/* Converts the first certificate for the cert_auth_info structure
* to a pcert.
*/
int
_gnutls_get_auth_info_pcert (gnutls_pcert_st* pcert,
gnutls_certificate_type_t type,
cert_auth_info_t info)
{
switch (type)
{
case GNUTLS_CRT_X509:
return gnutls_pcert_import_x509_raw(pcert, &info->raw_certificate_list[0],
GNUTLS_X509_FMT_DER, GNUTLS_PCERT_NO_CERT);
#ifdef ENABLE_OPENPGP
case GNUTLS_CRT_OPENPGP:
return gnutls_pcert_import_openpgp_raw(pcert,
&info->raw_certificate_list[0],
GNUTLS_OPENPGP_FMT_RAW,
info->use_subkey ? info->
subkey_id : NULL, GNUTLS_PCERT_NO_CERT);
#endif
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
}
/* Load the certificate and the private key.
*/
static void
load_keys (void)
{
unsigned int crt_num;
int ret, i;
gnutls_datum_t data = { NULL, 0 };
gnutls_x509_crt_t crt_list[MAX_CRT];
#ifdef ENABLE_PKCS11
gnutls_pkcs11_privkey_t pkcs11_key;
#endif
gnutls_x509_privkey_t tmp_key;
unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (x509_certfile != NULL && x509_keyfile != NULL)
{
#ifdef ENABLE_PKCS11
if (strncmp (x509_certfile, "pkcs11:", 7) == 0)
{
crt_num = 1;
gnutls_x509_crt_init (&crt_list[0]);
ret =
gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, 0);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
ret =
gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile,
GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
x509_crt_size = 1;
}
else
#endif /* ENABLE_PKCS11 */
{
data = load_file (x509_certfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
crt_num = MAX_CRT;
ret =
gnutls_x509_crt_list_import (crt_list, &crt_num, &data,
GNUTLS_X509_FMT_PEM,
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
if (ret < 0)
{
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
fprintf (stderr,
"*** Error loading cert file: Too many certs %d\n",
crt_num);
}
else
{
fprintf (stderr,
"*** Error loading cert file: %s\n",
gnutls_strerror (ret));
}
exit (1);
}
x509_crt_size = ret;
}
for (i=0;i<x509_crt_size;i++)
{
ret = gnutls_pcert_import_x509(&x509_crt[i], crt_list[i], 0);
if (ret < 0)
{
fprintf(stderr, "*** Error importing crt to pcert: %s\n",
gnutls_strerror(ret));
exit(1);
}
gnutls_x509_crt_deinit(crt_list[i]);
}
unload_file (&data);
ret = gnutls_privkey_init(&x509_key);
if (ret < 0)
{
fprintf (stderr, "*** Error initializing key: %s\n",
gnutls_strerror (ret));
exit (1);
}
#ifdef ENABLE_PKCS11
if (strncmp (x509_keyfile, "pkcs11:", 7) == 0)
{
gnutls_pkcs11_privkey_init (&pkcs11_key);
ret =
gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
ret = gnutls_privkey_import_pkcs11( x509_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
}
else
#endif /* ENABLE_PKCS11 */
{
data = load_file (x509_keyfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
gnutls_x509_privkey_init (&tmp_key);
ret =
gnutls_x509_privkey_import (tmp_key, &data, GNUTLS_X509_FMT_PEM);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
ret = gnutls_privkey_import_x509( x509_key, tmp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (&data);
}
fprintf (stdout, "Processed %d client X.509 certificates...\n",
x509_crt_size);
}
#ifdef ENABLE_OPENPGP
if (info.pgp_subkey != NULL)
{
get_keyid (keyid, info.pgp_subkey);
}
if (pgp_certfile != NULL && pgp_keyfile != NULL)
{
gnutls_openpgp_crt_t tmp_pgp_crt;
data = load_file (pgp_certfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading PGP cert file.\n");
exit (1);
}
gnutls_openpgp_crt_init (&tmp_pgp_crt);
ret =
gnutls_pcert_import_openpgp_raw (&pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64, info.pgp_subkey!=NULL?keyid:NULL, 0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading PGP cert file: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (&data);
ret = gnutls_privkey_init(&pgp_key);
if (ret < 0)
{
fprintf (stderr, "*** Error initializing key: %s\n",
gnutls_strerror (ret));
exit (1);
}
#ifdef ENABLE_PKCS11
if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0)
{
gnutls_pkcs11_privkey_init (&pkcs11_key);
ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
ret = gnutls_privkey_import_pkcs11( pgp_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
}
else
#endif /* ENABLE_PKCS11 */
{
gnutls_openpgp_privkey_t tmp_pgp_key;
data = load_file (pgp_keyfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading PGP key file.\n");
exit (1);
}
gnutls_openpgp_privkey_init (&tmp_pgp_key);
ret =
gnutls_openpgp_privkey_import (tmp_pgp_key, &data,
GNUTLS_OPENPGP_FMT_BASE64, NULL,
0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading PGP key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
if (info.pgp_subkey != NULL)
{
ret =
gnutls_openpgp_privkey_set_preferred_key_id (tmp_pgp_key, keyid);
if (ret < 0)
{
fprintf (stderr,
"*** Error setting preferred sub key id (%s): %s\n",
info.pgp_subkey, gnutls_strerror (ret));
exit (1);
}
}
ret = gnutls_privkey_import_openpgp( pgp_key, tmp_pgp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (&data);
}
fprintf (stdout, "Processed 1 client PGP certificate...\n");
}
#endif
}
/* Load the certificate and the private key.
*/
static void
load_keys (void)
{
unsigned int crt_num;
int ret;
unsigned int i;
gnutls_datum_t data = { NULL, 0 };
gnutls_x509_crt_t crt_list[MAX_CRT];
unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (x509_certfile != NULL && x509_keyfile != NULL)
{
#ifdef ENABLE_PKCS11
if (strncmp (x509_certfile, "pkcs11:", 7) == 0)
{
crt_num = 1;
gnutls_x509_crt_init (&crt_list[0]);
gnutls_x509_crt_set_pin_function(crt_list[0], pin_callback, NULL);
ret =
gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, 0);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
ret =
gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile,
GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
x509_crt_size = 1;
}
else
#endif /* ENABLE_PKCS11 */
{
ret = gnutls_load_file (x509_certfile, &data);
if (ret < 0)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
crt_num = MAX_CRT;
ret =
gnutls_x509_crt_list_import (crt_list, &crt_num, &data,
x509ctype,
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
if (ret < 0)
{
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
fprintf (stderr,
"*** Error loading cert file: Too many certs %d\n",
crt_num);
}
else
{
fprintf (stderr,
"*** Error loading cert file: %s\n",
gnutls_strerror (ret));
}
exit (1);
}
x509_crt_size = ret;
}
for (i=0;i<x509_crt_size;i++)
{
ret = gnutls_pcert_import_x509(&x509_crt[i], crt_list[i], 0);
if (ret < 0)
{
fprintf(stderr, "*** Error importing crt to pcert: %s\n",
gnutls_strerror(ret));
exit(1);
}
gnutls_x509_crt_deinit(crt_list[i]);
}
gnutls_free (data.data);
ret = gnutls_privkey_init(&x509_key);
if (ret < 0)
{
fprintf (stderr, "*** Error initializing key: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_privkey_set_pin_function(x509_key, pin_callback, NULL);
if (gnutls_url_is_supported(x509_keyfile) != 0)
{
ret =
gnutls_privkey_import_url (x509_key, x509_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
}
else
{
ret = gnutls_load_file (x509_keyfile, &data);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype, NULL, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_free(data.data);
}
fprintf (stdout, "Processed %d client X.509 certificates...\n",
x509_crt_size);
}
#ifdef ENABLE_OPENPGP
if (HAVE_OPT(PGPSUBKEY))
{
get_keyid (keyid, OPT_ARG(PGPSUBKEY));
}
if (pgp_certfile != NULL && pgp_keyfile != NULL)
{
gnutls_openpgp_crt_t tmp_pgp_crt;
ret = gnutls_load_file (pgp_certfile, &data);
if (ret < 0)
{
fprintf (stderr, "*** Error loading PGP cert file.\n");
exit (1);
}
gnutls_openpgp_crt_init (&tmp_pgp_crt);
ret =
gnutls_pcert_import_openpgp_raw (&pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64, HAVE_OPT(PGPSUBKEY)?keyid:NULL, 0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading PGP cert file: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_free (data.data);
ret = gnutls_privkey_init(&pgp_key);
if (ret < 0)
{
fprintf (stderr, "*** Error initializing key: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_privkey_set_pin_function(pgp_key, pin_callback, NULL);
if (gnutls_url_is_supported (pgp_keyfile))
{
ret = gnutls_privkey_import_url( pgp_key, pgp_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
}
else
{
ret = gnutls_load_file (pgp_keyfile, &data);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
if (HAVE_OPT(PGPSUBKEY))
ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data, x509ctype, keyid, NULL);
else
ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data, x509ctype, NULL, NULL);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_free(data.data);
}
fprintf (stdout, "Processed 1 client PGP certificate...\n");
}
#endif
}
