From f82577e33ca7f830f9dbbbd31967364be49f0a27 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Feb 16 2015 18:34:19 +0000 Subject: Use defined names for SCEP protocol constants --- diff --git a/src/Makefile.am b/src/Makefile.am index 76d046b..4de1fdb 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -74,6 +74,7 @@ libcm_a_SOURCES = \ prefs.h \ prefs-n.c \ prefs-n.h \ + scep.h \ scepgen.c \ scepgen.h \ scepgen-int.h \ @@ -215,7 +216,7 @@ dogtag_submit_LDADD = $(CURL_LIBS) $(XML_LIBS) $(NSS_LIBS) \ $(OPENSSL_LIBS) $(TALLOC_LIBS) \ $(GMP_LIBS) $(UUID_LIBS) $(LTLIBICONV) scep_submit_CFLAGS = $(AM_CFLAGS) $(XML_CFLAGS) $(NSS_CFLAGS) $(CURL_CFLAGS) -scep_submit_SOURCES = scep.c \ +scep_submit_SOURCES = scep.c scep.h \ submit-h.c submit-h.h util-m.c util-m.h util-n.c util-n.h \ submit-u.c submit-u.h submit-e.h util.c util.h log.c log.h \ pkcs7.c pkcs7.h store.h store-gen.c tm.c tm.h prefs.c prefs.h \ diff --git a/src/scep.c b/src/scep.c index d91e5c6..e78ba31 100644 --- a/src/scep.c +++ b/src/scep.c @@ -72,7 +72,7 @@ static void help(const char *cmd) { fprintf(stderr, - "Usage: %s -u URL [options] [-c|-C|-g|-p] [pkiMessage]\n" + "Usage: %s -u URL [options] [-c|-C|-g|-p] [pkiMessage file]\n" "Options:\n" "\t[-i CA identifier]\n" "\t[-c]\tread CA capabilities\n" diff --git a/src/scep.h b/src/scep.h new file mode 100644 index 0000000..4505625 --- /dev/null +++ b/src/scep.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef cmscep_h +#define cmscep_h + +#define SCEP_MSGTYPE_PKCSREQ "19" +#define SCEP_MSGTYPE_CERTREP "3" +#define SCEP_MSGTYPE_GETCERTINITIAL "20" +#define SCEP_MSGTYPE_GETCERT "21" +#define SCEP_MSGTYPE_GETCRL "22" + +#define SCEP_PKISTATUS_SUCCESS "0" +#define SCEP_PKISTATUS_FAILURE "2" +#define SCEP_PKISTATUS_PENDING "3" + +#define SCEP_FAILINFO_BAD_ALG "0" +#define SCEP_FAILINFO_BAD_MESSAGE_CHECK "1" +#define SCEP_FAILINFO_BAD_REQUEST "2" +#define SCEP_FAILINFO_BAD_TIME "3" +#define SCEP_FAILINFO_BAD_CERT_ID "4" + +#endif diff --git a/src/scepgen-o.c b/src/scepgen-o.c index 0961991..bba757f 100644 --- a/src/scepgen-o.c +++ b/src/scepgen-o.c @@ -47,6 +47,7 @@ #include "pin.h" #include "pkcs7.h" #include "prefs-o.h" +#include "scep.h" #include "scep-o.h" #include "scepgen.h" #include "scepgen-int.h" @@ -428,13 +429,15 @@ cm_scepgen_o_cooked(struct cm_store_ca *ca, struct cm_store_entry *entry, X509_PUBKEY_set(&old_cert->cert_info->key, old_pkey); *csr_old = build_pkimessage(old_pkey, old_cert, chain, csr, csr_length, - entry->cm_scep_tx, "19", + entry->cm_scep_tx, + SCEP_MSGTYPE_PKCSREQ, NULL, NULL, nonce, nonce_length, NULL, 0); *ias_old = build_pkimessage(old_pkey, old_cert, chain, old_ias, old_ias_length, - entry->cm_scep_tx, "20", + entry->cm_scep_tx, + SCEP_MSGTYPE_GETCERTINITIAL, NULL, NULL, nonce, nonce_length, NULL, 0); @@ -451,13 +454,15 @@ cm_scepgen_o_cooked(struct cm_store_ca *ca, struct cm_store_entry *entry, X509_PUBKEY_set(&new_cert->cert_info->key, new_pkey); *csr_new = build_pkimessage(new_pkey, new_cert, chain, csr, csr_length, - entry->cm_scep_tx, "19", + entry->cm_scep_tx, + SCEP_MSGTYPE_PKCSREQ, NULL, NULL, nonce, nonce_length, NULL, 0); *ias_new = build_pkimessage(new_pkey, new_cert, chain, new_ias, new_ias_length, - entry->cm_scep_tx, "20", + entry->cm_scep_tx, + SCEP_MSGTYPE_GETCERTINITIAL, NULL, NULL, nonce, nonce_length, NULL, 0); @@ -470,13 +475,15 @@ cm_scepgen_o_cooked(struct cm_store_ca *ca, struct cm_store_entry *entry, X509_PUBKEY_set(&new_cert->cert_info->key, old_pkey); *csr_new = build_pkimessage(old_pkey, new_cert, chain, csr, csr_length, - entry->cm_scep_tx, "19", + entry->cm_scep_tx, + SCEP_MSGTYPE_PKCSREQ, NULL, NULL, nonce, nonce_length, NULL, 0); *ias_new = build_pkimessage(old_pkey, new_cert, chain, new_ias, new_ias_length, - entry->cm_scep_tx, "20", + entry->cm_scep_tx, + SCEP_MSGTYPE_GETCERTINITIAL, NULL, NULL, nonce, nonce_length, NULL, 0); diff --git a/tests/033-scep/run.sh b/tests/033-scep/run.sh index 05cd124..49aa3d1 100755 --- a/tests/033-scep/run.sh +++ b/tests/033-scep/run.sh @@ -1,6 +1,12 @@ #!/bin/bash cd "$tmpdir" +SCEP_MSGTYPE_PKCSREQ="19" +SCEP_MSGTYPE_CERTREP="3" +SCEP_MSGTYPE_GETCERTINITIAL="20" +SCEP_MSGTYPE_GETCERT="21" +SCEP_MSGTYPE_GETCRL="22" + $toolsdir/cachain.sh 0 2> /dev/null cat > ca << EOF @@ -89,14 +95,14 @@ echo OK echo "[req, old root]" grep ^req: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r ca0.crt ee.crt 2>&1 > results 2>&1 check_verified -check_msgtype 19 +check_msgtype $SCEP_MSGTYPE_PKCSREQ check_txid check_nonce echo OK echo "[gic, old trust root]" grep ^gic: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r ca0.crt ee.crt 2>&1 > results 2>&1 check_verified -check_msgtype 20 +check_msgtype $SCEP_MSGTYPE_GETCERTINITIAL check_txid check_nonce echo OK @@ -111,14 +117,14 @@ echo OK echo "[req next, self root]" grep ^req.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r mini.crt ee.crt > results 2>&1 check_verified -check_msgtype 19 +check_msgtype $SCEP_MSGTYPE_PKCSREQ check_txid check_nonce echo OK echo "[gic next, self root]" grep ^gic.next.: scepdata | cut -f2- -d: | base64 -i -d | $toolsdir/pk7verify -r mini.crt ee.crt > results 2>&1 check_verified -check_msgtype 20 +check_msgtype $SCEP_MSGTYPE_GETCERTINITIAL check_txid check_nonce echo OK