winpr-makecert: use sha256 and update command line
* use sha256 instead of sha1 as default hash algorithm * fix command line parser * mark not implemented command line switches as unsupported
This commit is contained in:
parent
2f93c0f452
commit
960f4644cd
@ -67,7 +67,7 @@ static COMMAND_LINE_ARGUMENT_A args[] =
|
|||||||
/* Custom Options */
|
/* Custom Options */
|
||||||
|
|
||||||
{ "rdp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
{ "rdp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||||
"Generate certificate with required options for RDP usage."
|
"Unsupported - Generate certificate with required options for RDP usage."
|
||||||
},
|
},
|
||||||
{ "silent", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
{ "silent", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||||
"Silently generate certificate without verbose output."
|
"Silently generate certificate without verbose output."
|
||||||
@ -92,82 +92,82 @@ static COMMAND_LINE_ARGUMENT_A args[] =
|
|||||||
"The simplest method is to specify the name in double quotes, preceded by CN=; for example, -n \"CN=myName\"."
|
"The simplest method is to specify the name in double quotes, preceded by CN=; for example, -n \"CN=myName\"."
|
||||||
},
|
},
|
||||||
{ "pe", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
{ "pe", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||||
"Marks the generated private key as exportable. This allows the private key to be included in the certificate."
|
"Unsupported - Marks the generated private key as exportable. This allows the private key to be included in the certificate."
|
||||||
},
|
},
|
||||||
{ "sk", COMMAND_LINE_VALUE_REQUIRED, "<keyname>", NULL, NULL, -1, NULL,
|
{ "sk", COMMAND_LINE_VALUE_REQUIRED, "<keyname>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's key container location, which contains the private key. "
|
"Unsupported - Specifies the subject's key container location, which contains the private key. "
|
||||||
"If a key container does not exist, it will be created."
|
"If a key container does not exist, it will be created."
|
||||||
},
|
},
|
||||||
{ "sr", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
{ "sr", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine."
|
"Unsupported - Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine."
|
||||||
},
|
},
|
||||||
{ "ss", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
{ "ss", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's certificate store name that stores the output certificate."
|
"Unsupported - Specifies the subject's certificate store name that stores the output certificate."
|
||||||
},
|
},
|
||||||
{ "#", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
{ "#", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
||||||
"Specifies a serial number from 1 to 2,147,483,647. The default is a unique value generated by Makecert.exe."
|
"Specifies a serial number from 1 to 2,147,483,647. The default is a unique value generated by Makecert.exe."
|
||||||
},
|
},
|
||||||
{ "$", COMMAND_LINE_VALUE_REQUIRED, "<authority>", NULL, NULL, -1, NULL,
|
{ "$", COMMAND_LINE_VALUE_REQUIRED, "<authority>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the signing authority of the certificate, which must be set to either commercial "
|
"Unsupported - Specifies the signing authority of the certificate, which must be set to either commercial "
|
||||||
"(for certificates used by commercial software publishers) or individual (for certificates used by individual software publishers)."
|
"(for certificates used by commercial software publishers) or individual (for certificates used by individual software publishers)."
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Extended Options */
|
/* Extended Options */
|
||||||
|
|
||||||
{ "a", COMMAND_LINE_VALUE_REQUIRED, "<algorithm>", NULL, NULL, -1, NULL,
|
{ "a", COMMAND_LINE_VALUE_REQUIRED, "<algorithm>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the signature algorithm. algorithm must be md5, sha1 (the default), sha256, sha384, or sha512."
|
"Specifies the signature algorithm. algorithm must be md5, sha1, sha256 (the default), sha384, or sha512."
|
||||||
},
|
},
|
||||||
{ "b", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
{ "b", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the start of the validity period. Defaults to the current date."
|
"Unsupported - Specifies the start of the validity period. Defaults to the current date."
|
||||||
},
|
},
|
||||||
{ "crl", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
{ "crl", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||||
"Generates a certificate relocation list (CRL) instead of a certificate."
|
"Unsupported - Generates a certificate relocation list (CRL) instead of a certificate."
|
||||||
},
|
},
|
||||||
{ "cy", COMMAND_LINE_VALUE_REQUIRED, "<certType>", NULL, NULL, -1, NULL,
|
{ "cy", COMMAND_LINE_VALUE_REQUIRED, "<certType>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the certificate type. Valid values are end for end-entity and authority for certification authority."
|
"Unsupported - Specifies the certificate type. Valid values are end for end-entity and authority for certification authority."
|
||||||
},
|
},
|
||||||
{ "e", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
{ "e", COMMAND_LINE_VALUE_REQUIRED, "<mm/dd/yyyy>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT."
|
"Unsupported - Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT."
|
||||||
},
|
},
|
||||||
{ "eku", COMMAND_LINE_VALUE_REQUIRED, "<oid[,oid…]>", NULL, NULL, -1, NULL,
|
{ "eku", COMMAND_LINE_VALUE_REQUIRED, "<oid[,oid…]>", NULL, NULL, -1, NULL,
|
||||||
"Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into the certificate."
|
"Unsupported - Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into the certificate."
|
||||||
},
|
},
|
||||||
{ "h", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
{ "h", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the maximum height of the tree below this certificate."
|
"Unsupported - Specifies the maximum height of the tree below this certificate."
|
||||||
},
|
},
|
||||||
{ "ic", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
{ "ic", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's certificate file."
|
"Unsupported - Specifies the issuer's certificate file."
|
||||||
},
|
},
|
||||||
{ "ik", COMMAND_LINE_VALUE_REQUIRED, "<keyName>", NULL, NULL, -1, NULL,
|
{ "ik", COMMAND_LINE_VALUE_REQUIRED, "<keyName>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's key container name."
|
"Unsupported - Specifies the issuer's key container name."
|
||||||
},
|
},
|
||||||
{ "iky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
{ "iky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's key type, which must be one of the following: "
|
"Unsupported - Specifies the issuer's key type, which must be one of the following: "
|
||||||
"signature (which indicates that the key is used for a digital signature), "
|
"signature (which indicates that the key is used for a digital signature), "
|
||||||
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
||||||
"or an integer that represents a provider type. "
|
"or an integer that represents a provider type. "
|
||||||
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
||||||
},
|
},
|
||||||
{ "in", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL,
|
{ "in", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's certificate common name."
|
"Unsupported - Specifies the issuer's certificate common name."
|
||||||
},
|
},
|
||||||
{ "ip", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
{ "ip", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's CryptoAPI provider name. For information about the CryptoAPI provider name, see the –sp option."
|
"Unsupported - Specifies the issuer's CryptoAPI provider name. For information about the CryptoAPI provider name, see the –sp option."
|
||||||
},
|
},
|
||||||
{ "ir", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
{ "ir", COMMAND_LINE_VALUE_REQUIRED, "<location>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the location of the issuer's certificate store. location can be either currentuser (the default) or localmachine."
|
"Unsupported - Specifies the location of the issuer's certificate store. location can be either currentuser (the default) or localmachine."
|
||||||
},
|
},
|
||||||
{ "is", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
{ "is", COMMAND_LINE_VALUE_REQUIRED, "<store>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's certificate store name."
|
"Unsupported - Specifies the issuer's certificate store name."
|
||||||
},
|
},
|
||||||
{ "iv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
{ "iv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's .pvk private key file."
|
"Unsupported - Specifies the issuer's .pvk private key file."
|
||||||
},
|
},
|
||||||
{ "iy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
{ "iy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the issuer's CryptoAPI provider type. For information about the CryptoAPI provider type, see the –sy option."
|
"Unsupported - Specifies the issuer's CryptoAPI provider type. For information about the CryptoAPI provider type, see the –sy option."
|
||||||
},
|
},
|
||||||
{ "l", COMMAND_LINE_VALUE_REQUIRED, "<link>", NULL, NULL, -1, NULL,
|
{ "l", COMMAND_LINE_VALUE_REQUIRED, "<link>", NULL, NULL, -1, NULL,
|
||||||
"Links to policy information (for example, to a URL)."
|
"Unsupported - Links to policy information (for example, to a URL)."
|
||||||
},
|
},
|
||||||
{ "len", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
{ "len", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the generated key length, in bits."
|
"Specifies the generated key length, in bits."
|
||||||
@ -179,36 +179,36 @@ static COMMAND_LINE_ARGUMENT_A args[] =
|
|||||||
"Specifies the duration, in years, of the certificate validity period."
|
"Specifies the duration, in years, of the certificate validity period."
|
||||||
},
|
},
|
||||||
{ "nscp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
{ "nscp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||||
"Includes the Netscape client-authorization extension."
|
"Unsupported - Includes the Netscape client-authorization extension."
|
||||||
},
|
},
|
||||||
{ "r", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
{ "r", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
|
||||||
"Creates a self-signed certificate."
|
"Unsupported - Creates a self-signed certificate."
|
||||||
},
|
},
|
||||||
{ "sc", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
{ "sc", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's certificate file."
|
"Unsupported - Specifies the subject's certificate file."
|
||||||
},
|
},
|
||||||
{ "sky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
{ "sky", COMMAND_LINE_VALUE_REQUIRED, "<keyType>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's key type, which must be one of the following: "
|
"Unsupported - Specifies the subject's key type, which must be one of the following: "
|
||||||
"signature (which indicates that the key is used for a digital signature), "
|
"signature (which indicates that the key is used for a digital signature), "
|
||||||
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
"exchange (which indicates that the key is used for key encryption and key exchange), "
|
||||||
"or an integer that represents a provider type. "
|
"or an integer that represents a provider type. "
|
||||||
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
"By default, you can pass 1 for an exchange key or 2 for a signature key."
|
||||||
},
|
},
|
||||||
{ "sp", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
{ "sp", COMMAND_LINE_VALUE_REQUIRED, "<provider>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of "
|
"Unsupported - Specifies the subject's CryptoAPI provider name, which must be defined in the registry subkeys of "
|
||||||
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider. If both –sp and –sy are present, "
|
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider. If both –sp and –sy are present, "
|
||||||
"the type of the CryptoAPI provider must correspond to the Type value of the provider's subkey."
|
"the type of the CryptoAPI provider must correspond to the Type value of the provider's subkey."
|
||||||
},
|
},
|
||||||
{ "sv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
{ "sv", COMMAND_LINE_VALUE_REQUIRED, "<pvkFile>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's .pvk private key file. The file is created if none exists."
|
"Unsupported - Specifies the subject's .pvk private key file. The file is created if none exists."
|
||||||
},
|
},
|
||||||
{ "sy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
{ "sy", COMMAND_LINE_VALUE_REQUIRED, "<type>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the subject's CryptoAPI provider type, which must be defined in the registry subkeys of "
|
"Unsupported - Specifies the subject's CryptoAPI provider type, which must be defined in the registry subkeys of "
|
||||||
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types. If both –sy and –sp are present, "
|
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types. If both –sy and –sp are present, "
|
||||||
"the name of the CryptoAPI provider must correspond to the Name value of the provider type subkey."
|
"the name of the CryptoAPI provider must correspond to the Name value of the provider type subkey."
|
||||||
},
|
},
|
||||||
{ "tbs", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
{ "tbs", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||||
"Specifies the certificate or CRL file to be signed."
|
"Unsupported - Specifies the certificate or CRL file to be signed."
|
||||||
},
|
},
|
||||||
|
|
||||||
/* Help */
|
/* Help */
|
||||||
@ -354,9 +354,8 @@ int command_line_pre_filter(MAKECERT_CONTEXT* context, int index, int argc, LPCS
|
|||||||
context->output_file = _strdup(argv[index]);
|
context->output_file = _strdup(argv[index]);
|
||||||
if (!context->output_file)
|
if (!context->output_file)
|
||||||
return -1;
|
return -1;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -389,11 +388,10 @@ int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char**
|
|||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
if (!(arg->Flags & COMMAND_LINE_VALUE_PRESENT))
|
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
CommandLineSwitchStart(arg)
|
CommandLineSwitchStart(arg)
|
||||||
|
|
||||||
/* Basic Options */
|
/* Basic Options */
|
||||||
|
|
||||||
CommandLineSwitchCase(arg, "silent")
|
CommandLineSwitchCase(arg, "silent")
|
||||||
@ -474,7 +472,6 @@ int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char**
|
|||||||
|
|
||||||
CommandLineSwitchDefault(arg)
|
CommandLineSwitchDefault(arg)
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CommandLineSwitchEnd(arg)
|
CommandLineSwitchEnd(arg)
|
||||||
@ -880,7 +877,9 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
|||||||
|
|
||||||
ret = makecert_context_parse_arguments(context, argc, argv);
|
ret = makecert_context_parse_arguments(context, argc, argv);
|
||||||
if (ret < 1)
|
if (ret < 1)
|
||||||
|
{
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (!context->default_name && !context->common_name)
|
if (!context->default_name && !context->common_name)
|
||||||
{
|
{
|
||||||
@ -1004,7 +1003,7 @@ int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv)
|
|||||||
|
|
||||||
arg = CommandLineFindArgumentA(args, "a");
|
arg = CommandLineFindArgumentA(args, "a");
|
||||||
|
|
||||||
md = EVP_sha1();
|
md = EVP_sha256();
|
||||||
|
|
||||||
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
|
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user