~X509CredentialInternal(){ clear_cert(); }
/* * Create an EE or CA certificate using the * table to set the fields. The table is build * using command line arguments */ int create_cert( struct object_field *table) { int ret = 0; int i; struct Certificate cert; Certificate(&cert, (ushort) 0); // constructor for the cert struct char *keyfile = NULL, *val; int val_type; eecert = 0; // is it a ca or ee cert if ((ret = setEEorCA(table)) != SUCCESS) return ret; setSelfSigned(table); // Read the certificate template into the certificate if (!templateFile) { if (eecert) templateFile = CONFIG_TEMPLATE_EE_CERT_get(); else templateFile = CONFIG_TEMPLATE_CA_CERT_get(); } ret = get_casn_file(&cert.self, (char *)templateFile, 0); if (ret < 0) { warn(FILE_OPEN_ERR, (char *)templateFile); return (FILE_OPEN_ERR); } // clear out fields in the template (only keeping a few); clear_cert(&cert); // fill in the default fields write_default_fields(&cert); // Populate the certificate fields with data from the // table. Note the table is populated from input arguments // If there is no function to call and the argument is optional then // it is ok otherwise it is an error. for (i = 0; table[i].name != NULL; i++) { if (table[i].func != NULL) { if (table[i].value != NULL) { if (table[i].func(&cert.self, table[i].value) < 0) { fprintf(stderr, "Error writing %s into field %s\n", table[i].value, table[i].name); } } else { if (table[i].required) fprintf(stderr, "Missing value for %s\n", table[i].name); } } } // if signature value is set in the table, write that value as the // signature, // otherwise sign it if (get_table_value("signatureValue", table, &val, &val_type) != 0) { fprintf(stdout, "Error writing signature"); return (-1); } if (val != NULL) // input signature { if (write_sig(&cert, val) != SUCCESS) { fprintf(stdout, "Error writing signature"); return (-1); } } else { // have to sign it, get key from subject // keyfile if selfsigned else parents if (selfSigned) get_table_value("subjkeyfile", table, &keyfile, &val_type); else get_table_value("parentkeyfile", table, &keyfile, &val_type); if (keyfile == NULL || (sign_cert(&cert, keyfile) != SUCCESS)) return -1; } // write out the certificate using the ouput filename if (get_table_value("outputfilename", table, &val, &val_type) < 0) { warn(FILE_WRITE_ERR, "outputfilename missing"); return (FILE_WRITE_ERR); } if (put_casn_file(&cert.self, val, 0) < 0) { warn(FILE_WRITE_ERR, val); return (FILE_WRITE_ERR); } else warn(SUCCESS, val); return (SUCCESS); }