mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-06 16:36:16 +08:00
Add crlget tool
This commit is contained in:
Zhi Guan
@@ -14,46 +14,51 @@
|
||||
#include <stdlib.h>
|
||||
#include <gmssl/pem.h>
|
||||
#include <gmssl/x509.h>
|
||||
#include <gmssl/x509_ext.h>
|
||||
#include <gmssl/http.h>
|
||||
|
||||
#include <gmssl/error.h>
|
||||
|
||||
static const char *usage = "[-in pem] [-out file]\n";
|
||||
static const char *usage = "-cert pem [-out file]\n";
|
||||
|
||||
static const char *options =
|
||||
"Options\n"
|
||||
"\n"
|
||||
" -in pem | stdin Input certificates in PEM format.\n"
|
||||
" -cert pem Input certificates in PEM format.\n"
|
||||
" -out der | stdout Output CRL file in DER-encoding\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
" gmssl crlget -in cert.pem -out crl.der\n"
|
||||
" gmssl crlget -cert cert.pem -out crl.der\n"
|
||||
"\n";
|
||||
|
||||
int certparse_main(int argc, char **argv)
|
||||
int crlget_main(int argc, char **argv)
|
||||
{
|
||||
int ret = 1;
|
||||
char *prog = argv[0];
|
||||
char *infile = NULL;
|
||||
char *str;
|
||||
|
||||
uint8_t *cert = NULL;
|
||||
size_t certlen = 0;
|
||||
char *outfile = NULL;
|
||||
FILE *infp = stdin;
|
||||
FILE *outfp = stdout;
|
||||
uint8_t cert[18192];
|
||||
size_t certlen;
|
||||
|
||||
const uint8_t *exts;
|
||||
size_t extslen;
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
|
||||
while (argc > 0) {
|
||||
if (!strcmp(*argv, "-help")) {
|
||||
printf("usage: gmssl %s %s\n\n", prog, options);
|
||||
printf("%s\n", usage);
|
||||
printf("usage: gmssl %s %s\n\n", prog, usage);
|
||||
printf("%s\n", options);
|
||||
goto end;
|
||||
} else if (!strcmp(*argv, "-in")) {
|
||||
} else if (!strcmp(*argv, "-cert")) {
|
||||
if (--argc < 1) goto bad;
|
||||
infile = *(++argv);
|
||||
if (!(infp = fopen(infile, "rb"))) {
|
||||
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno));
|
||||
str = *(++argv);
|
||||
if (x509_cert_new_from_file(&cert, &certlen, str) != 1) {
|
||||
fprintf(stderr, "%s: load ca certificate '%s' failure\n", prog, str);
|
||||
goto end;
|
||||
}
|
||||
} else if (!strcmp(*argv, "-out")) {
|
||||
@@ -75,17 +80,68 @@ bad:
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), infp) != 1) {
|
||||
if (!cert) {
|
||||
fprintf(stderr, "%s: `-cert` option required\n", prog);
|
||||
printf("usage: gmssl %s %s\n\n", prog, options);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (x509_cert_get_exts(cert, certlen, &exts, &extslen) != 1) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
if (!exts) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
int critical;
|
||||
const uint8_t *val;
|
||||
size_t vlen;
|
||||
|
||||
if ((ret = x509_exts_get_ext_by_oid(exts, extslen, OID_ce_crl_distribution_points, &critical, &val, &vlen)) < 0) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
if (x509_exts_get_ext_by_oid(exts, extslen, OID_ce_crl_
|
||||
|
||||
|
||||
char *uristr;
|
||||
const char *uri;
|
||||
size_t urilen;
|
||||
int reason;
|
||||
const uint8_t *crl_issuer;
|
||||
size_t crl_issuer_len;
|
||||
|
||||
if (x509_uri_as_distribution_points_from_der(&uri, &urilen, &reason, &crl_issuer, &crl_issuer_len, &val, &vlen) != 1) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
if (!(uristr = strndup(uri, urilen))) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
|
||||
uint8_t *crl = NULL;
|
||||
size_t crl_len = 0;
|
||||
|
||||
if (http_get(uristr, NULL, &crl_len, 0) < 0) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
if (!(crl = malloc(crl_len))) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
if (http_get(uristr, crl, &crl_len, crl_len) != 1) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
|
||||
fwrite(crl, crl_len, 1, outfp);
|
||||
|
||||
|
||||
ret = 0;
|
||||
end:
|
||||
if (infile && infp) fclose(infp);
|
||||
if (cert) free(cert);
|
||||
if (outfile && outfp) fclose(outfp);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -19,6 +19,7 @@ extern int certgen_main(int argc, char **argv);
|
||||
extern int certparse_main(int argc, char **argv);
|
||||
extern int certverify_main(int argc, char **argv);
|
||||
extern int certrevoke_main(int argc, char **argv);
|
||||
extern int crlget_main(int argc, char **argv);
|
||||
extern int crlgen_main(int argc, char **argv);
|
||||
extern int crlparse_main(int argc, char **argv);
|
||||
extern int crlverify_main(int argc, char **argv);
|
||||
@@ -82,6 +83,7 @@ static const char *options =
|
||||
" reqgen Generate certificate signing request (CSR)\n"
|
||||
" reqsign Generate certificate from CSR\n"
|
||||
" reqparse Parse and print a CSR\n"
|
||||
" crlget Download the CRL of given certificate\n"
|
||||
" crlgen Sign a CRL with CA certificate and private key\n"
|
||||
" crlparse Verify a CRL with certificate\n"
|
||||
" crlverify Parse and print CRL\n"
|
||||
@@ -134,6 +136,8 @@ int main(int argc, char **argv)
|
||||
return certverify_main(argc, argv);
|
||||
} else if (!strcmp(*argv, "certrevoke")) {
|
||||
return certrevoke_main(argc, argv);
|
||||
} else if (!strcmp(*argv, "crlget")) {
|
||||
return crlget_main(argc, argv);
|
||||
} else if (!strcmp(*argv, "crlgen")) {
|
||||
return crlgen_main(argc, argv);
|
||||
} else if (!strcmp(*argv, "crlparse")) {
|
||||
|
||||
Reference in New Issue
Block a user