You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2006/03/13 04:15:46 UTC
svn commit: r385417 - /xml/security/trunk/c/src/tools/xklient/xklient.cpp
Author: blautenb
Date: Sun Mar 12 19:15:44 2006
New Revision: 385417
URL: http://svn.apache.org/viewcvs?rev=385417&view=rev
Log:
Can now perform Reissue and Recover requests
Modified:
xml/security/trunk/c/src/tools/xklient/xklient.cpp
Modified: xml/security/trunk/c/src/tools/xklient/xklient.cpp
URL: http://svn.apache.org/viewcvs/xml/security/trunk/c/src/tools/xklient/xklient.cpp?rev=385417&r1=385416&r2=385417&view=diff
==============================================================================
--- xml/security/trunk/c/src/tools/xklient/xklient.cpp (original)
+++ xml/security/trunk/c/src/tools/xklient/xklient.cpp Sun Mar 12 19:15:44 2006
@@ -967,23 +967,818 @@
cerr << " : Add a ResponseMechanism element\n";
cerr << " --sign-dsa/-sd <filename> <passphrase>\n";
cerr << " : Sign using the DSA key in file protected by passphrase\n";
+ cerr << " --add-value-dsa/-vd <filename> <passphrase> (and do proof-of-possession sig)\n";
+ cerr << " : Add the DSA key as a keyvalue\n";
+ cerr << " --add-value-rsa/-vr <filename> <passphrase> (and do proof-of-possession sig)\n";
+ cerr << " : Add the RSA key as a keyvalue\n";
+ cerr << " --revocation/-v <phrase> : Set <phrase> as revocation code\n";
+ cerr << " --kek/-k <phrase> : Key phrase to use for PrivateKey decryption\n";
+#if defined (HAVE_OPENSSL)
+ cerr << " --output-private-key/-p <file> <pass phrase>\n";
+ cerr << " : Write PEM encoded private key to file\n";
+#endif
+ cerr << " --authenticate/-a <phrase>\n";
+ cerr << " : Use <phrase> as the authentication key for the request\n";
+ cerr << " NOTE - This must come *after* adding of KeyInfo elements\n\n";
+
+}
+
+XKMSMessageAbstractType * createRegisterRequest(XSECProvider &prov, DOMDocument **doc, int argc, char ** argv, int ¶mCount, XKMSCompoundRequest * cr = NULL) {
+
+ XSECCryptoKey *proofOfPossessionKey = NULL;
+ signatureMethod proofOfPossessionSm = SIGNATURE_DSA;
+
+ if (paramCount >= argc ||
+ (stricmp(argv[paramCount], "--help") == 0) ||
+ (stricmp(argv[paramCount], "-h") == 0)) {
+
+ printRegisterRequestUsage();
+ return NULL;
+ }
+
+ /* First create the basic request */
+ XKMSMessageFactory * factory =
+ prov.getXKMSMessageFactory();
+ XKMSRegisterRequest * rr;
+
+ if (cr == NULL)
+ rr = factory->createRegisterRequest(MAKE_UNICODE_STRING(argv[paramCount++]), doc);
+ else
+ rr = cr->createRegisterRequest(MAKE_UNICODE_STRING(argv[paramCount++]));
+
+ while (paramCount < argc && stricmp(argv[paramCount], "--") != 0) {
+
+ if (stricmp(argv[paramCount], "--add-name") == 0 || stricmp(argv[paramCount], "-n") == 0) {
+ if (++paramCount >= argc) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ if (pkb == NULL)
+ pkb = rr->addPrototypeKeyBinding();
+ pkb->appendKeyName(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-opaque") == 0 || stricmp(argv[paramCount], "-o") == 0) {
+ if (++paramCount >= argc) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ rr->appendOpaqueClientDataItem(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--kek") == 0 || stricmp(argv[paramCount], "-k") == 0) {
+ if (++paramCount >= argc) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ g_authPassPhrase = argv[paramCount++];
+ }
+ else if (stricmp(argv[paramCount], "--add-respondwith") == 0 || stricmp(argv[paramCount], "-r") == 0) {
+ if (++paramCount >= argc) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ rr->appendRespondWithItem(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-responsemechanism") == 0 || stricmp(argv[paramCount], "-m") == 0) {
+ if (++paramCount >= argc) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ rr->appendResponseMechanismItem(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usage-sig") == 0 || stricmp(argv[paramCount], "-us") == 0) {
+ XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ if (pkb == NULL)
+ pkb = rr->addPrototypeKeyBinding();
+ pkb->setSignatureKeyUsage();
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usage-exc") == 0 || stricmp(argv[paramCount], "-ux") == 0) {
+ XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ if (pkb == NULL)
+ pkb = rr->addPrototypeKeyBinding();
+ pkb->setExchangeKeyUsage();
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usage-enc") == 0 || stricmp(argv[paramCount], "-ue") == 0) {
+ XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ if (pkb == NULL)
+ pkb = rr->addPrototypeKeyBinding();
+ pkb->setEncryptionKeyUsage();
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usekeywith") == 0 || stricmp(argv[paramCount], "-u") == 0) {
+ if (++paramCount >= argc + 1) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ XKMSPrototypeKeyBinding *pkb = rr->getPrototypeKeyBinding();
+ if (pkb == NULL)
+ pkb = rr->addPrototypeKeyBinding();
+
+ pkb->appendUseKeyWithItem(MAKE_UNICODE_STRING(argv[paramCount]), MAKE_UNICODE_STRING(argv[paramCount + 1]));
+ paramCount += 2;
+ }
+#if defined (HAVE_OPENSSL)
+ else if (stricmp(argv[paramCount], "--output-private-key") == 0 || stricmp(argv[paramCount], "-p") == 0) {
+ if (paramCount >= argc + 2) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ ++paramCount;
+ g_privateKeyFile = argv[paramCount++];
+ g_privateKeyPassPhrase = argv[paramCount++];
+ }
+#endif
+ else if (stricmp(argv[paramCount], "--revocation") == 0 || stricmp(argv[paramCount], "-v") == 0) {
+ if (++paramCount >= argc) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ XKMSPrototypeKeyBinding *pkb = rr->getPrototypeKeyBinding();
+ if (pkb == NULL)
+ pkb = rr->addPrototypeKeyBinding();
+
+ // Create the RevocationCodeIdentifier
+ unsigned char rciBuf[XSEC_MAX_HASH_SIZE];
+ int len = CalculateXKMSRevocationCodeIdentifierEncoding2((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
+
+ if (len <= 0) {
+ cerr << "Error creating revocation code!\n";
+ delete rr;
+ return NULL;
+ }
+
+ // Convert to base64
+ XMLCh * str = EncodeToBase64XMLCh(rciBuf, len);
+ pkb->setRevocationCodeIdentifier(str);
+ XSEC_RELEASE_XMLCH(str);
+
+ paramCount++;;
+ }
+ else if (stricmp(argv[paramCount], "--authenticate") == 0 || stricmp(argv[paramCount], "-a") == 0) {
+ if (++paramCount >= argc + 1) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ // Create the signature
+
+ unsigned char keyBuf[XSEC_MAX_HASH_SIZE];
+ int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
+ if (len <= 0) {
+ cout << "Error creating key from pass phrase" << endl;
+ delete rr;
+ return NULL;
+ }
+
+ XSECCryptoKeyHMAC * k = XSECPlatformUtils::g_cryptoProvider->keyHMAC();
+ k->setKey(keyBuf, len);
+
+ // Set key and validate
+ XKMSAuthentication * a = rr->addAuthentication();
+ DSIGSignature * sig = a->addKeyBindingAuthenticationSignature();
+
+ sig->setSigningKey(k);
+ sig->sign();
+
+ paramCount++;
+
+ }
+#if defined (HAVE_OPENSSL)
+ else if (stricmp(argv[paramCount], "--sign-dsa") == 0 || stricmp(argv[paramCount], "-sd") == 0 ||
+ stricmp(argv[paramCount], "--sign-rsa") == 0 || stricmp(argv[paramCount], "-sr") == 0) {
+ if (paramCount >= argc + 2) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ // DSA or RSA OpenSSL Key
+ // For now just read a particular file
+
+ BIO * bioKey;
+ if ((bioKey = BIO_new(BIO_s_file())) == NULL) {
+
+ cerr << "Error opening private key file\n\n";
+ return NULL;
+
+ }
+
+ if (BIO_read_filename(bioKey, argv[paramCount+1]) <= 0) {
+
+ cerr << "Error opening private key file : " << argv[paramCount+1] << endl;
+ return NULL;
+
+ }
+
+ EVP_PKEY * pkey;
+ pkey = PEM_read_bio_PrivateKey(bioKey,NULL,NULL,argv[paramCount + 2]);
+
+ if (pkey == NULL) {
+
+ BIO * bio_err;
+
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ cerr << "Error loading private key\n\n";
+ ERR_print_errors(bio_err);
+ return NULL;
+
+ }
+ XSECCryptoKey *key;
+ DSIGSignature * sig;
+ if (stricmp(argv[paramCount], "--sign-dsa") == 0 || stricmp(argv[paramCount], "-sd") == 0) {
+
+ // Check type is correct
+
+ if (pkey->type != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_DSA, HASH_SHA1);
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+ XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+ XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+ XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+ XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+ XSEC_RELEASE_XMLCH(P);
+ XSEC_RELEASE_XMLCH(Q);
+ XSEC_RELEASE_XMLCH(G);
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+ if (pkey->type != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+ XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+ XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+
+ }
+
+ sig->setSigningKey(key);
+ sig->sign();
+
+ EVP_PKEY_free(pkey);
+ BIO_free(bioKey);
+
+ paramCount += 3;
+
+
+ } /* argv[1] = "sign dsa/rsa" */
+ else if (stricmp(argv[paramCount], "--add-value-dsa") == 0 || stricmp(argv[paramCount], "-vd") == 0 ||
+ stricmp(argv[paramCount], "--add-value-rsa") == 0 || stricmp(argv[paramCount], "-vr") == 0) {
+ if (paramCount >= argc + 2) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ // DSA or RSA OpenSSL Key
+ // For now just read a particular file
+
+ BIO * bioKey;
+ if ((bioKey = BIO_new(BIO_s_file())) == NULL) {
+
+ cerr << "Error opening private key file\n\n";
+ return NULL;
+
+ }
+
+ if (BIO_read_filename(bioKey, argv[paramCount+1]) <= 0) {
+
+ cerr << "Error opening private key file : " << argv[paramCount+1] << endl;
+ return NULL;
+
+ }
+
+ EVP_PKEY * pkey;
+ pkey = PEM_read_bio_PrivateKey(bioKey,NULL,NULL,argv[paramCount + 2]);
+
+ if (pkey == NULL) {
+
+ BIO * bio_err;
+
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ cerr << "Error loading private key\n\n";
+ ERR_print_errors(bio_err);
+ return NULL;
+
+ }
+
+ XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ if (pkb == NULL)
+ pkb = rr->addPrototypeKeyBinding();
+
+
+ if (stricmp(argv[paramCount], "--add-value-dsa") == 0 || stricmp(argv[paramCount], "-vd") == 0) {
+
+ // Check type is correct
+
+ if (pkey->type != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+
+ proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
+ proofOfPossessionSm = SIGNATURE_DSA;
+
+ XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+ XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+ XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+ XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+
+ pkb->appendDSAKeyValue(P,Q,G,Y);
+
+ XSEC_RELEASE_XMLCH(P);
+ XSEC_RELEASE_XMLCH(Q);
+ XSEC_RELEASE_XMLCH(G);
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+ if (pkey->type != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+
+ proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
+ proofOfPossessionSm = SIGNATURE_RSA;
+
+ XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+ XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ pkb->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+
+ }
+
+ EVP_PKEY_free(pkey);
+ BIO_free(bioKey);
+
+ paramCount += 3;
+
+
+ } /* argv[1] = "value dsa/rsa" */
+
+#endif
+ else {
+ printRegisterRequestUsage();
+ delete rr;
+ (*doc)->release();
+ return NULL;
+ }
+ }
+
+ if (proofOfPossessionKey != NULL) {
+
+ // Set up the proof of possession
+ DSIGSignature * s =
+ rr->addProofOfPossessionSignature(CANON_C14NE_NOC, proofOfPossessionSm);
+
+ s->setSigningKey(proofOfPossessionKey);
+ s->sign();
+
+ }
+
+ return rr;
+}
+
+// --------------------------------------------------------------------------------
+// Create a RevokeRequest
+// --------------------------------------------------------------------------------
+
+void printRevokeRequestUsage(void) {
+
+ cerr << "\nUsage RevokeRequest [--help|-h] <service URI> [options]\n";
+ cerr << " --help/-h : print this screen and exit\n\n";
+ cerr << " --add-name/-n <name> : Add name as a KeyInfoName\n";
+ cerr << " --add-opaque/-o <data> : Add an opaque data string\n";
+ cerr << " --add-usage-sig/-us : Add Signature Key Usage\n";
+ cerr << " --add-usage-exc/-ux : Add Exchange Key Usage\n";
+ cerr << " --add-usage-enc/-ue : Add Encryption Key Usage\n";
+ cerr << " --add-usekeywith/-u <Application URI> <Identifier>\n";
+ cerr << " : Add a UseKeyWith element\n";
+ cerr << " --add-respondwith/-r <Identifier>\n";
+ cerr << " : Add a RespondWith element\n";
+ cerr << " --add-responsemechanism/-m <Identifier>\n";
+ cerr << " : Add a ResponseMechanism element\n";
+ cerr << " --sign-dsa/-sd <filename> <passphrase>\n";
+ cerr << " : Sign using the DSA key in file protected by passphrase\n";
+ cerr << " --add-value-dsa/-vd <filename> <passphrase>\n";
+ cerr << " : Add the DSA key as a keyvalue\n";
+ cerr << " --add-value-rsa/-vr <filename> <passphrase>\n";
+ cerr << " : Add the RSA key as a keyvalue\n";
+ cerr << " --revocation/-v <phrase> : Set <phrase> as revocation code\n";
+ cerr << " --authenticate/-a <phrase>\n";
+ cerr << " : Use <phrase> as the authentication key for the request\n";
+ cerr << " NOTE - This must come *after* adding of KeyInfo elements\n\n";
+
+}
+
+XKMSMessageAbstractType * createRevokeRequest(XSECProvider &prov, DOMDocument **doc, int argc, char ** argv, int ¶mCount, XKMSCompoundRequest * cr = NULL) {
+
+ if (paramCount >= argc ||
+ (stricmp(argv[paramCount], "--help") == 0) ||
+ (stricmp(argv[paramCount], "-h") == 0)) {
+
+ printRegisterRequestUsage();
+ return NULL;
+ }
+
+ /* First create the basic request */
+ XKMSMessageFactory * factory =
+ prov.getXKMSMessageFactory();
+ XKMSRevokeRequest * rr;
+
+ if (cr == NULL)
+ rr = factory->createRevokeRequest(MAKE_UNICODE_STRING(argv[paramCount++]), doc);
+ else
+ rr = cr->createRevokeRequest(MAKE_UNICODE_STRING(argv[paramCount++]));
+
+ while (paramCount < argc && stricmp(argv[paramCount], "--") != 0) {
+
+ if (stricmp(argv[paramCount], "--add-name") == 0 || stricmp(argv[paramCount], "-n") == 0) {
+ if (++paramCount >= argc) {
+ printRevokeRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ if (rkb == NULL)
+ rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb->appendKeyName(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-opaque") == 0 || stricmp(argv[paramCount], "-o") == 0) {
+ if (++paramCount >= argc) {
+ printRevokeRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ rr->appendOpaqueClientDataItem(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-respondwith") == 0 || stricmp(argv[paramCount], "-r") == 0) {
+ if (++paramCount >= argc) {
+ printRevokeRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ rr->appendRespondWithItem(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-responsemechanism") == 0 || stricmp(argv[paramCount], "-m") == 0) {
+ if (++paramCount >= argc) {
+ printRevokeRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ rr->appendResponseMechanismItem(MAKE_UNICODE_STRING(argv[paramCount]));
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usage-sig") == 0 || stricmp(argv[paramCount], "-us") == 0) {
+ XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ if (rkb == NULL)
+ rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb->setSignatureKeyUsage();
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usage-exc") == 0 || stricmp(argv[paramCount], "-ux") == 0) {
+ XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ if (rkb == NULL)
+ rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb->setExchangeKeyUsage();
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usage-enc") == 0 || stricmp(argv[paramCount], "-ue") == 0) {
+ XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ if (rkb == NULL)
+ rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb->setEncryptionKeyUsage();
+ paramCount++;
+ }
+ else if (stricmp(argv[paramCount], "--add-usekeywith") == 0 || stricmp(argv[paramCount], "-u") == 0) {
+ if (++paramCount >= argc + 1) {
+ printRevokeRequestUsage();
+ delete rr;
+ return NULL;
+ }
+ XKMSRevokeKeyBinding *rkb = rr->getRevokeKeyBinding();
+ if (rkb == NULL)
+ rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+
+ rkb->appendUseKeyWithItem(MAKE_UNICODE_STRING(argv[paramCount]), MAKE_UNICODE_STRING(argv[paramCount + 1]));
+ paramCount += 2;
+ }
+ else if (stricmp(argv[paramCount], "--revocation") == 0 || stricmp(argv[paramCount], "-v") == 0) {
+ if (++paramCount >= argc) {
+ printRevokeRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ // Create the RevocationCode value
+ unsigned char rciBuf[XSEC_MAX_HASH_SIZE];
+ int len = CalculateXKMSRevocationCodeIdentifierEncoding1((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
+
+ if (len <= 0) {
+ cerr << "Error creating revocation code!\n";
+ delete rr;
+ return NULL;
+ }
+
+ // Convert to base64
+ XMLCh * str = EncodeToBase64XMLCh(rciBuf, len);
+ rr->addRevocationCode(str);
+ XSEC_RELEASE_XMLCH(str);
+
+ paramCount++;;
+ } else if (stricmp(argv[paramCount], "--authenticate") == 0 || stricmp(argv[paramCount], "-a") == 0) {
+ if (++paramCount >= argc + 1) {
+ printRevokeRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ // Create the signature
+
+ unsigned char keyBuf[XSEC_MAX_HASH_SIZE];
+ int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
+ if (len <= 0) {
+ cout << "Error creating key from pass phrase" << endl;
+ delete rr;
+ return NULL;
+ }
+
+ XSECCryptoKeyHMAC * k = XSECPlatformUtils::g_cryptoProvider->keyHMAC();
+ k->setKey(keyBuf, len);
+
+ // Set key and validate
+ XKMSAuthentication * a = rr->addAuthentication();
+ DSIGSignature * sig = a->addKeyBindingAuthenticationSignature();
+
+ sig->setSigningKey(k);
+ sig->sign();
+
+ paramCount++;
+
+ }
+#if defined (HAVE_OPENSSL)
+ else if (stricmp(argv[paramCount], "--sign-dsa") == 0 || stricmp(argv[paramCount], "-sd") == 0 ||
+ stricmp(argv[paramCount], "--sign-rsa") == 0 || stricmp(argv[paramCount], "-sr") == 0) {
+ if (paramCount >= argc + 2) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ // DSA or RSA OpenSSL Key
+ // For now just read a particular file
+
+ BIO * bioKey;
+ if ((bioKey = BIO_new(BIO_s_file())) == NULL) {
+
+ cerr << "Error opening private key file\n\n";
+ return NULL;
+
+ }
+
+ if (BIO_read_filename(bioKey, argv[paramCount+1]) <= 0) {
+
+ cerr << "Error opening private key file : " << argv[paramCount+1] << endl;
+ return NULL;
+
+ }
+
+ EVP_PKEY * pkey;
+ pkey = PEM_read_bio_PrivateKey(bioKey,NULL,NULL,argv[paramCount + 2]);
+
+ if (pkey == NULL) {
+
+ BIO * bio_err;
+
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ cerr << "Error loading private key\n\n";
+ ERR_print_errors(bio_err);
+ return NULL;
+
+ }
+ XSECCryptoKey *key;
+ DSIGSignature * sig;
+ if (stricmp(argv[paramCount], "--sign-dsa") == 0 || stricmp(argv[paramCount], "-sd") == 0) {
+
+ // Check type is correct
+
+ if (pkey->type != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_DSA, HASH_SHA1);
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+ XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+ XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+ XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+ XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+ XSEC_RELEASE_XMLCH(P);
+ XSEC_RELEASE_XMLCH(Q);
+ XSEC_RELEASE_XMLCH(G);
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+ if (pkey->type != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+ XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+ XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+
+ }
+
+ sig->setSigningKey(key);
+ sig->sign();
+
+ EVP_PKEY_free(pkey);
+ BIO_free(bioKey);
+
+ paramCount += 3;
+
+
+ } /* argv[1] = "sign dsa/rsa" */
+ else if (stricmp(argv[paramCount], "--add-value-dsa") == 0 || stricmp(argv[paramCount], "-vd") == 0 ||
+ stricmp(argv[paramCount], "--add-value-rsa") == 0 || stricmp(argv[paramCount], "-vr") == 0) {
+ if (paramCount >= argc + 2) {
+ printRegisterRequestUsage();
+ delete rr;
+ return NULL;
+ }
+
+ // DSA or RSA OpenSSL Key
+ // For now just read a particular file
+
+ BIO * bioKey;
+ if ((bioKey = BIO_new(BIO_s_file())) == NULL) {
+
+ cerr << "Error opening private key file\n\n";
+ return NULL;
+
+ }
+
+ if (BIO_read_filename(bioKey, argv[paramCount+1]) <= 0) {
+
+ cerr << "Error opening private key file : " << argv[paramCount+1] << endl;
+ return NULL;
+
+ }
+
+ EVP_PKEY * pkey;
+ pkey = PEM_read_bio_PrivateKey(bioKey,NULL,NULL,argv[paramCount + 2]);
+
+ if (pkey == NULL) {
+
+ BIO * bio_err;
+
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ cerr << "Error loading private key\n\n";
+ ERR_print_errors(bio_err);
+ return NULL;
+
+ }
+
+ XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ if (rkb == NULL)
+ rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+
+
+ if (stricmp(argv[paramCount], "--add-value-dsa") == 0 || stricmp(argv[paramCount], "-vd") == 0) {
+
+ // Check type is correct
+
+ if (pkey->type != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+
+ XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+ XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+ XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+ XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+
+ rkb->appendDSAKeyValue(P,Q,G,Y);
+
+ XSEC_RELEASE_XMLCH(P);
+ XSEC_RELEASE_XMLCH(Q);
+ XSEC_RELEASE_XMLCH(G);
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+ if (pkey->type != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+
+ XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+ XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ rkb->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+
+ }
+
+ EVP_PKEY_free(pkey);
+ BIO_free(bioKey);
+
+ paramCount += 3;
+
+
+ } /* argv[1] = "value dsa/rsa" */
+
+#endif
+ else {
+ printRevokeRequestUsage();
+ delete rr;
+ (*doc)->release();
+ return NULL;
+ }
+ }
+
+ return rr;
+}
+
+// --------------------------------------------------------------------------------
+// Create a ReissueRequest
+// --------------------------------------------------------------------------------
+
+void printReissueRequestUsage(void) {
+
+ cerr << "\nUsage ReissueRequest [--help|-h] <service URI> [options]\n";
+ cerr << " --help/-h : print this screen and exit\n\n";
+ cerr << " --add-name/-n <name> : Add name as a KeyInfoName\n";
+ cerr << " --add-opaque/-o <data> : Add an opaque data string\n";
+ cerr << " --add-usage-sig/-us : Add Signature Key Usage\n";
+ cerr << " --add-usage-exc/-ux : Add Exchange Key Usage\n";
+ cerr << " --add-usage-enc/-ue : Add Encryption Key Usage\n";
+ cerr << " --add-usekeywith/-u <Application URI> <Identifier>\n";
+ cerr << " : Add a UseKeyWith element\n";
+ cerr << " --add-respondwith/-r <Identifier>\n";
+ cerr << " : Add a RespondWith element\n";
+ cerr << " --add-responsemechanism/-m <Identifier>\n";
+ cerr << " : Add a ResponseMechanism element\n";
+ cerr << " --sign-dsa/-sd <filename> <passphrase>\n";
+ cerr << " : Sign using the DSA key in file protected by passphrase\n";
cerr << " --add-value-dsa/-vd <filename> <passphrase>\n";
- cerr << " : Add the DSA key as a keyvalue\n";
+ cerr << " : Add the DSA key as a keyvalue (and do proof-of-possession sig)\n";
cerr << " --add-value-rsa/-vr <filename> <passphrase>\n";
- cerr << " : Add the RSA key as a keyvalue\n";
- cerr << " --revocation/-v <phrase> : Set <phrase> as revocation code\n";
- cerr << " --kek/-k <phrase> : Key phrase to use for PrivateKey decryption\n";
-#if defined (HAVE_OPENSSL)
- cerr << " --output-private-key/-p <file> <pass phrase>\n";
- cerr << " : Write PEM encoded private key to file\n";
-#endif
+ cerr << " : Add the RSA key as a keyvalue (and do proof-of-possession sig)\n";
cerr << " --authenticate/-a <phrase>\n";
cerr << " : Use <phrase> as the authentication key for the request\n";
cerr << " NOTE - This must come *after* adding of KeyInfo elements\n\n";
}
-XKMSMessageAbstractType * createRegisterRequest(XSECProvider &prov, DOMDocument **doc, int argc, char ** argv, int ¶mCount, XKMSCompoundRequest * cr = NULL) {
+XKMSMessageAbstractType * createReissueRequest(XSECProvider &prov, DOMDocument **doc, int argc, char ** argv, int ¶mCount, XKMSCompoundRequest * cr = NULL) {
XSECCryptoKey *proofOfPossessionKey = NULL;
signatureMethod proofOfPossessionSm = SIGNATURE_DSA;
@@ -992,55 +1787,47 @@
(stricmp(argv[paramCount], "--help") == 0) ||
(stricmp(argv[paramCount], "-h") == 0)) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
return NULL;
}
/* First create the basic request */
XKMSMessageFactory * factory =
prov.getXKMSMessageFactory();
- XKMSRegisterRequest * rr;
+ XKMSReissueRequest * rr;
if (cr == NULL)
- rr = factory->createRegisterRequest(MAKE_UNICODE_STRING(argv[paramCount++]), doc);
+ rr = factory->createReissueRequest(MAKE_UNICODE_STRING(argv[paramCount++]), doc);
else
- rr = cr->createRegisterRequest(MAKE_UNICODE_STRING(argv[paramCount++]));
+ rr = cr->createReissueRequest(MAKE_UNICODE_STRING(argv[paramCount++]));
while (paramCount < argc && stricmp(argv[paramCount], "--") != 0) {
if (stricmp(argv[paramCount], "--add-name") == 0 || stricmp(argv[paramCount], "-n") == 0) {
if (++paramCount >= argc) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
- XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ XKMSReissueKeyBinding * pkb = rr->getReissueKeyBinding();
if (pkb == NULL)
- pkb = rr->addPrototypeKeyBinding();
+ pkb = rr->addReissueKeyBinding(XKMSStatus::Indeterminate);
pkb->appendKeyName(MAKE_UNICODE_STRING(argv[paramCount]));
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-opaque") == 0 || stricmp(argv[paramCount], "-o") == 0) {
if (++paramCount >= argc) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
rr->appendOpaqueClientDataItem(MAKE_UNICODE_STRING(argv[paramCount]));
paramCount++;
}
- else if (stricmp(argv[paramCount], "--kek") == 0 || stricmp(argv[paramCount], "-k") == 0) {
- if (++paramCount >= argc) {
- printRegisterRequestUsage();
- delete rr;
- return NULL;
- }
- g_authPassPhrase = argv[paramCount++];
- }
else if (stricmp(argv[paramCount], "--add-respondwith") == 0 || stricmp(argv[paramCount], "-r") == 0) {
if (++paramCount >= argc) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
@@ -1049,7 +1836,7 @@
}
else if (stricmp(argv[paramCount], "--add-responsemechanism") == 0 || stricmp(argv[paramCount], "-m") == 0) {
if (++paramCount >= argc) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
@@ -1057,80 +1844,42 @@
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usage-sig") == 0 || stricmp(argv[paramCount], "-us") == 0) {
- XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ XKMSReissueKeyBinding * pkb = rr->getReissueKeyBinding();
if (pkb == NULL)
- pkb = rr->addPrototypeKeyBinding();
+ pkb = rr->addReissueKeyBinding(XKMSStatus::Indeterminate);
pkb->setSignatureKeyUsage();
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usage-exc") == 0 || stricmp(argv[paramCount], "-ux") == 0) {
- XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ XKMSReissueKeyBinding * pkb = rr->getReissueKeyBinding();
if (pkb == NULL)
- pkb = rr->addPrototypeKeyBinding();
+ pkb = rr->addReissueKeyBinding(XKMSStatus::Indeterminate);
pkb->setExchangeKeyUsage();
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usage-enc") == 0 || stricmp(argv[paramCount], "-ue") == 0) {
- XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ XKMSReissueKeyBinding * pkb = rr->getReissueKeyBinding();
if (pkb == NULL)
- pkb = rr->addPrototypeKeyBinding();
+ pkb = rr->addReissueKeyBinding(XKMSStatus::Indeterminate);
pkb->setEncryptionKeyUsage();
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usekeywith") == 0 || stricmp(argv[paramCount], "-u") == 0) {
if (++paramCount >= argc + 1) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
- XKMSPrototypeKeyBinding *pkb = rr->getPrototypeKeyBinding();
+ XKMSReissueKeyBinding *pkb = rr->getReissueKeyBinding();
if (pkb == NULL)
- pkb = rr->addPrototypeKeyBinding();
+ pkb = rr->addReissueKeyBinding(XKMSStatus::Indeterminate);
pkb->appendUseKeyWithItem(MAKE_UNICODE_STRING(argv[paramCount]), MAKE_UNICODE_STRING(argv[paramCount + 1]));
paramCount += 2;
}
-#if defined (HAVE_OPENSSL)
- else if (stricmp(argv[paramCount], "--output-private-key") == 0 || stricmp(argv[paramCount], "-p") == 0) {
- if (paramCount >= argc + 2) {
- printRegisterRequestUsage();
- delete rr;
- return NULL;
- }
- ++paramCount;
- g_privateKeyFile = argv[paramCount++];
- g_privateKeyPassPhrase = argv[paramCount++];
- }
-#endif
- else if (stricmp(argv[paramCount], "--revocation") == 0 || stricmp(argv[paramCount], "-v") == 0) {
- if (++paramCount >= argc) {
- printRegisterRequestUsage();
- delete rr;
- return NULL;
- }
- XKMSPrototypeKeyBinding *pkb = rr->getPrototypeKeyBinding();
- if (pkb == NULL)
- pkb = rr->addPrototypeKeyBinding();
-
- // Create the RevocationCodeIdentifier
- unsigned char rciBuf[XSEC_MAX_HASH_SIZE];
- int len = CalculateXKMSRevocationCodeIdentifierEncoding2((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
-
- if (len <= 0) {
- cerr << "Error creating revocation code!\n";
- delete rr;
- return NULL;
- }
-
- // Convert to base64
- XMLCh * str = EncodeToBase64XMLCh(rciBuf, len);
- pkb->setRevocationCodeIdentifier(str);
- XSEC_RELEASE_XMLCH(str);
-
- paramCount++;;
- } else if (stricmp(argv[paramCount], "--authenticate") == 0 || stricmp(argv[paramCount], "-a") == 0) {
+ else if (stricmp(argv[paramCount], "--authenticate") == 0 || stricmp(argv[paramCount], "-a") == 0) {
if (++paramCount >= argc + 1) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
@@ -1162,7 +1911,7 @@
else if (stricmp(argv[paramCount], "--sign-dsa") == 0 || stricmp(argv[paramCount], "-sd") == 0 ||
stricmp(argv[paramCount], "--sign-rsa") == 0 || stricmp(argv[paramCount], "-sr") == 0) {
if (paramCount >= argc + 2) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
@@ -1255,7 +2004,7 @@
else if (stricmp(argv[paramCount], "--add-value-dsa") == 0 || stricmp(argv[paramCount], "-vd") == 0 ||
stricmp(argv[paramCount], "--add-value-rsa") == 0 || stricmp(argv[paramCount], "-vr") == 0) {
if (paramCount >= argc + 2) {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
return NULL;
}
@@ -1293,9 +2042,9 @@
}
- XKMSPrototypeKeyBinding * pkb = rr->getPrototypeKeyBinding();
+ XKMSReissueKeyBinding * pkb = rr->getReissueKeyBinding();
if (pkb == NULL)
- pkb = rr->addPrototypeKeyBinding();
+ pkb = rr->addReissueKeyBinding(XKMSStatus::Indeterminate);
if (stricmp(argv[paramCount], "--add-value-dsa") == 0 || stricmp(argv[paramCount], "-vd") == 0) {
@@ -1349,7 +2098,7 @@
#endif
else {
- printRegisterRequestUsage();
+ printReissueRequestUsage();
delete rr;
(*doc)->release();
return NULL;
@@ -1371,12 +2120,12 @@
}
// --------------------------------------------------------------------------------
-// Create a RevokeRequest
+// Create a RecoverRequest
// --------------------------------------------------------------------------------
-void printRevokeRequestUsage(void) {
+void printRecoverRequestUsage(void) {
- cerr << "\nUsage RevokeRequest [--help|-h] <service URI> [options]\n";
+ cerr << "\nUsage RecoverRequest [--help|-h] <service URI> [options]\n";
cerr << " --help/-h : print this screen and exit\n\n";
cerr << " --add-name/-n <name> : Add name as a KeyInfoName\n";
cerr << " --add-opaque/-o <data> : Add an opaque data string\n";
@@ -1395,14 +2144,17 @@
cerr << " : Add the DSA key as a keyvalue\n";
cerr << " --add-value-rsa/-vr <filename> <passphrase>\n";
cerr << " : Add the RSA key as a keyvalue\n";
- cerr << " --revocation/-v <phrase> : Set <phrase> as revocation code\n";
- cerr << " --authenticate/-a <phrase>\n";
+ cerr << " --kek/-k <phrase> : Key phrase to use for PrivateKey decryption\n";
+#if defined (HAVE_OPENSSL)
+ cerr << " --output-private-key/-p <file> <pass phrase>\n";
+ cerr << " : Write PEM encoded private key to file\n";
+#endif cerr << " --authenticate/-a <phrase>\n";
cerr << " : Use <phrase> as the authentication key for the request\n";
cerr << " NOTE - This must come *after* adding of KeyInfo elements\n\n";
}
-XKMSMessageAbstractType * createRevokeRequest(XSECProvider &prov, DOMDocument **doc, int argc, char ** argv, int ¶mCount, XKMSCompoundRequest * cr = NULL) {
+XKMSMessageAbstractType * createRecoverRequest(XSECProvider &prov, DOMDocument **doc, int argc, char ** argv, int ¶mCount, XKMSCompoundRequest * cr = NULL) {
if (paramCount >= argc ||
(stricmp(argv[paramCount], "--help") == 0) ||
@@ -1415,31 +2167,31 @@
/* First create the basic request */
XKMSMessageFactory * factory =
prov.getXKMSMessageFactory();
- XKMSRevokeRequest * rr;
+ XKMSRecoverRequest * rr;
if (cr == NULL)
- rr = factory->createRevokeRequest(MAKE_UNICODE_STRING(argv[paramCount++]), doc);
+ rr = factory->createRecoverRequest(MAKE_UNICODE_STRING(argv[paramCount++]), doc);
else
- rr = cr->createRevokeRequest(MAKE_UNICODE_STRING(argv[paramCount++]));
+ rr = cr->createRecoverRequest(MAKE_UNICODE_STRING(argv[paramCount++]));
while (paramCount < argc && stricmp(argv[paramCount], "--") != 0) {
if (stricmp(argv[paramCount], "--add-name") == 0 || stricmp(argv[paramCount], "-n") == 0) {
if (++paramCount >= argc) {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
- XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ XKMSRecoverKeyBinding * rkb = rr->getRecoverKeyBinding();
if (rkb == NULL)
- rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb = rr->addRecoverKeyBinding(XKMSStatus::Indeterminate);
rkb->appendKeyName(MAKE_UNICODE_STRING(argv[paramCount]));
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-opaque") == 0 || stricmp(argv[paramCount], "-o") == 0) {
if (++paramCount >= argc) {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
@@ -1448,7 +2200,7 @@
}
else if (stricmp(argv[paramCount], "--add-respondwith") == 0 || stricmp(argv[paramCount], "-r") == 0) {
if (++paramCount >= argc) {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
@@ -1457,7 +2209,7 @@
}
else if (stricmp(argv[paramCount], "--add-responsemechanism") == 0 || stricmp(argv[paramCount], "-m") == 0) {
if (++paramCount >= argc) {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
@@ -1465,65 +2217,62 @@
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usage-sig") == 0 || stricmp(argv[paramCount], "-us") == 0) {
- XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ XKMSRecoverKeyBinding * rkb = rr->getRecoverKeyBinding();
if (rkb == NULL)
- rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb = rr->addRecoverKeyBinding(XKMSStatus::Indeterminate);
rkb->setSignatureKeyUsage();
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usage-exc") == 0 || stricmp(argv[paramCount], "-ux") == 0) {
- XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ XKMSRecoverKeyBinding * rkb = rr->getRecoverKeyBinding();
if (rkb == NULL)
- rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb = rr->addRecoverKeyBinding(XKMSStatus::Indeterminate);
rkb->setExchangeKeyUsage();
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usage-enc") == 0 || stricmp(argv[paramCount], "-ue") == 0) {
- XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ XKMSRecoverKeyBinding * rkb = rr->getRecoverKeyBinding();
if (rkb == NULL)
- rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb = rr->addRecoverKeyBinding(XKMSStatus::Indeterminate);
rkb->setEncryptionKeyUsage();
paramCount++;
}
else if (stricmp(argv[paramCount], "--add-usekeywith") == 0 || stricmp(argv[paramCount], "-u") == 0) {
if (++paramCount >= argc + 1) {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
- XKMSRevokeKeyBinding *rkb = rr->getRevokeKeyBinding();
+ XKMSRecoverKeyBinding *rkb = rr->getRecoverKeyBinding();
if (rkb == NULL)
- rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb = rr->addRecoverKeyBinding(XKMSStatus::Indeterminate);
rkb->appendUseKeyWithItem(MAKE_UNICODE_STRING(argv[paramCount]), MAKE_UNICODE_STRING(argv[paramCount + 1]));
paramCount += 2;
}
- else if (stricmp(argv[paramCount], "--revocation") == 0 || stricmp(argv[paramCount], "-v") == 0) {
+ else if (stricmp(argv[paramCount], "--kek") == 0 || stricmp(argv[paramCount], "-k") == 0) {
if (++paramCount >= argc) {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
-
- // Create the RevocationCode value
- unsigned char rciBuf[XSEC_MAX_HASH_SIZE];
- int len = CalculateXKMSRevocationCodeIdentifierEncoding1((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
-
- if (len <= 0) {
- cerr << "Error creating revocation code!\n";
+ g_authPassPhrase = argv[paramCount++];
+ }
+#if defined (HAVE_OPENSSL)
+ else if (stricmp(argv[paramCount], "--output-private-key") == 0 || stricmp(argv[paramCount], "-p") == 0) {
+ if (paramCount >= argc + 2) {
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
-
- // Convert to base64
- XMLCh * str = EncodeToBase64XMLCh(rciBuf, len);
- rr->addRevocationCode(str);
- XSEC_RELEASE_XMLCH(str);
-
- paramCount++;;
- } else if (stricmp(argv[paramCount], "--authenticate") == 0 || stricmp(argv[paramCount], "-a") == 0) {
+ ++paramCount;
+ g_privateKeyFile = argv[paramCount++];
+ g_privateKeyPassPhrase = argv[paramCount++];
+ }
+#endif
+ else if (stricmp(argv[paramCount], "--authenticate") == 0 || stricmp(argv[paramCount], "-a") == 0) {
if (++paramCount >= argc + 1) {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
return NULL;
}
@@ -1686,9 +2435,9 @@
}
- XKMSRevokeKeyBinding * rkb = rr->getRevokeKeyBinding();
+ XKMSRecoverKeyBinding * rkb = rr->getRecoverKeyBinding();
if (rkb == NULL)
- rkb = rr->addRevokeKeyBinding(XKMSStatus::Indeterminate);
+ rkb = rr->addRecoverKeyBinding(XKMSStatus::Indeterminate);
if (stricmp(argv[paramCount], "--add-value-dsa") == 0 || stricmp(argv[paramCount], "-vd") == 0) {
@@ -1736,7 +2485,7 @@
#endif
else {
- printRevokeRequestUsage();
+ printRecoverRequestUsage();
delete rr;
(*doc)->release();
return NULL;
@@ -3169,6 +3918,8 @@
cerr << " ValidateRequest (vr)\n";
cerr << " PendingRequest (pr)\n";
cerr << " RegisterRequest (rr)\n";
+ cerr << " ReissueRequest (ir)\n";
+ cerr << " RecoverRequest (or)\n";
cerr << " RevokeRequest (er)\n\n";
}
@@ -3317,6 +4068,40 @@
msg = r;
parmsDone = true;
+ }
+ else if ((stricmp(argv[paramCount], "RecoverRequest") == 0) ||
+ (stricmp(argv[paramCount], "or") == 0)) {
+
+ paramCount++;
+ XKMSRecoverRequest * r =
+ (XKMSRecoverRequest *) (createRecoverRequest(prov, &doc, argc, argv, paramCount));
+
+ if (r == NULL) {
+ return -1;
+ }
+ if (twoPhase)
+ r->appendResponseMechanismItem(XKMSConstants::s_tagRepresent);
+
+ msg = r;
+ parmsDone = true;
+
+ }
+ else if ((stricmp(argv[paramCount], "ReissueRequest") == 0) ||
+ (stricmp(argv[paramCount], "ir") == 0)) {
+
+ paramCount++;
+ XKMSReissueRequest * r =
+ (XKMSReissueRequest *) (createReissueRequest(prov, &doc, argc, argv, paramCount));
+
+ if (r == NULL) {
+ return -1;
+ }
+ if (twoPhase)
+ r->appendResponseMechanismItem(XKMSConstants::s_tagRepresent);
+
+ msg = r;
+ parmsDone = true;
+
}
else if ((stricmp(argv[paramCount], "PendingRequest") == 0) ||
(stricmp(argv[paramCount], "pr") == 0)) {
@@ -3688,9 +4473,10 @@
cerr << " LocateRequest\n";
cerr << " ValidateRequest\n";
cerr << " PendingRequest\n";
- cerr << " request : Create message of type : \n";
- cerr << " LocateRequest\n";
- cerr << " ValidateRequest\n";
+ cerr << " RegisterRequest\n";
+ cerr << " RecoverRequest\n";
+ cerr << " ReissueRequest\n";
+ cerr << " RevokeRequest\n";
cerr << " PendingRequest\n";
cerr << " send to service URI and output result\n\n";
cerr << " Where options are :\n\n";