Add a scepclient option to specify a CA identifier to fetch certs for
This commit is contained in:
Martin Willi
parent
f48e727232
commit
2fc0232a39
|
|
@ -319,7 +319,7 @@ static char* escape_http_request(chunk_t req)
|
|||
/**
|
||||
* Send a SCEP request via HTTP and wait for a response
|
||||
*/
|
||||
bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
|
||||
bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
|
||||
bool http_get_request, chunk_t *response)
|
||||
{
|
||||
int len;
|
||||
|
|
@ -337,7 +337,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
|
|||
|
||||
if (http_get_request)
|
||||
{
|
||||
char *escaped_req = escape_http_request(pkcs7);
|
||||
char *escaped_req = escape_http_request(msg);
|
||||
|
||||
/* form complete url */
|
||||
len = strlen(url) + 20 + strlen(operation) + strlen(escaped_req) + 1;
|
||||
|
|
@ -362,7 +362,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
|
|||
|
||||
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
|
||||
FETCH_HTTP_VERSION_1_0,
|
||||
FETCH_REQUEST_DATA, pkcs7,
|
||||
FETCH_REQUEST_DATA, msg,
|
||||
FETCH_REQUEST_TYPE, "",
|
||||
FETCH_REQUEST_HEADER, "Expect:",
|
||||
FETCH_END);
|
||||
|
|
@ -371,12 +371,22 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
|
|||
else /* SCEP_GET_CA_CERT */
|
||||
{
|
||||
const char operation[] = "GetCACert";
|
||||
int i;
|
||||
|
||||
/* escape spaces, TODO: complete URL escape */
|
||||
for (i = 0; i < msg.len; i++)
|
||||
{
|
||||
if (msg.ptr[i] == ' ')
|
||||
{
|
||||
msg.ptr[i] = '+';
|
||||
}
|
||||
}
|
||||
|
||||
/* form complete url */
|
||||
len = strlen(url) + 32 + strlen(operation) + 1;
|
||||
len = strlen(url) + 32 + strlen(operation) + msg.len + 1;
|
||||
complete_url = malloc(len);
|
||||
snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier",
|
||||
url, operation);
|
||||
snprintf(complete_url, len, "%s?operation=%s&message=%.*s",
|
||||
url, operation, (int)msg.len, msg.ptr);
|
||||
|
||||
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
|
||||
FETCH_HTTP_VERSION_1_0,
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
|
|||
certificate_t *enc_cert, encryption_algorithm_t enc_alg,
|
||||
size_t key_size, certificate_t *signer_cert,
|
||||
hash_algorithm_t digest_alg, private_key_t *private_key);
|
||||
bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
|
||||
bool scep_http_request(const char *url, chunk_t message, scep_op_t op,
|
||||
bool http_get_request, chunk_t *response);
|
||||
err_t scep_parse_response(chunk_t response, chunk_t transID,
|
||||
pkcs7_t **data, scep_attributes_t *attrs,
|
||||
|
|
|
|||
|
|
@ -361,6 +361,9 @@ static void usage(const char *message)
|
|||
" <algo> = md5 (default) | sha1 | sha256 |\n"
|
||||
" sha384 | sha512\n"
|
||||
"\n"
|
||||
"Options for CA certificate acquisition:\n"
|
||||
" --caname (-c) <name> name of CA to fetch CA certificate(s)\n"
|
||||
" (default: CAIdentifier)\n"
|
||||
"Options for enrollment (cert):\n"
|
||||
" --url (-u) <url> url of the SCEP server\n"
|
||||
" --method (-m) post | get http request type\n"
|
||||
|
|
@ -451,6 +454,9 @@ int main(int argc, char **argv)
|
|||
/* URL of the SCEP-Server */
|
||||
char *scep_url = NULL;
|
||||
|
||||
/* Name of CA to fetch CA certs for */
|
||||
char *ca_name = "CAIdentifier";
|
||||
|
||||
/* http request method, default is GET */
|
||||
bool http_get_request = TRUE;
|
||||
|
||||
|
|
@ -512,6 +518,7 @@ int main(int argc, char **argv)
|
|||
{ "password", required_argument, NULL, 'p' },
|
||||
{ "algorithm", required_argument, NULL, 'a' },
|
||||
{ "url", required_argument, NULL, 'u' },
|
||||
{ "caname", required_argument, NULL, 'c'},
|
||||
{ "method", required_argument, NULL, 'm' },
|
||||
{ "interval", required_argument, NULL, 't' },
|
||||
{ "maxpolltime", required_argument, NULL, 'x' },
|
||||
|
|
@ -519,7 +526,7 @@ int main(int argc, char **argv)
|
|||
};
|
||||
|
||||
/* parse next option */
|
||||
int c = getopt_long(argc, argv, "hv+:qi:o:fk:d:s:p:a:u:m:t:x:APRCMS", long_opts, NULL);
|
||||
int c = getopt_long(argc, argv, "hv+:qi:o:fk:d:s:p:a:u:c:m:t:x:APRCMS", long_opts, NULL);
|
||||
|
||||
switch (c)
|
||||
{
|
||||
|
|
@ -782,6 +789,10 @@ int main(int argc, char **argv)
|
|||
scep_url = optarg;
|
||||
continue;
|
||||
|
||||
case 'c': /* -- caname */
|
||||
ca_name = optarg;
|
||||
continue;
|
||||
|
||||
case 'm': /* --method */
|
||||
if (strcaseeq("get", optarg))
|
||||
{
|
||||
|
|
@ -917,8 +928,8 @@ int main(int argc, char **argv)
|
|||
char ca_path[PATH_MAX];
|
||||
pkcs7_t *pkcs7;
|
||||
|
||||
if (!scep_http_request(scep_url, chunk_empty, SCEP_GET_CA_CERT,
|
||||
http_get_request, &scep_response))
|
||||
if (!scep_http_request(scep_url, chunk_create(ca_name, strlen(ca_name)),
|
||||
SCEP_GET_CA_CERT, http_get_request, &scep_response))
|
||||
{
|
||||
exit_scepclient("did not receive a valid scep response");
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue