winpr-makecert: use sha256 and update command line

* use sha256 instead of sha1 as default hash algorithm * fix command line parser * mark not implemented command line switches as unsupported
2017-01-12 11:04:34 +01:00 · 2017-01-12 11:04:34 +01:00 · 960f4644cd
parent 2f93c0f452
commit 960f4644cd
1 changed files with 44 additions and 45 deletions
--- a/winpr/tools/makecert/makecert.c
+++ b/winpr/tools/makecert/makecert.c
@ -67,7 +67,7 @@ static COMMAND_LINE_ARGUMENT_A args[] =
 	/* Custom Options */

 	{ "rdp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
-			"Generate certificate with required options for RDP usage."
+			"Unsupported - Generate certificate with required options for RDP usage."
 	},
 	{ "silent", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
 			"Silently generate certificate without verbose output."
@ -92,82 +92,82 @@ static COMMAND_LINE_ARGUMENT_A args[] =
 			"The simplest method is to specify the name in double quotes, preceded by CN=; for example, -n \"CN=myName\"."
 	},
 	{ "pe", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
-			"Marks the generated private key as exportable. This allows the private key to be included in the certificate."
+			"Unsupported - Marks the generated private key as exportable. This allows the private key to be included in the certificate."
 	},
 	{ "sk", COMMAND_LINE_VALUE_REQUIRED, "<keyname>", NULL, NULL, -1, NULL,
-			"Specifies the subject's key container location, which contains the private key. "
+			"Unsupported - Specifies the subject's key container location, which contains the private key. "
 			"If a key container does not exist, it will be created."
 	},
 	{ "sr", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
-			"Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine."
+			"Unsupported - Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine."
 	},
 	{ "ss", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
-			"Specifies the subject's certificate store name that stores the output certificate."
+			"Unsupported - Specifies the subject's certificate store name that stores the output certificate."
 	},
 	{ "#", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
 			"Specifies a serial number from 1 to 2,147,483,647. The default is a unique value generated by Makecert.exe."
 	},
 	{ "$", COMMAND_LINE_VALUE_REQUIRED, "<authority>", NULL, NULL, -1, NULL,
-			"Specifies the signing authority of the certificate, which must be set to either commercial "
+			"Unsupported - Specifies the signing authority of the certificate, which must be set to either commercial "
 			"(for certificates used by commercial software publishers) or individual (for certificates used by individual software publishers)."
 	},

 	/* Extended Options */

 	{ "a", COMMAND_LINE_VALUE_REQUIRED, "<algorithm>", NULL, NULL, -1, NULL,
-			"Specifies the signature algorithm. algorithm must be md5, sha1 (the default), sha256, sha384, or sha512."
+			"Specifies the signature algorithm. algorithm must be md5, sha1, sha256 (the default), sha384, or sha512."
 	},
 	{ "b", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
-			"Specifies the start of the validity period. Defaults to the current date."
+			"Unsupported - Specifies the start of the validity period. Defaults to the current date."
 	},
 	{ "crl", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
-			"Generates a certificate relocation list (CRL) instead of a certificate."
+			"Unsupported - Generates a certificate relocation list (CRL) instead of a certificate."
 	},
 	{ "cy", COMMAND_LINE_VALUE_REQUIRED, "<certType>", NULL, NULL, -1, NULL,
-			"Specifies the certificate type. Valid values are end for end-entity and authority for certification authority."
+			"Unsupported - Specifies the certificate type. Valid values are end for end-entity and authority for certification authority."
 	},
 	{ "e", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
-			"Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT."
+			"Unsupported - Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT."
 	},
 	{ "eku", COMMAND_LINE_VALUE_REQUIRED, "<oid[,oid…]>", NULL, NULL, -1, NULL,
-			"Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into the certificate."
+			"Unsupported - Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into the certificate."
 	},
 	{ "h", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
-			"Specifies the maximum height of the tree below this certificate."
+			"Unsupported - Specifies the maximum height of the tree below this certificate."
 	},
 	{ "ic", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's certificate file."
+			"Unsupported - Specifies the issuer's certificate file."
 	},
 	{ "ik", COMMAND_LINE_VALUE_REQUIRED, "<keyName>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's key container name."
+			"Unsupported - Specifies the issuer's key container name."
 	},
 	{ "iky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's key type, which must be one of the following: "
+			"Unsupported - Specifies the issuer's key type, which must be one of the following: "
 			"signature (which indicates that the key is used for a digital signature), "
 			"exchange (which indicates that the key is used for key encryption and key exchange), "
 			"or an integer that represents a provider type. "
 			"By default, you can pass 1 for an exchange key or 2 for a signature key."
 	},
 	{ "in", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's certificate common name."
+			"Unsupported - Specifies the issuer's certificate common name."
 	},
 	{ "ip", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's CryptoAPI provider name. For information about the CryptoAPI provider name, see the –sp option."
+			"Unsupported - Specifies the issuer's CryptoAPI provider name. For information about the CryptoAPI provider name, see the –sp option."
 	},
 	{ "ir", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
-			"Specifies the location of the issuer's certificate store. location can be either currentuser (the default) or localmachine."
+			"Unsupported - Specifies the location of the issuer's certificate store. location can be either currentuser (the default) or localmachine."
 	},
 	{ "is", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's certificate store name."
+			"Unsupported - Specifies the issuer's certificate store name."
 	},
 	{ "iv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's .pvk private key file."
+			"Unsupported - Specifies the issuer's .pvk private key file."
 	},
 	{ "iy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
-			"Specifies the issuer's CryptoAPI provider type. For information about the CryptoAPI provider type, see the –sy option."
+			"Unsupported - Specifies the issuer's CryptoAPI provider type. For information about the CryptoAPI provider type, see the –sy option."
 	},
 	{ "l", COMMAND_LINE_VALUE_REQUIRED, "<link>", NULL, NULL, -1, NULL,
-			"Links to policy information (for example, to a URL)."
+			"Unsupported - Links to policy information (for example, to a URL)."
 	},
 	{ "len", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
 			"Specifies the generated key length, in bits."
@ -179,36 +179,36 @@ static COMMAND_LINE_ARGUMENT_A args[] =
 			"Specifies the duration, in years, of the certificate validity period."
 	},
 	{ "nscp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
-			"Includes the Netscape client-authorization extension."
+			"Unsupported - Includes the Netscape client-authorization extension."
 	},
 	{ "r", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
-			"Creates a self-signed certificate."
+			"Unsupported - Creates a self-signed certificate."
 	},
 	{ "sc", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
-			"Specifies the subject's certificate file."
+			"Unsupported - Specifies the subject's certificate file."
 	},
 	{ "sky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
-			"Specifies the subject's key type, which must be one of the following: "
+			"Unsupported - Specifies the subject's key type, which must be one of the following: "
 			"signature (which indicates that the key is used for a digital signature), "
 			"exchange (which indicates that the key is used for key encryption and key exchange), "
 			"or an integer that represents a provider type. "
 			"By default, you can pass 1 for an exchange key or 2 for a signature key."
 	},
 	{ "sp", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
-			"Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of "
+			"Unsupported - Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of "
 			"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider. If both –sp and –sy are present, "
 			"the type of the CryptoAPI provider must correspond to the Type value of the provider's subkey."
 	},
 	{ "sv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
-			"Specifies the subject's .pvk private key file. The file is created if none exists."
+			"Unsupported - Specifies the subject's .pvk private key file. The file is created if none exists."
 	},
 	{ "sy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
-			"Specifies the subject's CryptoAPI provider type, which must be defined in the registry subkeys of "
+			"Unsupported - Specifies the subject's CryptoAPI provider type, which must be defined in the registry subkeys of "
 			"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types. If both –sy and –sp are present, "
 			"the name of the CryptoAPI provider must correspond to the Name value of the provider type subkey."
 	},
 	{ "tbs", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
-			"Specifies the certificate or CRL file to be signed."
+			"Unsupported - Specifies the certificate or CRL file to be signed."
 	},

 	/* Help */
@ -354,9 +354,8 @@ int command_line_pre_filter(MAKECERT_CONTEXT* context, int index, int argc, LPCS
 			context->output_file = _strdup(argv[index]);
 			if (!context->output_file)
 				return -1;
+			return 1;
 		}
-
-		return 1;
 	}

 	return 0;
@ -389,11 +388,10 @@ int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char**

 	do
 	{
-		if (!(arg->Flags & COMMAND_LINE_VALUE_PRESENT))
+		if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
 			continue;

 		CommandLineSwitchStart(arg)
-
 		/* Basic Options */

 		CommandLineSwitchCase(arg, "silent")
@ -474,7 +472,6 @@ int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char**

 		CommandLineSwitchDefault(arg)
 		{
-
 		}

 		CommandLineSwitchEnd(arg)
@ -579,7 +576,7 @@ int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* pa
 				goto out_fail;

 			status = BIO_read(bio, x509_str, length);
-		
+
 			if (status < 0)
 				goto out_fail;

@ -634,7 +631,7 @@ int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* pa
 				goto out_fail;

 			status = BIO_read(bio, x509_str, length);
-		
+
 			if (status < 0)
 				goto out_fail;

@ -692,7 +689,7 @@ int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* pa
 					goto out_fail;

 				status = BIO_read(bio, x509_str, length);
-		
+
 				if (status < 0)
 					goto out_fail;

@ -880,7 +877,9 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)

 	ret =  makecert_context_parse_arguments(context, argc, argv);
 	if (ret < 1)
+	{
 		return ret;
+	}

 	if (!context->default_name && !context->common_name)
 	{
@ -951,7 +950,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
 	{
 		X509_gmtime_adj(X509_get_notAfter(context->x509), (long) (60 * 60 * 24 * 365 * context->duration_years));
 	}
-	
+
 	X509_set_pubkey(context->x509, context->pkey);

 	name = X509_get_subject_name(context->x509);
@ -1004,7 +1003,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)

 	arg = CommandLineFindArgumentA(args, "a");

-	md = EVP_sha1();
+	md = EVP_sha256();

 	if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
 	{
@ -1051,14 +1050,14 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
 		}

 		status = BIO_read(bio, x509_str, length);
-		
+
 		if (status < 0)
 		{
 			BIO_free(bio);
 			free(x509_str);
 			return -1;
 		}
-		
+
 		offset += status;

 		while (offset >= length)
@ -1087,7 +1086,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)

 		if (status < 0)
 			return -1;
-		
+
 		length = offset;
 		x509_str[length] = '\0';

@ -1106,7 +1105,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
 		makecert_context_output_certificate_file(context, context->output_path);

 		if (context->crtFormat)
-		{	
+		{
 			if (makecert_context_output_private_key_file(context, context->output_path) < 0)
 				return -1;
 		}