i++) {
bool needs_auth = false;
action = *args_info.action_arg++;
switch(action) {
case action_arg_generate:
case action_arg_setMINUS_mgmMINUS_key:
case action_arg_pinMINUS_retries:
case action_arg_importMINUS_key:
case action_arg_importMINUS_certificate:
case action_arg_setMINUS_chuid:
case action_arg_deleteMINUS_certificate:
needs_auth = true;
break;
case action_arg_version:
case action_arg_reset:
case action_arg_requestMINUS_certificate:
case action_arg_verifyMINUS_pin:
case action_arg_changeMINUS_pin:
case action_arg_changeMINUS_puk:
case action_arg_unblockMINUS_pin:
case action_arg_selfsignMINUS_certificate:
case action__NULL:
default:
continue;
}
if(needs_auth) {
unsigned char key[KEY_LEN];
size_t key_len = sizeof(key);
if(ykpiv_hex_decode(args_info.key_arg, strlen(args_info.key_arg), key, &key_len) != YKPIV_OK) {
return EXIT_FAILURE;
}
if(ykpiv_authenticate(state, key) != YKPIV_OK) {
fprintf(stderr, "Failed authentication with the applet.\n");
return EXIT_FAILURE;
}
if(verbosity) {
fprintf(stderr, "Successful applet authentication.\n");
if(ykpiv_authenticate(state, key) != YKPIV_OK) {
fprintf(stderr, "Failed authentication with the applet.\n");
return EXIT_FAILURE;
}
if(verbosity) {
fprintf(stderr, "Successful applet authentication.\n");
}
break;
}
}
/* openssl setup.. */
+4 -4
View File
@@ -41,13 +41,13 @@ key on stdout:
Generate a certificate request with public key from stdin, will print
the resulting request on stdout:
yubico-piv-tool -s 9a -S '/CN=foo/OU=test/O=example.com/' -P 123456 \\\n
yubico-piv-tool -s 9a -S '/CN=foo/OU=test/O=example.com/' -P 123456 \\
-a verify -a request
Generate a self-signed certificate with public key from stdin, will print
the certificate, for later import, on stdout:
yubico-piv-tool -s 9a -S '/CN=bar/OU=test/O=example.com/' -P 123456 \\\n
yubico-piv-tool -s 9a -S '/CN=bar/OU=test/O=example.com/' -P 123456 \\
-a verify -a selfsign
Import a certificate from stdin:
@@ -57,12 +57,12 @@ Import a certificate from stdin:
Set a random chuid, import a key and import a certificate from a PKCS12
file with password test, into slot 9c:
yubico-piv-tool -s 9c -i test.pfx -K PKCS12 -p test -a set-chuid \\\n
yubico-piv-tool -s 9c -i test.pfx -K PKCS12 -p test -a set-chuid \\
-a import-key -a import-cert
Change the management key used for administrative authentication:
yubico-piv-tool -n 0807605403020108070605040302010807060504030201 \\\n
yubico-piv-tool -n 0807605403020108070605040302010807060504030201 \\
-a set-mgm-key
Delete a certificate in slot 9a: