Lines Matching defs:ca
65 struct ca {
81 { "/ca", 0755 },
109 int ca_sign(struct ca *, char *, int);
110 int ca_request(struct ca *, char *, int);
118 void ca_setcnf(struct ca *, const char *);
119 void ca_create_index(struct ca *);
126 ca_delete(struct ca *ca)
128 return (rm_dir(ca->sslpath));
132 ca_key_create(struct ca *ca, char *keyname)
139 ca->sslpath, keyname);
156 ca_key_import(struct ca *ca, char *keyname, char *import)
167 len = snprintf(dst, sizeof(dst), "%s/private/%s.key", ca->sslpath, keyname);
177 ca_key_delete(struct ca *ca, char *keyname)
183 ca->sslpath, keyname);
192 ca_delkey(struct ca *ca, char *keyname)
197 len = snprintf(file, sizeof(file), "%s/%s.crt", ca->sslpath, keyname);
202 len = snprintf(file, sizeof(file), "%s/private/%s.key", ca->sslpath, keyname);
207 len = snprintf(file, sizeof(file), "%s/private/%s.csr", ca->sslpath, keyname);
212 len = snprintf(file, sizeof(file), "%s/private/%s.pfx", ca->sslpath, keyname);
221 ca_request(struct ca *ca, char *keyname, int type)
248 ca_setcnf(ca, keyname);
250 len = snprintf(key, sizeof(key), "%s/private/%s.key", ca->sslpath, keyname);
253 len = snprintf(path, sizeof(path), "%s/private/%s.csr", ca->sslpath, keyname);
258 "-config", ca->sslcnf, ca->batch, NULL };
266 ca_sign(struct ca *ca, char *keyname, int type)
283 ca_create_index(ca);
285 ca_setenv("$ENV::CADB", ca->index);
286 ca_setenv("$ENV::CASERIAL", ca->serial);
287 ca_setcnf(ca, keyname);
289 len = snprintf(cakey, sizeof(cakey), "%s/private/ca.key", ca->sslpath);
292 len = snprintf(cacrt, sizeof(cacrt), "%s/ca.crt", ca->sslpath);
295 len = snprintf(out, sizeof(out), "%s/%s.crt", ca->sslpath, keyname);
298 len = snprintf(in, sizeof(in), "%s/private/%s.csr", ca->sslpath, keyname);
302 char *cmd[] = { PATH_OPENSSL, "ca", "-config", ca->sslcnf,
303 "-keyfile", cakey, "-cert", cacrt, "-extfile", ca->extcnf,
305 "-passin", ca->passfile, "-outdir", ca->sslpath, "-batch", NULL };
312 ca_certificate(struct ca *ca, char *keyname, int type, int action)
338 ca_key_create(ca, keyname);
339 ca_request(ca, keyname, type);
340 ca_sign(ca, keyname, type);
346 ca_key_install(struct ca *ca, char *keyname, char *dir)
355 len = snprintf(src, sizeof(src), "%s/private/%s.key", ca->sslpath, keyname);
360 printf("key for '%s' does not exist\n", ca->caname);
390 ca_cert_install(struct ca *ca, char *keyname, char *dir)
403 if ((r = ca_key_install(ca, keyname, dir)) != 0) {
408 len = snprintf(src, sizeof(src), "%s/%s.crt", ca->sslpath, keyname);
453 ca_create(struct ca *ca)
462 len = snprintf(key, sizeof(key), "%s/private/ca.key", ca->sslpath);
466 "-passout", ca->passfile, "2048", NULL };
473 ca_setcnf(ca, "ca");
475 len = snprintf(csr, sizeof(csr), "%s/private/ca.csr", ca->sslpath);
479 "-config", ca->sslcnf, "-out", csr,
480 "-passin", ca->passfile, ca->batch, NULL };
484 len = snprintf(crt, sizeof(crt), "%s/ca.crt", ca->sslpath);
489 "-extfile", ca->extcnf, "-extensions", "x509v3_CA",
490 "-out", crt, "-passin", ca->passfile, NULL };
494 ca_revoke(ca, NULL);
500 ca_install(struct ca *ca, char *dir)
508 len = snprintf(src, sizeof(src), "%s/ca.crt", ca->sslpath);
512 printf("CA '%s' does not exist\n", ca->caname);
521 len = snprintf(dst, sizeof(dst), "%s/ca/ca.crt", dir);
526 ca->caname, dst);
528 len = snprintf(src, sizeof(src), "%s/ca.crl", ca->sslpath);
532 len = snprintf(dst, sizeof(dst), "%s/crls/ca.crl", dir);
537 ca->caname, dst);
546 ca_show_certs(struct ca *ca, char *name)
557 ca->sslpath, name);
569 if ((dir = opendir(ca->sslpath)) == NULL)
570 err(1, "could not open directory %s", ca->sslpath);
577 len = snprintf(path, sizeof(path), "%s/%s", ca->sslpath,
712 ca_export(struct ca *ca, char *keyname, char *myname, char *password)
738 strlcpy(oname, "ca", sizeof(oname));
758 len = snprintf(cacrt, sizeof(cacrt), "%s/ca.crt", ca->sslpath);
761 len = snprintf(capfx, sizeof(capfx), "%s/ca.pfx", ca->sslpath);
764 len = snprintf(key, sizeof(key), "%s/private/%s.key", ca->sslpath, keyname);
767 len = snprintf(crt, sizeof(crt), "%s/%s.crt", ca->sslpath, keyname);
770 len = snprintf(pfx, sizeof(pfx), "%s/private/%s.pfx", ca->sslpath, oname);
783 "-passin", ca->passfile, NULL };
788 "-caname", ca->caname, "-name", ca->caname, "-cacerts",
790 "-passout", "env:EXPASS", "-passin", ca->passfile, NULL };
821 len = snprintf(src, sizeof(src), "%s/ca.pfx", ca->sslpath);
824 len = snprintf(dst, sizeof(dst), "%s/export/ca.pfx", p);
829 len = snprintf(src, sizeof(src), "%s/ca.crt", ca->sslpath);
832 len = snprintf(dst, sizeof(dst), "%s/ca/ca.crt", p);
837 len = snprintf(src, sizeof(src), "%s/ca.crl", ca->sslpath);
841 len = snprintf(dst, sizeof(dst), "%s/crls/ca.crl", p);
849 ca->sslpath, oname);
858 ca->sslpath, keyname);
870 len = snprintf(src, sizeof(src), "%s/%s.crt", ca->sslpath,
893 "-C", ca->sslpath, ".", NULL };
951 ca_create_index(struct ca *ca)
957 len = snprintf(ca->index, sizeof(ca->index), "%s/index.txt",
958 ca->sslpath);
959 if (len < 0 || (size_t)len >= sizeof(ca->index))
961 if (stat(ca->index, &st) != 0) {
963 if ((fd = open(ca->index, O_WRONLY | O_CREAT, 0644))
965 err(1, "could not create file %s", ca->index);
968 err(1, "could not access %s", ca->index);
971 len = snprintf(ca->serial, sizeof(ca->serial), "%s/serial.txt",
972 ca->sslpath);
973 if (len < 0 || (size_t)len >= sizeof(ca->serial))
975 if (stat(ca->serial, &st) != 0) {
977 if ((fd = open(ca->serial, O_WRONLY | O_CREAT, 0644))
979 err(1, "could not create file %s", ca->serial);
982 err(1, "write %s", ca->serial);
985 err(1, "could not access %s", ca->serial);
990 ca_revoke(struct ca *ca, char *keyname)
1000 ca->sslpath, keyname);
1009 ca_create_index(ca);
1011 ca_setenv("$ENV::CADB", ca->index);
1012 ca_setenv("$ENV::CASERIAL", ca->serial);
1016 ca_setcnf(ca, "ca-revoke");
1018 len = snprintf(cakey, sizeof(cakey), "%s/private/ca.key", ca->sslpath);
1021 len = snprintf(cacrt, sizeof(cacrt), "%s/ca.crt", ca->sslpath);
1026 char *cmd[] = { PATH_OPENSSL, "ca", "-config", ca->sslcnf,
1027 "-keyfile", cakey, "-passin", ca->passfile, "-cert", cacrt,
1028 "-revoke", path, ca->batch, NULL };
1032 len = snprintf(path, sizeof(path), "%s/ca.crl", ca->sslpath);
1035 char *cmd[] = { PATH_OPENSSL, "ca", "-config", ca->sslcnf,
1036 "-keyfile", cakey, "-passin", ca->passfile, "-gencrl",
1037 "-cert", cacrt, "-out", path, ca->batch, NULL };
1074 ca_setcnf(struct ca *ca, const char *keyname)
1088 len = snprintf(ca->extcnf, sizeof(ca->extcnf), "%s/%s-ext.cnf",
1089 ca->sslpath, keyname);
1090 if (len < 0 || (size_t)len >= sizeof(ca->extcnf))
1092 len = snprintf(ca->sslcnf, sizeof(ca->sslcnf), "%s/%s-ssl.cnf",
1093 ca->sslpath, keyname);
1094 if (len < 0 || (size_t)len >= sizeof(ca->sslcnf))
1097 fcopy_env(extcnf, ca->extcnf, 0400);
1098 fcopy_env(sslcnf, ca->sslcnf, 0400);
1101 struct ca *
1105 struct ca *ca;
1112 if ((ca = calloc(1, sizeof(struct ca))) == NULL)
1115 ca->caname = strdup(caname);
1116 len = snprintf(ca->sslpath, sizeof(ca->sslpath), SSLDIR "/%s", caname);
1117 if (len < 0 || (size_t)len >= sizeof(ca->sslpath))
1121 ca->batch = "-batch";
1123 if (create == 0 && stat(ca->sslpath, &st) == -1) {
1124 free(ca->caname);
1125 free(ca);
1129 strlcpy(path, ca->sslpath, sizeof(path));
1136 len = snprintf(path, sizeof(path), "%s/ikeca.passwd", ca->sslpath);
1141 len = snprintf(ca->passfile, sizeof(ca->passfile), "file:%s", path);
1142 if (len < 0 || (size_t)len >= sizeof(ca->passfile))
1145 return (ca);