Update X.509 Extensions

tools/certrevoke.c

@@ -16,90 +16,99 @@
 #include <gmssl/x509.h>
 #include <gmssl/x509_crl.h>
 
-// 20220105Z
 
-static const char *options = "-in cert.pem [-reason str] [-invalid_date timestamp] [-out RevokedCertificate.der]";
+static const char *options =
+	" -in pem"
+	" [-reason str]"
+	" [-invalid_date time]"
+	" [-out der]";
 
-static void print_options(FILE *fp, const char *prog)
-{
-	int i;
-	fprintf(fp, "Options:\n");
-	fprintf(fp, "  -in cert.pem          Certificate in PEM format to be revoked\n");
-	fprintf(fp, "  -reason code          Revocation reason code, avaiable codes:\n");
-	for (i = 0; i <= X509_cr_aa_compromise; i++) {
-		fprintf(fp, "                            %s (%d)\n", x509_crl_reason_name(i), i);
-	}
-	fprintf(fp, "  -invalid_date time    Revocation timestamp in YYYYMMDDHHMMSSZ format\n");
-	fprintf(fp, "                        Example: -invalid_date 20221231000000Z\n");
-	fprintf(fp, "  -out file.der         Output ASN.1 RevokedCertificate in DER format\n");
+static char *usage =
+"Options\n"
+"\n"
+"    -in pem                  Certificate in PEM format to be revoked\n"
+"    -reason str              Revocation reason code, avaiable codes:\n"
+"                                 * unspecified\n"
+"                                 * keyCompromise\n"
+"                                 * cACompromise\n"
+"                                 * affiliationChanged\n"
+"                                 * superseded\n"
+"                                 * cessationOfOperation\n"
+"                                 * certificateHold\n"
+"                                 * notAssigned\n"
+"                                 * removeFromCRL\n"
+"                                 * privilegeWithdrawn\n"
+"                                 * aACompromise\n"
+"    -invalid_date time      The date on which it is known or suspected the certificate became invalid\n"
+"                            Time in `YYYYMMDDHHMMSSZ` format such as 20221231000000Z\n"
+"                            The last 'Z' means it is Zulu (GMT) time\n"
+"    -out der | stdout       Output X.509 RevokedCertificate in DER-encoding\n"
+"                            This file stores multiple RevokedCertificates, used as input by `crlsign`\n"
+"\n"
+"Examples\n"
+"\n"
+"    gmssl certrevoke -in cert1.pem -reason keyCompromise -invalid_date 20221230000000Z -out revoked_certs.der\n"
+"    gmssl certrevoke -in cert1.pem -reason keyCompromise -invalid_date 20221230000000Z >> revoked_certs.der\n"
+"\n";
 
-	fprintf(fp, "Examples:\n");
-	fprintf(fp, "  %s -in cert1.pem -reason keyCompromise -invalid_date 20221230000000Z -out revoked_certs.der\n", prog);
-	fprintf(fp, "  %s -in cert2.pem -reason keyCompromise -invalid_date 20221231000000Z >> revoked_certs.der\n", prog);
-}
 
 int certrevoke_main(int argc, char **argv)
 {
 	int ret = 1;
 	char *prog = argv[0];
-	char *infile = NULL;
-	char *outfile = NULL;
-	int reason = -1;
-	time_t invalid_date = -1;
+	char *str;
+
 	uint8_t *cert = NULL;
 	size_t certlen;
+	int reason = -1;
+	time_t invalid_date = -1;
+	char *outfile = NULL;
+	FILE *outfp = stdout;
 	uint8_t *outbuf = NULL;
 	uint8_t *out;
 	size_t outlen;
-	FILE *outfp = stdout;
 
 	argc--;
 	argv++;
 
 	while (argc > 0) {
 		if (!strcmp(*argv, "-help")) {
-			printf("usage: %s %s\n", prog, options);
-			print_options(stdout, prog);
+			printf("usage: gmssl %s %s\n\n", prog, options);
+			printf("%s", usage);
 			goto end;
 		} else if (!strcmp(*argv, "-in")) {
 			if (--argc < 1) goto bad;
-			infile = *(++argv);
-			if (x509_cert_new_from_file(&cert, &certlen, infile) != 1) {
-				fprintf(stderr, "%s: open cert file %s failure\n", prog, infile);
+			str = *(++argv);
+			if (x509_cert_new_from_file(&cert, &certlen, str) != 1) {
+				fprintf(stderr, "%s: open cert file '%s' failure\n", prog, str);
 				goto end;
 			}
 		} else if (!strcmp(*argv, "-out")) {
 			if (--argc < 1) goto bad;
 			outfile = *(++argv);
-			if (!(outfp = fopen(outfile, "wb"))) {
+			if (!(outfp = fopen(outfile, "ab"))) {
 				fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
 				goto end;
 			}
 		} else if (!strcmp(*argv, "-reason")) {
-			char *name;
-			int i;
 			if (--argc < 1) goto bad;
-			name = *(++argv);
-			if (x509_crl_reason_from_name(&reason, name) != 1) {
-				fprintf(stderr, "%s: invalid reason '%s'\n", prog, name);
-				fprintf(stderr, "-reason values:\n");
-				for (i = 0; i <= X509_cr_aa_compromise; i++) {
-					fprintf(stderr, "  %s\n", x509_crl_reason_name(i));
-				}
+			str = *(++argv);
+			if (x509_crl_reason_from_name(&reason, str) != 1) {
+				fprintf(stderr, "%s: invalid reason '%s'\n", prog, str);
+				goto end;
 			}
 		} else if (!strcmp(*argv, "-invalid_date")) {
-			char *time_str;
 			if (--argc < 1) goto bad;
-			time_str =*(++argv);
-			if (asn1_time_from_str(0, &invalid_date, time_str) != 1) {
-				fprintf(stderr, "%s: invalid time '%s', should provide 'YYYYMMDDHHMMSSZ'\n", prog, time_str);
-				goto bad;
+			str =*(++argv);
+			if (asn1_time_from_str(0, &invalid_date, str) != 1) {
+				fprintf(stderr, "%s: invalid time '%s', should in 'YYYYMMDDHHMMSSZ' format\n", prog, str);
+				goto end;
 			}
 		} else {
-			fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
+			fprintf(stderr, "%s: illegal option `%s`\n", prog, *argv);
 			goto end;
 bad:
-			fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv);
+			fprintf(stderr, "%s: `%s` option value missing\n", prog, *argv);
 			goto end;
 		}
 
@@ -107,8 +116,9 @@ bad:
 		argv++;
 	}
 
-	if (!infile) {
-		fprintf(stderr, "usage: %s %s\n", prog, options);
+	if (!cert) {
+		fprintf(stderr, "%s: option `-in` missing\n", prog);
+		printf("usage: gmssl %s %s\n\n", prog, options);
 		goto end;
 	}
 	if (x509_cert_revoke_to_der(cert, certlen, time(NULL), reason, invalid_date, NULL, 0, NULL, &outlen) != 1) {