winpr-makecert: use sha256 and update command line
* use sha256 instead of sha1 as default hash algorithm * fix command line parser * mark not implemented command line switches as unsupported
This commit is contained in:
parent
2f93c0f452
commit
960f4644cd
@ -67,7 +67,7 @@ static COMMAND_LINE_ARGUMENT_A args[] =
|
||||
/* Custom Options */
|
||||
|
||||
{ "rdp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||
"Generate certificate with required options for RDP usage."
|
||||
"Unsupported - Generate certificate with required options for RDP usage."
|
||||
},
|
||||
{ "silent", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||
"Silently generate certificate without verbose output."
|
||||
@ -92,82 +92,82 @@ static COMMAND_LINE_ARGUMENT_A args[] =
|
||||
"The simplest method is to specify the name in double quotes, preceded by CN=; for example, -n \"CN=myName\"."
|
||||
},
|
||||
{ "pe", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||
"Marks the generated private key as exportable. This allows the private key to be included in the certificate."
|
||||
"Unsupported - Marks the generated private key as exportable. This allows the private key to be included in the certificate."
|
||||
},
|
||||
{ "sk", COMMAND_LINE_VALUE_REQUIRED, "<keyname>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's key container location, which contains the private key. "
|
||||
"Unsupported - Specifies the subject's key container location, which contains the private key. "
|
||||
"If a key container does not exist, it will be created."
|
||||
},
|
||||
{ "sr", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine."
|
||||
"Unsupported - Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine."
|
||||
},
|
||||
{ "ss", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's certificate store name that stores the output certificate."
|
||||
"Unsupported - Specifies the subject's certificate store name that stores the output certificate."
|
||||
},
|
||||
{ "#", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
||||
"Specifies a serial number from 1 to 2,147,483,647. The default is a unique value generated by Makecert.exe."
|
||||
},
|
||||
{ "$", COMMAND_LINE_VALUE_REQUIRED, "<authority>", NULL, NULL, -1, NULL,
|
||||
"Specifies the signing authority of the certificate, which must be set to either commercial "
|
||||
"Unsupported - Specifies the signing authority of the certificate, which must be set to either commercial "
|
||||
"(for certificates used by commercial software publishers) or individual (for certificates used by individual software publishers)."
|
||||
},
|
||||
|
||||
/* Extended Options */
|
||||
|
||||
{ "a", COMMAND_LINE_VALUE_REQUIRED, "<algorithm>", NULL, NULL, -1, NULL,
|
||||
"Specifies the signature algorithm. algorithm must be md5, sha1 (the default), sha256, sha384, or sha512."
|
||||
"Specifies the signature algorithm. algorithm must be md5, sha1, sha256 (the default), sha384, or sha512."
|
||||
},
|
||||
{ "b", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
||||
"Specifies the start of the validity period. Defaults to the current date."
|
||||
"Unsupported - Specifies the start of the validity period. Defaults to the current date."
|
||||
},
|
||||
{ "crl", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||
"Generates a certificate relocation list (CRL) instead of a certificate."
|
||||
"Unsupported - Generates a certificate relocation list (CRL) instead of a certificate."
|
||||
},
|
||||
{ "cy", COMMAND_LINE_VALUE_REQUIRED, "<certType>", NULL, NULL, -1, NULL,
|
||||
"Specifies the certificate type. Valid values are end for end-entity and authority for certification authority."
|
||||
"Unsupported - Specifies the certificate type. Valid values are end for end-entity and authority for certification authority."
|
||||
},
|
||||
{ "e", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
||||
"Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT."
|
||||
"Unsupported - Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT."
|
||||
},
|
||||
{ "eku", COMMAND_LINE_VALUE_REQUIRED, "<oid[,oid…]>", NULL, NULL, -1, NULL,
|
||||
"Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into the certificate."
|
||||
"Unsupported - Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into the certificate."
|
||||
},
|
||||
{ "h", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
||||
"Specifies the maximum height of the tree below this certificate."
|
||||
"Unsupported - Specifies the maximum height of the tree below this certificate."
|
||||
},
|
||||
{ "ic", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's certificate file."
|
||||
"Unsupported - Specifies the issuer's certificate file."
|
||||
},
|
||||
{ "ik", COMMAND_LINE_VALUE_REQUIRED, "<keyName>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's key container name."
|
||||
"Unsupported - Specifies the issuer's key container name."
|
||||
},
|
||||
{ "iky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's key type, which must be one of the following: "
|
||||
"Unsupported - Specifies the issuer's key type, which must be one of the following: "
|
||||
"signature (which indicates that the key is used for a digital signature), "
|
||||
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
||||
"or an integer that represents a provider type. "
|
||||
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
||||
},
|
||||
{ "in", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's certificate common name."
|
||||
"Unsupported - Specifies the issuer's certificate common name."
|
||||
},
|
||||
{ "ip", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's CryptoAPI provider name. For information about the CryptoAPI provider name, see the –sp option."
|
||||
"Unsupported - Specifies the issuer's CryptoAPI provider name. For information about the CryptoAPI provider name, see the –sp option."
|
||||
},
|
||||
{ "ir", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
||||
"Specifies the location of the issuer's certificate store. location can be either currentuser (the default) or localmachine."
|
||||
"Unsupported - Specifies the location of the issuer's certificate store. location can be either currentuser (the default) or localmachine."
|
||||
},
|
||||
{ "is", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's certificate store name."
|
||||
"Unsupported - Specifies the issuer's certificate store name."
|
||||
},
|
||||
{ "iv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's .pvk private key file."
|
||||
"Unsupported - Specifies the issuer's .pvk private key file."
|
||||
},
|
||||
{ "iy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
||||
"Specifies the issuer's CryptoAPI provider type. For information about the CryptoAPI provider type, see the –sy option."
|
||||
"Unsupported - Specifies the issuer's CryptoAPI provider type. For information about the CryptoAPI provider type, see the –sy option."
|
||||
},
|
||||
{ "l", COMMAND_LINE_VALUE_REQUIRED, "<link>", NULL, NULL, -1, NULL,
|
||||
"Links to policy information (for example, to a URL)."
|
||||
"Unsupported - Links to policy information (for example, to a URL)."
|
||||
},
|
||||
{ "len", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
||||
"Specifies the generated key length, in bits."
|
||||
@ -179,36 +179,36 @@ static COMMAND_LINE_ARGUMENT_A args[] =
|
||||
"Specifies the duration, in years, of the certificate validity period."
|
||||
},
|
||||
{ "nscp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||
"Includes the Netscape client-authorization extension."
|
||||
"Unsupported - Includes the Netscape client-authorization extension."
|
||||
},
|
||||
{ "r", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||
"Creates a self-signed certificate."
|
||||
"Unsupported - Creates a self-signed certificate."
|
||||
},
|
||||
{ "sc", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's certificate file."
|
||||
"Unsupported - Specifies the subject's certificate file."
|
||||
},
|
||||
{ "sky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's key type, which must be one of the following: "
|
||||
"Unsupported - Specifies the subject's key type, which must be one of the following: "
|
||||
"signature (which indicates that the key is used for a digital signature), "
|
||||
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
||||
"or an integer that represents a provider type. "
|
||||
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
||||
},
|
||||
{ "sp", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of "
|
||||
"Unsupported - Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of "
|
||||
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider. If both –sp and –sy are present, "
|
||||
"the type of the CryptoAPI provider must correspond to the Type value of the provider's subkey."
|
||||
},
|
||||
{ "sv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's .pvk private key file. The file is created if none exists."
|
||||
"Unsupported - Specifies the subject's .pvk private key file. The file is created if none exists."
|
||||
},
|
||||
{ "sy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
||||
"Specifies the subject's CryptoAPI provider type, which must be defined in the registry subkeys of "
|
||||
"Unsupported - Specifies the subject's CryptoAPI provider type, which must be defined in the registry subkeys of "
|
||||
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types. If both –sy and –sp are present, "
|
||||
"the name of the CryptoAPI provider must correspond to the Name value of the provider type subkey."
|
||||
},
|
||||
{ "tbs", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||
"Specifies the certificate or CRL file to be signed."
|
||||
"Unsupported - Specifies the certificate or CRL file to be signed."
|
||||
},
|
||||
|
||||
/* Help */
|
||||
@ -354,9 +354,8 @@ int command_line_pre_filter(MAKECERT_CONTEXT* context, int index, int argc, LPCS
|
||||
context->output_file = _strdup(argv[index]);
|
||||
if (!context->output_file)
|
||||
return -1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -389,11 +388,10 @@ int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char**
|
||||
|
||||
do
|
||||
{
|
||||
if (!(arg->Flags & COMMAND_LINE_VALUE_PRESENT))
|
||||
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
||||
continue;
|
||||
|
||||
CommandLineSwitchStart(arg)
|
||||
|
||||
/* Basic Options */
|
||||
|
||||
CommandLineSwitchCase(arg, "silent")
|
||||
@ -474,7 +472,6 @@ int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char**
|
||||
|
||||
CommandLineSwitchDefault(arg)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
CommandLineSwitchEnd(arg)
|
||||
@ -579,7 +576,7 @@ int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* pa
|
||||
goto out_fail;
|
||||
|
||||
status = BIO_read(bio, x509_str, length);
|
||||
|
||||
|
||||
if (status < 0)
|
||||
goto out_fail;
|
||||
|
||||
@ -634,7 +631,7 @@ int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* pa
|
||||
goto out_fail;
|
||||
|
||||
status = BIO_read(bio, x509_str, length);
|
||||
|
||||
|
||||
if (status < 0)
|
||||
goto out_fail;
|
||||
|
||||
@ -692,7 +689,7 @@ int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* pa
|
||||
goto out_fail;
|
||||
|
||||
status = BIO_read(bio, x509_str, length);
|
||||
|
||||
|
||||
if (status < 0)
|
||||
goto out_fail;
|
||||
|
||||
@ -880,7 +877,9 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
||||
|
||||
ret = makecert_context_parse_arguments(context, argc, argv);
|
||||
if (ret < 1)
|
||||
{
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (!context->default_name && !context->common_name)
|
||||
{
|
||||
@ -951,7 +950,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
||||
{
|
||||
X509_gmtime_adj(X509_get_notAfter(context->x509), (long) (60 * 60 * 24 * 365 * context->duration_years));
|
||||
}
|
||||
|
||||
|
||||
X509_set_pubkey(context->x509, context->pkey);
|
||||
|
||||
name = X509_get_subject_name(context->x509);
|
||||
@ -1004,7 +1003,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
||||
|
||||
arg = CommandLineFindArgumentA(args, "a");
|
||||
|
||||
md = EVP_sha1();
|
||||
md = EVP_sha256();
|
||||
|
||||
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
|
||||
{
|
||||
@ -1051,14 +1050,14 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
||||
}
|
||||
|
||||
status = BIO_read(bio, x509_str, length);
|
||||
|
||||
|
||||
if (status < 0)
|
||||
{
|
||||
BIO_free(bio);
|
||||
free(x509_str);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
offset += status;
|
||||
|
||||
while (offset >= length)
|
||||
@ -1087,7 +1086,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
||||
|
||||
if (status < 0)
|
||||
return -1;
|
||||
|
||||
|
||||
length = offset;
|
||||
x509_str[length] = '\0';
|
||||
|
||||
@ -1106,7 +1105,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
||||
makecert_context_output_certificate_file(context, context->output_path);
|
||||
|
||||
if (context->crtFormat)
|
||||
{
|
||||
{
|
||||
if (makecert_context_output_private_key_file(context, context->output_path) < 0)
|
||||
return -1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user