From c403a1ddff475ae5346ba1b9ee431a5b995a1584 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 19 Nov 2016 19:38:23 +0100 Subject: [PATCH] Add a simple store utility command This command can be used to view the contents of any supported type of information fetched from a URI, and output them in PEM format. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3542) --- apps/build.info | 2 +- apps/storeutl.c | 199 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 200 insertions(+), 1 deletion(-) create mode 100644 apps/storeutl.c diff --git a/apps/build.info b/apps/build.info index e2ddd2b56d..996e5a6cfa 100644 --- a/apps/build.info +++ b/apps/build.info @@ -6,7 +6,7 @@ genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c - srp.c ts.c verify.c version.c x509.c rehash.c + srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c apps.c opt.c s_cb.c s_socket.c app_rand.c), split(/\s+/, $target{apps_aux_src}) ); diff --git a/apps/storeutl.c b/apps/storeutl.c new file mode 100644 index 0000000000..ac19d1d8c0 --- /dev/null +++ b/apps/storeutl.c @@ -0,0 +1,199 @@ +/* + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include "apps.h" +#include +#include +#include + +typedef enum OPTION_choice { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN, + OPT_NOOUT, OPT_TEXT +} OPTION_CHOICE; + +const OPTIONS storeutl_options[] = { + {OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\nValid options are:\n"}, + {"help", OPT_HELP, '-', "Display this summary"}, + {"out", OPT_OUT, '>', "Output file - default stdout"}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + {"text", OPT_TEXT, '-', "Print a text form of the objects"}, + {"noout", OPT_NOOUT, '-', "No PEM output, just status"}, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif + {NULL} +}; + +int storeutl_main(int argc, char *argv[]) +{ + OSSL_STORE_CTX *store_ctx = NULL; + int ret = 1, noout = 0, text = 0, items = 0; + char *outfile = NULL, *passin = NULL, *passinarg = NULL; + BIO *out = NULL; + ENGINE *e = NULL; + OPTION_CHOICE o; + char *prog = opt_init(argc, argv, storeutl_options); + PW_CB_DATA pw_cb_data; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: + opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + goto end; + case OPT_HELP: + opt_help(storeutl_options); + ret = 0; + goto end; + case OPT_OUT: + outfile = opt_arg(); + break; + case OPT_PASSIN: + passinarg = opt_arg(); + break; + case OPT_NOOUT: + noout = 1; + break; + case OPT_TEXT: + text = 1; + break; + case OPT_ENGINE: + e = setup_engine(opt_arg(), 0); + break; + } + } + argc = opt_num_rest(); + argv = opt_rest(); + + if (argc == 0) { + BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog); + goto opthelp; + } + if (argc > 1) { + BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog); + goto opthelp; + } + + if (!app_passwd(passinarg, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + pw_cb_data.password = passin; + pw_cb_data.prompt_info = argv[0]; + + out = bio_open_default(outfile, 'w', FORMAT_TEXT); + if (out == NULL) + goto end; + + if ((store_ctx = OSSL_STORE_open(argv[0], get_ui_method(), &pw_cb_data, + NULL, NULL)) == NULL) { + BIO_printf(bio_err, "Couldn't open file or uri %s\n", argv[0]); + ERR_print_errors(bio_err); + goto end; + } + + /* From here on, we count errors, and we'll return the count at the end */ + ret = 0; + + for (;;) { + OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx); + int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); + const char *infostr = + info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); + + if (info == NULL) { + if (OSSL_STORE_eof(store_ctx)) + break; + + if (OSSL_STORE_error(store_ctx)) { + ERR_print_errors(bio_err); + ret++; + break; + } + + BIO_printf(bio_err, + "ERROR: OSSL_STORE_load() returned NULL without " + "eof or error indications\n"); + BIO_printf(bio_err, " This is an error in the loader\n"); + ERR_print_errors(bio_err); + ret++; + break; + } + + if (type == OSSL_STORE_INFO_NAME) { + const char *name = OSSL_STORE_INFO_get0_NAME(info); + const char *desc = OSSL_STORE_INFO_get0_NAME_description(info); + BIO_printf(bio_out, "%d: %s: %s\n", items, infostr, name); + if (desc != NULL) + BIO_printf(bio_out, "%s\n", desc); + } else { + BIO_printf(bio_out, "%d: %s\n", items, infostr); + } + + /* + * Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in + * functionality, so we must figure out how exactly to write things + * ourselves... + */ + switch (type) { + case OSSL_STORE_INFO_NAME: + break; + case OSSL_STORE_INFO_PARAMS: + if (text) + EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info), + 0, NULL); + if (!noout) + PEM_write_bio_Parameters(out, + OSSL_STORE_INFO_get0_PARAMS(info)); + break; + case OSSL_STORE_INFO_PKEY: + if (text) + EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info), + 0, NULL); + if (!noout) + PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info), + NULL, NULL, 0, NULL, NULL); + break; + case OSSL_STORE_INFO_CERT: + if (text) + X509_print(out, OSSL_STORE_INFO_get0_CERT(info)); + if (!noout) + PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info)); + break; + case OSSL_STORE_INFO_CRL: + if (text) + X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info)); + if (!noout) + PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info)); + break; + default: + BIO_printf(bio_err, "!!! Unknown code\n"); + ret++; + break; + } + items++; + OSSL_STORE_INFO_free(info); + } + BIO_printf(out, "Total found: %d\n", items); + + if (!OSSL_STORE_close(store_ctx)) { + ERR_print_errors(bio_err); + ret++; + goto end; + } + + end: + BIO_free_all(out); + OPENSSL_free(passin); + release_engine(e); + return ret; +}