-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update x509 tool to write all output to common BIO which is a file or stdout #1800
Changes from all commits
6fe2c30
58afe58
8aa4c5a
83e7f39
b574247
ecf1524
18f933b
0ba831d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,7 +12,7 @@ static const argument_t kArguments[] = { | |
{ "-in", kOptionalArgument, "Certificate input, or CSR input file with -req" }, | ||
{ "-req", kBooleanArgument, "Input is a CSR file (rather than a certificate)" }, | ||
{ "-signkey", kOptionalArgument, "Causes input file to be self signed using supplied private key" }, | ||
{ "-out", kOptionalArgument, "Output file to write to" }, | ||
{ "-out", kOptionalArgument, "Filepath to write all output to, if not set write to stdout" }, | ||
{ "-noout", kBooleanArgument, "Prevents output of the encoded version of the certificate" }, | ||
{ "-dates", kBooleanArgument, "Print the start and expiry dates of a certificate" }, | ||
{ "-modulus", kBooleanArgument, "Prints out value of the modulus of the public key contained in the certificate" }, | ||
|
@@ -22,13 +22,8 @@ static const argument_t kArguments[] = { | |
{ "", kOptionalArgument, "" } | ||
}; | ||
|
||
bool WriteSignedCertificate(X509 *x509, const std::string &out_path) { | ||
ScopedFILE out_file(fopen(out_path.c_str(), "wb")); | ||
if (!out_file) { | ||
fprintf(stderr, "Error: unable to open output file '%s'\n", out_path.c_str()); | ||
return false; | ||
} | ||
if (!PEM_write_X509(out_file.get(), x509)) { | ||
static bool WriteSignedCertificate(X509 *x509, bssl::UniquePtr<BIO> &output_bio, const std::string &out_path) { | ||
if (!PEM_write_bio_X509(output_bio.get(), x509)) { | ||
fprintf(stderr, "Error: error writing certificate to '%s'\n", out_path.c_str()); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. out of curiosity, what's There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch, I didn't think about this for this change. Turns out it is the empty string which we pass in as the default value in |
||
ERR_print_errors_fp(stderr); | ||
return false; | ||
|
@@ -88,6 +83,13 @@ bool X509Tool(const args_list_t &args) { | |
PrintUsage(kArguments); | ||
return false; | ||
} | ||
bssl::UniquePtr<BIO> output_bio; | ||
if (out_path.empty()) { | ||
output_bio.reset(BIO_new_fp(stdout, BIO_NOCLOSE)); | ||
} else { | ||
output_bio.reset(BIO_new(BIO_s_file())); | ||
BIO_write_filename(output_bio.get(), out_path.c_str()); | ||
} | ||
|
||
// Check for required option -in, and -req must include -signkey | ||
if (in_path.empty()) { | ||
|
@@ -188,11 +190,8 @@ bool X509Tool(const args_list_t &args) { | |
} | ||
} | ||
|
||
// Write the signed certificate to output file | ||
if (!out_path.empty()) { | ||
if (!WriteSignedCertificate(x509.get(), out_path)) { | ||
return false; | ||
} | ||
if (!WriteSignedCertificate(x509.get(), output_bio, out_path)) { | ||
return false; | ||
} | ||
} else { | ||
// Parse x509 certificate from input PEM file | ||
|
@@ -203,24 +202,17 @@ bool X509Tool(const args_list_t &args) { | |
return false; | ||
} | ||
if(text) { | ||
bssl::UniquePtr<BIO> bio(BIO_new_fp(stdout, BIO_NOCLOSE)); | ||
X509_print(bio.get(), x509.get()); | ||
X509_print(output_bio.get(), x509.get()); | ||
} | ||
|
||
if (dates) { | ||
bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem())); | ||
BIO_printf(output_bio.get(), "notBefore="); | ||
ASN1_TIME_print(output_bio.get(), X509_get_notBefore(x509.get())); | ||
BIO_printf(output_bio.get(), "\n"); | ||
|
||
if (ASN1_TIME_print(bio.get(), X509_get_notBefore(x509.get()))) { | ||
char not_before[30] = {}; | ||
BIO_read(bio.get(), not_before, sizeof(not_before) - 1); | ||
fprintf(stdout, "notBefore=%s\n", not_before); | ||
} | ||
|
||
if (ASN1_TIME_print(bio.get(), X509_get_notAfter(x509.get()))) { | ||
char not_after[30] = {}; | ||
BIO_read(bio.get(), not_after, sizeof(not_after) - 1); | ||
fprintf(stdout, "notAfter=%s\n", not_after); | ||
} | ||
BIO_printf(output_bio.get(), "notAfter="); | ||
ASN1_TIME_print(output_bio.get(), X509_get_notAfter(x509.get())); | ||
BIO_printf(output_bio.get(), "\n"); | ||
} | ||
|
||
if (modulus) { | ||
|
@@ -249,7 +241,8 @@ bool X509Tool(const args_list_t &args) { | |
for (char *p = hex_modulus; *p; ++p) { | ||
*p = toupper(*p); | ||
} | ||
printf("Modulus=%s\n", hex_modulus); | ||
BIO_printf(output_bio.get(), "Modulus=%s\n", hex_modulus); | ||
|
||
OPENSSL_free(hex_modulus); | ||
} else { | ||
fprintf(stderr, "Error: public key is not an RSA key\n"); | ||
|
@@ -267,9 +260,9 @@ bool X509Tool(const args_list_t &args) { | |
} | ||
|
||
if ((days_left * 86400 + seconds_left) < static_cast<int>(*checkend)) { | ||
printf("Certificate will expire\n"); | ||
BIO_printf(output_bio.get(), "Certificate will expire\n"); | ||
} else { | ||
printf("Certificate will not expire\n"); | ||
BIO_printf(output_bio.get(), "Certificate will not expire\n"); | ||
} | ||
} | ||
|
||
|
@@ -279,15 +272,8 @@ bool X509Tool(const args_list_t &args) { | |
} | ||
} | ||
|
||
if (!out_path.empty()) { | ||
if (!WriteSignedCertificate(x509.get(), out_path)) { | ||
return false; | ||
} | ||
} | ||
|
||
if (!noout && !in_path.empty() && !checkend && parsed_args.count("-out")==0) { | ||
bssl::UniquePtr<BIO> bio_out(BIO_new_fp(stdout, BIO_NOCLOSE)); | ||
if (!PEM_write_bio_X509(bio_out.get(), x509.get())) { | ||
if (!noout && !checkend) { | ||
if (!WriteSignedCertificate(x509.get(), output_bio, out_path)) { | ||
return false; | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can
output_bio
beconst
?